Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe
Analysis ID:1532108
MD5:c176313b73cb225cdf30935df4541b3d
SHA1:383d2c973d98f8290934f2825853ff8bcb074700
SHA256:16c1fbcec95d0c8fc26b4e491b8a89759ee10491992be8b8fc552ee4a18c87ad
Tags:exe
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe (PID: 7472 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe" MD5: C176313B73CB225CDF30935DF4541B3D)
    • SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe (PID: 7532 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe" MD5: C176313B73CB225CDF30935DF4541B3D)
      • WerFault.exe (PID: 7768 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 1676 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 8044 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 476 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 7628 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 268 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["trustterwowqm.shop", "clearancek.site", "bathdoomgaz.store", "licendfilteo.site", "dissapoiznw.store", "studennotediw.store", "eaglepawnoy.store", "spirittunek.store", "mobbipenju.store"], "Build id": "tLYMe5--deli333"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T11:24:04.743600+020020546531A Network Trojan was detected192.168.2.449733172.67.206.204443TCP
    2024-10-12T11:24:05.986642+020020546531A Network Trojan was detected192.168.2.449735172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T11:24:04.743600+020020498361A Network Trojan was detected192.168.2.449733172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T11:24:05.986642+020020498121A Network Trojan was detected192.168.2.449735172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T11:24:02.541416+020020564771Domain Observed Used for C2 Detected192.168.2.4495151.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T11:24:02.576172+020020564711Domain Observed Used for C2 Detected192.168.2.4572581.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T11:24:02.517171+020020564811Domain Observed Used for C2 Detected192.168.2.4648651.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T11:24:02.505541+020020564831Domain Observed Used for C2 Detected192.168.2.4533031.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T11:24:02.564574+020020564731Domain Observed Used for C2 Detected192.168.2.4547201.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T11:24:02.469027+020020564851Domain Observed Used for C2 Detected192.168.2.4503591.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T11:24:02.551779+020020564751Domain Observed Used for C2 Detected192.168.2.4519011.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T11:24:02.528993+020020564791Domain Observed Used for C2 Detected192.168.2.4642711.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T11:24:02.458696+020020561741Domain Observed Used for C2 Detected192.168.2.4604221.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T11:24:03.917613+020028586661Domain Observed Used for C2 Detected192.168.2.449730104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Found malware configuration
    Source: 2.2.SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe.400000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["trustterwowqm.shop", "clearancek.site", "bathdoomgaz.store", "licendfilteo.site", "dissapoiznw.store", "studennotediw.store", "eaglepawnoy.store", "spirittunek.store", "mobbipenju.store"], "Build id": "tLYMe5--deli333"}
    Multi AV Scanner detection for domain / URL
    Source: sergei-esenin.comVirustotal: Detection: 17%Perma Link
    Source: spirittunek.storeVirustotal: Detection: 21%Perma Link
    Source: trustterwowqm.shopVirustotal: Detection: 13%Perma Link
    Source: mobbipenju.storeVirustotal: Detection: 21%Perma Link
    Source: eaglepawnoy.storeVirustotal: Detection: 18%Perma Link
    Source: bathdoomgaz.storeVirustotal: Detection: 21%Perma Link
    Source: licendfilteo.siteVirustotal: Detection: 15%Perma Link
    Source: clearancek.siteVirustotal: Detection: 17%Perma Link
    Source: dissapoiznw.storeVirustotal: Detection: 21%Perma Link
    Source: studennotediw.storeVirustotal: Detection: 17%Perma Link
    Source: trustterwowqm.shopVirustotal: Detection: 13%Perma Link
    Source: studennotediw.storeVirustotal: Detection: 17%Perma Link
    Source: eaglepawnoy.storeVirustotal: Detection: 18%Perma Link
    Source: dissapoiznw.storeVirustotal: Detection: 21%Perma Link
    Source: bathdoomgaz.storeVirustotal: Detection: 21%Perma Link
    Source: https://sergei-esenin.com/$Virustotal: Detection: 13%Perma Link
    Multi AV Scanner detection for submitted file
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeReversingLabs: Detection: 31%
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeVirustotal: Detection: 39%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.0% probability
    Machine Learning detection for sample
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: clearancek.site
    Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: licendfilteo.site
    Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: spirittunek.store
    Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: bathdoomgaz.store
    Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: studennotediw.store
    Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: dissapoiznw.store
    Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: eaglepawnoy.store
    Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: mobbipenju.store
    Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: trustterwowqm.shop
    Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
    Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
    Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: tLYMe5--deli333
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.4:49733 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.4:49735 version: TLS 1.2
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008A9E7A FindFirstFileExW,0_2_008A9E7A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_008A9E7A FindFirstFileExW,1_2_008A9E7A
    Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Jump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\Jump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_4fcd41ef5bd1bb1eef35edf91e0472dd0e67f4_c344819e_eb7b3698-abbc-426e-9b28-efb2146c17e6\Jump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\Jump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_438eb18848ed4e6f3b2d695612a780d8ea1a6_33b06696_b83e288e-4fb5-4ed2-a616-c3d78ea46cdb\Jump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueueJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00908000
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00902070
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov word ptr [eax], cx0_2_008EC19D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_008E6130
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_009062B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov word ptr [eax], cx0_2_008E6390
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then jmp ecx0_2_008D43B6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [ecx], al0_2_008F234F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_008F234F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_008F234F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then inc edi0_2_008D44CC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esi+0Ch]0_2_008F2462
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [ecx], al0_2_008F2462
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00908520
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then jmp eax0_2_008D2687
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_0090466A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then push esi0_2_008EE783
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_009027C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_00904716
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [edi], al0_2_008F2900
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_0090490A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esi+40h]0_2_008D2948
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_008C2A80
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00904A30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp+000000C0h]0_2_008D0A6C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [ebp-18h]0_2_008CCB80
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov word ptr [eax], dx0_2_008E0B0A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi]0_2_008CAB10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_008CCCE1
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp+000001C0h]0_2_008D0CFC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [esi+edx], bl0_2_008CAC20
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp byte ptr [eax+01h], 00000000h0_2_008E6EEB
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then movzx ebx, byte ptr [eax+esi]0_2_00904F90
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov dword ptr [esp+2Ch], ebp0_2_00906F10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esi+0Ch]0_2_008F3021
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then jmp ecx0_2_00907074
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_008ED1C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00907168
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_008CB290
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov word ptr [esi], ax0_2_008E92A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_009032D0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_008ED24C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_008EF3B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_008ED3D4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_008EF310
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then jmp eax0_2_0090736B
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov edx, dword ptr [esp]0_2_008BF41F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_008CF41B
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp byte ptr [esi], 00000000h0_2_008E7438
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_008EB460
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_008EB460
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov word ptr [ebx], ax0_2_008ED590
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then push 00000000h0_2_008C15E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, edi0_2_008E770E
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp byte ptr [edi], 00000000h0_2_008D372A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esi+0Ch]0_2_008F1776
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 7789B0CBh0_2_00905820
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp byte ptr [esi+01h], 00000000h0_2_008CD843
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then movzx edx, byte ptr [ecx+eax]0_2_008CD960
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_008D9970
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [ecx], al0_2_008F1AFC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_008F1AFC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_008F1AFC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_00905A20
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_008F9BA0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_008DDBC0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_00907BC0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00907BC0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then lea eax, dword ptr [edi+04h]0_2_008EBBE3
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_008C3B30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00901C30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_008FFC30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_00907D50
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00907D50
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then push ebx0_2_008D3D73
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp word ptr [ecx+edx+02h], 0000h0_2_00907ED0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00907ED0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov word ptr [ebx], ax0_2_008DFF98
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov word ptr [eax], dx0_2_008DBF55
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp]2_2_0040D390
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h2_2_0044676A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh2_2_00446A0A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]2_2_00449CC0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh2_2_00449CC0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then movzx ebx, byte ptr [eax+esi]2_2_00447082
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h2_2_00444170
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp]2_2_0044A100
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esi+0Ch]2_2_00435121
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp]2_2_004491F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then jmp eax2_2_004491F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h2_2_00428230
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]2_2_0042F2C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h2_2_004453D0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov word ptr [esi], ax2_2_0042B3A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h2_2_004483B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]2_2_0042F46A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]2_2_00431410
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h2_2_0042F4D4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00428490
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]2_2_004314B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h2_2_0042D560
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h2_2_0042D560
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esi+0Ch]2_2_0043456A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [ecx], al2_2_0043456A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]2_2_0041151B
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov edx, dword ptr [esp]2_2_0040151F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then inc edi2_2_004165CC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp]2_2_0044A620
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then jmp eax2_2_0041463D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esi+40h]2_2_0041463D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then push 00000000h2_2_004036E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov word ptr [ebx], ax2_2_0042F690
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esi+0Ch]2_2_0043387B
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h2_2_00446816
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp byte ptr [edi], 00000000h2_2_0041582B
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h2_2_004448C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then push esi2_2_00430883
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp byte ptr [esi+01h], 00000000h2_2_0040F943
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 7789B0CBh2_2_00447920
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov word ptr [eax], cx2_2_0042D9A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then movzx edx, byte ptr [ecx+eax]2_2_0040FA60
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov dword ptr [esp], 00000000h2_2_0041BA70
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [edi], al2_2_00434A00
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then lea eax, dword ptr [edi+04h]2_2_0042DB64
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp+000000C0h]2_2_00412B6C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov word ptr [ebx], ax2_2_00421B20
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]2_2_00447B20
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp]2_2_00446B30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [ecx], al2_2_00433BD3
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_00433BD3
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_00433BD3
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov word ptr [eax], dx2_2_00422BEF
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]2_2_00404B80
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi]2_2_0040CC10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]2_2_00405C30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_0041FCC0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [ebp-18h]2_2_0040EC80
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_00434C90
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_00434C90
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then movzx ebx, byte ptr [edx]2_2_0043BCA0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov byte ptr [esi+edx], bl2_2_0040CD20
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp]2_2_00443D30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]2_2_00441D30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]2_2_0040EDE1
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then jmp ecx2_2_00448DE0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp]2_2_00448DE0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then jmp eax2_2_00448DE0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp+000001C0h]2_2_00412DFC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov word ptr [eax], dx2_2_0041DD90
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]2_2_00449E50
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh2_2_00449E50
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov dword ptr [esp+2Ch], ebp2_2_00448ED0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then jmp ecx2_2_00448ED0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then mov eax, dword ptr [esp]2_2_00448ED0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then jmp eax2_2_00448ED0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp word ptr [ecx+edx+02h], 0000h2_2_00449FD0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh2_2_00449FD0

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.4:51901 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.4:50359 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.4:64271 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056174 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (trustterwowqm .shop) : 192.168.2.4:60422 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.4:49515 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.4:54720 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.4:64865 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.4:57258 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.4:53303 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49733 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49733 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 104.102.49.254:443
    Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49735 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49735 -> 172.67.206.204:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: trustterwowqm.shop
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: bathdoomgaz.store
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: dissapoiznw.store
    Source: Malware configuration extractorURLs: studennotediw.store
    Source: Malware configuration extractorURLs: eaglepawnoy.store
    Source: Malware configuration extractorURLs: spirittunek.store
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewIP Address: 172.67.206.204 172.67.206.204
    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=47JuexSbWQVr1ssGx4yQxentsQn.LeX1WyFSzC4Cbos-1728725044-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 81Host: sergei-esenin.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=aabf4626129df8a40703b61b; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34837Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSat, 12 Oct 2024 09:24:03 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: trustterwowqm.shop
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000C47000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734605392.0000000000CB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/$
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000C6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734605392.0000000000CB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apik:
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000C6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apiws(
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1918863940.0000000000A1B000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://steamcommuact=recive_message&ver=4.0&lid=tLYMe5--deli333&j=5c9b8674a630d9101b46733aa37f15ec
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/6
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734712477.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734712477.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/t
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734712477.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734655519.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CEA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734605392.0000000000CB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-manag
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734605392.0000000000CB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-managQ
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734655519.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.4:49733 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.4:49735 version: TLS 1.2
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004396A0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,2_2_004396A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004396A0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,2_2_004396A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008D00800_2_008D0080
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008A40230_2_008A4023
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_009062B00_2_009062B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008CC3000_2_008CC300
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008C83600_2_008C8360
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008FE5C00_2_008FE5C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_0089C6FE0_2_0089C6FE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_009027C00_2_009027C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008E29300_2_008E2930
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008ECB020_2_008ECB02
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008FCCE00_2_008FCCE0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008BEF000_2_008BEF00
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_00896F3C0_2_00896F3C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008EB0810_2_008EB081
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008F70A00_2_008F70A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008BF19D0_2_008BF19D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008A91440_2_008A9144
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008C32900_2_008C3290
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008C52A00_2_008C52A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008BF2FD0_2_008BF2FD
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008BF23A0_2_008BF23A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008F73A00_2_008F73A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008C332A0_2_008C332A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008C94500_2_008C9450
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008EB4600_2_008EB460
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008C15E00_2_008C15E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008CF7900_2_008CF790
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008F58800_2_008F5880
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008AD8750_2_008AD875
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008F5AB00_2_008F5AB0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008DDBC00_2_008DDBC0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_0089FBD00_2_0089FBD0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008C5CA00_2_008C5CA0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_00891CD20_2_00891CD2
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008C7C510_2_008C7C51
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_00905DD00_2_00905DD0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008ABEF10_2_008ABEF1
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_00891F1A0_2_00891F1A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008C9F600_2_008C9F60
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_008A40231_2_008A4023
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_008AD8751_2_008AD875
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_008A91441_2_008A9144
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_0089FBD01_2_0089FBD0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_00891CD21_2_00891CD2
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_0089C6FE1_2_0089C6FE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_008ABEF11_2_008ABEF1
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_00891F1A1_2_00891F1A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_00896F3C1_2_00896F3C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004406C02_2_004406C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0040FFE02_2_0040FFE0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0040C0602_2_0040C060
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004010002_2_00401000
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004470822_2_00447082
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004091102_2_00409110
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004491F02_2_004491F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004121802_2_00412180
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0042D1812_2_0042D181
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004391A02_2_004391A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0040129D2_2_0040129D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004053402_2_00405340
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0042D1812_2_0042D181
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004073A02_2_004073A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004483B02_2_004483B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0040A4602_2_0040A460
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0040E4002_2_0040E400
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004394A02_2_004394A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0040B5502_2_0040B550
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0042D5602_2_0042D560
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004305E02_2_004305E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004036E02_2_004036E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0042B69D2_2_0042B69D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004448C02_2_004448C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004298E22_2_004298E2
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004118902_2_00411890
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0042E9772_2_0042E977
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004099032_2_00409903
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004489D72_2_004489D7
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004379802_2_00437980
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0042D9A02_2_0042D9A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0042FA202_2_0042FA20
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_00424A302_2_00424A30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0042CAF02_2_0042CAF0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_00406B602_2_00406B60
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0042DB642_2_0042DB64
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_00448B002_2_00448B00
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_00409B1C2_2_00409B1C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_00437BB02_2_00437BB0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0042EC022_2_0042EC02
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0041FCC02_2_0041FCC0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0043EDE02_2_0043EDE0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_00448DE02_2_00448DE0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_00407DA02_2_00407DA0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_00432E332_2_00432E33
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_00448ED02_2_00448ED0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_00447ED02_2_00447ED0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: String function: 008A36CA appears 34 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: String function: 008DB870 appears 155 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: String function: 0089D615 appears 42 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: String function: 0089B3D1 appears 32 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: String function: 0041D970 appears 155 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: String function: 008CAA10 appears 96 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: String function: 00897830 appears 104 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: String function: 0040CB10 appears 45 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 268
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: invalid certificate
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: Section: .data ZLIB complexity 0.9913750656512605
    Source: classification engineClassification label: mal100.troj.evad.winEXE@8/13@11/2
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0043FDBB CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,SysStringLen,2_2_0043FDBB
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7472
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7532
    Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\3a8b6103-90f2-4dd7-81c1-b4c11b28a585Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCommand line argument: MZx0_2_00892198
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCommand line argument: MZx0_2_00892198
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCommand line argument: MZx0_2_00892198
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeReversingLabs: Detection: 31%
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeVirustotal: Detection: 39%
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe"
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe"
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe"
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 268
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 1676
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 476
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe"Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe"Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_00892198 push eax; ret 0_2_00892392
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_00896E4B push ecx; ret 0_2_00896E5E
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008D374A push eax; retf 0_2_008D374F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_00892198 push eax; ret 1_2_00892392
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_00896E4B push ecx; ret 1_2_00896E5E
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_0041584A push eax; retf 2_2_0041584F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeAPI coverage: 4.0 %
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe TID: 7572Thread sleep time: -60000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008A9E7A FindFirstFileExW,0_2_008A9E7A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_008A9E7A FindFirstFileExW,1_2_008A9E7A
    Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Jump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\Jump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_4fcd41ef5bd1bb1eef35edf91e0472dd0e67f4_c344819e_eb7b3698-abbc-426e-9b28-efb2146c17e6\Jump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\Jump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_438eb18848ed4e6f3b2d695612a780d8ea1a6_33b06696_b83e288e-4fb5-4ed2-a616-c3d78ea46cdb\Jump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueueJump to behavior
    Source: Amcache.hve.5.drBinary or memory string: VMware
    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
    Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
    Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
    Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
    Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
    Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734712477.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000C5D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
    Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
    Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
    Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.5.drBinary or memory string: vmci.sys
    Source: Amcache.hve.5.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
    Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
    Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
    Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: Amcache.hve.5.drBinary or memory string: VMware20,1
    Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
    Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
    Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
    Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
    Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
    Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
    Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
    Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
    Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeAPI call chain: ExitProcess graph end nodegraph_2-21464
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 2_2_004464F0 LdrInitializeThunk,2_2_004464F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_0089D27F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0089D27F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_00892198 mov edi, dword ptr fs:[00000030h]0_2_00892198
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008AAA07 mov eax, dword ptr fs:[00000030h]0_2_008AAA07
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008A0E59 mov ecx, dword ptr fs:[00000030h]0_2_008A0E59
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_00892198 mov edi, dword ptr fs:[00000030h]1_2_00892198
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_008AAA07 mov eax, dword ptr fs:[00000030h]1_2_008AAA07
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_008A0E59 mov ecx, dword ptr fs:[00000030h]1_2_008A0E59
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008AD006 GetProcessHeap,0_2_008AD006
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008972B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_008972B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_0089D27F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0089D27F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008975D8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008975D8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_00897765 SetUnhandledExceptionFilter,0_2_00897765
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_008972B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_008972B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_0089D27F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0089D27F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_008975D8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_008975D8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 1_2_00897765 SetUnhandledExceptionFilter,1_2_00897765

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Injects a PE file into a foreign processes
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe base: 400000 value starts with: 4D5AJump to behavior
    LummaC encrypted strings found
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeString found in binary or memory: licendfilteo.site
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeString found in binary or memory: clearancek.site
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeString found in binary or memory: bathdoomgaz.stor
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeString found in binary or memory: spirittunek.stor
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeString found in binary or memory: dissapoiznw.stor
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeString found in binary or memory: studennotediw.stor
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeString found in binary or memory: mobbipenju.stor
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeString found in binary or memory: eaglepawnoy.stor
    Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeString found in binary or memory: trustterwowqm.shop
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe"Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe"Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_008AC440
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: EnumSystemLocalesW,0_2_008AC6E2
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: EnumSystemLocalesW,0_2_008AC7C8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: EnumSystemLocalesW,0_2_008AC72D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_008AC853
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: GetLocaleInfoW,0_2_008ACAA6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_008ACBCF
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: GetLocaleInfoW,0_2_008ACCD5
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_008ACDA4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: EnumSystemLocalesW,0_2_008A3436
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: GetLocaleInfoW,0_2_008A38E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: GetLocaleInfoW,1_2_008A38E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,1_2_008AC853
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: GetLocaleInfoW,1_2_008ACAA6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_008ACBCF
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: GetLocaleInfoW,1_2_008ACCD5
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: EnumSystemLocalesW,1_2_008A3436
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,1_2_008AC440
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_008ACDA4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: EnumSystemLocalesW,1_2_008AC6E2
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: EnumSystemLocalesW,1_2_008AC7C8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: EnumSystemLocalesW,1_2_008AC72D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeCode function: 0_2_008974D2 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_008974D2
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
    Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
    Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
    Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
    Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		111
    Process Injection    		2
    Virtualization/Sandbox Evasion    		OS Credential Dumping1
    System Time Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts2
    Command and Scripting Interpreter    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		111
    Process Injection    		LSASS Memory1
    Query Registry    		Remote Desktop Protocol2
    Clipboard Data    		1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain Accounts1
    PowerShell    		Logon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager41
    Security Software Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
    Obfuscated Files or Information    		NTDS2
    Virtualization/Sandbox Evasion    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Software Packing    		LSA Secrets2
    File and Directory Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain Credentials33
    System Information Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe32%ReversingLabsWin32.Trojan.CrypterX
    SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe40%VirustotalBrowse
    SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe100%AviraHEUR/AGEN.1361748
    SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    steamcommunity.com0%VirustotalBrowse
    sergei-esenin.com18%VirustotalBrowse
    spirittunek.store22%VirustotalBrowse
    trustterwowqm.shop14%VirustotalBrowse
    mobbipenju.store22%VirustotalBrowse
    eaglepawnoy.store19%VirustotalBrowse
    bathdoomgaz.store22%VirustotalBrowse
    licendfilteo.site16%VirustotalBrowse
    clearancek.site18%VirustotalBrowse
    dissapoiznw.store22%VirustotalBrowse
    studennotediw.store18%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    http://upx.sf.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp0%VirustotalBrowse
    https://www.youtube.com0%VirustotalBrowse
    trustterwowqm.shop14%VirustotalBrowse
    https://www.google.com0%VirustotalBrowse
    studennotediw.store18%VirustotalBrowse
    https://www.cloudflare.com/learning/access-management/phishing-attack/0%VirustotalBrowse
    https://sergei-esenin.com/0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi0%VirustotalBrowse
    https://www.youtube.com/0%VirustotalBrowse
    eaglepawnoy.store19%VirustotalBrowse
    dissapoiznw.store22%VirustotalBrowse
    https://www.cloudflare.com/5xx-error-landing0%VirustotalBrowse
    https://sketchfab.com0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a0%VirustotalBrowse
    https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/0%VirustotalBrowse
    https://steamcommunity.com/my/wishlist/0%VirustotalBrowse
    https://steamcommunity.com/discussions/0%VirustotalBrowse
    https://steamcommunity.com/market/0%VirustotalBrowse
    https://www.google.com/recaptcha/0%VirustotalBrowse
    bathdoomgaz.store22%VirustotalBrowse
    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org0%VirustotalBrowse
    https://steamcommunity.com/login/home/?goto=profiles%2F765611997243319000%VirustotalBrowse
    https://sergei-esenin.com/$14%VirustotalBrowse
    https://steamcommunity.com/t0%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truetrueunknown
    sergei-esenin.com
    		172.67.206.204
    		truetrueunknown
    trustterwowqm.shop
    		unknown
    		unknowntrueunknown
    eaglepawnoy.store
    		unknown
    		unknowntrueunknown
    bathdoomgaz.store
    		unknown
    		unknowntrueunknown
    spirittunek.store
    		unknown
    		unknowntrueunknown
    licendfilteo.site
    		unknown
    		unknowntrueunknown
    studennotediw.store
    		unknown
    		unknowntrueunknown
    mobbipenju.store
    		unknown
    		unknowntrueunknown
    clearancek.site
    		unknown
    		unknowntrueunknown
    dissapoiznw.store
    		unknown
    		unknowntrueunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    studennotediw.storetrueunknown
    trustterwowqm.shoptrueunknown
    dissapoiznw.storetrueunknown
    https://steamcommunity.com/profiles/76561199724331900true
    • URL Reputation: malware
    		unknown
    eaglepawnoy.storetrueunknown
    bathdoomgaz.storetrueunknown
    clearancek.sitetrue
      		unknown
      spirittunek.storetrue
        		unknown
        licendfilteo.sitetrue
          		unknown
          mobbipenju.storetrue
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://www.cloudflare.com/learning/access-management/phishing-attack/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734655519.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CEA000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://player.vimeo.comSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5fSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://steamcommunity.com/?subsection=broadcastsSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://sergei-esenin.com/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000C47000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734605392.0000000000CB3000.00000004.00000020.00020000.00000000.sdmptrueunknown
            https://store.steampowered.com/subscriber_agreement/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.gstatic.cn/recaptcha/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.valvesoftware.com/legal.htmSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.youtube.comSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.google.comSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPiSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://s.ytimg.com;SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              https://steam.tv/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=englishSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://store.steampowered.com/privacy_agreement/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://store.steampowered.com/points/shop/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://sketchfab.comSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://lv.queniujq.cnSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://steamcommunity.com/profiles/76561199724331900/inventory/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmptrue
              • URL Reputation: malware
              		unknown
              https://www.youtube.com/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://store.steampowered.com/privacy_agreement/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://www.cloudflare.com/learning/access-managSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734605392.0000000000CB3000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://www.cloudflare.com/5xx-error-landingSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734712477.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734655519.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CEA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=enSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&aSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://www.google.com/recaptcha/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                https://checkout.steampowered.com/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=englishSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=englishSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://avatars.akamai.steamstaticSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://steamcommunity.com/tSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734712477.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C84000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englisSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://store.steampowered.com/;SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://store.steampowered.com/about/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://steamcommunity.com/my/wishlist/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=englishSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://help.steampowered.com/en/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://steamcommunity.com/market/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://store.steampowered.com/news/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://store.steampowered.com/subscriber_agreement/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://recaptcha.net/recaptcha/;SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=enSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://steamcommunity.com/discussions/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://store.steampowered.com/stats/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://medal.tvSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://broadcast.st.dl.eccdnx.comSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://sergei-esenin.com/apiws(SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000C6F000.00000004.00000020.00020000.00000000.sdmptrue
                    		unknown
                    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://store.steampowered.com/steam_refunds/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://sergei-esenin.com/$SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000C84000.00000004.00000020.00020000.00000000.sdmptrueunknown
                    https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=eSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://steamcommunity.com/workshop/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://login.steampowered.com/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://steamcommunity.com/6SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://steamcommuact=recive_message&ver=4.0&lid=tLYMe5--deli333&j=5c9b8674a630d9101b46733aa37f15ecSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1918863940.0000000000A1B000.00000004.00000010.00020000.00000000.sdmpfalse
                            		unknown
                            https://store.steampowered.com/legal/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=eSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=englSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://recaptcha.netSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://upx.sf.netAmcache.hve.5.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://store.steampowered.com/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gifSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://127.0.0.1:27060SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://www.cloudflare.com/learning/access-managQSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734605392.0000000000CB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQASecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=englishSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://sergei-esenin.com/apik:SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000CA2000.00000004.00000020.00020000.00000000.sdmptrue
                                    		unknown
                                    https://help.steampowered.com/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://api.steampowered.com/SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    104.102.49.254
                                    		steamcommunity.comUnited States
                                    		16625AKAMAI-ASUStrue
                                    172.67.206.204
                                    		sergei-esenin.comUnited States
                                    		13335CLOUDFLARENETUStrue

                                    General Information

                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1532108
                                    Start date and time:2024-10-12 11:23:06 +02:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 5m 31s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:14
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe
                                    Detection:MAL
                                    Classification:mal100.troj.evad.winEXE@8/13@11/2
                                    EGA Information:
                                    • Successful, ratio: 66.7%
                                    HCA Information:
                                    • Successful, ratio: 78%
                                    • Number of executed functions: 16
                                    • Number of non-executed functions: 172
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe

                                    Warnings

                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 20.189.173.20
                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                    • Execution Graph export aborted for target SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, PID 7524 because there are no executed function
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    05:24:01API Interceptor3x Sleep call for process: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe modified
                                    05:24:19API Interceptor3x Sleep call for process: WerFault.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                    • www.valvesoftware.com/legal.htm
                                    172.67.206.204file.exeGet hashmaliciousLummaCBrowse
                                      file.exeGet hashmaliciousLummaCBrowse
                                        mWcDQrv9bb.exeGet hashmaliciousLummaCBrowse
                                          oUbgeGwOL8.exeGet hashmaliciousLummaC, Amadey, StealcBrowse
                                            file.exeGet hashmaliciousLummaCBrowse
                                              file.exeGet hashmaliciousLummaCBrowse
                                                SecuriteInfo.com.Win32.Evo-gen.28528.9811.exeGet hashmaliciousLummaC, Amadey, Stealc, VidarBrowse
                                                  file.exeGet hashmaliciousLummaCBrowse
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                      kwVoiAAfGm.exeGet hashmaliciousLummaCBrowse

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        sergei-esenin.comfile.exeGet hashmaliciousLummaCBrowse
                                                        • 172.67.206.204
                                                        file.exeGet hashmaliciousLummaCBrowse
                                                        • 104.21.53.8
                                                        file.exeGet hashmaliciousLummaCBrowse
                                                        • 172.67.206.204
                                                        mWcDQrv9bb.exeGet hashmaliciousLummaCBrowse
                                                        • 172.67.206.204
                                                        oUbgeGwOL8.exeGet hashmaliciousLummaC, Amadey, StealcBrowse
                                                        • 172.67.206.204
                                                        NDJBSLalTk.exeGet hashmaliciousLummaCBrowse
                                                        • 104.21.53.8
                                                        tlFLXwAslF.exeGet hashmaliciousLummaCBrowse
                                                        • 104.21.53.8
                                                        oOJUkmV24a.exeGet hashmaliciousLummaCBrowse
                                                        • 104.21.53.8
                                                        file.exeGet hashmaliciousLummaCBrowse
                                                        • 104.21.53.8
                                                        file.exeGet hashmaliciousLummaCBrowse
                                                        • 104.21.53.8
                                                        steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        file.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        file.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        mWcDQrv9bb.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        oUbgeGwOL8.exeGet hashmaliciousLummaC, Amadey, StealcBrowse
                                                        • 104.102.49.254
                                                        UuQADITfTr.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        NDJBSLalTk.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        tlFLXwAslF.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        oOJUkmV24a.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        file.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                                                        • 172.67.206.204
                                                        file.exeGet hashmaliciousLummaCBrowse
                                                        • 104.21.53.8
                                                        file.exeGet hashmaliciousLummaCBrowse
                                                        • 172.67.206.204
                                                        1728716649a09efaf02e58304d0d9f63a90bc410d1231b676f0024be47cb0cc1f511df7bca961.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 188.114.97.3
                                                        20062024150836 11.10.2024.vbeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 188.114.96.3
                                                        STATEMENT - PAYMENT TRACKING Sept 2024.docx.docGet hashmaliciousRemcosBrowse
                                                        • 188.114.97.3
                                                        Purchase Order No. 4500017624.jsGet hashmaliciousAgentTeslaBrowse
                                                        • 162.159.140.237
                                                        narud#U017ebenica TISAKOMERC d.o.oRadbrkkedes234525262623.wsfGet hashmaliciousRemcos, GuLoaderBrowse
                                                        • 188.114.97.3
                                                        mWcDQrv9bb.exeGet hashmaliciousLummaCBrowse
                                                        • 172.67.206.204
                                                        oUbgeGwOL8.exeGet hashmaliciousLummaC, Amadey, StealcBrowse
                                                        • 172.67.206.204
                                                        AKAMAI-ASUSfile.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        file.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        file.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        mWcDQrv9bb.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        oUbgeGwOL8.exeGet hashmaliciousLummaC, Amadey, StealcBrowse
                                                        • 104.102.49.254
                                                        UuQADITfTr.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        NDJBSLalTk.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        tlFLXwAslF.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        oOJUkmV24a.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        file.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254

                                                        JA3 Fingerprints

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        • 172.67.206.204
                                                        file.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        • 172.67.206.204
                                                        file.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        • 172.67.206.204
                                                        mWcDQrv9bb.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        • 172.67.206.204
                                                        oUbgeGwOL8.exeGet hashmaliciousLummaC, Amadey, StealcBrowse
                                                        • 104.102.49.254
                                                        • 172.67.206.204
                                                        UuQADITfTr.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        • 172.67.206.204
                                                        NDJBSLalTk.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        • 172.67.206.204
                                                        tlFLXwAslF.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        • 172.67.206.204
                                                        oOJUkmV24a.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        • 172.67.206.204
                                                        file.exeGet hashmaliciousLummaCBrowse
                                                        • 104.102.49.254
                                                        • 172.67.206.204

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_216191bb2d9f68ef7b27d116c04fbb17159ed_c344819e_638fef59-863d-4649-8ddc-fe8d7fc24f73\Report.wer

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):65536
                                                        Entropy (8bit):1.0454686735243217
                                                        Encrypted:false
                                                        SSDEEP:96:GUF5cUgOs+hqK1yDfJQXIDcQac6pcEccw3A+HbHgnoW6He12rLhOyRxDfQLPF5r7:/bgOeo00tGdjem+5zuiFoZ24IO8/
                                                        MD5:FFED566811434350B5D9A87F5A39391D
                                                        SHA1:E091FBE265DE8BB2CE92FF61A06A2E4A268439FF
                                                        SHA-256:0CDA9088C3ED8DE092A19AB2C028EA8D80C2305933E46005E483C95110E69683
                                                        SHA-512:1DC183DAA271AC2DF5A421A52C31DCCFFC6C2A5827F132C90776B01553EAF7F8F3649BB1EB5204070F8B62536D9D413B3F857E433680209B923FABE81889C3FE
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.1.9.8.6.6.0.1.3.5.6.8.9.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.1.9.8.6.6.0.4.9.5.0.6.8.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.3.8.f.e.f.5.9.-.8.6.3.d.-.4.6.4.9.-.8.d.d.c.-.f.e.8.d.7.f.c.2.4.f.7.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.2.4.4.9.4.8.f.-.c.2.a.8.-.4.3.5.0.-.8.6.b.b.-.a.2.b.5.3.d.4.f.9.1.1.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.i.n.3.2...C.r.y.p.t.e.r.X.-.g.e.n...8.6.9...7.1.6.4...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.6.c.-.0.0.0.1.-.0.0.1.4.-.1.c.d.7.-.8.e.7.9.8.8.1.c.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.1.c.1.a.6.f.c.f.7.6.f.3.6.5.6.e.8.c.1.7.7.1.0.c.9.3.a.d.7.4.4.0.0.0.0.f.f.f.f.!.0.0.0.0.3.8.3.d.2.c.9.7.3.d.9.8.f.8.2.9.0.9.3.4.f.2.8.2.5.8.5.3.f.f.8.b.

                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_438eb18848ed4e6f3b2d695612a780d8ea1a6_33b06696_b83e288e-4fb5-4ed2-a616-c3d78ea46cdb\Report.wer

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):65536
                                                        Entropy (8bit):0.6912014199305963
                                                        Encrypted:false
                                                        SSDEEP:96:r2Fb7tss+hSk73fgBQXIDcQvc6QcEVcw3cE/n+HbHg/5hZAX/d5FMT2SlPkpXmTa:6Z7ts30BU/gjhzuiFoZ24IO8/
                                                        MD5:2B51B0A93D626D7B55422BF612AFE1A7
                                                        SHA1:3CF79116781421F6FA3502449AAC189F8626A819
                                                        SHA-256:61584F37E788C288936A8A07DC540C0FE0490CD7D9E09741AFD335FAEE8CF7BF
                                                        SHA-512:EA4598181549FFE0D6110D3723D7DA137F3E15A8E00E0D841BB5C79200D95A0E09031F766E3D814F5DE73D7CBCF7CC06A1FDE9647FB0E60E78A75B576D9AEABD
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.1.9.8.6.4.2.1.4.3.3.9.5.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.1.9.8.6.4.2.4.2.4.6.5.0.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.8.3.e.2.8.8.e.-.4.f.b.5.-.4.e.d.2.-.a.6.1.6.-.c.3.d.7.8.e.a.4.6.c.d.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.9.1.0.2.8.1.6.-.1.8.4.d.-.4.e.3.a.-.8.9.a.3.-.b.6.b.b.5.9.3.4.5.2.1.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.i.n.3.2...C.r.y.p.t.e.r.X.-.g.e.n...8.6.9...7.1.6.4...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.3.0.-.0.0.0.1.-.0.0.1.4.-.f.0.c.6.-.d.5.7.7.8.8.1.c.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.1.c.1.a.6.f.c.f.7.6.f.3.6.5.6.e.8.c.1.7.7.1.0.c.9.3.a.d.7.4.4.0.0.0.0.f.f.f.f.!.0.0.0.0.3.8.3.d.2.c.9.7.3.d.9.8.f.8.2.9.0.9.3.4.f.2.8.2.5.8.5.3.f.f.8.b.

                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_4fcd41ef5bd1bb1eef35edf91e0472dd0e67f4_c344819e_eb7b3698-abbc-426e-9b28-efb2146c17e6\Report.wer

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):65536
                                                        Entropy (8bit):1.0450428531435196
                                                        Encrypted:false
                                                        SSDEEP:96:f3AFfqOOs+hqK1yDfAQXIDcQzc6rcEqcw3Mn+HbHgnoW6He12rLhOyRxDfQLPF5X:vAdqOOeJ0Nvw4sjem+5zuiFoZ24IO8/
                                                        MD5:C7E5FE2CCFB82203582ACBD3FD51A49A
                                                        SHA1:88C7D2F78E7318B7006F83D5F6040F892DFD2830
                                                        SHA-256:AD65AC37363E841DE3DEC3746F82667EF59CAAAAF8A2584B51411B1822CF79AF
                                                        SHA-512:5774E3D533E292F012F4F8A00D688D7F0701C94300817BC94A24D1F941F6485F35B8531F703B2F5B9A18D3FA312EB414618BE5CA34A6B5538C49D21B1D82DD46
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.1.9.8.6.4.5.6.5.4.4.9.5.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.1.9.8.6.4.6.1.2.3.2.4.6.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.b.7.b.3.6.9.8.-.a.b.b.c.-.4.2.6.e.-.9.b.2.8.-.e.f.b.2.1.4.6.c.1.7.e.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.8.3.0.3.7.9.2.-.4.2.f.8.-.4.3.e.7.-.8.8.f.a.-.4.1.e.b.b.7.c.d.3.0.c.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.i.n.3.2...C.r.y.p.t.e.r.X.-.g.e.n...8.6.9...7.1.6.4...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.6.c.-.0.0.0.1.-.0.0.1.4.-.1.c.d.7.-.8.e.7.9.8.8.1.c.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.1.c.1.a.6.f.c.f.7.6.f.3.6.5.6.e.8.c.1.7.7.1.0.c.9.3.a.d.7.4.4.0.0.0.0.f.f.f.f.!.0.0.0.0.3.8.3.d.2.c.9.7.3.d.9.8.f.8.2.9.0.9.3.4.f.2.8.2.5.8.5.3.f.f.8.b.

                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER2828.tmp.dmp

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                        File Type:Mini DuMP crash report, 14 streams, Sat Oct 12 09:24:02 2024, 0x1205a4 type
                                                        Category:dropped
                                                        Size (bytes):35506
                                                        Entropy (8bit):1.686695182414071
                                                        Encrypted:false
                                                        SSDEEP:192:PcSyOkbcOfx2hUHYQLcE8OWGGWmhUp/U:zyOk3J2hUlLcFWmhUp
                                                        MD5:4E1ACD9B2F68063035E4859A223BC15B
                                                        SHA1:B80E72105BBEA77331527E079A46F45B1CD49A30
                                                        SHA-256:C057090EB414C803A04E184A4B10AE6D86C52F0A05027BB4EBDF77D572BEB62C
                                                        SHA-512:71FD7C68D51C3DE10B8AAA6DC60E996814AD0CB6C4D3B2E44CD23A68B9074961D5E79B4B29357F39D8F1BEFBE7858173A0ECEB62FEE7463FEC6A0F9C97D17D7A
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:MDMP..a..... .......2@.g........................d...........................T.......8...........T.......................................................................................................................eJ..............GenuineIntel............T.......0....@.g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER2877.tmp.WERInternalMetadata.xml

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):8506
                                                        Entropy (8bit):3.698275768536818
                                                        Encrypted:false
                                                        SSDEEP:192:R6l7wVeJUs6Ese6Y98SUMGtznkgmfdlprt89bJdsfe1jm:R6lXJ/6+6YWSUTtYgmfdCJWfB
                                                        MD5:800371F659FD741495D2C09537144A79
                                                        SHA1:48E4FDEFBBAF3F4835A2976A4C8279A62F29C136
                                                        SHA-256:9ED8DCD1617B496266FBE8E905F4D462130B1A894A28D3A5F1E6784240F6B1B5
                                                        SHA-512:C76E2649F4C0EF66069718183B49664FA745CBB8C90AC59234A2DA14E4C4CBC9AD796ACAB85CA5F22123004353F7781DFE4DE80EF22C470A2286122A470FFA8A
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.7.2.<./.P.i.

                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER28A7.tmp.xml

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):4821
                                                        Entropy (8bit):4.568209563986818
                                                        Encrypted:false
                                                        SSDEEP:48:cvIwWl8zsXJg77aI97YWpW8VYyYm8M4J3MF5+q88pi3n0zWld:uIjf5I7JR7V2JIjG0zWld
                                                        MD5:2073EC51D74E12CF95EAC7E6F3CBB774
                                                        SHA1:A137905168D678DDC108DA13B1617CAD000BB1EE
                                                        SHA-256:04AED53197268FFB04F8838BBCA4CCE2D6A6D449612671A1A44C579DE3B53795
                                                        SHA-512:119CD2FA3779F0F9F1B348A46AC722FE9DA9FA43927152C4F08AA7CB3266D21D7A10C590DBB0F841D2F4E9D367B037C58B181221A6788E84BE2D93A9BE140A94
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="540026" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER35E3.tmp.dmp

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                        File Type:Mini DuMP crash report, 15 streams, Sat Oct 12 09:24:05 2024, 0x1205a4 type
                                                        Category:dropped
                                                        Size (bytes):121454
                                                        Entropy (8bit):1.9844454537031602
                                                        Encrypted:false
                                                        SSDEEP:384:sVhYAulakBYSeyUo88xEERDUGT8zduq1hk4/CU4d3iRz:8tZkB5P6EBmduAhDrRz
                                                        MD5:B1BBD36AEFA1131F82E0BE2EA62343B6
                                                        SHA1:73D7E48B5F4D6E1922C225D70DC36C2EDD94D9D0
                                                        SHA-256:3D9BA9450CFA4A8F23727F1C89AEB7C0D13F83408D2ADA64253764FED84E9EA3
                                                        SHA-512:36CFF93F634C001EF736A000B086F4D420AAA3DA575BADA47D551D42007ECB01A1129BE99DB546E7443D548BE55B3DEA74B774B25A62433EB0BC66F692682F02
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:MDMP..a..... .......5@.g.........................................!...........L..........`.......8...........T...........`A..............d"..........P$..............................................................................eJ.......$......GenuineIntel............T.......l...1@.g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER370D.tmp.WERInternalMetadata.xml

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):8502
                                                        Entropy (8bit):3.7009599453209026
                                                        Encrypted:false
                                                        SSDEEP:192:R6l7wVeJJL686YUI6k8Ggmf0JzQppr189bWCsfCkSm:R6lXJ1686Yb62gmf0JzZWBfp
                                                        MD5:AA0E092D3911B85640229BFA4019D488
                                                        SHA1:D85C1073120A2A17BE834187AF0B77433C0AC72A
                                                        SHA-256:36A4416E4CD038A3759277316D397CE9220CC3A6EA1B1FFEBF6DD46F03A0FE2F
                                                        SHA-512:04DEE4E40C4AD4A3AFA29FD66680247BABA9914BE00ABEBE0967019DCE8630924B4A8DA9FA44740BC2478C2D1B88D157A37B40214EDCE9EC82CCC91057AFB4DF
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.3.2.<./.P.i.

                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER372E.tmp.xml

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):4759
                                                        Entropy (8bit):4.540763476008394
                                                        Encrypted:false
                                                        SSDEEP:48:cvIwWl8zsXJg77aI97YWpW8VYmYm8M4JekFV+q8l03n0zWbd:uIjf5I7JR7VCJNr30zWbd
                                                        MD5:886379134E9159AD4DDEF40A729120B6
                                                        SHA1:4826ADB5DD53C17D99DE3F0241689CEB96F5898E
                                                        SHA-256:D4760F9038933CD351A41C515A77ADDF8A14E09695DD36CD2D6150732D31A203
                                                        SHA-512:FFFAA5815410077D08B7792E302FCA895E79169C80A35F5ADCC055A4EBA512A7AB2F7994C885E2C8FA920C764432B1CF0211FCA992B1736DAF3C975ACAD5BBE7
                                                        Malicious:false
                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="540026" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER6E78.tmp.dmp

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                        File Type:Mini DuMP crash report, 15 streams, Sat Oct 12 09:24:20 2024, 0x1205a4 type
                                                        Category:dropped
                                                        Size (bytes):132556
                                                        Entropy (8bit):1.937693299935522
                                                        Encrypted:false
                                                        SSDEEP:384:3HpNINKtkBT/fgDyro81nmxEEBDUsm5+gK5b6DoaZ7qKZbyX:Xj4KtkBTnXXERcKIomxk
                                                        MD5:0911232669358489BE0DE5F47E694690
                                                        SHA1:267B7D4BD69D63B6D6951AC82E645B71E438DC29
                                                        SHA-256:71FD5417D98094D92E038E8AFDA20C0A9578100162F527EC1DCF4AF33BBBBC1F
                                                        SHA-512:BF4E9C5D2E362DB151F5D90628E9323C6D3425A469CA5B6BB97F2134015A94B3FFBDB438EDA7546FE63494B807A8F7EBEBFAE90C13A641B1012E2103FF86BAF5
                                                        Malicious:false
                                                        Preview:MDMP..a..... .......D@.g............................(............"...........O..........`.......8...........T............B..............."...........$..............................................................................eJ.......%......GenuineIntel............T.......l...1@.g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER6F25.tmp.WERInternalMetadata.xml

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):8492
                                                        Entropy (8bit):3.6985016736247545
                                                        Encrypted:false
                                                        SSDEEP:192:R6l7wVeJJa68M6YUAo6k8Ggmf0JAHpDw89bZCsfjzm:R6lXJE636Yc62gmf0JAPZBfG
                                                        MD5:5059D125300C57B53D33379FDC864752
                                                        SHA1:6D787F880449AEE874CA572D8C0E3C64D8111085
                                                        SHA-256:1D898851E7D90B36F4D21DCEA75A9346C0840B633EF7CAC1139E6441A33D4846
                                                        SHA-512:F86F3F99FE17F28D98276D13F15C6125A8B9D6ED7A77303278AF332465D0A5ED2810D447FD3061EDDC4A675CB7F7490F2ED179D9603BEFE0E988A51D28B25A9A
                                                        Malicious:false
                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.3.2.<./.P.i.

                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER6F55.tmp.xml

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):4759
                                                        Entropy (8bit):4.540841316355038
                                                        Encrypted:false
                                                        SSDEEP:48:cvIwWl8zsoJg77aI97YWpW8VYbYm8M4JeJF1E+q8lF3n0zWbd:uIjfuI7JR7VDJnO30zWbd
                                                        MD5:82EF6112A1887842EF80E08DBDD6C2DB
                                                        SHA1:0395F2C4FE550DE4AB8D4146E655304D0F5126D0
                                                        SHA-256:EB941A0ED24CE3C3D5F9875DE9E92CD1D3523D5A1366693ACD018C4BDF1F0C11
                                                        SHA-512:E50D110CDEBC3AAD859A512FE3909E36FA5214D5766D5EDCC16F4FAF013B607F1913EC82D087888ABD35450C275EF3D2D0DA50B904F041FFFD5ED3097C2E729E
                                                        Malicious:false
                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="540027" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                        File Type:MS Windows registry file, NT/2000 or above
                                                        Category:dropped
                                                        Size (bytes):1835008
                                                        Entropy (8bit):4.465659367652143
                                                        Encrypted:false
                                                        SSDEEP:6144:nIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNLdwBCswSbV:IXD94+WlLZMM6YFHR+V
                                                        MD5:168026F2D2E4760FD07B374A1DC8BC11
                                                        SHA1:94FB4102111A7FF7030E45E57BD982BEA78879E3
                                                        SHA-256:BC76D67ED8ED81C3E65624D0584A624ADC09DEB9BB59019ACF3C9E70D5ABEA3F
                                                        SHA-512:964214AB540BF3EC41810943859753B4A14D4FAAAAD0DBB0E5DF5A6828A48FE6705B4B237039482A9118F1F82B7F36E1EDB67E247DB3896B04690E1D59ABDD06
                                                        Malicious:false
                                                        Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...y...................................................................................................................................................................................................................................................................................................................................................M........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Entropy (8bit):7.733139484938225
                                                        TrID:
                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                        • DOS Executable Generic (2002/1) 0.02%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe
                                                        File size:591'760 bytes
                                                        MD5:c176313b73cb225cdf30935df4541b3d
                                                        SHA1:383d2c973d98f8290934f2825853ff8bcb074700
                                                        SHA256:16c1fbcec95d0c8fc26b4e491b8a89759ee10491992be8b8fc552ee4a18c87ad
                                                        SHA512:c4f934a4fb6043f67bbb2cd009fa34aa3b72e496d67554ebc6bd3c70016306fb611a613a8bcec58fef9eab42b3bea8a1ceabe262e24bc671f6ccbeb66e851004
                                                        SSDEEP:12288:qgEqNf5/GGDWs3nWad39FXuZIRAZ72hP8362GYNBA:cq5PDWs3pd9FUIRAEV17
                                                        TLSH:58C4F24178C4C073E973253146F4DAB6AD3DBAA10E609D9F27944BBE0F617C1EB2066B
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a.............U.......U...,...U.......U.......................................................Rich...........................

                                                        File Icon

                                                        Icon Hash:90cececece8e8eb0

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x406bf0
                                                        Entrypoint Section:.text
                                                        Digitally signed:true
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x670A1B9D [Sat Oct 12 06:47:57 2024 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:6
                                                        OS Version Minor:0
                                                        File Version Major:6
                                                        File Version Minor:0
                                                        Subsystem Version Major:6
                                                        Subsystem Version Minor:0
                                                        Import Hash:2bf5d9e2e4bbff197e62f5db8f2f3336

                                                        Authenticode Signature

                                                        Signature Valid:false
                                                        Signature Issuer:CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                        Signature Validation Error:The digital signature of the object did not verify
                                                        Error Number:-2146869232
                                                        Not Before, Not After
                                                        • 19/10/2023 20:51:12 16/10/2024 20:51:12
                                                        Subject Chain
                                                        • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                        Version:3
                                                        Thumbprint MD5:2169E18183DAF704160A117E905BFDA4
                                                        Thumbprint SHA-1:CB9C4FBEA1D87D2D468AC5A9CAAB0163F6AD8401
                                                        Thumbprint SHA-256:C4405F06DFB035F3AD360D29D27D434E004E054B6FB18FA3A5566A9F9AFA8296
                                                        Serial:3300000557CF90DDC7D1C0888C000000000557

                                                        Entrypoint Preview

                                                        Instruction
                                                        call 00007F26F871DA2Fh
                                                        jmp 00007F26F871CF7Fh
                                                        push ebp
                                                        mov ebp, esp
                                                        mov eax, dword ptr [ebp+08h]
                                                        push esi
                                                        mov ecx, dword ptr [eax+3Ch]
                                                        add ecx, eax
                                                        movzx eax, word ptr [ecx+14h]
                                                        lea edx, dword ptr [ecx+18h]
                                                        add edx, eax
                                                        movzx eax, word ptr [ecx+06h]
                                                        imul esi, eax, 28h
                                                        add esi, edx
                                                        cmp edx, esi
                                                        je 00007F26F871D11Bh
                                                        mov ecx, dword ptr [ebp+0Ch]
                                                        cmp ecx, dword ptr [edx+0Ch]
                                                        jc 00007F26F871D10Ch
                                                        mov eax, dword ptr [edx+08h]
                                                        add eax, dword ptr [edx+0Ch]
                                                        cmp ecx, eax
                                                        jc 00007F26F871D10Eh
                                                        add edx, 28h
                                                        cmp edx, esi
                                                        jne 00007F26F871D0ECh
                                                        xor eax, eax
                                                        pop esi
                                                        pop ebp
                                                        ret
                                                        mov eax, edx
                                                        jmp 00007F26F871D0FBh
                                                        push esi
                                                        call 00007F26F871DD36h
                                                        test eax, eax
                                                        je 00007F26F871D122h
                                                        mov eax, dword ptr fs:[00000018h]
                                                        mov esi, 00487730h
                                                        mov edx, dword ptr [eax+04h]
                                                        jmp 00007F26F871D106h
                                                        cmp edx, eax
                                                        je 00007F26F871D112h
                                                        xor eax, eax
                                                        mov ecx, edx
                                                        lock cmpxchg dword ptr [esi], ecx
                                                        test eax, eax
                                                        jne 00007F26F871D0F2h
                                                        xor al, al
                                                        pop esi
                                                        ret
                                                        mov al, 01h
                                                        pop esi
                                                        ret
                                                        push ebp
                                                        mov ebp, esp
                                                        cmp dword ptr [ebp+08h], 00000000h
                                                        jne 00007F26F871D109h
                                                        mov byte ptr [00487734h], 00000001h
                                                        call 00007F26F871D3BCh
                                                        call 00007F26F87202E9h
                                                        test al, al
                                                        jne 00007F26F871D106h
                                                        xor al, al
                                                        pop ebp
                                                        ret
                                                        call 00007F26F8728FC6h
                                                        test al, al
                                                        jne 00007F26F871D10Ch
                                                        push 00000000h
                                                        call 00007F26F87202F0h
                                                        pop ecx
                                                        jmp 00007F26F871D0EBh
                                                        mov al, 01h
                                                        pop ebp
                                                        ret
                                                        push ebp
                                                        mov ebp, esp
                                                        cmp byte ptr [00487735h], 00000000h
                                                        je 00007F26F871D106h
                                                        mov al, 01h

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x2c9600x28.rdata
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x8b0000x10.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x8b8c80x4ec8
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x890000x1c00.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x2ac480x1c.rdata
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2ab880x40.rdata
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x230000x128.rdata
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x10000x2116b0x212005e78b37eee46bc7b73efc43ebaf897faFalse0.58046875data6.638776941613671IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rdata0x230000xa0040xa200569773c4e3ada6f099c6a2b6c4710985False0.42862654320987653data4.911526697273683IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .data0x2e0000x5a3540x59400669e64627d9d775960eb4d783088cbc7False0.9913750656512605DOS executable (block device driver \377\377\377\377)7.9931074387241825IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .reloc0x890000x1c000x1c006d6712fde06dc035a83267bc136d728bFalse0.7596261160714286data6.536552845701703IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                        .rsrc0x8b0000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                        Imports

                                                        DLLImport
                                                        KERNEL32.dllTlsFree, MultiByteToWideChar, GetStringTypeW, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, CreateFileW, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, HeapAlloc, HeapFree, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, CloseHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetProcessHeap, HeapSize, WriteConsoleW

                                                        Network Behavior

                                                        Suricata IDS Alerts

                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                        2024-10-12T11:24:02.458696+02002056174ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (trustterwowqm .shop)1192.168.2.4604221.1.1.153UDP
                                                        2024-10-12T11:24:02.469027+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.4503591.1.1.153UDP
                                                        2024-10-12T11:24:02.505541+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.4533031.1.1.153UDP
                                                        2024-10-12T11:24:02.517171+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.4648651.1.1.153UDP
                                                        2024-10-12T11:24:02.528993+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.4642711.1.1.153UDP
                                                        2024-10-12T11:24:02.541416+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.4495151.1.1.153UDP
                                                        2024-10-12T11:24:02.551779+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.4519011.1.1.153UDP
                                                        2024-10-12T11:24:02.564574+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.4547201.1.1.153UDP
                                                        2024-10-12T11:24:02.576172+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.4572581.1.1.153UDP
                                                        2024-10-12T11:24:03.917613+02002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.449730104.102.49.254443TCP
                                                        2024-10-12T11:24:04.743600+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449733172.67.206.204443TCP
                                                        2024-10-12T11:24:04.743600+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449733172.67.206.204443TCP
                                                        2024-10-12T11:24:05.986642+02002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449735172.67.206.204443TCP
                                                        2024-10-12T11:24:05.986642+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449735172.67.206.204443TCP

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Oct 12, 2024 11:24:02.609672070 CEST49730443192.168.2.4104.102.49.254
                                                        Oct 12, 2024 11:24:02.609769106 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:02.609848976 CEST49730443192.168.2.4104.102.49.254
                                                        Oct 12, 2024 11:24:02.612596989 CEST49730443192.168.2.4104.102.49.254
                                                        Oct 12, 2024 11:24:02.612633944 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:03.349478960 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:03.349585056 CEST49730443192.168.2.4104.102.49.254
                                                        Oct 12, 2024 11:24:03.353398085 CEST49730443192.168.2.4104.102.49.254
                                                        Oct 12, 2024 11:24:03.353427887 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:03.353852987 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:03.405617952 CEST49730443192.168.2.4104.102.49.254
                                                        Oct 12, 2024 11:24:03.418123960 CEST49730443192.168.2.4104.102.49.254
                                                        Oct 12, 2024 11:24:03.463443995 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:03.917614937 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:03.917653084 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:03.917661905 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:03.917684078 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:03.917695045 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:03.917805910 CEST49730443192.168.2.4104.102.49.254
                                                        Oct 12, 2024 11:24:03.917805910 CEST49730443192.168.2.4104.102.49.254
                                                        Oct 12, 2024 11:24:03.917805910 CEST49730443192.168.2.4104.102.49.254
                                                        Oct 12, 2024 11:24:03.917875051 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:03.917939901 CEST49730443192.168.2.4104.102.49.254
                                                        Oct 12, 2024 11:24:04.056611061 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:04.056670904 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:04.056711912 CEST49730443192.168.2.4104.102.49.254
                                                        Oct 12, 2024 11:24:04.056781054 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:04.056819916 CEST49730443192.168.2.4104.102.49.254
                                                        Oct 12, 2024 11:24:04.056843042 CEST49730443192.168.2.4104.102.49.254
                                                        Oct 12, 2024 11:24:04.063308954 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:04.063371897 CEST49730443192.168.2.4104.102.49.254
                                                        Oct 12, 2024 11:24:04.063425064 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:04.063576937 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:04.063632965 CEST49730443192.168.2.4104.102.49.254
                                                        Oct 12, 2024 11:24:04.064476967 CEST49730443192.168.2.4104.102.49.254
                                                        Oct 12, 2024 11:24:04.064507961 CEST44349730104.102.49.254192.168.2.4
                                                        Oct 12, 2024 11:24:04.111463070 CEST49733443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:04.111552000 CEST44349733172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:04.111639977 CEST49733443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:04.111922979 CEST49733443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:04.111958981 CEST44349733172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:04.606206894 CEST44349733172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:04.606293917 CEST49733443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:04.617600918 CEST49733443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:04.617664099 CEST44349733172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:04.618067026 CEST44349733172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:04.624438047 CEST49733443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:04.624485016 CEST49733443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:04.624555111 CEST44349733172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:04.743577957 CEST44349733172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:04.743618965 CEST44349733172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:04.743650913 CEST44349733172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:04.743674994 CEST44349733172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:04.743695974 CEST49733443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:04.743731022 CEST44349733172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:04.743750095 CEST49733443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:04.743756056 CEST44349733172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:04.743793964 CEST49733443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:04.744138002 CEST49733443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:04.744160891 CEST44349733172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:04.744174004 CEST49733443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:04.744182110 CEST44349733172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:04.843251944 CEST49735443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:04.843327045 CEST44349735172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:04.843435049 CEST49735443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:04.843720913 CEST49735443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:04.843740940 CEST44349735172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:05.332082987 CEST44349735172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:05.332171917 CEST49735443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:05.333791018 CEST49735443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:05.333797932 CEST44349735172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:05.334017038 CEST44349735172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:05.342222929 CEST49735443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:05.342261076 CEST49735443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:05.342327118 CEST44349735172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:05.986648083 CEST44349735172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:05.986728907 CEST44349735172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:05.986783981 CEST49735443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:05.986953974 CEST49735443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:05.986979961 CEST44349735172.67.206.204192.168.2.4
                                                        Oct 12, 2024 11:24:05.986999989 CEST49735443192.168.2.4172.67.206.204
                                                        Oct 12, 2024 11:24:05.987006903 CEST44349735172.67.206.204192.168.2.4

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Oct 12, 2024 11:24:02.458695889 CEST6042253192.168.2.41.1.1.1
                                                        Oct 12, 2024 11:24:02.467852116 CEST53604221.1.1.1192.168.2.4
                                                        Oct 12, 2024 11:24:02.469027042 CEST5035953192.168.2.41.1.1.1
                                                        Oct 12, 2024 11:24:02.478115082 CEST53503591.1.1.1192.168.2.4
                                                        Oct 12, 2024 11:24:02.505541086 CEST5330353192.168.2.41.1.1.1
                                                        Oct 12, 2024 11:24:02.514976978 CEST53533031.1.1.1192.168.2.4
                                                        Oct 12, 2024 11:24:02.517170906 CEST6486553192.168.2.41.1.1.1
                                                        Oct 12, 2024 11:24:02.526767969 CEST53648651.1.1.1192.168.2.4
                                                        Oct 12, 2024 11:24:02.528992891 CEST6427153192.168.2.41.1.1.1
                                                        Oct 12, 2024 11:24:02.537913084 CEST53642711.1.1.1192.168.2.4
                                                        Oct 12, 2024 11:24:02.541415930 CEST4951553192.168.2.41.1.1.1
                                                        Oct 12, 2024 11:24:02.550082922 CEST53495151.1.1.1192.168.2.4
                                                        Oct 12, 2024 11:24:02.551779032 CEST5190153192.168.2.41.1.1.1
                                                        Oct 12, 2024 11:24:02.560864925 CEST53519011.1.1.1192.168.2.4
                                                        Oct 12, 2024 11:24:02.564574003 CEST5472053192.168.2.41.1.1.1
                                                        Oct 12, 2024 11:24:02.574148893 CEST53547201.1.1.1192.168.2.4
                                                        Oct 12, 2024 11:24:02.576172113 CEST5725853192.168.2.41.1.1.1
                                                        Oct 12, 2024 11:24:02.588363886 CEST53572581.1.1.1192.168.2.4
                                                        Oct 12, 2024 11:24:02.589706898 CEST6105153192.168.2.41.1.1.1
                                                        Oct 12, 2024 11:24:02.596339941 CEST53610511.1.1.1192.168.2.4
                                                        Oct 12, 2024 11:24:04.098984003 CEST5489953192.168.2.41.1.1.1
                                                        Oct 12, 2024 11:24:04.110718012 CEST53548991.1.1.1192.168.2.4

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Oct 12, 2024 11:24:02.458695889 CEST192.168.2.41.1.1.10x6061Standard query (0)trustterwowqm.shopA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.469027042 CEST192.168.2.41.1.1.10x6f48Standard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.505541086 CEST192.168.2.41.1.1.10x7baStandard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.517170906 CEST192.168.2.41.1.1.10x2bf6Standard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.528992891 CEST192.168.2.41.1.1.10x4567Standard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.541415930 CEST192.168.2.41.1.1.10x7cf1Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.551779032 CEST192.168.2.41.1.1.10xff04Standard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.564574003 CEST192.168.2.41.1.1.10xfc0aStandard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.576172113 CEST192.168.2.41.1.1.10x4e57Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.589706898 CEST192.168.2.41.1.1.10xbfe7Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:04.098984003 CEST192.168.2.41.1.1.10x725cStandard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Oct 12, 2024 11:24:02.467852116 CEST1.1.1.1192.168.2.40x6061Name error (3)trustterwowqm.shopnonenoneA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.478115082 CEST1.1.1.1192.168.2.40x6f48Name error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.514976978 CEST1.1.1.1192.168.2.40x7baName error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.526767969 CEST1.1.1.1192.168.2.40x2bf6Name error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.537913084 CEST1.1.1.1192.168.2.40x4567Name error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.550082922 CEST1.1.1.1192.168.2.40x7cf1Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.560864925 CEST1.1.1.1192.168.2.40xff04Name error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.574148893 CEST1.1.1.1192.168.2.40xfc0aName error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.588363886 CEST1.1.1.1192.168.2.40x4e57Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:02.596339941 CEST1.1.1.1192.168.2.40xbfe7No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:04.110718012 CEST1.1.1.1192.168.2.40x725cNo error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false
                                                        Oct 12, 2024 11:24:04.110718012 CEST1.1.1.1192.168.2.40x725cNo error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • steamcommunity.com
                                                        • sergei-esenin.com

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.449730104.102.49.2544437532C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-12 09:24:03 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                        Connection: Keep-Alive
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                        Host: steamcommunity.com
                                                        2024-10-12 09:24:03 UTC1870INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                        Cache-Control: no-cache
                                                        Date: Sat, 12 Oct 2024 09:24:03 GMT
                                                        Content-Length: 34837
                                                        Connection: close
                                                        Set-Cookie: sessionid=aabf4626129df8a40703b61b; Path=/; Secure; SameSite=None
                                                        Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                        2024-10-12 09:24:03 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                        2024-10-12 09:24:04 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                        Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                        2024-10-12 09:24:04 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                        Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                        2024-10-12 09:24:04 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.449733172.67.206.2044437532C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-12 09:24:04 UTC264OUTPOST /api HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                        Content-Length: 8
                                                        Host: sergei-esenin.com
                                                        2024-10-12 09:24:04 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                        Data Ascii: act=life
                                                        2024-10-12 09:24:04 UTC553INHTTP/1.1 200 OK
                                                        Date: Sat, 12 Oct 2024 09:24:04 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        X-Frame-Options: SAMEORIGIN
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XbMn6tfrQ7ruJBgfZdrmrY59B54GvPw3HZ%2B62mLiTHAn89EGMNZHyoq5eHwgZJltABsy60%2BNtYSxqQdSSV4zbz2erliQZMPkrb58l8l0d261J4W9vJP6rP6qXF%2FwjP4HsWbEEA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8d1608e95dfe433a-EWR
                                                        2024-10-12 09:24:04 UTC816INData Raw: 31 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                        Data Ascii: 1151<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                        2024-10-12 09:24:04 UTC1369INData Raw: 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f
                                                        Data Ascii: s/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('co
                                                        2024-10-12 09:24:04 UTC1369INData Raw: 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70
                                                        Data Ascii: ement/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <inp
                                                        2024-10-12 09:24:04 UTC887INData Raw: 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61
                                                        Data Ascii: <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="bra
                                                        2024-10-12 09:24:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        2192.168.2.449735172.67.206.2044437532C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-12 09:24:05 UTC354OUTPOST /api HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Cookie: __cf_mw_byp=47JuexSbWQVr1ssGx4yQxentsQn.LeX1WyFSzC4Cbos-1728725044-0.0.1.1-/api
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                        Content-Length: 81
                                                        Host: sergei-esenin.com
                                                        2024-10-12 09:24:05 UTC81OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 74 4c 59 4d 65 35 2d 2d 64 65 6c 69 33 33 33 26 6a 3d 35 63 39 62 38 36 37 34 61 36 33 30 64 39 31 30 31 62 34 36 37 33 33 61 61 33 37 66 31 35 65 63
                                                        Data Ascii: act=recive_message&ver=4.0&lid=tLYMe5--deli333&j=5c9b8674a630d9101b46733aa37f15ec
                                                        2024-10-12 09:24:05 UTC831INHTTP/1.1 200 OK
                                                        Date: Sat, 12 Oct 2024 09:24:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        Set-Cookie: PHPSESSID=4ifacc53fur9gple2g32csp6j1; expires=Wed, 05 Feb 2025 03:10:44 GMT; Max-Age=9999999; path=/
                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                        Pragma: no-cache
                                                        cf-cache-status: DYNAMIC
                                                        vary: accept-encoding
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9qBTTCiEH78m2iCd75saAhV8SZQobi2dzTIq2D%2FR9YJ8BwHbknvx%2BCiqx63rGvUE4hgD8FgeU%2FIzWonI%2BxY38u2Lw1rCwCMSh6MrgWy4UaGewEshx5T0ZjMOQo4QLQfNT%2B26xA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8d1608eddcb50f80-EWR
                                                        alt-svc: h3=":443"; ma=86400
                                                        2024-10-12 09:24:05 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                        Data Ascii: aerror #D12
                                                        2024-10-12 09:24:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:05:23:58
                                                        Start date:12/10/2024
                                                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe"
                                                        Imagebase:0x890000
                                                        File size:591'760 bytes
                                                        MD5 hash:C176313B73CB225CDF30935DF4541B3D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:1
                                                        Start time:05:24:01
                                                        Start date:12/10/2024
                                                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe"
                                                        Imagebase:0x890000
                                                        File size:591'760 bytes
                                                        MD5 hash:C176313B73CB225CDF30935DF4541B3D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:2
                                                        Start time:05:24:01
                                                        Start date:12/10/2024
                                                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe"
                                                        Imagebase:0x890000
                                                        File size:591'760 bytes
                                                        MD5 hash:C176313B73CB225CDF30935DF4541B3D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:5
                                                        Start time:05:24:02
                                                        Start date:12/10/2024
                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 268
                                                        Imagebase:0xf50000
                                                        File size:483'680 bytes
                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:7
                                                        Start time:05:24:05
                                                        Start date:12/10/2024
                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 1676
                                                        Imagebase:0xf50000
                                                        File size:483'680 bytes
                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:10
                                                        Start time:05:24:20
                                                        Start date:12/10/2024
                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 476
                                                        Imagebase:0xf50000
                                                        File size:483'680 bytes
                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:0.6%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:10.6%
                                                          Total number of Nodes:254
                                                          Total number of Limit Nodes:5
                                                          execution_graph 40683 8afde0 40686 8aa706 40683->40686 40687 8aa741 40686->40687 40688 8aa70f 40686->40688 40692 8a52d0 40688->40692 40693 8a52db 40692->40693 40694 8a52e1 40692->40694 40743 8a385f 6 API calls std::_Lockit::_Lockit 40693->40743 40698 8a52e7 40694->40698 40744 8a389e 6 API calls std::_Lockit::_Lockit 40694->40744 40697 8a52fb 40697->40698 40699 8a52ff 40697->40699 40703 8a52ec 40698->40703 40752 89fafc 43 API calls __purecall 40698->40752 40745 8a3392 14 API calls 2 library calls 40699->40745 40720 8aa511 40703->40720 40704 8a530b 40705 8a5328 40704->40705 40706 8a5313 40704->40706 40748 8a389e 6 API calls std::_Lockit::_Lockit 40705->40748 40746 8a389e 6 API calls std::_Lockit::_Lockit 40706->40746 40709 8a531f 40747 8a33ef 14 API calls __dosmaperr 40709->40747 40710 8a5334 40711 8a5338 40710->40711 40712 8a5347 40710->40712 40749 8a389e 6 API calls std::_Lockit::_Lockit 40711->40749 40750 8a5043 14 API calls __dosmaperr 40712->40750 40716 8a5325 40716->40698 40717 8a5352 40751 8a33ef 14 API calls __dosmaperr 40717->40751 40719 8a5359 40719->40703 40753 8aa666 40720->40753 40727 8aa57b 40780 8aa761 40727->40780 40728 8aa56d 40791 8a33ef 14 API calls __dosmaperr 40728->40791 40731 8aa554 40731->40687 40733 8aa5b3 40792 89d579 14 API calls __dosmaperr 40733->40792 40735 8aa5fa 40738 8aa643 40735->40738 40795 8aa183 43 API calls 2 library calls 40735->40795 40736 8aa5b8 40793 8a33ef 14 API calls __dosmaperr 40736->40793 40737 8aa5ce 40737->40735 40794 8a33ef 14 API calls __dosmaperr 40737->40794 40796 8a33ef 14 API calls __dosmaperr 40738->40796 40743->40694 40744->40697 40745->40704 40746->40709 40747->40716 40748->40710 40749->40709 40750->40717 40751->40719 40754 8aa672 ___scrt_is_nonwritable_in_current_image 40753->40754 40755 8aa68c 40754->40755 40797 89d5cd EnterCriticalSection 40754->40797 40757 8aa53b 40755->40757 40800 89fafc 43 API calls __purecall 40755->40800 40764 8aa291 40757->40764 40758 8aa6c8 40799 8aa6e5 LeaveCriticalSection std::_Lockit::~_Lockit 40758->40799 40762 8aa69c 40762->40758 40798 8a33ef 14 API calls __dosmaperr 40762->40798 40801 89fb40 40764->40801 40766 8aa2a3 40767 8aa2b2 GetOEMCP 40766->40767 40768 8aa2c4 40766->40768 40769 8aa2db 40767->40769 40768->40769 40770 8aa2c9 GetACP 40768->40770 40769->40731 40771 8a3e14 40769->40771 40770->40769 40772 8a3e52 40771->40772 40773 8a3e22 40771->40773 40812 89d579 14 API calls __dosmaperr 40772->40812 40774 8a3e3d HeapAlloc 40773->40774 40778 8a3e26 __dosmaperr 40773->40778 40776 8a3e50 40774->40776 40774->40778 40777 8a3e57 40776->40777 40777->40727 40777->40728 40778->40772 40778->40774 40811 8a03a3 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 40778->40811 40781 8aa291 45 API calls 40780->40781 40782 8aa781 40781->40782 40784 8aa7be IsValidCodePage 40782->40784 40788 8aa7fa __fread_nolock 40782->40788 40786 8aa7d0 40784->40786 40784->40788 40785 8aa5a8 40785->40733 40785->40737 40787 8aa7ff GetCPInfo 40786->40787 40790 8aa7d9 __fread_nolock 40786->40790 40787->40788 40787->40790 40824 89693b 40788->40824 40813 8aa365 40790->40813 40791->40731 40792->40736 40793->40731 40794->40735 40795->40738 40796->40731 40797->40762 40798->40758 40799->40755 40802 89fb5e 40801->40802 40808 8a5215 43 API calls 3 library calls 40802->40808 40804 89fb7f 40809 8a3e62 43 API calls __Getctype 40804->40809 40806 89fb95 40810 8a3ec0 43 API calls _Fputc 40806->40810 40808->40804 40809->40806 40811->40778 40812->40777 40814 8aa38d GetCPInfo 40813->40814 40815 8aa456 40813->40815 40814->40815 40818 8aa3a5 40814->40818 40817 89693b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 40815->40817 40820 8aa50f 40817->40820 40831 8a86fc 40818->40831 40820->40788 40823 8a89f3 48 API calls 40823->40815 40825 896943 40824->40825 40826 896944 IsProcessorFeaturePresent 40824->40826 40825->40785 40828 8972ed 40826->40828 40908 8972b0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 40828->40908 40830 8973d0 40830->40785 40832 89fb40 std::_Locinfo::_Locinfo_dtor 43 API calls 40831->40832 40833 8a871c 40832->40833 40851 8a9869 40833->40851 40835 8a87e0 40838 89693b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 40835->40838 40836 8a87d8 40854 89691d 14 API calls std::locale::_Locimp::~_Locimp 40836->40854 40837 8a8749 40837->40835 40837->40836 40841 8a3e14 __fread_nolock 15 API calls 40837->40841 40842 8a876e __fread_nolock std::_Locinfo::_Locinfo_dtor 40837->40842 40839 8a8803 40838->40839 40846 8a89f3 40839->40846 40841->40842 40842->40836 40843 8a9869 __fread_nolock MultiByteToWideChar 40842->40843 40844 8a87b9 40843->40844 40844->40836 40845 8a87c4 GetStringTypeW 40844->40845 40845->40836 40847 89fb40 std::_Locinfo::_Locinfo_dtor 43 API calls 40846->40847 40848 8a8a06 40847->40848 40855 8a8805 40848->40855 40852 8a987a MultiByteToWideChar 40851->40852 40852->40837 40854->40835 40856 8a8820 40855->40856 40857 8a9869 __fread_nolock MultiByteToWideChar 40856->40857 40862 8a8866 40857->40862 40858 8a89de 40859 89693b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 40858->40859 40861 8a89f1 40859->40861 40860 8a8912 40895 89691d 14 API calls std::locale::_Locimp::~_Locimp 40860->40895 40861->40823 40862->40858 40862->40860 40863 8a3e14 __fread_nolock 15 API calls 40862->40863 40865 8a888c std::_Locinfo::_Locinfo_dtor 40862->40865 40863->40865 40865->40860 40866 8a9869 __fread_nolock MultiByteToWideChar 40865->40866 40867 8a88d1 40866->40867 40867->40860 40883 8a3a1d 40867->40883 40870 8a893b 40871 8a89c6 40870->40871 40874 8a3e14 __fread_nolock 15 API calls 40870->40874 40876 8a894d std::_Locinfo::_Locinfo_dtor 40870->40876 40894 89691d 14 API calls std::locale::_Locimp::~_Locimp 40871->40894 40872 8a8903 40872->40860 40873 8a3a1d std::_Locinfo::_Locinfo_dtor 7 API calls 40872->40873 40873->40860 40874->40876 40876->40871 40877 8a3a1d std::_Locinfo::_Locinfo_dtor 7 API calls 40876->40877 40878 8a8990 40877->40878 40878->40871 40892 8a98e5 WideCharToMultiByte 40878->40892 40880 8a89aa 40880->40871 40881 8a89b3 40880->40881 40893 89691d 14 API calls std::locale::_Locimp::~_Locimp 40881->40893 40896 8a35cb 40883->40896 40886 8a3a2e LCMapStringEx 40891 8a3a75 40886->40891 40887 8a3a55 40899 8a3a7a 5 API calls std::_Locinfo::_Locinfo_dtor 40887->40899 40890 8a3a6e LCMapStringW 40890->40891 40891->40860 40891->40870 40891->40872 40892->40880 40893->40860 40894->40860 40895->40858 40900 8a36ca 40896->40900 40899->40890 40901 8a35e1 40900->40901 40902 8a36f8 40900->40902 40901->40886 40901->40887 40902->40901 40907 8a35ff LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary ___vcrt_FlsFree 40902->40907 40904 8a370c 40904->40901 40905 8a3712 GetProcAddress 40904->40905 40905->40901 40906 8a3722 std::_Lockit::_Lockit 40905->40906 40906->40901 40907->40904 40908->40830 40909 896a74 40910 896a80 ___scrt_is_nonwritable_in_current_image 40909->40910 40935 896c70 40910->40935 40912 896bda 40977 8975d8 4 API calls 2 library calls 40912->40977 40913 896a87 40913->40912 40923 896ab1 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock __purecall 40913->40923 40915 896be1 40978 8a0f66 23 API calls __purecall 40915->40978 40917 896be7 40979 8a0f2a 23 API calls __purecall 40917->40979 40919 896bef 40920 896ad0 40921 896b51 40943 8976ed 40921->40943 40923->40920 40923->40921 40973 8a0f40 43 API calls 4 library calls 40923->40973 40924 896b57 40947 892198 40924->40947 40927 896b6c 40974 897723 GetModuleHandleW 40927->40974 40929 896b73 40929->40915 40930 896b77 40929->40930 40931 896b80 40930->40931 40975 8a0f1b 23 API calls __purecall 40930->40975 40976 896de1 79 API calls ___scrt_uninitialize_crt 40931->40976 40934 896b88 40934->40920 40936 896c79 40935->40936 40980 896f3c IsProcessorFeaturePresent 40936->40980 40938 896c85 40981 899e6e 10 API calls 2 library calls 40938->40981 40940 896c8a 40941 896c8e 40940->40941 40982 899e8d 7 API calls 2 library calls 40940->40982 40941->40913 40983 8984e0 40943->40983 40945 897700 GetStartupInfoW 40946 897713 40945->40946 40946->40924 40984 89241e 40947->40984 40951 8921da 41019 8931ce 45 API calls 2 library calls 40951->41019 40953 8921f5 _strlen 40988 8924d1 40953->40988 40954 8921ee 41020 892aac 75 API calls 40954->41020 40956 89221c GetPEB 40992 891cd2 40956->40992 40963 89233e 40965 891cd2 76 API calls 40963->40965 40964 892396 40970 8923be std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40964->40970 41021 8912ac 43 API calls _Deallocate 40964->41021 40966 892354 40965->40966 40966->40927 40969 8923e2 40971 89693b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 40969->40971 41022 8924ab 43 API calls _Deallocate 40970->41022 40972 8923f1 40971->40972 40972->40927 40973->40921 40974->40929 40975->40931 40976->40934 40977->40915 40978->40917 40979->40919 40980->40938 40981->40940 40982->40941 40983->40945 40985 89243b _strlen 40984->40985 41023 892ade 40985->41023 40987 8921b8 40987->40953 41018 8928e9 45 API calls 3 library calls 40987->41018 40989 892504 40988->40989 40991 8924e0 std::ios_base::_Init 40988->40991 41032 892bb7 45 API calls 2 library calls 40989->41032 40991->40956 40993 891d02 40992->40993 41001 891da1 40993->41001 41037 893348 45 API calls 4 library calls 40993->41037 40995 891eeb 41033 892cd7 40995->41033 40997 891eff 40998 89693b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 40997->40998 40999 891f13 40998->40999 41004 8920ea 40999->41004 41001->40995 41003 892cd7 _Deallocate 43 API calls 41001->41003 41038 893348 45 API calls 4 library calls 41001->41038 41039 891176 74 API calls 41001->41039 41003->41001 41005 892151 41004->41005 41010 892121 41004->41010 41007 89693b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 41005->41007 41006 89241e std::ios_base::_Init 45 API calls 41006->41010 41009 892165 VirtualProtect 41007->41009 41009->40963 41009->40964 41010->41005 41010->41006 41011 892169 41010->41011 41041 891f1a 75 API calls ctype 41010->41041 41042 8924ab 43 API calls _Deallocate 41010->41042 41043 89263e 75 API calls 4 library calls 41011->41043 41014 892173 41044 8928b7 75 API calls 41014->41044 41016 892179 41045 8924ab 43 API calls _Deallocate 41016->41045 41018->40951 41019->40954 41020->40953 41021->40970 41022->40969 41024 892b49 41023->41024 41026 892aef std::ios_base::_Init 41023->41026 41031 8912ce 45 API calls std::_Xinvalid_argument 41024->41031 41029 892af6 std::ios_base::_Init 41026->41029 41030 89348b 45 API calls 2 library calls 41026->41030 41029->40987 41030->41029 41032->40991 41034 892ce4 41033->41034 41036 892cf1 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41033->41036 41040 8912ac 43 API calls _Deallocate 41034->41040 41036->40997 41037->40993 41038->41001 41039->41001 41040->41036 41041->41010 41042->41010 41043->41014 41044->41016 41045->41005

                                                          Executed Functions

                                                          Function 00892198 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 205memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                            • Part of subcall function 0089241E: _strlen.LIBCMT ref: 00892436
                                                          • _strlen.LIBCMT ref: 0089220C
                                                          • VirtualProtect.KERNELBASE(00916900,000004E4,00000040,?,008BAABC,00000000,IOanz UZA891nNAIUsy U(Ahy8*! ), ref: 00892337
                                                            • Part of subcall function 008928E9: __EH_prolog3_catch.LIBCMT ref: 008928F0
                                                            • Part of subcall function 008928E9: _strlen.LIBCMT ref: 00892908
                                                            • Part of subcall function 008931CE: __EH_prolog3_catch.LIBCMT ref: 008931D5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: _strlen$H_prolog3_catch$ProtectVirtual
                                                          • String ID: IOanz UZA891nNAIUsy U(Ahy8*! $MZx
                                                          • API String ID: 2874085908-2632814837
                                                          • Opcode ID: fc9e79a3d9c6fcc52f1309db087e1884cf867b5b051f332a3928b551a45e4fc0
                                                          • Instruction ID: 2da868c6528d7268edb1e6e7a8ae60a1751f977dabfe9353a1743ddcaa96768d
                                                          • Opcode Fuzzy Hash: fc9e79a3d9c6fcc52f1309db087e1884cf867b5b051f332a3928b551a45e4fc0
                                                          • Instruction Fuzzy Hash: 9B510532E10208AFDF04FAA8D855BEEB7B9FB98320F14412AF516E72D0DB785840D755
                                                          Function 008A8805 Relevance: 4.7, APIs: 3, Instructions: 202COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 46 8a8805-8a881e 47 8a8820-8a8830 call 8a0378 46->47 48 8a8834-8a8839 46->48 47->48 54 8a8832 47->54 50 8a883b-8a8845 48->50 51 8a8848-8a886e call 8a9869 48->51 50->51 56 8a89e1-8a89f2 call 89693b 51->56 57 8a8874-8a887f 51->57 54->48 59 8a89d4 57->59 60 8a8885-8a888a 57->60 61 8a89d6 59->61 63 8a889f-8a88aa call 8a3e14 60->63 64 8a888c-8a8895 call 896f10 60->64 66 8a89d8-8a89df call 89691d 61->66 71 8a88ac 63->71 72 8a88b5-8a88b9 63->72 64->72 74 8a8897-8a889d 64->74 66->56 75 8a88b2 71->75 72->61 76 8a88bf-8a88d6 call 8a9869 72->76 74->75 75->72 76->61 79 8a88dc-8a88ee call 8a3a1d 76->79 81 8a88f3-8a88f7 79->81 82 8a88f9-8a8901 81->82 83 8a8912-8a8914 81->83 84 8a893b-8a8947 82->84 85 8a8903-8a8908 82->85 83->61 86 8a8949-8a894b 84->86 87 8a89c6 84->87 88 8a89ba-8a89bc 85->88 89 8a890e-8a8910 85->89 90 8a894d-8a8956 call 896f10 86->90 91 8a8960-8a896b call 8a3e14 86->91 92 8a89c8-8a89cf call 89691d 87->92 88->66 89->83 93 8a8919-8a8933 call 8a3a1d 89->93 90->92 103 8a8958-8a895e 90->103 91->92 104 8a896d 91->104 92->83 93->88 102 8a8939 93->102 102->83 105 8a8973-8a8978 103->105 104->105 105->92 106 8a897a-8a8992 call 8a3a1d 105->106 106->92 109 8a8994-8a899b 106->109 110 8a89be-8a89c4 109->110 111 8a899d-8a899e 109->111 112 8a899f-8a89b1 call 8a98e5 110->112 111->112 112->92 115 8a89b3-8a89b9 call 89691d 112->115 115->88
                                                          APIs
                                                          • __freea.LIBCMT ref: 008A89B4
                                                            • Part of subcall function 008A3E14: HeapAlloc.KERNEL32(00000000,00000000,?,?,008978E5,?,?,?,?,?,008911CC,?,00000001), ref: 008A3E46
                                                          • __freea.LIBCMT ref: 008A89C9
                                                          • __freea.LIBCMT ref: 008A89D9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: __freea$AllocHeap
                                                          • String ID:
                                                          • API String ID: 85559729-0
                                                          • Opcode ID: 9726b497ea745296e2f436d795f27c1e600aed153bb4b87853647c834c2720d3
                                                          • Instruction ID: 835be06d20bc07eb8a01220984c08c7d9289c06344cd6e0b1bb664b124263d12
                                                          • Opcode Fuzzy Hash: 9726b497ea745296e2f436d795f27c1e600aed153bb4b87853647c834c2720d3
                                                          • Instruction Fuzzy Hash: ED51817260021AEFFF219E648C41EBB3AA9FB46354B590129FD04E7651EE75CD108A72
                                                          Function 008AA761 Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 118 8aa761-8aa789 call 8aa291 121 8aa78f-8aa795 118->121 122 8aa951-8aa952 call 8aa302 118->122 124 8aa798-8aa79e 121->124 125 8aa957-8aa959 122->125 126 8aa8a0-8aa8bf call 8984e0 124->126 127 8aa7a4-8aa7b0 124->127 129 8aa95a-8aa968 call 89693b 125->129 135 8aa8c2-8aa8c7 126->135 127->124 130 8aa7b2-8aa7b8 127->130 133 8aa898-8aa89b 130->133 134 8aa7be-8aa7ca IsValidCodePage 130->134 133->129 134->133 137 8aa7d0-8aa7d7 134->137 138 8aa8c9-8aa8ce 135->138 139 8aa904-8aa90e 135->139 140 8aa7d9-8aa7e5 137->140 141 8aa7ff-8aa80c GetCPInfo 137->141 146 8aa8d0-8aa8d8 138->146 147 8aa901 138->147 139->135 142 8aa910-8aa93a call 8aa253 139->142 143 8aa7e9-8aa7f5 call 8aa365 140->143 144 8aa80e-8aa82d call 8984e0 141->144 145 8aa88c-8aa892 141->145 157 8aa93b-8aa94a 142->157 154 8aa7fa 143->154 144->143 158 8aa82f-8aa836 144->158 145->122 145->133 151 8aa8da-8aa8dd 146->151 152 8aa8f9-8aa8ff 146->152 147->139 156 8aa8df-8aa8e5 151->156 152->138 152->147 154->125 156->152 159 8aa8e7-8aa8f7 156->159 157->157 160 8aa94c 157->160 161 8aa838-8aa83d 158->161 162 8aa862-8aa865 158->162 159->152 159->156 160->122 161->162 163 8aa83f-8aa847 161->163 164 8aa86a-8aa871 162->164 165 8aa85a-8aa860 163->165 166 8aa849-8aa850 163->166 164->164 167 8aa873-8aa887 call 8aa253 164->167 165->161 165->162 169 8aa851-8aa858 166->169 167->143 169->165 169->169
                                                          APIs
                                                            • Part of subcall function 008AA291: GetOEMCP.KERNEL32(00000000,?,?,?,?), ref: 008AA2BC
                                                          • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,008AA5A8,?,00000000,?,?,?), ref: 008AA7C2
                                                          • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,008AA5A8,?,00000000,?,?,?), ref: 008AA804
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: CodeInfoPageValid
                                                          • String ID:
                                                          • API String ID: 546120528-0
                                                          • Opcode ID: 416355c13f867fb229e75e47b9494c1886db1ccbd34e978eb0993ca686fd1064
                                                          • Instruction ID: 2769e9c4eddecb809f92b9c0e54166e0d2cde0e9c2e35cf30d9be99059956970
                                                          • Opcode Fuzzy Hash: 416355c13f867fb229e75e47b9494c1886db1ccbd34e978eb0993ca686fd1064
                                                          • Instruction Fuzzy Hash: C7510370A003468EEB28DF35C8816ABBBF4FF42304F18456ED096C7E51E7799946CB52
                                                          Function 008A3A1D Relevance: 3.0, APIs: 2, Instructions: 34COMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 171 8a3a1d-8a3a2c call 8a35cb 174 8a3a2e-8a3a53 LCMapStringEx 171->174 175 8a3a55-8a3a6f call 8a3a7a LCMapStringW 171->175 179 8a3a75-8a3a77 174->179 175->179
                                                          APIs
                                                          • LCMapStringEx.KERNELBASE(?,008A88F3,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 008A3A51
                                                          • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,008A88F3,?,?,00000000,?,00000000), ref: 008A3A6F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: String
                                                          • String ID:
                                                          • API String ID: 2568140703-0
                                                          • Opcode ID: b0fe6b157b2b827489bdf9b88b5e157180249c577340bec002a80b11ba03eefb
                                                          • Instruction ID: 7adddaf88e425f9d7abaab45acb32e758f75c42d29e77e900814e5d2eb292b93
                                                          • Opcode Fuzzy Hash: b0fe6b157b2b827489bdf9b88b5e157180249c577340bec002a80b11ba03eefb
                                                          • Instruction Fuzzy Hash: A1F09D3240092ABBCF126F94DC05EDE3F66FF49360F054110FA19A5120D732DA72AB91
                                                          Function 008AA365 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 180 8aa365-8aa387 181 8aa38d-8aa39f GetCPInfo 180->181 182 8aa4a0-8aa4c6 180->182 181->182 183 8aa3a5-8aa3ac 181->183 184 8aa4cb-8aa4d0 182->184 187 8aa3ae-8aa3b8 183->187 185 8aa4da-8aa4e0 184->185 186 8aa4d2-8aa4d8 184->186 189 8aa4ec 185->189 190 8aa4e2-8aa4e5 185->190 188 8aa4e8-8aa4ea 186->188 187->187 191 8aa3ba-8aa3cd 187->191 192 8aa4ee-8aa500 188->192 189->192 190->188 193 8aa3ee-8aa3f0 191->193 192->184 196 8aa502-8aa510 call 89693b 192->196 194 8aa3cf-8aa3d6 193->194 195 8aa3f2-8aa429 call 8a86fc call 8a89f3 193->195 199 8aa3e5-8aa3e7 194->199 206 8aa42e-8aa463 call 8a89f3 195->206 202 8aa3d8-8aa3da 199->202 203 8aa3e9-8aa3ec 199->203 202->203 205 8aa3dc-8aa3e4 202->205 203->193 205->199 209 8aa465-8aa46f 206->209 210 8aa47d-8aa47f 209->210 211 8aa471-8aa47b 209->211 213 8aa48d 210->213 214 8aa481-8aa48b 210->214 212 8aa48f-8aa49c 211->212 212->209 215 8aa49e 212->215 213->212 214->212 215->196
                                                          APIs
                                                          • GetCPInfo.KERNEL32(E8458D00,?,008AA5B4,008AA5A8,00000000), ref: 008AA397
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: Info
                                                          • String ID:
                                                          • API String ID: 1807457897-0
                                                          • Opcode ID: b60cd33efff89d515d7d8209a8b9e68eda17da9b6f678982701946f877721a8c
                                                          • Instruction ID: b88304a2138a26076078acfca38bb4cfe7ffd932d36a8a64ae23aee9b60d6921
                                                          • Opcode Fuzzy Hash: b60cd33efff89d515d7d8209a8b9e68eda17da9b6f678982701946f877721a8c
                                                          • Instruction Fuzzy Hash: ED51677150425C9EEF258E28CC84AFA7BBCFB4A304F2405ADE19AC7942D3749D46DB21

                                                          Non-executed Functions

                                                          Function 008DDBC0 Relevance: 20.7, Strings: 15, Instructions: 1988COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $'&9$(+*-$,$,/.!$0325$4$8;:=$@GFE$`onm$efgh$lcba$lkji$p$pwvu$yz{|
                                                          • API String ID: 0-4284672935
                                                          • Opcode ID: 17a9da9fb198ce4cff53889ca9a74bbfb73063c59ecad7ce56909eb832305105
                                                          • Instruction ID: f76b18f22c8dc579c0dbe1ec5bcb8f7f9fc5355c26d49010de157c0754b5ea43
                                                          • Opcode Fuzzy Hash: 17a9da9fb198ce4cff53889ca9a74bbfb73063c59ecad7ce56909eb832305105
                                                          • Instruction Fuzzy Hash: 5CF26571508381AAD730DF54D884BABBBE1FF86345F184A2EE5C99B392D7359804CB93
                                                          Function 008ED590 Relevance: 11.5, Strings: 9, Instructions: 256COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0W4i$2C!E$4[&]$7S.U$8O?A$;_(Q$=G!Y$A3W5$W7JI
                                                          • API String ID: 0-83756894
                                                          • Opcode ID: c1abe5d969104e4faaeeb94a57dcd0a77674fd740321b7385ce3fa244a949eb5
                                                          • Instruction ID: 9f4609722280701d5cea7963cfed7e1bc1a4420936a2305a339b74ce989f1c12
                                                          • Opcode Fuzzy Hash: c1abe5d969104e4faaeeb94a57dcd0a77674fd740321b7385ce3fa244a949eb5
                                                          • Instruction Fuzzy Hash: FF81AEB490035ADBCB10CF99C991BBEB7B1FF16304F244148E845AB391E334AE55CBA6
                                                          Function 008AD875 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: __floor_pentium4
                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                          • API String ID: 4168288129-2761157908
                                                          • Opcode ID: 95c18ca14ec3d85a3486c33fef932bb4bfa06d67dd7415d33a12928ec74813ca
                                                          • Instruction ID: f663728eb8599a4347bf0bf3db81b16834aaefdc6e15aa4c87c506114e116d35
                                                          • Opcode Fuzzy Hash: 95c18ca14ec3d85a3486c33fef932bb4bfa06d67dd7415d33a12928ec74813ca
                                                          • Instruction Fuzzy Hash: ACD22771E086298FEB65CE28CC407EAB7B5FB45314F1445EAD44EE7640EB78AE818F41
                                                          Function 008ACBCF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLocaleInfoW.KERNEL32(?,2000000B,008ACEED,00000002,00000000,?,?,?,008ACEED,?,00000000), ref: 008ACC68
                                                          • GetLocaleInfoW.KERNEL32(?,20001004,008ACEED,00000002,00000000,?,?,?,008ACEED,?,00000000), ref: 008ACC91
                                                          • GetACP.KERNEL32(?,?,008ACEED,?,00000000), ref: 008ACCA6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: InfoLocale
                                                          • String ID: ACP$OCP
                                                          • API String ID: 2299586839-711371036
                                                          • Opcode ID: de0e24b95cac9b24df44761bf3b0e0aaee8c71877aeda57f01ef83b42a76135d
                                                          • Instruction ID: d510b644d1f8be0fd635a673a86e2ad908792f4ff97db38ff83494965b56310a
                                                          • Opcode Fuzzy Hash: de0e24b95cac9b24df44761bf3b0e0aaee8c71877aeda57f01ef83b42a76135d
                                                          • Instruction Fuzzy Hash: C7218022A00505AAFB349F69CA05AA7B3A7FF56F74B568464E90ED7900F732DE41C390
                                                          Function 008ACDA4 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 008A5215: GetLastError.KERNEL32(?,00000000,0089FB7F,?,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A5219
                                                            • Part of subcall function 008A5215: SetLastError.KERNEL32(00000000,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A52BB
                                                          • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 008ACEB0
                                                          • IsValidCodePage.KERNEL32(00000000), ref: 008ACEF9
                                                          • IsValidLocale.KERNEL32(?,00000001), ref: 008ACF08
                                                          • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 008ACF50
                                                          • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 008ACF6F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                          • String ID:
                                                          • API String ID: 415426439-0
                                                          • Opcode ID: 9c1c1d2177445833b5fef3e47b38f6ed8b4a7a1d5a4bbb7d9fb38c9b18b759d7
                                                          • Instruction ID: ebc51811c7b48f731220ea8bf621b8fe70f1f8864d1ad3c0268a1ae9a6ced7f1
                                                          • Opcode Fuzzy Hash: 9c1c1d2177445833b5fef3e47b38f6ed8b4a7a1d5a4bbb7d9fb38c9b18b759d7
                                                          • Instruction Fuzzy Hash: C2516172A00609AFFF10DFA9CC41ABE77B8FF4A700F144569E514E7590EB709A54CB61
                                                          Function 008AC440 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 008A5215: GetLastError.KERNEL32(?,00000000,0089FB7F,?,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A5219
                                                            • Part of subcall function 008A5215: SetLastError.KERNEL32(00000000,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A52BB
                                                          • GetACP.KERNEL32(?,?,?,?,?,?,008A1773,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 008AC501
                                                          • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,008A1773,?,?,?,00000055,?,-00000050,?,?), ref: 008AC52C
                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 008AC68F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$CodeInfoLocalePageValid
                                                          • String ID: utf8
                                                          • API String ID: 607553120-905460609
                                                          • Opcode ID: 50d4b8fcb34acfb6d2c952b100628713089fdcf65eee078ea26352b087f2d702
                                                          • Instruction ID: 50f268981724c1164232b9d87e5b30ae557c4c5890959c8116b137eec5ae79cb
                                                          • Opcode Fuzzy Hash: 50d4b8fcb34acfb6d2c952b100628713089fdcf65eee078ea26352b087f2d702
                                                          • Instruction Fuzzy Hash: BD711471A00706AAFB24EB79CC42FB673A8FF5A310F144429F605DB981FB75ED408666
                                                          Function 008BF19D Relevance: 7.2, Strings: 5, Instructions: 909COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0$0$0$@$i
                                                          • API String ID: 0-3124195287
                                                          • Opcode ID: 71f3d092406bf2b1da397f9251c19992cfeb9473183140990b6d77d2ed173c24
                                                          • Instruction ID: 7744e76954c38265e1add672a10e3615aa15692af3b22f2ecdcb082381e868f2
                                                          • Opcode Fuzzy Hash: 71f3d092406bf2b1da397f9251c19992cfeb9473183140990b6d77d2ed173c24
                                                          • Instruction Fuzzy Hash: C972CE71A083558FD318CE28C490B6ABBE1FBC4358F188A2DE9D9D7392D674DC458F82
                                                          Function 008BF2FD Relevance: 6.7, Strings: 5, Instructions: 453COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: -$0$gfff$gfff$gfff
                                                          • API String ID: 0-1217629319
                                                          • Opcode ID: e70ea6af7df4099828697e47c503092b59018ffd614456e3a52484d2297035ff
                                                          • Instruction ID: 83a00b125083715f6a3b8e8711bf625801d496e4aabe5592e428bbb5b4ddf7d8
                                                          • Opcode Fuzzy Hash: e70ea6af7df4099828697e47c503092b59018ffd614456e3a52484d2297035ff
                                                          • Instruction Fuzzy Hash: C8F1BE71A087518FD318CE29C89075ABBE2FBD9314F098A2DE9D5CB382D674D945CB82
                                                          Function 008CD960 Relevance: 6.7, Strings: 5, Instructions: 409COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: JpzN$\W$d`df$vLyB$q-s
                                                          • API String ID: 0-2943124228
                                                          • Opcode ID: c0123f9ddd81bde4ead67e13c59693835463b28b846828819b093025ea9eb232
                                                          • Instruction ID: ec0e107faee0ae94c97a3da6fd16cc6701b5f60ff328775ae683bbbef12c8b8b
                                                          • Opcode Fuzzy Hash: c0123f9ddd81bde4ead67e13c59693835463b28b846828819b093025ea9eb232
                                                          • Instruction Fuzzy Hash: 6FD156B050C3848BD311EF189490B2EBBF5FBA6744F28096CE5D58B362D336D949CB96
                                                          Function 008DFF98 Relevance: 6.5, Strings: 5, Instructions: 258COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: k$i$-{4y$H~$KC$zC
                                                          • API String ID: 0-1198185020
                                                          • Opcode ID: cb060303c5a1a0c4baba74594868201dd970643a30ef342180b2144766bb590c
                                                          • Instruction ID: c5fa56b11892ca0f67742f5cc77e3459128e45b77008a9f6a31b98e76cf9f581
                                                          • Opcode Fuzzy Hash: cb060303c5a1a0c4baba74594868201dd970643a30ef342180b2144766bb590c
                                                          • Instruction Fuzzy Hash: 2A8175B05083808BD7119F1AD891B2AB7F0FF96764F089A1CE4D5CB291E379D941CBA7
                                                          Function 008A4023 Relevance: 6.3, APIs: 4, Instructions: 337COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: _strrchr
                                                          • String ID:
                                                          • API String ID: 3213747228-0
                                                          • Opcode ID: 17a8af3533a897e6e906cec53c923a3a22616cf0740b16545c45100316cc9468
                                                          • Instruction ID: 6925fbc43a5b640eb60cc98f42f8fb1354fc9466f4eee8b31a18ea88111010fc
                                                          • Opcode Fuzzy Hash: 17a8af3533a897e6e906cec53c923a3a22616cf0740b16545c45100316cc9468
                                                          • Instruction Fuzzy Hash: 5EB166329002459FEF15CF68C881BFEBBA5FF96304F15916AE905EB741D2B49D01C761
                                                          Function 008975D8 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 008975E4
                                                          • IsDebuggerPresent.KERNEL32 ref: 008976B0
                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 008976C9
                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 008976D3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                          • String ID:
                                                          • API String ID: 254469556-0
                                                          • Opcode ID: 57db758bdefd2ca6bbe4197d48583d6e62c7557217ef7292a665c46fe2c90801
                                                          • Instruction ID: 9462c7f5675d4509362c431d98c5f425ca66d3f563e28bd4b86d7b336a16afa8
                                                          • Opcode Fuzzy Hash: 57db758bdefd2ca6bbe4197d48583d6e62c7557217ef7292a665c46fe2c90801
                                                          • Instruction Fuzzy Hash: 0131E575D05219ABDF21EFA4D949BCDBBB8BF08304F1041AAE40DAB250EB709A858F45
                                                          Function 00891CD2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 187COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00893348: __EH_prolog3_catch.LIBCMT ref: 0089334F
                                                          • _Deallocate.LIBCONCRT ref: 00891EAD
                                                          • _Deallocate.LIBCONCRT ref: 00891EFA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: Deallocate$H_prolog3_catch
                                                          • String ID: Current val: %d
                                                          • API String ID: 1212816977-1825967858
                                                          • Opcode ID: f59a627bb8dc15adad24879f39f91738ded3d02683396eefb511c3f72a7b21e7
                                                          • Instruction ID: f8b0ff3d3e87756acce058ba4d19376ae26e6d4ea9c48ac0d1abccfbd88ed66c
                                                          • Opcode Fuzzy Hash: f59a627bb8dc15adad24879f39f91738ded3d02683396eefb511c3f72a7b21e7
                                                          • Instruction Fuzzy Hash: B3618A7251D3568FCB20EF29D48466BFBE0FB99724F180A2DF9D493242D73599048B92
                                                          Function 009062B0 Relevance: 5.3, Strings: 4, Instructions: 348COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: P$kD$oD$
                                                          • API String ID: 0-1115615460
                                                          • Opcode ID: ed1cfad7e5831a2e1b48057f332d66576bd6f5d84c9fae2d0d95bb32115eec55
                                                          • Instruction ID: ce9c8a42912370d2a4e8c5839145daf03e7cd56062c3cdcbd3d68630da561a64
                                                          • Opcode Fuzzy Hash: ed1cfad7e5831a2e1b48057f332d66576bd6f5d84c9fae2d0d95bb32115eec55
                                                          • Instruction Fuzzy Hash: 8CC1FF72A083618FC725CE28D84071EB7E1ABC1718F158A2CE8A5AB3D5DB75DC15CBD2
                                                          Function 008E0B0A Relevance: 5.2, Strings: 4, Instructions: 209COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I}$I}$v}$~
                                                          • API String ID: 0-1535326304
                                                          • Opcode ID: 18d941ddf0c7df2a2020a84959c7baed37afdcccf923d2de2c574be5e132557b
                                                          • Instruction ID: 664417fa4b1c8ec21fe7d26a526621405d41b2e3ef4ea6974444e9b9bcb9aef5
                                                          • Opcode Fuzzy Hash: 18d941ddf0c7df2a2020a84959c7baed37afdcccf923d2de2c574be5e132557b
                                                          • Instruction Fuzzy Hash: 52617FB0901296CBDB20CF95CC91B7EBBB1FF56345F184948E891AF352D3789881CBA5
                                                          Function 0090466A Relevance: 5.1, Strings: 4, Instructions: 142COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$Q_$US$
                                                          • API String ID: 0-1387636662
                                                          • Opcode ID: b84bd2cad6fc919d03a3147de07ecc8b5f863db2d204b0a85fdfcd1955775bcd
                                                          • Instruction ID: 24cb1ced7f1fcb340ea3a3a4c9e6e31eb7868aff636eb068cf8adb068d39cf28
                                                          • Opcode Fuzzy Hash: b84bd2cad6fc919d03a3147de07ecc8b5f863db2d204b0a85fdfcd1955775bcd
                                                          • Instruction Fuzzy Hash: E34153B44083819FD714DF14C850A2BBBF4EF86744F548C1CEAC9AB2A1E339D945CB5A
                                                          Function 008AC853 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 008A5215: GetLastError.KERNEL32(?,00000000,0089FB7F,?,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A5219
                                                            • Part of subcall function 008A5215: SetLastError.KERNEL32(00000000,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A52BB
                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 008AC8A7
                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 008AC8F1
                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 008AC9B7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: InfoLocale$ErrorLast
                                                          • String ID:
                                                          • API String ID: 661929714-0
                                                          • Opcode ID: bfba45802d79c1c0c20fb34ecafd7b7c188edbd2db4c6ca5d38e9dd97898af17
                                                          • Instruction ID: 7027debe9713ab7f9ada957b98874ff5eb07c3770e92023d89854d9e09e451ee
                                                          • Opcode Fuzzy Hash: bfba45802d79c1c0c20fb34ecafd7b7c188edbd2db4c6ca5d38e9dd97898af17
                                                          • Instruction Fuzzy Hash: 7561AF7191051B9FFB28DF29CC82BBAB7A8FF06300F144169E906D6981FB34E981CB50
                                                          Function 0089D27F Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0089D377
                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0089D381
                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 0089D38E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                          • String ID:
                                                          • API String ID: 3906539128-0
                                                          • Opcode ID: ea369d6ce9dd582e9bc8bd20f6301704d894660889869d79e774350c8c50747f
                                                          • Instruction ID: 05807d670e9c19a47384a9701e94db2b0adb2cfee2756c87727c2345d6b33ccb
                                                          • Opcode Fuzzy Hash: ea369d6ce9dd582e9bc8bd20f6301704d894660889869d79e774350c8c50747f
                                                          • Instruction Fuzzy Hash: 9931C474901219ABCF21EF68DD8978CBBB8FF08310F5441DAE41CA7251EB709B858F45
                                                          Function 00904716 Relevance: 3.9, Strings: 3, Instructions: 122COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$]oXm$
                                                          • API String ID: 0-4013158905
                                                          • Opcode ID: 08b563d773aac84b36ad4809571cbbdf506584426bf330bc6785f7f8a4602933
                                                          • Instruction ID: dc3919be976918ad5e1fc6eea6bca892af0a8d41206bd1f65c9cd12081585f86
                                                          • Opcode Fuzzy Hash: 08b563d773aac84b36ad4809571cbbdf506584426bf330bc6785f7f8a4602933
                                                          • Instruction Fuzzy Hash: 854142B44183818FD714DF15C49062BBBF0FF86354F54881CE9C9AB2A1D33AC985CB9A
                                                          Function 008ED24C Relevance: 3.8, Strings: 3, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: KFCI$Q^\X$UNOc
                                                          • API String ID: 0-1593643587
                                                          • Opcode ID: c1021c8647da17318554d3aa5cff67c87dd53425995099f84c7b189f47ca34d0
                                                          • Instruction ID: 857225b506426e395f628af67343f85cf72f1f327c05c9f658ad5f0cbc3a75bf
                                                          • Opcode Fuzzy Hash: c1021c8647da17318554d3aa5cff67c87dd53425995099f84c7b189f47ca34d0
                                                          • Instruction Fuzzy Hash: 1111DDB0508381ABD3219F95C484A1EFFF4AB96785F10980CFAD897222C3B5D8858F17
                                                          Function 0089FBD0 Relevance: 3.4, APIs: 2, Instructions: 449COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 71130d6100ede6563424b8a4d7df45df7381647f619140e561abbae099e1f578
                                                          • Instruction ID: 04863122904ef9d36f39db6edcd640a8e9bb6f1e3c8a8e12872c037082b36827
                                                          • Opcode Fuzzy Hash: 71130d6100ede6563424b8a4d7df45df7381647f619140e561abbae099e1f578
                                                          • Instruction Fuzzy Hash: CCF14E71E002199FDF18DF68D8806ADB7B1FF89324F198269E915EB391DB31AD41CB90
                                                          Function 00905A20 Relevance: 2.8, Strings: 2, Instructions: 288COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $
                                                          • API String ID: 0-1425349742
                                                          • Opcode ID: a72b061ef2fa19078f6f09b4256c813a26286e548eea71359ce8abeef3a1e115
                                                          • Instruction ID: 708b82433a8e9682a2eed1d992edf9f6d453a1bbe353ba630669b7e0b1b36251
                                                          • Opcode Fuzzy Hash: a72b061ef2fa19078f6f09b4256c813a26286e548eea71359ce8abeef3a1e115
                                                          • Instruction Fuzzy Hash: 46A1AF71608741AFE720DB14C844B6BBBEAEB85354F95892CF885973D2E730E940CF96
                                                          Function 00908000 Relevance: 2.7, Strings: 2, Instructions: 228COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $
                                                          • API String ID: 0-1425349742
                                                          • Opcode ID: e90198aaeed22a300b19465d833889039e3ddf500042478477c72a525097edc6
                                                          • Instruction ID: 874da8f83e8698fa2e26db8222822cf0522b95b1fcc6b8d94956f2f57844f9f2
                                                          • Opcode Fuzzy Hash: e90198aaeed22a300b19465d833889039e3ddf500042478477c72a525097edc6
                                                          • Instruction Fuzzy Hash: 45718B70608341AFCB14AB58C890A2FB7F9FF95750F18881CF5C58B2A2DB36D854CB56
                                                          Function 008E6EEB Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 6$^TPX
                                                          • API String ID: 0-3674074485
                                                          • Opcode ID: e2faa7a7b5874149e8eed49c136e69c5cac99755a3b347c5e8b82d654e240883
                                                          • Instruction ID: 2525ca5be32be8dd8af334e8625b397949a92d290dd444ea690037df35d73614
                                                          • Opcode Fuzzy Hash: e2faa7a7b5874149e8eed49c136e69c5cac99755a3b347c5e8b82d654e240883
                                                          • Instruction Fuzzy Hash: 9251EFB050C7C09AD3629F2A948062AFBE2BFA3785F64595CE1E18B362D736C445CF17
                                                          Function 00907ED0 Relevance: 2.6, Strings: 2, Instructions: 98COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$
                                                          • API String ID: 0-736778079
                                                          • Opcode ID: 0ac285f3c4d7bf6ff568a0e3d31a6644a2a8a6f4a62bd3ece0da7e21683cf0fc
                                                          • Instruction ID: 5ed9025c199b7e5a3c0709da5b8825366b4f149911a5e86744db83baadcb94e3
                                                          • Opcode Fuzzy Hash: 0ac285f3c4d7bf6ff568a0e3d31a6644a2a8a6f4a62bd3ece0da7e21683cf0fc
                                                          • Instruction Fuzzy Hash: 103189719083059FC324DF58D881A2BFBF9EFC6318F14892CE6C897291D735E9088B96
                                                          Function 008CCB80 Relevance: 2.6, Strings: 2, Instructions: 82COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: p$p
                                                          • API String ID: 0-2001073228
                                                          • Opcode ID: 9ccebd6029074dcc193b65c5d4f3edf18eb513497d73d4234c938a2efa72fd27
                                                          • Instruction ID: 5f510785860c32d9945fa36d4c08b02d35bcf47ec24cc197a8b7613db365da7b
                                                          • Opcode Fuzzy Hash: 9ccebd6029074dcc193b65c5d4f3edf18eb513497d73d4234c938a2efa72fd27
                                                          • Instruction Fuzzy Hash: 113140B0D0024AABDB00CF98D482AAEFFB1FF0A300F144519E644E7741D334A995CBE5
                                                          Function 008C7C51 Relevance: 2.6, Strings: 2, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0$8
                                                          • API String ID: 0-46163386
                                                          • Opcode ID: 101362e4397cd3868e0d82b2d27283c317da1e6fc92abe76afbb474ffa19d7ef
                                                          • Instruction ID: 0a255f7fba60e0651e9d0c14e35bfdfd59bbf38be38b43c748b7a9cec7820936
                                                          • Opcode Fuzzy Hash: 101362e4397cd3868e0d82b2d27283c317da1e6fc92abe76afbb474ffa19d7ef
                                                          • Instruction Fuzzy Hash: 3831E23660D3C58BD315CA68948069AFBE2ABE6314F484D4DE8C4A7346CA74D809CBA3
                                                          Function 008BEF00 Relevance: 2.5, Strings: 1, Instructions: 1296COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @
                                                          • API String ID: 0-2766056989
                                                          • Opcode ID: 0f2fb15fb640a0ac74f7ebf11ae0a00e79eb1ebbcee514835237cce2622ebf17
                                                          • Instruction ID: cc016557d73c06aa5de286a6700ccd435e37d03cb8f37921de671949225a5c42
                                                          • Opcode Fuzzy Hash: 0f2fb15fb640a0ac74f7ebf11ae0a00e79eb1ebbcee514835237cce2622ebf17
                                                          • Instruction Fuzzy Hash: F992B1316083518FCB14CE28C494B6ABBF2FB95354F188A2DE896DB396D734DD45CB82
                                                          Function 009027C0 Relevance: 1.9, Strings: 1, Instructions: 618COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: f
                                                          • API String ID: 0-1993550816
                                                          • Opcode ID: b38e6f6da0f4ee892dc7bd84d3849ea3ee91e3c5acb601456a1049e317f3aa66
                                                          • Instruction ID: 3395bf9b70502fe8401285adf68bd5d6ae53f5112911ceb59cdcf20922f39953
                                                          • Opcode Fuzzy Hash: b38e6f6da0f4ee892dc7bd84d3849ea3ee91e3c5acb601456a1049e317f3aa66
                                                          • Instruction Fuzzy Hash: 2922AA716083419FC714CF18C894B2ABBEABF89314F188A2CF5959B3E2D735E945CB52
                                                          Function 008A9144 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,008A913F,?,?,00000008,?,?,008B15B5,00000000), ref: 008A9371
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ExceptionRaise
                                                          • String ID:
                                                          • API String ID: 3997070919-0
                                                          • Opcode ID: 6ff8a384e83245156de3944ccdef0cb2f308946888282288a1d17f0f5a87ff06
                                                          • Instruction ID: 9070fec96ac7a0dae18f13cfff76c913fcc3d4226819374d7686c6626a8d8eda
                                                          • Opcode Fuzzy Hash: 6ff8a384e83245156de3944ccdef0cb2f308946888282288a1d17f0f5a87ff06
                                                          • Instruction Fuzzy Hash: 0DB12B31614609DFEB15CF28C486BA57BE0FF46364F258658E8E9CF6A1C335E992CB40
                                                          Function 00896F3C Relevance: 1.7, APIs: 1, Instructions: 242COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00896F52
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: FeaturePresentProcessor
                                                          • String ID:
                                                          • API String ID: 2325560087-0
                                                          • Opcode ID: fe3ecc9aa076a022ef1a5d905cf20794cb6eb624d8c7c2cd0837b585292e3003
                                                          • Instruction ID: 340e9264eaf621b8536aa678c69cf2762c1b8958efaec2ec9437490db3fc66e5
                                                          • Opcode Fuzzy Hash: fe3ecc9aa076a022ef1a5d905cf20794cb6eb624d8c7c2cd0837b585292e3003
                                                          • Instruction Fuzzy Hash: ACA160B5A29A058FDB18DF68DC8269DBBF0FB48314F18866AE419E7390D3749941CF50
                                                          Function 008C15E0 Relevance: 1.7, Strings: 1, Instructions: 448COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: CD
                                                          • API String ID: 0-3115673787
                                                          • Opcode ID: 4c0b4b88843fe66386dd9f80ba3723d5ab93d35f761372caa74b535c6bc6894e
                                                          • Instruction ID: c81273ad36ea1372a09c42780727f4bc6e49a10379aaa9c946926ed53f4168c9
                                                          • Opcode Fuzzy Hash: 4c0b4b88843fe66386dd9f80ba3723d5ab93d35f761372caa74b535c6bc6894e
                                                          • Instruction Fuzzy Hash: 7BE1C372A083019BC708CF29C885B1ABBF6FBC5750F258A2DE499D7391E774DC458B82
                                                          Function 008E6390 Relevance: 1.7, Strings: 1, Instructions: 415COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: TW
                                                          • API String ID: 0-1778470648
                                                          • Opcode ID: 37e65682408c37040f626a0ca88badc03505eecafd751e2c16e196c146a53e28
                                                          • Instruction ID: 85919e5001fa5f290604c08aa6741dbaa789898ebe233fc5b77f96f29bc98cee
                                                          • Opcode Fuzzy Hash: 37e65682408c37040f626a0ca88badc03505eecafd751e2c16e196c146a53e28
                                                          • Instruction Fuzzy Hash: A1C1AFB15082909BD711AB19C841A2BB7F5FFA2798F08881CF4C5D72A1F335E924C767
                                                          Function 008A9E7A Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 661b007c8d8a76da264b5fd856accbccc6fe78cfb2676ef7f7c43f706477f761
                                                          • Instruction ID: b092798f439fde88e3ed7f0fc037f84cb800126a1ccfe43f917a44bf6cb6c896
                                                          • Opcode Fuzzy Hash: 661b007c8d8a76da264b5fd856accbccc6fe78cfb2676ef7f7c43f706477f761
                                                          • Instruction Fuzzy Hash: 9131F372904619AFEB20EFA8CC89EBBB77DFB85310F144558F845D7645EA30AE408B60
                                                          Function 008F1776 Relevance: 1.6, Strings: 1, Instructions: 336COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: -'.$
                                                          • API String ID: 0-2031752551
                                                          • Opcode ID: 34e3f814482b72035446470293d0cf0e4fa038b8cce2f5f390abddc47372c923
                                                          • Instruction ID: 100e90ab2e3b97004c3420da2c2c5efa384cd5bb5541616b319f4c82add35cf0
                                                          • Opcode Fuzzy Hash: 34e3f814482b72035446470293d0cf0e4fa038b8cce2f5f390abddc47372c923
                                                          • Instruction Fuzzy Hash: 5CB17B74504B818FDB268F29C094B22FBF1FF56354F14859DD4EA8B652C736E806CB91
                                                          Function 008ACAA6 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 008A5215: GetLastError.KERNEL32(?,00000000,0089FB7F,?,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A5219
                                                            • Part of subcall function 008A5215: SetLastError.KERNEL32(00000000,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A52BB
                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 008ACAFA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$InfoLocale
                                                          • String ID:
                                                          • API String ID: 3736152602-0
                                                          • Opcode ID: 00142c63504c97a7311b9837f7c2085a791d62fb91474e70a2d50f18432d2838
                                                          • Instruction ID: 2d2037bf45293488d0661b2e89a14abf2ab0673d84829cad6af3424606a7abc8
                                                          • Opcode Fuzzy Hash: 00142c63504c97a7311b9837f7c2085a791d62fb91474e70a2d50f18432d2838
                                                          • Instruction Fuzzy Hash: A121987165410AABFF289B29DC42EBA73ACFF06724B10007AFD02D7541EB75ED418B65
                                                          Function 008AC72D Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 008A5215: GetLastError.KERNEL32(?,00000000,0089FB7F,?,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A5219
                                                            • Part of subcall function 008A5215: SetLastError.KERNEL32(00000000,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A52BB
                                                          • EnumSystemLocalesW.KERNEL32(008AC853,00000001,00000000,?,-00000050,?,008ACE84,00000000,?,?,?,00000055,?), ref: 008AC79F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                          • String ID:
                                                          • API String ID: 2417226690-0
                                                          • Opcode ID: 3e62fb85be99875c7a9599fd204629c0a217daff008b648afa6f96aa28c0da3d
                                                          • Instruction ID: bbd01630e731049422d033de002a9fac7c6b7a17b810d14d0fba6715e2e25610
                                                          • Opcode Fuzzy Hash: 3e62fb85be99875c7a9599fd204629c0a217daff008b648afa6f96aa28c0da3d
                                                          • Instruction Fuzzy Hash: 0F11253B6047019FEB189F3DC8916BAB791FF81328B18443CE98687E40E775A942CB40
                                                          Function 008ACCD5 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 008A5215: GetLastError.KERNEL32(?,00000000,0089FB7F,?,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A5219
                                                            • Part of subcall function 008A5215: SetLastError.KERNEL32(00000000,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A52BB
                                                          • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,008ACA6F,00000000,00000000,?), ref: 008ACD01
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$InfoLocale
                                                          • String ID:
                                                          • API String ID: 3736152602-0
                                                          • Opcode ID: f0d853e6562e32af1e962757ed0cd6dc913c17893393ef2bb4131b753de1b4ed
                                                          • Instruction ID: 51f963c3d65377de53af22cd66fe73ab8d442074e9996d3595c65cf560847260
                                                          • Opcode Fuzzy Hash: f0d853e6562e32af1e962757ed0cd6dc913c17893393ef2bb4131b753de1b4ed
                                                          • Instruction Fuzzy Hash: 7BF0D636610116ABFB245B248C057BA7B68FF41754F144835AC15E3640EB34EE41CA90
                                                          Function 008AC7C8 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 008A5215: GetLastError.KERNEL32(?,00000000,0089FB7F,?,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A5219
                                                            • Part of subcall function 008A5215: SetLastError.KERNEL32(00000000,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A52BB
                                                          • EnumSystemLocalesW.KERNEL32(008ACAA6,00000001,?,?,-00000050,?,008ACE48,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 008AC812
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                          • String ID:
                                                          • API String ID: 2417226690-0
                                                          • Opcode ID: d45a9dd6b2f2383975ad4de86ebe22037b2d7c6cdd4bafe400ae09a8ed8c94fb
                                                          • Instruction ID: a7c650ed1f89aa00d4a398e485e6996e7c01852557d5f4d267f9e6cf2bc6e1ec
                                                          • Opcode Fuzzy Hash: d45a9dd6b2f2383975ad4de86ebe22037b2d7c6cdd4bafe400ae09a8ed8c94fb
                                                          • Instruction Fuzzy Hash: A8F0CD362003045FEB24AF399885A7A7B91FF82368F15443CF945CBA80D7B5AC42CA50
                                                          Function 008A3436 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 0089D5CD: EnterCriticalSection.KERNEL32(-00917B50,?,008A03E7,00000000,008BC430,0000000C,008A03AE,?,?,008A33C5,?,?,008A53B3,00000001,00000364,00000000), ref: 0089D5DC
                                                          • EnumSystemLocalesW.KERNEL32(008A3429,00000001,008BC580,0000000C,008A37DC,00000000), ref: 008A346E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: CriticalEnterEnumLocalesSectionSystem
                                                          • String ID:
                                                          • API String ID: 1272433827-0
                                                          • Opcode ID: 6534e11e61aa1eac9cea8fa7f98440005a8a799678f6380bda9a3ededb4fbf7a
                                                          • Instruction ID: a568ddd787c23b3dccf38f216fd9e6065c2d05ffe5ef292b85fa5d72e5ad567f
                                                          • Opcode Fuzzy Hash: 6534e11e61aa1eac9cea8fa7f98440005a8a799678f6380bda9a3ededb4fbf7a
                                                          • Instruction Fuzzy Hash: 5BF04F72A14204DFE700EF98D842B9D77B0FB49721F10411AF420E7391DB795A01DF45
                                                          Function 008AC6E2 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 008A5215: GetLastError.KERNEL32(?,00000000,0089FB7F,?,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A5219
                                                            • Part of subcall function 008A5215: SetLastError.KERNEL32(00000000,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A52BB
                                                          • EnumSystemLocalesW.KERNEL32(008AC63B,00000001,?,?,?,008ACEA6,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 008AC719
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                          • String ID:
                                                          • API String ID: 2417226690-0
                                                          • Opcode ID: 194eda9501db17e557973c05b3050dcfbc1e28bba3a6e60d5c78b98fcefd3afe
                                                          • Instruction ID: ea7ede08ceba0992dce1eeba5a829d4d269650410c0a3292c14df0938445b92b
                                                          • Opcode Fuzzy Hash: 194eda9501db17e557973c05b3050dcfbc1e28bba3a6e60d5c78b98fcefd3afe
                                                          • Instruction Fuzzy Hash: 1AF0E53A30020557DB04AF79D84576A7F94FFC2754B4A409DEA05CBA90C7759943CB90
                                                          Function 008A38E0 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,008A22D9,?,20001004,00000000,00000002,?,?,008A18DB), ref: 008A3914
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: InfoLocale
                                                          • String ID:
                                                          • API String ID: 2299586839-0
                                                          • Opcode ID: 0a5adbebb774b26da55938fa93084f55ea77a75abde040b4476319503ad8dbbd
                                                          • Instruction ID: 4d2566eedd85f128a2f17272a02f1f6c03c1aea4b3caa4f3213c1fde2d369b19
                                                          • Opcode Fuzzy Hash: 0a5adbebb774b26da55938fa93084f55ea77a75abde040b4476319503ad8dbbd
                                                          • Instruction Fuzzy Hash: 58E04F3650052CBBDF122F64DC05AAE7F2AFF46761F044010FD45A5621DB719F21AAD5
                                                          Function 008EB081 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: P
                                                          • API String ID: 0-3110715001
                                                          • Opcode ID: 4bfaa7626ea9b600e4b84af23bd05a8ca6e36999e86aa202f38862eca0be855c
                                                          • Instruction ID: e700a382e2f0b6d84949c6c4b7170c00c048695bee5b441c0768ede11d1f6fca
                                                          • Opcode Fuzzy Hash: 4bfaa7626ea9b600e4b84af23bd05a8ca6e36999e86aa202f38862eca0be855c
                                                          • Instruction Fuzzy Hash: 02A1E2719093CA8BD7048A16C89136FBBE1FF96364F18492DE99AC7392D334D941CB87
                                                          Function 008BF23A Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @
                                                          • API String ID: 0-2766056989
                                                          • Opcode ID: 306e642b51b2512054d38a46158e9f08723d7b25d1953b1fc47caece9ac7f322
                                                          • Instruction ID: 710372f0d6d67d1e7a44541924be9444ef4920db458e041bd1d78354d7a88cac
                                                          • Opcode Fuzzy Hash: 306e642b51b2512054d38a46158e9f08723d7b25d1953b1fc47caece9ac7f322
                                                          • Instruction Fuzzy Hash: 70A17871A087518BD318CE18C49475ABBE2FBC8358F198A2DE9D997392C774DC49CB82
                                                          Function 00897765 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_00007771,00896A67), ref: 0089776A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled
                                                          • String ID:
                                                          • API String ID: 3192549508-0
                                                          • Opcode ID: 00291924ccf38ea922fbd80e60c7af4b169c6d1c4d02aeae1095714e4c3ebd11
                                                          • Instruction ID: 3b49ea3c7c2166d626f76c22b9b6c048325d922def8f733bd1cb2995c1341a56
                                                          • Opcode Fuzzy Hash: 00291924ccf38ea922fbd80e60c7af4b169c6d1c4d02aeae1095714e4c3ebd11
                                                          • Instruction Fuzzy Hash:
                                                          Function 00908520 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3019521637
                                                          • Opcode ID: 08d3931baa2a9c42408cb6ec1c64e50b571bbd3c3c2ceb0987ed0c3721af9082
                                                          • Instruction ID: e0cc170974398df4ed374edbbb414a828d0bfaae6b6e9220e72cd1135dfc0f8d
                                                          • Opcode Fuzzy Hash: 08d3931baa2a9c42408cb6ec1c64e50b571bbd3c3c2ceb0987ed0c3721af9082
                                                          • Instruction Fuzzy Hash: 7F81AD756083519FCB249F18C850A2BB7EABF85714F1A892CF9D597392DB31EC50CB82
                                                          Function 008EF3B0 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: "
                                                          • API String ID: 0-123907689
                                                          • Opcode ID: 7e98b4656ee7a597cc4d0ae5467a7c4b97e5a60aa5ade5d03bcc0f57a0d03316
                                                          • Instruction ID: 15895fa2c5573192337e28334006d4efa67abfae68b4ae1f6ea1d0016f33ce60
                                                          • Opcode Fuzzy Hash: 7e98b4656ee7a597cc4d0ae5467a7c4b97e5a60aa5ade5d03bcc0f57a0d03316
                                                          • Instruction Fuzzy Hash: 587170326087944BD7248A2E888021BB7D2FBD7738F298739E674CB3E6D675CC458745
                                                          Function 00905820 Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3019521637
                                                          • Opcode ID: caa00a0baa876a8884e4083aa7b8b58c4b77efdead5d9ec54620c567e662e154
                                                          • Instruction ID: 4c32f01e601dd6a59f64010c24cd0e991f116fbf998c664b280e7e7cc3f2e940
                                                          • Opcode Fuzzy Hash: caa00a0baa876a8884e4083aa7b8b58c4b77efdead5d9ec54620c567e662e154
                                                          • Instruction Fuzzy Hash: A951B031608310AFC7149A18CC90B2FB7EAEB85725F558A2CF9E9973D2D6359C00CB56
                                                          Function 008F1AFC Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 2FD>
                                                          • API String ID: 0-1510312430
                                                          • Opcode ID: 242552adc178d8c3491bf93f30874780fcc0fbb89b54cad1dcff1d541b57b90a
                                                          • Instruction ID: 189b0cc610b910acf49099d208455ce2a045102c8c04e3156b31cfe0b87a48bb
                                                          • Opcode Fuzzy Hash: 242552adc178d8c3491bf93f30874780fcc0fbb89b54cad1dcff1d541b57b90a
                                                          • Instruction Fuzzy Hash: 46516070504B818FD7268F29C460A32FBB1FF17354B24888DD8DA9BA43C739E806CB65
                                                          Function 008D0A6C Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 2
                                                          • API String ID: 0-450215437
                                                          • Opcode ID: e6034f399045d4b6abb2554f6b82214a593dffe65b117c12c080d18cf511f5b9
                                                          • Instruction ID: f51f4add6c59606cb5135c1086f52bee14febfaa26ecdf1eb07ddc3ee689cbac
                                                          • Opcode Fuzzy Hash: e6034f399045d4b6abb2554f6b82214a593dffe65b117c12c080d18cf511f5b9
                                                          • Instruction Fuzzy Hash: 16516F75509380DAF231AB189852FEFB6B6FFD6308F04092CE48997283DB769505CB67
                                                          Function 008D0CFC Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 2
                                                          • API String ID: 0-450215437
                                                          • Opcode ID: 15cde75e9d06dabda2588e85d20db4463443109759951a92bfa7a8f5d5147061
                                                          • Instruction ID: 5f8d29799bc0548f9d3f5dbc6b7157124d4a64645e16db1522232932f893fe73
                                                          • Opcode Fuzzy Hash: 15cde75e9d06dabda2588e85d20db4463443109759951a92bfa7a8f5d5147061
                                                          • Instruction Fuzzy Hash: 4C51717550938086F231A7189842FFFB6B6FFD6304F08092CE48997283D776A505CA67
                                                          Function 00891F1A Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Z81xbyuAua
                                                          • API String ID: 0-3121583705
                                                          • Opcode ID: 0023155feb0c1f092153e34be633fc819b6c07503aa4d3d6062c59a15b31b186
                                                          • Instruction ID: 7245e394cbc61ad0591a9820e584dbcc6fc1b76aa969b0eb87a3b502debf0a43
                                                          • Opcode Fuzzy Hash: 0023155feb0c1f092153e34be633fc819b6c07503aa4d3d6062c59a15b31b186
                                                          • Instruction Fuzzy Hash: 1241EC76E2052B5BDF0CFEB8885A0ABBB65F756360B044279D911DB3D1E2348A01CA94
                                                          Function 008F234F Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 2FD>
                                                          • API String ID: 0-1510312430
                                                          • Opcode ID: 482e1bb03dcd7035389772e6bba219ce3904a568faca1742d2efed7deef8c6d7
                                                          • Instruction ID: 4fc320ddf53f8b752c63eb72302602c0f8274d7273648ed6018e8f10fdbe19fe
                                                          • Opcode Fuzzy Hash: 482e1bb03dcd7035389772e6bba219ce3904a568faca1742d2efed7deef8c6d7
                                                          • Instruction Fuzzy Hash: 714130705047819ED7268F29D050A32FBB1FF17358F24988DD4D69B643C73AD806CB65
                                                          Function 00907BC0 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3019521637
                                                          • Opcode ID: 3f681d420308340ce622b70d3801fe125027f74667fc1b293c25dd6169613fb3
                                                          • Instruction ID: 0e32b2b4410834a3a425544f9963b9056b4766cb9b402671c9c0ef7c5d2e8fa5
                                                          • Opcode Fuzzy Hash: 3f681d420308340ce622b70d3801fe125027f74667fc1b293c25dd6169613fb3
                                                          • Instruction Fuzzy Hash: 11417F74A0C301AFD7149F54D890B2BF7A9EF86725F24882CE5C9572D2D335E840CB6A
                                                          Function 00907D50 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3019521637
                                                          • Opcode ID: 35ff341fea01c2b82f004fdc622a9334d9847dfee3824cdca80f10c1f8328be7
                                                          • Instruction ID: 44f328d24f77bca24aa4eac13d92242b26045e9e00faf160e72b28f50f19c5f2
                                                          • Opcode Fuzzy Hash: 35ff341fea01c2b82f004fdc622a9334d9847dfee3824cdca80f10c1f8328be7
                                                          • Instruction Fuzzy Hash: 77416074A0D300AFD7149F54D880B2BF7AAEF85724F64886CE589572A2D335EC00CB6A
                                                          Function 008DBF55 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: qs
                                                          • API String ID: 0-1399850505
                                                          • Opcode ID: 8aaebf1e4c3640f5f3ce392bc9914373ba4fadcd76e73042caaaaaebe0853f7e
                                                          • Instruction ID: 6e80ce39dad89f996c480b3c79916f1294ec6a4169fbb726795e702dc3160b0b
                                                          • Opcode Fuzzy Hash: 8aaebf1e4c3640f5f3ce392bc9914373ba4fadcd76e73042caaaaaebe0853f7e
                                                          • Instruction Fuzzy Hash: A23101B0500B00CBC7348F29D991A23B7F1FF1A754B149A0DE8AA8BBA5E335E840CB55
                                                          Function 0090490A Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3019521637
                                                          • Opcode ID: 6755f9bab069ea5934903f8183f253ded6f2aca177a558b48b1de12272a79bcd
                                                          • Instruction ID: ced1b32b29f0aa8341860008ca16d639405ce09fa6605de8947dbb7fd66d3424
                                                          • Opcode Fuzzy Hash: 6755f9bab069ea5934903f8183f253ded6f2aca177a558b48b1de12272a79bcd
                                                          • Instruction Fuzzy Hash: 3821AEB4208301AFD714DF08DC51B2BB7E5AB85B15F64882CF2D1972E2C375E860CB56
                                                          Function 008AD006 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: HeapProcess
                                                          • String ID:
                                                          • API String ID: 54951025-0
                                                          • Opcode ID: a6dfe896f806e667bc02caffb9765d37ee5700c2d44612fc473da30c0dae3689
                                                          • Instruction ID: 85bef2c3208f36b4f84359e4a8baf9942e0896bef665fcbcb115035adc6ae31e
                                                          • Opcode Fuzzy Hash: a6dfe896f806e667bc02caffb9765d37ee5700c2d44612fc473da30c0dae3689
                                                          • Instruction Fuzzy Hash: 3AA011302202008B83008F3AAA0A28E3BE8AA00A80308C028A000C0020EA388082BF00
                                                          Function 008C9F60 Relevance: .8, Instructions: 789COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 55bdd7183e786f206f49eb0e89a9435e12bd88c65a2001897e8b962e1375b007
                                                          • Instruction ID: 01e9b513c9d6fa3c87943aa06a7b194a511e5d38da3785b1902b7ef293dba7f4
                                                          • Opcode Fuzzy Hash: 55bdd7183e786f206f49eb0e89a9435e12bd88c65a2001897e8b962e1375b007
                                                          • Instruction Fuzzy Hash: 084293316086198BC729DF68E880B6EB3F1FFD4319F29892DD996C7281E735D8518B43
                                                          Function 008E2930 Relevance: .7, Instructions: 700COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 16869c809fe6b9c013eb52f11e203e487ef228a061d05dc0c8baca727ee9c214
                                                          • Instruction ID: 533d23b0a3c14cab9c647a0a8284be3891b1da8d31e83379b7e90439c8b6d582
                                                          • Opcode Fuzzy Hash: 16869c809fe6b9c013eb52f11e203e487ef228a061d05dc0c8baca727ee9c214
                                                          • Instruction Fuzzy Hash: 7372F6B0508B818ED375CF3C8849797BFE5AB1A324F044A5EE0EA8B3D2C7756505CB66
                                                          Function 008C9450 Relevance: .7, Instructions: 670COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 169fd697c981202875bdf4f7b877c3bbabddd2f5e73f7c32bbe4a1385d044f0b
                                                          • Instruction ID: 63326f16d76f896ab723c7e5cda8f42a67263512827b7dd616f884ab9e8a50a2
                                                          • Opcode Fuzzy Hash: 169fd697c981202875bdf4f7b877c3bbabddd2f5e73f7c32bbe4a1385d044f0b
                                                          • Instruction Fuzzy Hash: 6552C2B0908B888FE735CB24C488BA7BBF1FB51314F1448ADC5E786AC2C279E985C755
                                                          Function 008C52A0 Relevance: .7, Instructions: 657COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e65e6d0ec29a0286690b312841c0ba80701f8bb5ada55794a20425fd9e091869
                                                          • Instruction ID: d974e8d3fb7c7adf527025659c617c4a0b71f37546e81938d57a0712a357bd91
                                                          • Opcode Fuzzy Hash: e65e6d0ec29a0286690b312841c0ba80701f8bb5ada55794a20425fd9e091869
                                                          • Instruction Fuzzy Hash: 7852D3315087498FCB14CF25C090BAABBF1FF88318F598A6DE89997351D774E889CB81
                                                          Function 008C5CA0 Relevance: .6, Instructions: 592COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8b4942d6c5a04db89343f61d2bd896b7a754b8bfa492006bc517a5ac4323522e
                                                          • Instruction ID: 05a9c2f51e5d79878d0d0015e87452cf749e0fdf3d5021610434222b0d0e7672
                                                          • Opcode Fuzzy Hash: 8b4942d6c5a04db89343f61d2bd896b7a754b8bfa492006bc517a5ac4323522e
                                                          • Instruction Fuzzy Hash: C2320170515B148FC768CF29C590A2ABBF1FF45710BA44A2ED69787B90E736F884CB10
                                                          Function 008C8360 Relevance: .5, Instructions: 504COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c2ed25ed2ecece428dec3d662da4c49c86df14d0f0cac3c7bd7da9d139c37883
                                                          • Instruction ID: 4e78ff1ec5c9ce838c59e6e895a4741b4aefc065f82ad5a63da3ab971139024a
                                                          • Opcode Fuzzy Hash: c2ed25ed2ecece428dec3d662da4c49c86df14d0f0cac3c7bd7da9d139c37883
                                                          • Instruction Fuzzy Hash: 0E02BC356487458FC7288F29C891B2BBBE2FFD8304F08892DE4D687791EA75D904CB56
                                                          Function 008EB460 Relevance: .4, Instructions: 380COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 83d948c1b98276872fbedeb4ae571c7f1df7ffbfed0eb7000220ee8de56deee4
                                                          • Instruction ID: 10a9d72f7781a7c2f1b609888c1cfdd3c2867d090111d1c2e80483e7b1fb679f
                                                          • Opcode Fuzzy Hash: 83d948c1b98276872fbedeb4ae571c7f1df7ffbfed0eb7000220ee8de56deee4
                                                          • Instruction Fuzzy Hash: A6B1E4706083899BD714DF1AC890A2BB7E2FF96358F18492CE5C6C7391E335D814CB56
                                                          Function 008F2462 Relevance: .4, Instructions: 358COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c5e5a161c1ab45c4b1e480cfbddb13b76eded34dc1ce46f9e0b718e5efcd9d52
                                                          • Instruction ID: af669abf1fb5b8c7c888a0107532264fab499044bee8f6c845982d8aa87ded1c
                                                          • Opcode Fuzzy Hash: c5e5a161c1ab45c4b1e480cfbddb13b76eded34dc1ce46f9e0b718e5efcd9d52
                                                          • Instruction Fuzzy Hash: B2D13DB4800B419FD321AF39C546752BFB0FB06300F548A9DE8EA5B686D335A45ACFD6
                                                          Function 00905DD0 Relevance: .3, Instructions: 330COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5adaadb379de4d0ac6695891303286d85bf5796d7f1c210cbcdbab9b523f8b94
                                                          • Instruction ID: 4315baf70ca22d89bd71003e174b4263654b987d1b894e7b754baf145cfc3160
                                                          • Opcode Fuzzy Hash: 5adaadb379de4d0ac6695891303286d85bf5796d7f1c210cbcdbab9b523f8b94
                                                          • Instruction Fuzzy Hash: 1DA10372A083509FE7149B29CC84B6BB7E9EBC5314F09492CFD9597382E735DC148B92
                                                          Function 008ABEF1 Relevance: .3, Instructions: 327COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
                                                          • String ID:
                                                          • API String ID: 3471368781-0
                                                          • Opcode ID: 3fd890651846d7c159e3a0469257674d25f595d2e4077b5e9fa59cbad86b40a9
                                                          • Instruction ID: 077bf37e9a6e9465dcc93b65813da9522976643d2af9473295657eb85cc5e7f6
                                                          • Opcode Fuzzy Hash: 3fd890651846d7c159e3a0469257674d25f595d2e4077b5e9fa59cbad86b40a9
                                                          • Instruction Fuzzy Hash: 8CB1E7356007059BEB349B69CC82BB7B3E8FB56308F54452DE943C6981FB75A981CB11
                                                          Function 0089C6FE Relevance: .3, Instructions: 314COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c912a57170837748a1bb7caf731b4e1cbec013f7fd79352539d8b39f13557a7d
                                                          • Instruction ID: d2f03ce9386c6499a3d1d905601fc0f3e882860552719ae203d573b749c11888
                                                          • Opcode Fuzzy Hash: c912a57170837748a1bb7caf731b4e1cbec013f7fd79352539d8b39f13557a7d
                                                          • Instruction Fuzzy Hash: F7B1C27090064A9BCF24EFACC9516BEBBA1FF05304F1C061AE452E7691D7339942CB96
                                                          Function 008D44CC Relevance: .3, Instructions: 284COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7d6742bc921a87cbc0d7ecdfc3dd5ce11be376d8912454172b111acada42123f
                                                          • Instruction ID: 1e9915d00af28c601509045f5a36a8a5fb2c5ef7fdde9c2eaaf8cd2570ba6fc6
                                                          • Opcode Fuzzy Hash: 7d6742bc921a87cbc0d7ecdfc3dd5ce11be376d8912454172b111acada42123f
                                                          • Instruction Fuzzy Hash: F0C10F74500B508BD3258F28D891B66BBF1FF46304F148A5DE9AB8BB92E736B805CB51
                                                          Function 008F70A0 Relevance: .3, Instructions: 277COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c6242de2c158a3e25abd914ef81a7081ec85dc90910a15599f474a425946f381
                                                          • Instruction ID: 089825451c6734a49eae1f4cbac73af52fcbd315c68bded07ac496b916dd22e2
                                                          • Opcode Fuzzy Hash: c6242de2c158a3e25abd914ef81a7081ec85dc90910a15599f474a425946f381
                                                          • Instruction Fuzzy Hash: 67812C37B1999947D318893D4C112BAAA536FD6334B3EC37AEAB6CB3D5D9348C025390
                                                          Function 008C332A Relevance: .3, Instructions: 271COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9bb0e1251b43261e23572b6fe04e2d9b66b4d052610f955a5f7654400d35fefe
                                                          • Instruction ID: 6bfb4cbf7ae33944d16ff23187f06f508a84bf7cea4855d4c0744712cca124bd
                                                          • Opcode Fuzzy Hash: 9bb0e1251b43261e23572b6fe04e2d9b66b4d052610f955a5f7654400d35fefe
                                                          • Instruction Fuzzy Hash: B891E5B1A083418BD7258E559480B26BAF2FFA1308F19C57DE885CB341E7B1DE4AD742
                                                          Function 008ECB02 Relevance: .3, Instructions: 256COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a435c7ff7e61a266175cc740b2df94f4f0bcffa5dc796596f52e14c951997eae
                                                          • Instruction ID: 98a0b74d23a18f7a7e97ade448f1a73a0becf89ae6d904074a46e1fb4686494f
                                                          • Opcode Fuzzy Hash: a435c7ff7e61a266175cc740b2df94f4f0bcffa5dc796596f52e14c951997eae
                                                          • Instruction Fuzzy Hash: 19712B73A14B654BC728893C9C1176AB6D2ABC4214F4E873CD99ADB385EB74ED0187C1
                                                          Function 008F5AB0 Relevance: .3, Instructions: 254COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e8b4e1efa5495fb8a019b3a8f09c75cd24c53d3083fb3dc6746e68a82280d218
                                                          • Instruction ID: 5d078e274e4f27d3da90cbccabbf5c1f6ce68a191e117a99b678e43b23ec65d1
                                                          • Opcode Fuzzy Hash: e8b4e1efa5495fb8a019b3a8f09c75cd24c53d3083fb3dc6746e68a82280d218
                                                          • Instruction Fuzzy Hash: FE81FB3664AE994BD3185A3C9C113796E939BD2334F3D876DE7F2CB3E1C66544018351
                                                          Function 008E6130 Relevance: .2, Instructions: 242COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 17b631a1ef9c90cdc196109c47057cb6dd3a7c54a8c9dd28249f1b39c8e723b3
                                                          • Instruction ID: 9a7fad15f052f3d979731ed753b11b3c6440cd911b3e1669411cfc8942d1c418
                                                          • Opcode Fuzzy Hash: 17b631a1ef9c90cdc196109c47057cb6dd3a7c54a8c9dd28249f1b39c8e723b3
                                                          • Instruction Fuzzy Hash: B051C0B1600244ABDB209B65CC96B7733B4FFA63A8F184918FA45CB391F375E815C762
                                                          Function 008C3290 Relevance: .2, Instructions: 223COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5f99aab2791bd1aba6dfb3b61b9a4968c41f01324f8c9ecb9249fe38aea401d4
                                                          • Instruction ID: f1f4d97eb4c18ec8641bb312b000b1160e8f9a467fbf2cef7e349a17663f5f72
                                                          • Opcode Fuzzy Hash: 5f99aab2791bd1aba6dfb3b61b9a4968c41f01324f8c9ecb9249fe38aea401d4
                                                          • Instruction Fuzzy Hash: 8A71F6B6A0874287D72A8A18D440B36FBB2FFE1318F19C66DE45ACB341E775CA06C741
                                                          Function 009032D0 Relevance: .2, Instructions: 220COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 260186d478aae003c652c9c0622f6da14b7ca9a12c80829d925b8ad8623de31d
                                                          • Instruction ID: 23f964c667f773c24e8e4de423b4862b29bc0a14476defd0bbb13ddb3acaacfd
                                                          • Opcode Fuzzy Hash: 260186d478aae003c652c9c0622f6da14b7ca9a12c80829d925b8ad8623de31d
                                                          • Instruction Fuzzy Hash: C671CB716083419FDB158F19C880B2ABBEEEF85314F58C92CE5D98B2E2D735ED408B52
                                                          Function 008F2900 Relevance: .2, Instructions: 215COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b2ecac1f06bdf61436ed265659ed9f52c64cc52bcee91badaf8e5f8c506a0b22
                                                          • Instruction ID: 4f281901cd7e781b4fdd464f6e433d20f8941ecba548498dc52c5174af9a073e
                                                          • Opcode Fuzzy Hash: b2ecac1f06bdf61436ed265659ed9f52c64cc52bcee91badaf8e5f8c506a0b22
                                                          • Instruction Fuzzy Hash: 947149B4404785CFDB258F29C090A26BFB0FF16310B188599D9DA8F74BD375E855CBA1
                                                          Function 008CC300 Relevance: .2, Instructions: 214COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 78f57911bcbd89b49419ee3ef9dd8a7705bfb666a251f11caf1017bd8e3f52b3
                                                          • Instruction ID: d4a8f3bcb8ebc8195078842ddf7b584545950b75e69867ce1d64e0b85bbc43c1
                                                          • Opcode Fuzzy Hash: 78f57911bcbd89b49419ee3ef9dd8a7705bfb666a251f11caf1017bd8e3f52b3
                                                          • Instruction Fuzzy Hash: 8F5147377486844BC3189D7C5C613797A93ABD2338B2DC37DE9B9CB3E2E96988015380
                                                          Function 008BF41F Relevance: .2, Instructions: 213COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 118f1cef26720b4861566893e0de54ebb40160411a9db2ff76e9d22af775da4a
                                                          • Instruction ID: 035aec50d7e4742323ba87cc1e8cb7e4136103faac4651da6e80df2842fcd479
                                                          • Opcode Fuzzy Hash: 118f1cef26720b4861566893e0de54ebb40160411a9db2ff76e9d22af775da4a
                                                          • Instruction Fuzzy Hash: 3471AE31A083548BD718CA18C494B6FBBE2FFC4798F188A2DE895D7396D770DC448B82
                                                          Function 008F5880 Relevance: .2, Instructions: 198COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1b5a5ab0e6f08e1212459a1051d072897d816136cec1085f020d45d75109a894
                                                          • Instruction ID: 6ffd61ef7bc716de4ab981cc70ac1cc4bc66f9eb8198c1a5ebf343e87dee9730
                                                          • Opcode Fuzzy Hash: 1b5a5ab0e6f08e1212459a1051d072897d816136cec1085f020d45d75109a894
                                                          • Instruction Fuzzy Hash: 1F513537B19ED98BC7149E7C5C412B9AA43AB9733873D8376DBB1CB3D1C56688028391
                                                          Function 008CCCE1 Relevance: .2, Instructions: 189COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 98426d52609b44d71ace9bc0825109431283409a88027502b5f6118697708dcb
                                                          • Instruction ID: f4c2cf457b5917dfaf4d5e6811bb00c2a4be3aec87e4fbddc58131fb60d05b13
                                                          • Opcode Fuzzy Hash: 98426d52609b44d71ace9bc0825109431283409a88027502b5f6118697708dcb
                                                          • Instruction Fuzzy Hash: F25169B0A011459FDB01CFA8DA90BBEBBB2FB46306F240068E405F7392C7319E10CB66
                                                          Function 008FCCE0 Relevance: .2, Instructions: 189COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b948dc6add0ed9661d4b398e162f22454a7bbff509f023e817ae62914cd77494
                                                          • Instruction ID: cfe2b90e79fd75165af039046900b82cafaf8f11374c2e96df953d179e9a8e1a
                                                          • Opcode Fuzzy Hash: b948dc6add0ed9661d4b398e162f22454a7bbff509f023e817ae62914cd77494
                                                          • Instruction Fuzzy Hash: 65514AB15087588FE314DF29D49436BBBE1FBC8318F054A2DE5E987351E379DA088B82
                                                          Function 008F73A0 Relevance: .2, Instructions: 180COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6b9b159b4f3877c8d9d6b0debf22a3b75361e34386abef763474a0b287f0c785
                                                          • Instruction ID: 89f99c38def5c1d1c673126c030d5f8ce36351ac965093c98a224ff45f5d0cbe
                                                          • Opcode Fuzzy Hash: 6b9b159b4f3877c8d9d6b0debf22a3b75361e34386abef763474a0b287f0c785
                                                          • Instruction Fuzzy Hash: D551063760E5CC4BE7155E7C1C012B46E53ABA7338B3E83BADAB1CB3E1D52688069355
                                                          Function 00902070 Relevance: .2, Instructions: 167COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2d0570097160aab1b68a550f4511c957a43b2e8abafe0f435217c9cb9528a807
                                                          • Instruction ID: 422836f03b1be2faf97d1ef7a197d453ce17b849864c90b336920f8c3ab04e86
                                                          • Opcode Fuzzy Hash: 2d0570097160aab1b68a550f4511c957a43b2e8abafe0f435217c9cb9528a807
                                                          • Instruction Fuzzy Hash: 9D51807460C3409FDB189F58D888A2AB7F9EF85705F14882CE5C5972A2D332DC10DB26
                                                          Function 008CB290 Relevance: .2, Instructions: 164COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 054442773fa85cc7e7f2bc6a691852260fd407d19e094a4ce9a9a5ee557263b7
                                                          • Instruction ID: ebe27ac35fb9e409698e29548faa1f1b88bb064b20e825e34d255762fdbc8181
                                                          • Opcode Fuzzy Hash: 054442773fa85cc7e7f2bc6a691852260fd407d19e094a4ce9a9a5ee557263b7
                                                          • Instruction Fuzzy Hash: 8441E07090C2849BD301AB69D586A2EFBF9FF56705F188D1CE5C4D7262D33AC8108B6B
                                                          Function 008C3B30 Relevance: .2, Instructions: 163COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8bda98c2f30a516d50807ce0b98e746189b08d9b89d3b03278e09447c629b6b2
                                                          • Instruction ID: bf8cb69f91257bf33076ca501b4850bbf95e9f8406365a5c8cd604c8eb093a32
                                                          • Opcode Fuzzy Hash: 8bda98c2f30a516d50807ce0b98e746189b08d9b89d3b03278e09447c629b6b2
                                                          • Instruction Fuzzy Hash: 3351A3B5A043159FC714DF18D880E2AB7B1FF85328F15866CE89ADB352D631ED42CB92
                                                          Function 008CF41B Relevance: .1, Instructions: 135COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 34b2c5dc47880b26d63c4cac224246904b14b76870b104fed36430456e3dcfb5
                                                          • Instruction ID: 710757d2a3f0df82a5c9f1b0003cbc61f8c5a3e2ed1210c0b414d4e407c9c0bc
                                                          • Opcode Fuzzy Hash: 34b2c5dc47880b26d63c4cac224246904b14b76870b104fed36430456e3dcfb5
                                                          • Instruction Fuzzy Hash: 1F4128B490126A9FDF01CF94CC94BBEBBB1FF06301F144959E911AB392D334A910CBA8
                                                          Function 008CF790 Relevance: .1, Instructions: 125COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f5e34cb232997b27782127b8cd1ef61722e578a9a41e811742eb7c47ee6c68f4
                                                          • Instruction ID: 2834625c61c911e31788347520464b82fde2d30356b0185b8f7fe341a0713a35
                                                          • Opcode Fuzzy Hash: f5e34cb232997b27782127b8cd1ef61722e578a9a41e811742eb7c47ee6c68f4
                                                          • Instruction Fuzzy Hash: 62412672B0C3984FE358DE7A889462A7AE3EBC5310F18C63EF5A5C6285E630C915E750
                                                          Function 008EBBE3 Relevance: .1, Instructions: 119COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6b10cf0e7097aa983af4eec26b10cdff308d4fbafdfb15f8fa67f104f1a184b0
                                                          • Instruction ID: 628130cbf911e77b7775cd060fe75bc65ca7c0ac0101eba1cad7fe3f6ada70aa
                                                          • Opcode Fuzzy Hash: 6b10cf0e7097aa983af4eec26b10cdff308d4fbafdfb15f8fa67f104f1a184b0
                                                          • Instruction Fuzzy Hash: B341E3B1A082818FC714CB69C491A6BB7E2FB9A304F584A2DF49AD7342D734E905CB53
                                                          Function 00906F10 Relevance: .1, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8e225b96c8bf2e769cc8697a4cfbe4e2a1212ad77f5d165699b061e557b09fc9
                                                          • Instruction ID: 790cf172ea52ccf2a1f04a1d15f031414d5b14a6ae513dfd22684ba395ff8322
                                                          • Opcode Fuzzy Hash: 8e225b96c8bf2e769cc8697a4cfbe4e2a1212ad77f5d165699b061e557b09fc9
                                                          • Instruction Fuzzy Hash: 7E31DE32B4D6008FD304DE298C4165AFBEB9BDA324F0DDA2DE998C7295DA39D8018B41
                                                          Function 008F3021 Relevance: .1, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0d162afb33da07c4bd60f7c483336d076906e7f1409a5580b2f65c4fffe7ae7c
                                                          • Instruction ID: a7f2b2f9093efb28e43b822cee83da3d3f602385dd1390d1536fbc2ee8fe35a1
                                                          • Opcode Fuzzy Hash: 0d162afb33da07c4bd60f7c483336d076906e7f1409a5580b2f65c4fffe7ae7c
                                                          • Instruction Fuzzy Hash: 7C319060504B858FD7268F398450B32BBE1FF53309F28848DE5D6DB653CA3ADA06CB61
                                                          Function 008FE5C0 Relevance: .1, Instructions: 108COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e41c94bf4b0e2099e2558e9e672031c0a6948b5c6cff94468f528954f99504a0
                                                          • Instruction ID: a28fc769e970c3e0bc46ed07858fdf223f0e467a40ad77d647b8fbf4170d7511
                                                          • Opcode Fuzzy Hash: e41c94bf4b0e2099e2558e9e672031c0a6948b5c6cff94468f528954f99504a0
                                                          • Instruction Fuzzy Hash: 4C31EC32A0D71C4BC7159D38885027AB652FBE5334F19872DEA76CB3E5D6384841D382
                                                          Function 008CAB10 Relevance: .1, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ff721506fae7554bc00bc682493813926a926291962e7d101190d432c5989efe
                                                          • Instruction ID: cd62c9bedf2616ac6c464137eb133465df041c83202dbe37d846bab5078496af
                                                          • Opcode Fuzzy Hash: ff721506fae7554bc00bc682493813926a926291962e7d101190d432c5989efe
                                                          • Instruction Fuzzy Hash: 5D317C298496E906C33B853D94A096DBFA1BE5622C39902EDC8F14F783C552CD46C3E2
                                                          Function 00901C30 Relevance: .1, Instructions: 97COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ba455b42178d8c6815bdc6dc6395f760710097916b5094dc96ff09895023de6e
                                                          • Instruction ID: 3d36dc6534f2f647934c1f4a9569fcafe3e96c018f4149f8e46147ac8205ba58
                                                          • Opcode Fuzzy Hash: ba455b42178d8c6815bdc6dc6395f760710097916b5094dc96ff09895023de6e
                                                          • Instruction Fuzzy Hash: 36313770508340AFD300DF19D584B1BBBFAEF95704F14891CE0C88B292C376D805DBA6
                                                          Function 008C2A80 Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 592ae079f84e3206837f27edfef0d756db5bd63b1ae8b67b4edac06f6a01af03
                                                          • Instruction ID: e8f942085510d3025812236cd12111ea2cdb3f2d68c0c55918caffe168ce1c90
                                                          • Opcode Fuzzy Hash: 592ae079f84e3206837f27edfef0d756db5bd63b1ae8b67b4edac06f6a01af03
                                                          • Instruction Fuzzy Hash: 2B31B1716082149BD7259E18D880F2BB7F1FF88328F18892CE89ADB2C1D631DC52CB42
                                                          Function 008EC19D Relevance: .1, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d31ba30025e973e205b9eb2b84926fbe6cfd1052fcf67400e8907e88fc818d30
                                                          • Instruction ID: 47c73f49fec2ba082e77c186b1f45a424a6ba37b47b0c250e9c73464b1f2a12b
                                                          • Opcode Fuzzy Hash: d31ba30025e973e205b9eb2b84926fbe6cfd1052fcf67400e8907e88fc818d30
                                                          • Instruction Fuzzy Hash: F8217AB19083809BC7149F5AC89162BBBF1FF86395F44990CF5D28B761E379C881CB96
                                                          Function 008D372A Relevance: .1, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d538187a92fb4ac2440c57b712b554e1d8159c40c43cb23878864ac6b56818ea
                                                          • Instruction ID: ffac69bf8a9c02d810f26abe9f56b15f45d43604bf82133af65c535241e2e62d
                                                          • Opcode Fuzzy Hash: d538187a92fb4ac2440c57b712b554e1d8159c40c43cb23878864ac6b56818ea
                                                          • Instruction Fuzzy Hash: 953162B4A10A148FD326CF28C480A66B3F6FB49304F24AA2ED58BC7742E730F944CB51
                                                          Function 00904F90 Relevance: .1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b89c87bf8a49416322561c17cacfa981ac5946f4534b3d23e182106c98db3fcd
                                                          • Instruction ID: 1178b5457774f3da1912c39bfa531081007bc6faef2e570f587e70d49b02b801
                                                          • Opcode Fuzzy Hash: b89c87bf8a49416322561c17cacfa981ac5946f4534b3d23e182106c98db3fcd
                                                          • Instruction Fuzzy Hash: 76314B369046A24FDB26CA3C44A057D7FA16E5622578A42EEC8A18B3D3DAA5C880C7D4
                                                          Function 008CAC20 Relevance: .1, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b69eb6dab068996dbbd0ac95327138a57af9c260c6bd9e45a0f264d263eb3e6e
                                                          • Instruction ID: 257aa09cf73866ddc2e7c7da4b27519880908e48c715c415fd57595a708dd48d
                                                          • Opcode Fuzzy Hash: b69eb6dab068996dbbd0ac95327138a57af9c260c6bd9e45a0f264d263eb3e6e
                                                          • Instruction Fuzzy Hash: 5E113A736497984BC72E89289C60477FBD1E7F210878DC5BDD5C693386D422EC0DC266
                                                          Function 008E92A0 Relevance: .1, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 10fd84eb35d493625d844e637e1fb177c40288a20f3196d160322e86c00bf206
                                                          • Instruction ID: 379ace291e7e19064466af927eb39fad3bacb289029a5c9ef67b8b26f09f5994
                                                          • Opcode Fuzzy Hash: 10fd84eb35d493625d844e637e1fb177c40288a20f3196d160322e86c00bf206
                                                          • Instruction Fuzzy Hash: C9212AB69002A986CB248F5588002ADB7B0FF16351FA4D4D9D8C8B7380EB759E85DFA5
                                                          Function 008E770E Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5a4db2e7a7e6a4b6bfbd63caea179ea7f405d1524a8af3c95513a11a8f7ada3b
                                                          • Instruction ID: a6a1c910c1afa00140ba4bef099432e334e142e25fa0fef592326251a213e513
                                                          • Opcode Fuzzy Hash: 5a4db2e7a7e6a4b6bfbd63caea179ea7f405d1524a8af3c95513a11a8f7ada3b
                                                          • Instruction Fuzzy Hash: 92118B7460C2859FD704EF19DC80A2AB7FAFB96305F656928E0D1C7262E331E914CB56
                                                          Function 008ED1C0 Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c51315b3c12bd18b55da43b597f25570391444391c721ad26d4c76662b1ac61
                                                          • Instruction ID: a81812e95189d69e17185fc7eb00496a55776bce9e0c7171ca35123b71ad05f0
                                                          • Opcode Fuzzy Hash: 9c51315b3c12bd18b55da43b597f25570391444391c721ad26d4c76662b1ac61
                                                          • Instruction Fuzzy Hash: CE211370508381AFD3548B1AC840A2BFBF2FB86395F94982CE4C587262D375E849CB56
                                                          Function 008D2948 Relevance: .1, Instructions: 73COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5b896b6d8164971cb7ba37414f80df5efc22a3a844d39286caadf7c5c62d1198
                                                          • Instruction ID: 39d06197e2048f68315caa6a1370a78381f23bbe0d90a147804922b428a7611a
                                                          • Opcode Fuzzy Hash: 5b896b6d8164971cb7ba37414f80df5efc22a3a844d39286caadf7c5c62d1198
                                                          • Instruction Fuzzy Hash: CF212870400B609BD3268B38D851A67BBF1FF12304F144A9DE58797BA2D736F805CB55
                                                          Function 008F9BA0 Relevance: .1, Instructions: 64COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                          • Instruction ID: 84d38d22114174d3f9c4f6db09a87b58d03ec8666e3503d684f040c0e2d49844
                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                          • Instruction Fuzzy Hash: 1D11E933A091E84EC3168D3C9450675BFE36B93239B194399F4F4DB2D2D6228D8AC764
                                                          Function 008EF310 Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 960e2e00e3628e1f5e3ba26c325b6cc30fadb638be8208b4fd5208f2d766984d
                                                          • Instruction ID: a3f3e3e1cf53ab7e54b856a0fd760d66711edf60662b9d95a5566f76878961a4
                                                          • Opcode Fuzzy Hash: 960e2e00e3628e1f5e3ba26c325b6cc30fadb638be8208b4fd5208f2d766984d
                                                          • Instruction Fuzzy Hash: EF0152F160034197D7209E5695C1B3BB2A8FB86718F18453CEA09D7343DB76EC15D792
                                                          Function 008E7438 Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ad1a30c5f86df9b29ac032a507831b123af95fa9cc9c1ef612b51c76bc2b554d
                                                          • Instruction ID: 763604e9b45a80165c5103bba1d67054d9d147afd1a21e93454a4bd822c53926
                                                          • Opcode Fuzzy Hash: ad1a30c5f86df9b29ac032a507831b123af95fa9cc9c1ef612b51c76bc2b554d
                                                          • Instruction Fuzzy Hash: 6A11CE3041C3599FC710EF24C880AAABBA8FF46318F05482CE885D72A1F679E644CB5A
                                                          Function 008CD843 Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d7537f5fd8384a83163d866f176097abd77cb40ec27a0881dcf1d300453dad3e
                                                          • Instruction ID: eaf2a36432f5f76a5f7c52833ca9aae783739ee2f47b6677dd7af385f9d547c6
                                                          • Opcode Fuzzy Hash: d7537f5fd8384a83163d866f176097abd77cb40ec27a0881dcf1d300453dad3e
                                                          • Instruction Fuzzy Hash: 55118261E042554BDB05EF54D8807BEB7B7FF96304F28843CD40AE7251E634A905C765
                                                          Function 008ED3D4 Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cc9d6f7422685d54ac9c4b229ea6dda6c46a3da1920c7261afbe68902de17981
                                                          • Instruction ID: 4913b9f91d9fb147a5e4a4a2b2235c4dcabce7271712f011f70bb86de44bace0
                                                          • Opcode Fuzzy Hash: cc9d6f7422685d54ac9c4b229ea6dda6c46a3da1920c7261afbe68902de17981
                                                          • Instruction Fuzzy Hash: C8017CB4E016168BCB14CF19C8806AAB3B1FF96324F159169E816EB3E0E734E945CB55
                                                          Function 008D0080 Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e0bcc21ab59f3068ab92d7e069a64477687dc0058f8902c272e32a697d861a1d
                                                          • Instruction ID: c63440f853c9597595619fa4ce77ea6bf8d3953273f841e4d94b7e73d783b460
                                                          • Opcode Fuzzy Hash: e0bcc21ab59f3068ab92d7e069a64477687dc0058f8902c272e32a697d861a1d
                                                          • Instruction Fuzzy Hash: 67012173A28921078748DD3DDC1156B7AD15BC5630F19873DB9BAC73D0D634C8458655
                                                          Function 008D9970 Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c1feb0ecdb06b802b1560528e9a5af3474081b4572b374f0f40b5c4f3f9bd469
                                                          • Instruction ID: 5aa72b984e61665abecf311480f60f85f0081f0b4d134dbceac9a5d482661428
                                                          • Opcode Fuzzy Hash: c1feb0ecdb06b802b1560528e9a5af3474081b4572b374f0f40b5c4f3f9bd469
                                                          • Instruction Fuzzy Hash: 37F0ECB2A0415437DB2289549CD0F3BBFACEB97318F19155EE9C5D7302D1759880C3E6
                                                          Function 00904A30 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 085a7920e2e5b4e779e34a684b632e4f4ebff8cfa837e5ac39cd2be3ef1db2f6
                                                          • Instruction ID: eabd5da7dca64482355afb38c4683c83068b2513db57ad21a0bc10f994372f7b
                                                          • Opcode Fuzzy Hash: 085a7920e2e5b4e779e34a684b632e4f4ebff8cfa837e5ac39cd2be3ef1db2f6
                                                          • Instruction Fuzzy Hash: 3AF0343460C3819FD305EB18D884A2EFBF5EB96309F59881CE0D597262C235D890CF2A
                                                          Function 00907168 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dba64387f099f4ffb45be2b82222d83dc5fb2b584328ce1a123674adc3a9cf20
                                                          • Instruction ID: ba4d1251526b55de1abdbdd7c24997c51f05b70a50cdfc967fe2bb992648987c
                                                          • Opcode Fuzzy Hash: dba64387f099f4ffb45be2b82222d83dc5fb2b584328ce1a123674adc3a9cf20
                                                          • Instruction Fuzzy Hash: 10F0B23490C2419FC341AF58D59492EFBF5AB5A701F449C1CE1C5972A2D336E860CB66
                                                          Function 008AAA07 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 110e375efb2033e03ce8b70e48f77e8cdc524782d876c586b63fa1f672508759
                                                          • Instruction ID: 4fd540db3ebbb3d286118072f48691a56cf10bdd4c0ac3c292b5ce728e2e3735
                                                          • Opcode Fuzzy Hash: 110e375efb2033e03ce8b70e48f77e8cdc524782d876c586b63fa1f672508759
                                                          • Instruction Fuzzy Hash: A4E0B676A25278EBCB19DB9C8A4498AB2ECFB46B50B1544A6B501D3911C2B0EE00CBE1
                                                          Function 008FFC30 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                          • Instruction ID: ae66f862ddb82c8cb380c4c524e786d4980cdc677a9cfe6a0619ae5dfcf75c3f
                                                          • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                          • Instruction Fuzzy Hash: 6DD0A721648335469B788E29A410977F7F0FFC7B11F8A956EFB86E3248D230DC41C2A9
                                                          Function 008A0E59 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 352c58746815d872af4b3af9a2255c15039a5ed1f7fec551035c6ea349d431e8
                                                          • Instruction ID: e888c809e223705764833456d598f06c63689e0bb60f3592dfa6e21179cf17b8
                                                          • Opcode Fuzzy Hash: 352c58746815d872af4b3af9a2255c15039a5ed1f7fec551035c6ea349d431e8
                                                          • Instruction Fuzzy Hash: 30C08C3508098046EE298914C3B13A83394F3A77C2FC0088CC4038BE53C62EAC86EB02
                                                          Function 008EE783 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9bde8e0a18542e65954db997d1931066d1f8d4cb0ee69fd957d26d9737444eaa
                                                          • Instruction ID: 0ef132ec12f13d2120a587bc0940205f5b6cab06edd18471df01ce35b356b297
                                                          • Opcode Fuzzy Hash: 9bde8e0a18542e65954db997d1931066d1f8d4cb0ee69fd957d26d9737444eaa
                                                          • Instruction Fuzzy Hash: ADB092A5C02524E6905A2E153E029BEB134A913229F042435E90772207A626E21AD0AF
                                                          Function 008D3D73 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a927264b8af54b329c315b56f05fbf2d8de1dbd38e325cfc03de9a518d2d83b6
                                                          • Instruction ID: f8560e6c568977285d70649f9dc0a901b523008c7fada346de0d6910dbe9a5f4
                                                          • Opcode Fuzzy Hash: a927264b8af54b329c315b56f05fbf2d8de1dbd38e325cfc03de9a518d2d83b6
                                                          • Instruction Fuzzy Hash: 27B092E9C00700C6D2902A283C52927B438A523219F053434A80762243B936D518815B
                                                          Function 0090736B Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 005c4ba806c1f729e01d7b345e607bcf037a1a2af418616e2fc01539d0967c76
                                                          • Instruction ID: 7795c8e62c6c1a2cba6d6766a4d5bb610867df3ac219b3c08ddfb2e365f90ae1
                                                          • Opcode Fuzzy Hash: 005c4ba806c1f729e01d7b345e607bcf037a1a2af418616e2fc01539d0967c76
                                                          • Instruction Fuzzy Hash: D2B092B09083409BE644CF04C4A053AF3B5FB87229F00A82CE15AA3152C330E808CF0E
                                                          Function 00907074 Relevance: .0, Instructions: 7COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e353222c480a1e836f2e88ec6b0f54e01aefb973cbd9e2a65436a63ab80d9507
                                                          • Instruction ID: 90b20a1011eb729eb64d159c706abf0f2e45b7b0e11e27798d7b31732cf018ce
                                                          • Opcode Fuzzy Hash: e353222c480a1e836f2e88ec6b0f54e01aefb973cbd9e2a65436a63ab80d9507
                                                          • Instruction Fuzzy Hash: F7A00225E5C10197C60CCF24A950571E2B95BBF205F513428C005BB852D510D440961C
                                                          Function 008D43B6 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ee70fe1013954b18253420cd7c879e3bafbcdc7016d02e7bb28bbb050ed5ff3e
                                                          • Instruction ID: eb9c71f61387cf9290d7c446bbbdb1ba1a08eb420cde55b5b5e8e69408f34382
                                                          • Opcode Fuzzy Hash: ee70fe1013954b18253420cd7c879e3bafbcdc7016d02e7bb28bbb050ed5ff3e
                                                          • Instruction Fuzzy Hash: C0900224D4830086C2488E409490470E23A564F606E117018850D334924620E500850C
                                                          Function 008D2687 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0348c40113168c569ecdbaf33ce4c7ca3883923b3352dc9550a20db56e356de0
                                                          • Instruction ID: 125aa2fd33e84a88d69890093f1abe8245766079576a578208108fcfe1822cf2
                                                          • Opcode Fuzzy Hash: 0348c40113168c569ecdbaf33ce4c7ca3883923b3352dc9550a20db56e356de0
                                                          • Instruction Fuzzy Hash: D9900228D582008A8100CE4494A0470F278620B206F1034109008F3012D210E804850C
                                                          Function 008A768F Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3907804496
                                                          • Opcode ID: 6a418ebc6cd5726f4eb2ad7049e38ae8531652851b6820b8d4f0921129aa8b9f
                                                          • Instruction ID: c7629f2e6732e1e7e4f6c8ec7cb1697074227892c91e5e17ba76d3eefea0cf35
                                                          • Opcode Fuzzy Hash: 6a418ebc6cd5726f4eb2ad7049e38ae8531652851b6820b8d4f0921129aa8b9f
                                                          • Instruction Fuzzy Hash: C0B1E770A082499FEB11DFA9CC80BAEBBB1FF46314F184155E404EB791DB749E42EB61
                                                          Function 0089A278 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • type_info::operator==.LIBVCRUNTIME ref: 0089A397
                                                          • ___TypeMatch.LIBVCRUNTIME ref: 0089A4A5
                                                          • CallUnexpected.LIBVCRUNTIME ref: 0089A612
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: CallMatchTypeUnexpectedtype_info::operator==
                                                          • String ID: csm$csm$csm
                                                          • API String ID: 1206542248-393685449
                                                          • Opcode ID: 67a362638e59f0fadc38f17264dbd4c2e462044a9ca50acf9c73cf5841d29f14
                                                          • Instruction ID: 182cba2de1072712e6258e49e46a7dcce7f6decee3bf3ab0810c4f6e7cea3ca0
                                                          • Opcode Fuzzy Hash: 67a362638e59f0fadc38f17264dbd4c2e462044a9ca50acf9c73cf5841d29f14
                                                          • Instruction Fuzzy Hash: 8DB16771900209EFCF19EFA8C8819AEBBB5FF14310B19415AE815AB212D771EE51CBD3
                                                          Function 008A35FF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • FreeLibrary.KERNEL32(00000000,?,008A370C,?,?,00000000,00000000,?,?,008A38BA,00000021,FlsSetValue,008B69C8,008B69D0,00000000), ref: 008A36C0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: FreeLibrary
                                                          • String ID: api-ms-$ext-ms-
                                                          • API String ID: 3664257935-537541572
                                                          • Opcode ID: c33603bca9d13d5ec69bc15e3ab0a5446097e9159eef2932841c10f0dabb26d0
                                                          • Instruction ID: fa012bb57c1433a16ed48ab25b71aebf945b12d9464f2dba1ff8e724a56da053
                                                          • Opcode Fuzzy Hash: c33603bca9d13d5ec69bc15e3ab0a5446097e9159eef2932841c10f0dabb26d0
                                                          • Instruction Fuzzy Hash: 1B210231A05311BBEB229B64AC44A9B3768FF62760F250620F915E7790EB70EF01E6D0
                                                          Function 008938EF Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog3.LIBCMT ref: 008938F6
                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00893900
                                                          • int.LIBCPMT ref: 00893917
                                                            • Part of subcall function 008916DA: std::_Lockit::_Lockit.LIBCPMT ref: 008916EB
                                                            • Part of subcall function 008916DA: std::_Lockit::~_Lockit.LIBCPMT ref: 00891705
                                                          • codecvt.LIBCPMT ref: 0089393A
                                                          • std::_Facet_Register.LIBCPMT ref: 00893951
                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00893971
                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0089397E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                          • String ID:
                                                          • API String ID: 2133458128-0
                                                          • Opcode ID: 947db2b29a26e02ba0613e3b9a0a99ba0dbe48a45f75473348ba2a43f7cbe5fb
                                                          • Instruction ID: 4fa970494577a9827be058f10882397e6fd81e5c3e747543ef7b963606e7fe3f
                                                          • Opcode Fuzzy Hash: 947db2b29a26e02ba0613e3b9a0a99ba0dbe48a45f75473348ba2a43f7cbe5fb
                                                          • Instruction Fuzzy Hash: 9F01A13590811A9BCF01FBA8C8456ADBBB1FF84320F284109F411EB291DB70AF01CB82
                                                          Function 00896751 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 0089679A
                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00896805
                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00896822
                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00896861
                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008968C0
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 008968E3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiStringWide
                                                          • String ID:
                                                          • API String ID: 2829165498-0
                                                          • Opcode ID: 211e871d6b8032c2adf4a03eb54bf695074f5c637c24df4407047ac4db183769
                                                          • Instruction ID: 9b5c3cd5c056f38091ba5018a779b3033c28aaf83440011d88e46bbb6870d744
                                                          • Opcode Fuzzy Hash: 211e871d6b8032c2adf4a03eb54bf695074f5c637c24df4407047ac4db183769
                                                          • Instruction Fuzzy Hash: 26518D72A0021ABFEF20AFA4CC45FAA7BA9FF44754F194525F905E6150EB35DD20CBA0
                                                          Function 00895019 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog3.LIBCMT ref: 00895020
                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0089502A
                                                          • int.LIBCPMT ref: 00895041
                                                            • Part of subcall function 008916DA: std::_Lockit::_Lockit.LIBCPMT ref: 008916EB
                                                            • Part of subcall function 008916DA: std::_Lockit::~_Lockit.LIBCPMT ref: 00891705
                                                          • std::_Facet_Register.LIBCPMT ref: 0089507B
                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0089509B
                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 008950A8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                          • String ID:
                                                          • API String ID: 55977855-0
                                                          • Opcode ID: 55b9ecaa09f3644f96f661973cbb30b755d61b97f8e9ad357791cd75ce21af3c
                                                          • Instruction ID: 1db5b916154430c3664592e005270db32a9cd37947590d11daf1fe80e641af8a
                                                          • Opcode Fuzzy Hash: 55b9ecaa09f3644f96f661973cbb30b755d61b97f8e9ad357791cd75ce21af3c
                                                          • Instruction Fuzzy Hash: ED11B475A14A199BCF12BFA8C8066ADB7F5FF94320F18450DF401E7391EB70AE058B92
                                                          Function 00899F0A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(?,?,00899F01,008980FB,008977B5), ref: 00899F18
                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00899F26
                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00899F3F
                                                          • SetLastError.KERNEL32(00000000,00899F01,008980FB,008977B5), ref: 00899F91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ErrorLastValue___vcrt_
                                                          • String ID:
                                                          • API String ID: 3852720340-0
                                                          • Opcode ID: 8a8c36ecfa98b6a686f7a7ccfe1675efad7019b26f44c25756c29a6942722f3d
                                                          • Instruction ID: 33e024926146171593a6a012d41cf25cbf884f5aec0b017228f9ec8251d3160e
                                                          • Opcode Fuzzy Hash: 8a8c36ecfa98b6a686f7a7ccfe1675efad7019b26f44c25756c29a6942722f3d
                                                          • Instruction Fuzzy Hash: 4701843320DF11AEAF28377DFC86AA66B85FB11774728032DF151D50E1EF514C029645
                                                          Function 008A0E7B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,39146801,?,?,00000000,008B2025,000000FF,?,008A0E0B,008A0F3B,?,008A0DDF,00000000), ref: 008A0EB0
                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008A0EC2
                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000,008B2025,000000FF,?,008A0E0B,008A0F3B,?,008A0DDF,00000000), ref: 008A0EE4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                          • String ID: CorExitProcess$mscoree.dll
                                                          • API String ID: 4061214504-1276376045
                                                          • Opcode ID: 04514dbb8562a87f636136dd18df38de474289f1a1db31573cdcfc536b6d6037
                                                          • Instruction ID: 8ccf3b2658c121d8e74e73135094b5d953dc7e4d365f9441a7659ea5e1952728
                                                          • Opcode Fuzzy Hash: 04514dbb8562a87f636136dd18df38de474289f1a1db31573cdcfc536b6d6037
                                                          • Instruction Fuzzy Hash: 1C016232954A19FFEB119F54DC05BAEBBB8FF04B11F040A29F821E27D0EB799911CA50
                                                          Function 008925C5 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 008925D1
                                                          • int.LIBCPMT ref: 008925E4
                                                            • Part of subcall function 008916DA: std::_Lockit::_Lockit.LIBCPMT ref: 008916EB
                                                            • Part of subcall function 008916DA: std::_Lockit::~_Lockit.LIBCPMT ref: 00891705
                                                          • std::_Facet_Register.LIBCPMT ref: 00892617
                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0089262D
                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00892638
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                          • String ID:
                                                          • API String ID: 2081738530-0
                                                          • Opcode ID: 5ba353803495614839cfdecff6c599454cc3ecbc3d58f514526a33eee4569a3f
                                                          • Instruction ID: c713a8e771f2df3ee7c1125dc75b6d0f8d41251510fd11658052ea516fb8a48d
                                                          • Opcode Fuzzy Hash: 5ba353803495614839cfdecff6c599454cc3ecbc3d58f514526a33eee4569a3f
                                                          • Instruction Fuzzy Hash: 7F01A732508115BBCF17BBA8D8458DE77A8FF94760B1D4149F412D7291EF30AE02D781
                                                          Function 00893155 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00893161
                                                          • int.LIBCPMT ref: 00893174
                                                            • Part of subcall function 008916DA: std::_Lockit::_Lockit.LIBCPMT ref: 008916EB
                                                            • Part of subcall function 008916DA: std::_Lockit::~_Lockit.LIBCPMT ref: 00891705
                                                          • std::_Facet_Register.LIBCPMT ref: 008931A7
                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 008931BD
                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 008931C8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                          • String ID:
                                                          • API String ID: 2081738530-0
                                                          • Opcode ID: c46651e437fd64fe1a0ec4ba04e4e249ac8191b23ce52de35ee3bc2167751a20
                                                          • Instruction ID: 99e6c91a26111ed95b622bcbd7c565685c855d861fbbf5399a96e0a8f3c37224
                                                          • Opcode Fuzzy Hash: c46651e437fd64fe1a0ec4ba04e4e249ac8191b23ce52de35ee3bc2167751a20
                                                          • Instruction Fuzzy Hash: 31018432608115BBCF15BB58D8598DE7768FF90760B190149F812D7291EB30AF02D781
                                                          Function 00894D9C Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog3.LIBCMT ref: 00894DA3
                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00894DAE
                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00894E1C
                                                            • Part of subcall function 00894EFF: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00894F17
                                                          • std::locale::_Setgloballocale.LIBCPMT ref: 00894DC9
                                                          • _Yarn.LIBCPMT ref: 00894DDF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                          • String ID:
                                                          • API String ID: 1088826258-0
                                                          • Opcode ID: e4790443fad66c2320f153845e05e81dbd6652236b708af546583c2486761d63
                                                          • Instruction ID: cac95e789db2745e1dea36527d4e2006562dfc90e522fa1b6b0fd0830356f402
                                                          • Opcode Fuzzy Hash: e4790443fad66c2320f153845e05e81dbd6652236b708af546583c2486761d63
                                                          • Instruction Fuzzy Hash: EB019E35A041119BCF06BB68D8419BC77B1FF84310B184009F81297381DF346E02DB82
                                                          Function 0089B052 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0089B003,00000000,?,00917AC4,?,?,?,0089B1A6,00000004,InitializeCriticalSectionEx,008B4C70,InitializeCriticalSectionEx), ref: 0089B05F
                                                          • GetLastError.KERNEL32(?,0089B003,00000000,?,00917AC4,?,?,?,0089B1A6,00000004,InitializeCriticalSectionEx,008B4C70,InitializeCriticalSectionEx,00000000,?,0089AF5D), ref: 0089B069
                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0089B091
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad$ErrorLast
                                                          • String ID: api-ms-
                                                          • API String ID: 3177248105-2084034818
                                                          • Opcode ID: aa76a0fa3d9ea7d2da7139f6b4b63895de9c6ba562082f03acb9ed3304cacd80
                                                          • Instruction ID: c35ab61e621fdae2cdbf96ed20e71209cb5feb65b8c395c2007eb10ebb2b6538
                                                          • Opcode Fuzzy Hash: aa76a0fa3d9ea7d2da7139f6b4b63895de9c6ba562082f03acb9ed3304cacd80
                                                          • Instruction Fuzzy Hash: E7E01A70280704BBEF202B70FD0AB5A3F54FF00B50F184120F90DE81E1DBB1AA618684
                                                          Function 008A582E Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetConsoleOutputCP.KERNEL32(39146801,00000000,00000000,?), ref: 008A5891
                                                            • Part of subcall function 008A98E5: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,008A89AA,?,00000000,-00000008), ref: 008A9991
                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 008A5AEC
                                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 008A5B34
                                                          • GetLastError.KERNEL32 ref: 008A5BD7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                          • String ID:
                                                          • API String ID: 2112829910-0
                                                          • Opcode ID: a9380cd0714eee77b81a772c596b9af67346051bdb72e6314bdb6c3b4a64dc58
                                                          • Instruction ID: 1aea7ffab67da79dc14909bfa3f680c3996c23c2d27e2dcdd51f8a544b963e08
                                                          • Opcode Fuzzy Hash: a9380cd0714eee77b81a772c596b9af67346051bdb72e6314bdb6c3b4a64dc58
                                                          • Instruction Fuzzy Hash: 0FD17A75E046589FDF05CFA8D880AEDBBB5FF49314F28412AE816E7751D730A982CB60
                                                          Function 0089A021 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: AdjustPointer
                                                          • String ID:
                                                          • API String ID: 1740715915-0
                                                          • Opcode ID: fccf46f1cbf281ef177a0def495e0d3339eb07f10efa9db7a18cfa457835e7b3
                                                          • Instruction ID: c22e3a22dcb082799c8e4e7d269b0d5a2d9bf3a1eebdc07de35eeb1f8f3349d2
                                                          • Opcode Fuzzy Hash: fccf46f1cbf281ef177a0def495e0d3339eb07f10efa9db7a18cfa457835e7b3
                                                          • Instruction Fuzzy Hash: 3351AC76604606EFEF2DAF18D841BBA77A4FF44714F184129E806D6291E732EC81DBD2
                                                          Function 008B0616 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteConso.KERNEL32(00000000,00000000,?,00000000,00000000,?,008AF049,00000000,00000001,00000000,?,?,008A5C2B,?,00000000,00000000), ref: 008B062D
                                                          • GetLastError.KERNEL32(?,008AF049,00000000,00000001,00000000,?,?,008A5C2B,?,00000000,00000000,?,?,?,008A61B2,00000000), ref: 008B0639
                                                            • Part of subcall function 008B05FF: CloseHandle.KERNEL32(FFFFFFFE,008B0649,?,008AF049,00000000,00000001,00000000,?,?,008A5C2B,?,00000000,00000000,?,?), ref: 008B060F
                                                          • ___initconout.LIBCMT ref: 008B0649
                                                            • Part of subcall function 008B05C1: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,008B05F0,008AF036,?,?,008A5C2B,?,00000000,00000000,?), ref: 008B05D4
                                                          • WriteConso.KERNEL32(00000000,00000000,?,00000000,?,008AF049,00000000,00000001,00000000,?,?,008A5C2B,?,00000000,00000000,?), ref: 008B065E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ConsoWrite$CloseCreateErrorFileHandleLast___initconout
                                                          • String ID:
                                                          • API String ID: 1327366883-0
                                                          • Opcode ID: bee6cd67f762347386aad2b3b7e8440037f62007898461551722b3f29c3dd08d
                                                          • Instruction ID: 5c59124a75c367c095042f3e416f36dafb03f002eabc7baaaba3349aa9020ac9
                                                          • Opcode Fuzzy Hash: bee6cd67f762347386aad2b3b7e8440037f62007898461551722b3f29c3dd08d
                                                          • Instruction Fuzzy Hash: 80F0A236501119BFCF621F99EC049DA3F69FF59361B044610F91AE5630D6319920DF91
                                                          Function 008928E9 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 126COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: H_prolog3_catch_strlen
                                                          • String ID: input string:
                                                          • API String ID: 3133806014-2984214493
                                                          • Opcode ID: 931cf7e2dda9ea17ab06d5edb003224a83b4d99abbd21192cbe19cb027f24ee4
                                                          • Instruction ID: 538eacae3800ee881f84399b97503e54d9a0ed73fbaa31e92dc132e960638d0d
                                                          • Opcode Fuzzy Hash: 931cf7e2dda9ea17ab06d5edb003224a83b4d99abbd21192cbe19cb027f24ee4
                                                          • Instruction Fuzzy Hash: E0416131B54215AFDF20EBA8C8819ACBBF2FB49734F2C4255E525EB2E1C6315C41CB61
                                                          Function 00899D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00899D4F
                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00899E03
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritable___except_validate_context_record
                                                          • String ID: csm
                                                          • API String ID: 3480331319-1018135373
                                                          • Opcode ID: ad644b70d38d7e4341ff073a54f3b149706d7d827e461bc06602e240d1f453ec
                                                          • Instruction ID: 7a7c2dae0bc906b8edb63e4f0ccff9a2d582a2077df8dae1fb05022d1adf817b
                                                          • Opcode Fuzzy Hash: ad644b70d38d7e4341ff073a54f3b149706d7d827e461bc06602e240d1f453ec
                                                          • Instruction Fuzzy Hash: E941A434A002099FCF10EF6CC885A9EBBB5FF45324F188159E855DB392D771DA51CB92
                                                          Function 0089A61D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • EncodePointer.KERNEL32(00000000,?), ref: 0089A642
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: EncodePointer
                                                          • String ID: MOC$RCC
                                                          • API String ID: 2118026453-2084237596
                                                          • Opcode ID: 7879ba73e9e7b74d7c144f0966b62ac138372956dcb73ac51ce206277758b79b
                                                          • Instruction ID: 4c9efe8eb5c46ff677ed30b8b08fda30b464e8f981ea4fd023acca8f2fe6ae96
                                                          • Opcode Fuzzy Hash: 7879ba73e9e7b74d7c144f0966b62ac138372956dcb73ac51ce206277758b79b
                                                          • Instruction Fuzzy Hash: FC417931900209EFCF1AEF98CC82AEEBBB5FF48304F198159F905A7221D7359950DB92
                                                          Function 00891605 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0089160C
                                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00891644
                                                            • Part of subcall function 00894E9A: _Yarn.LIBCPMT ref: 00894EB9
                                                            • Part of subcall function 00894E9A: _Yarn.LIBCPMT ref: 00894EDD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1907095523.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000000.00000002.1907065881.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907169351.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907239687.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907336801.0000000000916000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907398372.0000000000917000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1907469813.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                          • String ID: bad locale name
                                                          • API String ID: 1908188788-1405518554
                                                          • Opcode ID: b6457eaf4c95e4eeab18cb6934c0c367de33c68d1ab36d6c0e374fe5654ac347
                                                          • Instruction ID: e34a262b6215720bcf4ae9071296a65318b893b3fe1119fd00654c26a23472ef
                                                          • Opcode Fuzzy Hash: b6457eaf4c95e4eeab18cb6934c0c367de33c68d1ab36d6c0e374fe5654ac347
                                                          • Instruction Fuzzy Hash: 7CF01D71505B909E87319FAA8481447FBE4FE283103948A2FE1DEC3A11D730A504CB6A

                                                          Non-executed Functions

                                                          Function 008ACBCF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLocaleInfoW.KERNEL32(?,2000000B,008ACEED,00000002,00000000,?,?,?,008ACEED,?,00000000), ref: 008ACC68
                                                          • GetLocaleInfoW.KERNEL32(?,20001004,008ACEED,00000002,00000000,?,?,?,008ACEED,?,00000000), ref: 008ACC91
                                                          • GetACP.KERNEL32(?,?,008ACEED,?,00000000), ref: 008ACCA6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: InfoLocale
                                                          • String ID: ACP$OCP
                                                          • API String ID: 2299586839-711371036
                                                          • Opcode ID: de0e24b95cac9b24df44761bf3b0e0aaee8c71877aeda57f01ef83b42a76135d
                                                          • Instruction ID: d510b644d1f8be0fd635a673a86e2ad908792f4ff97db38ff83494965b56310a
                                                          • Opcode Fuzzy Hash: de0e24b95cac9b24df44761bf3b0e0aaee8c71877aeda57f01ef83b42a76135d
                                                          • Instruction Fuzzy Hash: C7218022A00505AAFB349F69CA05AA7B3A7FF56F74B568464E90ED7900F732DE41C390
                                                          Function 008ACDA4 Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 008A5215: GetLastError.KERNEL32(?,00000000,0089FB7F,?,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A5219
                                                            • Part of subcall function 008A5215: SetLastError.KERNEL32(00000000,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A52BB
                                                          • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 008ACEB0
                                                          • IsValidCodePage.KERNEL32(00000000), ref: 008ACEF9
                                                          • IsValidLocale.KERNEL32(?,00000001), ref: 008ACF08
                                                          • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 008ACF50
                                                          • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 008ACF6F
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                          • String ID:
                                                          • API String ID: 415426439-0
                                                          • Opcode ID: 9c1c1d2177445833b5fef3e47b38f6ed8b4a7a1d5a4bbb7d9fb38c9b18b759d7
                                                          • Instruction ID: ebc51811c7b48f731220ea8bf621b8fe70f1f8864d1ad3c0268a1ae9a6ced7f1
                                                          • Opcode Fuzzy Hash: 9c1c1d2177445833b5fef3e47b38f6ed8b4a7a1d5a4bbb7d9fb38c9b18b759d7
                                                          • Instruction Fuzzy Hash: C2516172A00609AFFF10DFA9CC41ABE77B8FF4A700F144569E514E7590EB709A54CB61
                                                          Function 008AC440 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 008A5215: GetLastError.KERNEL32(?,00000000,0089FB7F,?,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A5219
                                                            • Part of subcall function 008A5215: SetLastError.KERNEL32(00000000,?,?,?,00000003,0089C27B,?,?,?,?,00000000), ref: 008A52BB
                                                          • GetACP.KERNEL32(?,?,?,?,?,?,008A1773,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 008AC501
                                                          • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,008A1773,?,?,?,00000055,?,-00000050,?,?), ref: 008AC52C
                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 008AC68F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$CodeInfoLocalePageValid
                                                          • String ID: utf8
                                                          • API String ID: 607553120-905460609
                                                          • Opcode ID: 50d4b8fcb34acfb6d2c952b100628713089fdcf65eee078ea26352b087f2d702
                                                          • Instruction ID: 50f268981724c1164232b9d87e5b30ae557c4c5890959c8116b137eec5ae79cb
                                                          • Opcode Fuzzy Hash: 50d4b8fcb34acfb6d2c952b100628713089fdcf65eee078ea26352b087f2d702
                                                          • Instruction Fuzzy Hash: BD711471A00706AAFB24EB79CC42FB673A8FF5A310F144429F605DB981FB75ED408666
                                                          Function 008A4023 Relevance: 6.3, APIs: 4, Instructions: 337COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: _strrchr
                                                          • String ID:
                                                          • API String ID: 3213747228-0
                                                          • Opcode ID: 17a8af3533a897e6e906cec53c923a3a22616cf0740b16545c45100316cc9468
                                                          • Instruction ID: 6925fbc43a5b640eb60cc98f42f8fb1354fc9466f4eee8b31a18ea88111010fc
                                                          • Opcode Fuzzy Hash: 17a8af3533a897e6e906cec53c923a3a22616cf0740b16545c45100316cc9468
                                                          • Instruction Fuzzy Hash: 5EB166329002459FEF15CF68C881BFEBBA5FF96304F15916AE905EB741D2B49D01C761
                                                          Function 008975D8 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 008975E4
                                                          • IsDebuggerPresent.KERNEL32 ref: 008976B0
                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 008976C9
                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 008976D3
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                          • String ID:
                                                          • API String ID: 254469556-0
                                                          • Opcode ID: 57db758bdefd2ca6bbe4197d48583d6e62c7557217ef7292a665c46fe2c90801
                                                          • Instruction ID: 9462c7f5675d4509362c431d98c5f425ca66d3f563e28bd4b86d7b336a16afa8
                                                          • Opcode Fuzzy Hash: 57db758bdefd2ca6bbe4197d48583d6e62c7557217ef7292a665c46fe2c90801
                                                          • Instruction Fuzzy Hash: 0131E575D05219ABDF21EFA4D949BCDBBB8BF08304F1041AAE40DAB250EB709A858F45
                                                          Function 00891CD2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 187COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00893348: __EH_prolog3_catch.LIBCMT ref: 0089334F
                                                          • _Deallocate.LIBCONCRT ref: 00891EAD
                                                          • _Deallocate.LIBCONCRT ref: 00891EFA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: Deallocate$H_prolog3_catch
                                                          • String ID: Current val: %d
                                                          • API String ID: 1212816977-1825967858
                                                          • Opcode ID: f59a627bb8dc15adad24879f39f91738ded3d02683396eefb511c3f72a7b21e7
                                                          • Instruction ID: f8b0ff3d3e87756acce058ba4d19376ae26e6d4ea9c48ac0d1abccfbd88ed66c
                                                          • Opcode Fuzzy Hash: f59a627bb8dc15adad24879f39f91738ded3d02683396eefb511c3f72a7b21e7
                                                          • Instruction Fuzzy Hash: B3618A7251D3568FCB20EF29D48466BFBE0FB99724F180A2DF9D493242D73599048B92
                                                          Function 008A768F Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3907804496
                                                          • Opcode ID: 6a418ebc6cd5726f4eb2ad7049e38ae8531652851b6820b8d4f0921129aa8b9f
                                                          • Instruction ID: c7629f2e6732e1e7e4f6c8ec7cb1697074227892c91e5e17ba76d3eefea0cf35
                                                          • Opcode Fuzzy Hash: 6a418ebc6cd5726f4eb2ad7049e38ae8531652851b6820b8d4f0921129aa8b9f
                                                          • Instruction Fuzzy Hash: C0B1E770A082499FEB11DFA9CC80BAEBBB1FF46314F184155E404EB791DB749E42EB61
                                                          Function 0089A278 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 303COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • type_info::operator==.LIBVCRUNTIME ref: 0089A397
                                                          • ___TypeMatch.LIBVCRUNTIME ref: 0089A4A5
                                                          • CallUnexpected.LIBVCRUNTIME ref: 0089A612
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: CallMatchTypeUnexpectedtype_info::operator==
                                                          • String ID: csm$csm$csm
                                                          • API String ID: 1206542248-393685449
                                                          • Opcode ID: 67a362638e59f0fadc38f17264dbd4c2e462044a9ca50acf9c73cf5841d29f14
                                                          • Instruction ID: 182cba2de1072712e6258e49e46a7dcce7f6decee3bf3ab0810c4f6e7cea3ca0
                                                          • Opcode Fuzzy Hash: 67a362638e59f0fadc38f17264dbd4c2e462044a9ca50acf9c73cf5841d29f14
                                                          • Instruction Fuzzy Hash: 8DB16771900209EFCF19EFA8C8819AEBBB5FF14310B19415AE815AB212D771EE51CBD3
                                                          Function 008A35FF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FreeLibrary.KERNEL32(00000000,?,008A370C,?,?,00000000,00000000,?,?,008A38BA,00000021,FlsSetValue,008B69C8,008B69D0,00000000), ref: 008A36C0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: FreeLibrary
                                                          • String ID: api-ms-$ext-ms-
                                                          • API String ID: 3664257935-537541572
                                                          • Opcode ID: c33603bca9d13d5ec69bc15e3ab0a5446097e9159eef2932841c10f0dabb26d0
                                                          • Instruction ID: fa012bb57c1433a16ed48ab25b71aebf945b12d9464f2dba1ff8e724a56da053
                                                          • Opcode Fuzzy Hash: c33603bca9d13d5ec69bc15e3ab0a5446097e9159eef2932841c10f0dabb26d0
                                                          • Instruction Fuzzy Hash: 1B210231A05311BBEB229B64AC44A9B3768FF62760F250620F915E7790EB70EF01E6D0
                                                          Function 008938EF Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog3.LIBCMT ref: 008938F6
                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00893900
                                                          • int.LIBCPMT ref: 00893917
                                                            • Part of subcall function 008916DA: std::_Lockit::_Lockit.LIBCPMT ref: 008916EB
                                                            • Part of subcall function 008916DA: std::_Lockit::~_Lockit.LIBCPMT ref: 00891705
                                                          • codecvt.LIBCPMT ref: 0089393A
                                                          • std::_Facet_Register.LIBCPMT ref: 00893951
                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00893971
                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0089397E
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                          • String ID:
                                                          • API String ID: 2133458128-0
                                                          • Opcode ID: 947db2b29a26e02ba0613e3b9a0a99ba0dbe48a45f75473348ba2a43f7cbe5fb
                                                          • Instruction ID: 4fa970494577a9827be058f10882397e6fd81e5c3e747543ef7b963606e7fe3f
                                                          • Opcode Fuzzy Hash: 947db2b29a26e02ba0613e3b9a0a99ba0dbe48a45f75473348ba2a43f7cbe5fb
                                                          • Instruction Fuzzy Hash: 9F01A13590811A9BCF01FBA8C8456ADBBB1FF84320F284109F411EB291DB70AF01CB82
                                                          Function 00896751 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 0089679A
                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00896805
                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00896822
                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00896861
                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008968C0
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 008968E3
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiStringWide
                                                          • String ID:
                                                          • API String ID: 2829165498-0
                                                          • Opcode ID: 211e871d6b8032c2adf4a03eb54bf695074f5c637c24df4407047ac4db183769
                                                          • Instruction ID: 9b5c3cd5c056f38091ba5018a779b3033c28aaf83440011d88e46bbb6870d744
                                                          • Opcode Fuzzy Hash: 211e871d6b8032c2adf4a03eb54bf695074f5c637c24df4407047ac4db183769
                                                          • Instruction Fuzzy Hash: 26518D72A0021ABFEF20AFA4CC45FAA7BA9FF44754F194525F905E6150EB35DD20CBA0
                                                          Function 00895019 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog3.LIBCMT ref: 00895020
                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0089502A
                                                          • int.LIBCPMT ref: 00895041
                                                            • Part of subcall function 008916DA: std::_Lockit::_Lockit.LIBCPMT ref: 008916EB
                                                            • Part of subcall function 008916DA: std::_Lockit::~_Lockit.LIBCPMT ref: 00891705
                                                          • std::_Facet_Register.LIBCPMT ref: 0089507B
                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0089509B
                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 008950A8
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                          • String ID:
                                                          • API String ID: 55977855-0
                                                          • Opcode ID: 55b9ecaa09f3644f96f661973cbb30b755d61b97f8e9ad357791cd75ce21af3c
                                                          • Instruction ID: 1db5b916154430c3664592e005270db32a9cd37947590d11daf1fe80e641af8a
                                                          • Opcode Fuzzy Hash: 55b9ecaa09f3644f96f661973cbb30b755d61b97f8e9ad357791cd75ce21af3c
                                                          • Instruction Fuzzy Hash: ED11B475A14A199BCF12BFA8C8066ADB7F5FF94320F18450DF401E7391EB70AE058B92
                                                          Function 00899F0A Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(?,?,00899F01,008980FB,008977B5), ref: 00899F18
                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00899F26
                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00899F3F
                                                          • SetLastError.KERNEL32(00000000,00899F01,008980FB,008977B5), ref: 00899F91
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ErrorLastValue___vcrt_
                                                          • String ID:
                                                          • API String ID: 3852720340-0
                                                          • Opcode ID: 8a8c36ecfa98b6a686f7a7ccfe1675efad7019b26f44c25756c29a6942722f3d
                                                          • Instruction ID: 33e024926146171593a6a012d41cf25cbf884f5aec0b017228f9ec8251d3160e
                                                          • Opcode Fuzzy Hash: 8a8c36ecfa98b6a686f7a7ccfe1675efad7019b26f44c25756c29a6942722f3d
                                                          • Instruction Fuzzy Hash: 4701843320DF11AEAF28377DFC86AA66B85FB11774728032DF151D50E1EF514C029645
                                                          Function 008A0E7B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,008B2025,000000FF,?,008A0E0B,008A0F3B,?,008A0DDF,00000000), ref: 008A0EB0
                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess,?,?,00000000,008B2025,000000FF,?,008A0E0B,008A0F3B,?,008A0DDF,00000000), ref: 008A0EC2
                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000,008B2025,000000FF,?,008A0E0B,008A0F3B,?,008A0DDF,00000000), ref: 008A0EE4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                          • String ID: CorExitProcess$mscoree.dll
                                                          • API String ID: 4061214504-1276376045
                                                          • Opcode ID: 04514dbb8562a87f636136dd18df38de474289f1a1db31573cdcfc536b6d6037
                                                          • Instruction ID: 8ccf3b2658c121d8e74e73135094b5d953dc7e4d365f9441a7659ea5e1952728
                                                          • Opcode Fuzzy Hash: 04514dbb8562a87f636136dd18df38de474289f1a1db31573cdcfc536b6d6037
                                                          • Instruction Fuzzy Hash: 1C016232954A19FFEB119F54DC05BAEBBB8FF04B11F040A29F821E27D0EB799911CA50
                                                          Function 00893155 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00893161
                                                          • int.LIBCPMT ref: 00893174
                                                            • Part of subcall function 008916DA: std::_Lockit::_Lockit.LIBCPMT ref: 008916EB
                                                            • Part of subcall function 008916DA: std::_Lockit::~_Lockit.LIBCPMT ref: 00891705
                                                          • std::_Facet_Register.LIBCPMT ref: 008931A7
                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 008931BD
                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 008931C8
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                          • String ID:
                                                          • API String ID: 2081738530-0
                                                          • Opcode ID: c46651e437fd64fe1a0ec4ba04e4e249ac8191b23ce52de35ee3bc2167751a20
                                                          • Instruction ID: 99e6c91a26111ed95b622bcbd7c565685c855d861fbbf5399a96e0a8f3c37224
                                                          • Opcode Fuzzy Hash: c46651e437fd64fe1a0ec4ba04e4e249ac8191b23ce52de35ee3bc2167751a20
                                                          • Instruction Fuzzy Hash: 31018432608115BBCF15BB58D8598DE7768FF90760B190149F812D7291EB30AF02D781
                                                          Function 008925C5 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 008925D1
                                                          • int.LIBCPMT ref: 008925E4
                                                            • Part of subcall function 008916DA: std::_Lockit::_Lockit.LIBCPMT ref: 008916EB
                                                            • Part of subcall function 008916DA: std::_Lockit::~_Lockit.LIBCPMT ref: 00891705
                                                          • std::_Facet_Register.LIBCPMT ref: 00892617
                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0089262D
                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00892638
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                          • String ID:
                                                          • API String ID: 2081738530-0
                                                          • Opcode ID: 5ba353803495614839cfdecff6c599454cc3ecbc3d58f514526a33eee4569a3f
                                                          • Instruction ID: c713a8e771f2df3ee7c1125dc75b6d0f8d41251510fd11658052ea516fb8a48d
                                                          • Opcode Fuzzy Hash: 5ba353803495614839cfdecff6c599454cc3ecbc3d58f514526a33eee4569a3f
                                                          • Instruction Fuzzy Hash: 7F01A732508115BBCF17BBA8D8458DE77A8FF94760B1D4149F412D7291EF30AE02D781
                                                          Function 00894D9C Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog3.LIBCMT ref: 00894DA3
                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00894DAE
                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00894E1C
                                                            • Part of subcall function 00894EFF: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00894F17
                                                          • std::locale::_Setgloballocale.LIBCPMT ref: 00894DC9
                                                          • _Yarn.LIBCPMT ref: 00894DDF
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                          • String ID:
                                                          • API String ID: 1088826258-0
                                                          • Opcode ID: e4790443fad66c2320f153845e05e81dbd6652236b708af546583c2486761d63
                                                          • Instruction ID: cac95e789db2745e1dea36527d4e2006562dfc90e522fa1b6b0fd0830356f402
                                                          • Opcode Fuzzy Hash: e4790443fad66c2320f153845e05e81dbd6652236b708af546583c2486761d63
                                                          • Instruction Fuzzy Hash: EB019E35A041119BCF06BB68D8419BC77B1FF84310B184009F81297381DF346E02DB82
                                                          Function 0089B052 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0089B003,00000000,?,00917AC4,?,?,?,0089B1A6,00000004,InitializeCriticalSectionEx,008B4C70,InitializeCriticalSectionEx), ref: 0089B05F
                                                          • GetLastError.KERNEL32(?,0089B003,00000000,?,00917AC4,?,?,?,0089B1A6,00000004,InitializeCriticalSectionEx,008B4C70,InitializeCriticalSectionEx,00000000,?,0089AF5D), ref: 0089B069
                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0089B091
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad$ErrorLast
                                                          • String ID: api-ms-
                                                          • API String ID: 3177248105-2084034818
                                                          • Opcode ID: aa76a0fa3d9ea7d2da7139f6b4b63895de9c6ba562082f03acb9ed3304cacd80
                                                          • Instruction ID: c35ab61e621fdae2cdbf96ed20e71209cb5feb65b8c395c2007eb10ebb2b6538
                                                          • Opcode Fuzzy Hash: aa76a0fa3d9ea7d2da7139f6b4b63895de9c6ba562082f03acb9ed3304cacd80
                                                          • Instruction Fuzzy Hash: E7E01A70280704BBEF202B70FD0AB5A3F54FF00B50F184120F90DE81E1DBB1AA618684
                                                          Function 008A582E Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 008A5891
                                                            • Part of subcall function 008A98E5: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,008A89AA,?,00000000,-00000008), ref: 008A9991
                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 008A5AEC
                                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 008A5B34
                                                          • GetLastError.KERNEL32 ref: 008A5BD7
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                          • String ID:
                                                          • API String ID: 2112829910-0
                                                          • Opcode ID: a9380cd0714eee77b81a772c596b9af67346051bdb72e6314bdb6c3b4a64dc58
                                                          • Instruction ID: 1aea7ffab67da79dc14909bfa3f680c3996c23c2d27e2dcdd51f8a544b963e08
                                                          • Opcode Fuzzy Hash: a9380cd0714eee77b81a772c596b9af67346051bdb72e6314bdb6c3b4a64dc58
                                                          • Instruction Fuzzy Hash: 0FD17A75E046589FDF05CFA8D880AEDBBB5FF49314F28412AE816E7751D730A982CB60
                                                          Function 0089A021 Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: AdjustPointer
                                                          • String ID:
                                                          • API String ID: 1740715915-0
                                                          • Opcode ID: fccf46f1cbf281ef177a0def495e0d3339eb07f10efa9db7a18cfa457835e7b3
                                                          • Instruction ID: c22e3a22dcb082799c8e4e7d269b0d5a2d9bf3a1eebdc07de35eeb1f8f3349d2
                                                          • Opcode Fuzzy Hash: fccf46f1cbf281ef177a0def495e0d3339eb07f10efa9db7a18cfa457835e7b3
                                                          • Instruction Fuzzy Hash: 3351AC76604606EFEF2DAF18D841BBA77A4FF44714F184129E806D6291E732EC81DBD2
                                                          Function 008B0616 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteConso.KERNEL32(00000000,00000000,?,00000000,00000000,?,008AF049,00000000,00000001,00000000,?,?,008A5C2B,?,00000000,00000000), ref: 008B062D
                                                          • GetLastError.KERNEL32(?,008AF049,00000000,00000001,00000000,?,?,008A5C2B,?,00000000,00000000,?,?,?,008A61B2,00000000), ref: 008B0639
                                                            • Part of subcall function 008B05FF: CloseHandle.KERNEL32(FFFFFFFE,008B0649,?,008AF049,00000000,00000001,00000000,?,?,008A5C2B,?,00000000,00000000,?,?), ref: 008B060F
                                                          • ___initconout.LIBCMT ref: 008B0649
                                                            • Part of subcall function 008B05C1: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,008B05F0,008AF036,?,?,008A5C2B,?,00000000,00000000,?), ref: 008B05D4
                                                          • WriteConso.KERNEL32(00000000,00000000,?,00000000,?,008AF049,00000000,00000001,00000000,?,?,008A5C2B,?,00000000,00000000,?), ref: 008B065E
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ConsoWrite$CloseCreateErrorFileHandleLast___initconout
                                                          • String ID:
                                                          • API String ID: 1327366883-0
                                                          • Opcode ID: bee6cd67f762347386aad2b3b7e8440037f62007898461551722b3f29c3dd08d
                                                          • Instruction ID: 5c59124a75c367c095042f3e416f36dafb03f002eabc7baaaba3349aa9020ac9
                                                          • Opcode Fuzzy Hash: bee6cd67f762347386aad2b3b7e8440037f62007898461551722b3f29c3dd08d
                                                          • Instruction Fuzzy Hash: 80F0A236501119BFCF621F99EC049DA3F69FF59361B044610F91AE5630D6319920DF91
                                                          Function 008928E9 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 126COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: H_prolog3_catch_strlen
                                                          • String ID: input string:
                                                          • API String ID: 3133806014-2984214493
                                                          • Opcode ID: 931cf7e2dda9ea17ab06d5edb003224a83b4d99abbd21192cbe19cb027f24ee4
                                                          • Instruction ID: 538eacae3800ee881f84399b97503e54d9a0ed73fbaa31e92dc132e960638d0d
                                                          • Opcode Fuzzy Hash: 931cf7e2dda9ea17ab06d5edb003224a83b4d99abbd21192cbe19cb027f24ee4
                                                          • Instruction Fuzzy Hash: E0416131B54215AFDF20EBA8C8819ACBBF2FB49734F2C4255E525EB2E1C6315C41CB61
                                                          Function 00899D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00899D4F
                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00899E03
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritable___except_validate_context_record
                                                          • String ID: csm
                                                          • API String ID: 3480331319-1018135373
                                                          • Opcode ID: ad644b70d38d7e4341ff073a54f3b149706d7d827e461bc06602e240d1f453ec
                                                          • Instruction ID: 7a7c2dae0bc906b8edb63e4f0ccff9a2d582a2077df8dae1fb05022d1adf817b
                                                          • Opcode Fuzzy Hash: ad644b70d38d7e4341ff073a54f3b149706d7d827e461bc06602e240d1f453ec
                                                          • Instruction Fuzzy Hash: E941A434A002099FCF10EF6CC885A9EBBB5FF45324F188159E855DB392D771DA51CB92
                                                          Function 0089A61D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • EncodePointer.KERNEL32(00000000,?), ref: 0089A642
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: EncodePointer
                                                          • String ID: MOC$RCC
                                                          • API String ID: 2118026453-2084237596
                                                          • Opcode ID: 7879ba73e9e7b74d7c144f0966b62ac138372956dcb73ac51ce206277758b79b
                                                          • Instruction ID: 4c9efe8eb5c46ff677ed30b8b08fda30b464e8f981ea4fd023acca8f2fe6ae96
                                                          • Opcode Fuzzy Hash: 7879ba73e9e7b74d7c144f0966b62ac138372956dcb73ac51ce206277758b79b
                                                          • Instruction Fuzzy Hash: FC417931900209EFCF1AEF98CC82AEEBBB5FF48304F198159F905A7221D7359950DB92
                                                          Function 00891605 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0089160C
                                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00891644
                                                            • Part of subcall function 00894E9A: _Yarn.LIBCPMT ref: 00894EB9
                                                            • Part of subcall function 00894E9A: _Yarn.LIBCPMT ref: 00894EDD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1710591615.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                          • Associated: 00000001.00000002.1710574577.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710619606.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710640784.00000000008BE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000001.00000002.1710700670.0000000000919000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_890000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                          • String ID: bad locale name
                                                          • API String ID: 1908188788-1405518554
                                                          • Opcode ID: b6457eaf4c95e4eeab18cb6934c0c367de33c68d1ab36d6c0e374fe5654ac347
                                                          • Instruction ID: e34a262b6215720bcf4ae9071296a65318b893b3fe1119fd00654c26a23472ef
                                                          • Opcode Fuzzy Hash: b6457eaf4c95e4eeab18cb6934c0c367de33c68d1ab36d6c0e374fe5654ac347
                                                          • Instruction Fuzzy Hash: 7CF01D71505B909E87319FAA8481447FBE4FE283103948A2FE1DEC3A11D730A504CB6A

                                                          Execution Graph

                                                          Execution Coverage:1.5%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:29.6%
                                                          Total number of Nodes:81
                                                          Total number of Limit Nodes:16
                                                          execution_graph 21433 43d9c1 21434 43d9f7 21433->21434 21434->21434 21435 43da59 21434->21435 21437 4464f0 LdrInitializeThunk 21434->21437 21437->21434 21438 449cc0 21440 449cec 21438->21440 21439 449dfe 21441 449d4f 21440->21441 21444 4464f0 LdrInitializeThunk 21440->21444 21441->21439 21445 4464f0 LdrInitializeThunk 21441->21445 21444->21441 21445->21439 21446 446709 GetForegroundWindow 21450 449680 21446->21450 21448 446717 GetForegroundWindow 21449 44672e 21448->21449 21451 449690 21450->21451 21451->21448 21457 445c4a 21458 445ccb LoadLibraryExW 21457->21458 21460 445c96 21457->21460 21459 445ce6 21458->21459 21460->21458 21461 40d390 21462 40d399 21461->21462 21463 40d3a1 GetInputState 21462->21463 21464 40d57e ExitProcess 21462->21464 21465 40d3ae 21463->21465 21466 40d3b6 GetCurrentThreadId GetCurrentProcessId 21465->21466 21467 40d579 21465->21467 21469 40d3ed 21466->21469 21474 446020 FreeLibrary 21467->21474 21469->21467 21473 412670 CoInitialize 21469->21473 21474->21464 21475 412691 CoInitializeSecurity 21476 40f551 21477 40f629 21476->21477 21480 40ffe0 21477->21480 21479 40f666 21483 410070 21480->21483 21482 410095 21482->21479 21482->21482 21483->21482 21484 446040 21483->21484 21485 446060 21484->21485 21486 4460de 21484->21486 21487 4460d0 21484->21487 21488 4460f6 21484->21488 21489 446105 21484->21489 21485->21487 21485->21488 21485->21489 21491 4460b6 RtlReAllocateHeap 21485->21491 21490 443a20 RtlAllocateHeap 21486->21490 21494 443a20 21487->21494 21497 443aa0 21488->21497 21489->21483 21490->21488 21491->21487 21495 443a76 RtlAllocateHeap 21494->21495 21496 443a4b 21494->21496 21496->21495 21498 443b09 21497->21498 21500 443ab6 21497->21500 21498->21489 21499 443af6 RtlFreeHeap 21499->21498 21500->21499 21501 446816 21503 446867 21501->21503 21502 4469ae 21503->21502 21505 4464f0 LdrInitializeThunk 21503->21505 21505->21502 21506 4126b3 21507 4126bd 21506->21507 21508 412ad3 21507->21508 21509 412aed GetSystemDirectoryW 21507->21509 21510 412b17 21509->21510 21511 443aa0 RtlFreeHeap 21510->21511 21511->21508 21522 43fdbb 21523 440035 21522->21523 21524 440122 VariantClear 21522->21524 21525 43fef3 CoSetProxyBlanket 21522->21525 21526 440134 21522->21526 21527 43fe32 CoCreateInstance 21522->21527 21528 44017e SysFreeString 21522->21528 21529 44013f SysFreeString SysFreeString 21522->21529 21530 44007b VariantInit 21522->21530 21534 43fc32 21522->21534 21539 43ff15 21522->21539 21540 44015a 21522->21540 21523->21524 21523->21526 21523->21529 21523->21530 21531 4401d3 SysStringLen 21523->21531 21541 43f9fa 21523->21541 21524->21526 21525->21523 21525->21524 21525->21526 21525->21529 21525->21530 21525->21531 21525->21534 21525->21539 21525->21541 21526->21529 21527->21523 21527->21524 21527->21525 21527->21526 21527->21528 21527->21529 21527->21530 21527->21531 21527->21534 21527->21539 21527->21540 21527->21541 21528->21540 21533 4400cf 21530->21533 21531->21541 21532 43ff64 SysAllocString 21536 440014 SysAllocString 21532->21536 21537 43ffe6 21532->21537 21533->21524 21533->21531 21533->21541 21534->21522 21534->21523 21534->21524 21534->21525 21534->21526 21534->21527 21534->21528 21534->21529 21534->21530 21534->21531 21535 43fec4 SysAllocString 21534->21535 21534->21539 21534->21541 21535->21534 21536->21523 21537->21536 21538 4401a8 GetVolumeInformationW 21538->21524 21538->21528 21538->21531 21538->21540 21539->21532 21540->21528 21540->21538

                                                          Executed Functions

                                                          Function 0043FDBB Relevance: 33.7, APIs: 12, Strings: 7, Instructions: 425memorycomCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 43fdbb-43fdc3 1 43fde2-43fe01 0->1 2 43fde0 0->2 3 43fe20-43fe26 0->3 4 440041-440058 0->4 5 440122-440130 VariantClear 0->5 6 43fdca-43fdda 0->6 7 44018f-4401a3 call 448ed0 0->7 8 43fe0d 0->8 9 43fe53-43fe93 0->9 10 43fef3-43ff0e CoSetProxyBlanket 0->10 11 440134-44013b 0->11 12 43fe32-43fe4c CoCreateInstance 0->12 13 43fc32 0->13 14 43ff15-43ff36 0->14 15 44017e-44018b SysFreeString 0->15 16 44013f-44014e SysFreeString * 2 0->16 17 44007b-4400cd VariantInit 0->17 1->8 2->1 3->12 34 44005c-440074 4->34 5->11 6->2 31 4401a8-4401c4 GetVolumeInformationW 7->31 8->3 26 43fe95 9->26 27 43fec4-43fee3 SysAllocString 9->27 10->4 10->5 10->11 10->13 10->14 10->16 10->17 18 4401f0 10->18 19 4401f2-440204 10->19 20 4401d3-4401e5 SysStringLen 10->20 11->16 12->4 12->5 12->7 12->9 12->10 12->11 12->13 12->14 12->15 12->16 12->17 12->18 12->19 12->20 13->0 21 43ff64-43ffe4 SysAllocString 14->21 22 43ff38 14->22 15->7 24 4400f7-440105 17->24 25 4400cf 17->25 32 440206-44020a 19->32 33 440247 19->33 20->18 29 440014-440031 SysAllocString 21->29 30 43ffe6 21->30 28 43ff40-43ff62 call 443850 22->28 43 44010a-44011b 24->43 35 4400d0-4400f5 call 443900 25->35 36 43fea0-43fec2 call 443800 26->36 45 43fee7-43feec 27->45 28->21 48 440035-44003a 29->48 38 43fff0-440012 call 4438c0 30->38 31->5 31->15 31->20 39 440170-440174 31->39 40 44015a-440162 31->40 41 440220-440223 32->41 50 44024e 33->50 34->5 34->11 34->17 34->18 34->19 34->20 35->24 36->27 38->29 54 440178 39->54 40->39 49 440225-440241 41->49 41->50 43->5 43->18 43->19 43->20 45->4 45->5 45->10 45->11 45->13 45->14 45->15 45->16 45->17 45->18 45->19 45->20 48->4 48->5 48->11 48->16 48->17 48->18 48->19 48->20 56 440243-440245 49->56 57 44020c-44021a 49->57 54->15 56->57 57->41 58 43f9fa-43fa11 call 40cb00 57->58 61 43fa17-43fa1e 58->61 62 43faca-43fad2 58->62 61->62 63 43fa24-43fa30 61->63 64 43fa33-43fa3a 63->64 64->62 65 43fa40-43fa47 64->65 66 43fa52-43fa5f 65->66 67 43fa49-43fa50 65->67 69 43fa83-43fa8b 66->69 70 43fa61-43fa67 66->70 68 43fab4-43fab9 67->68 68->62 73 43fabb-43fac4 68->73 69->68 72 43fa8d-43faaf 69->72 70->69 71 43fa69-43fa81 70->71 71->68 72->68 73->62 73->64
                                                          APIs
                                                          • CoCreateInstance.OLE32(0044DCE0,00000000,00000001,0044DCD0,?), ref: 0043FE41
                                                          • SysAllocString.OLEAUT32(?), ref: 0043FEC5
                                                          • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0043FF03
                                                          • SysAllocString.OLEAUT32(?), ref: 0043FF65
                                                          • SysAllocString.OLEAUT32(?), ref: 00440015
                                                          • VariantInit.OLEAUT32(6D3F6B39), ref: 0044007E
                                                          • VariantClear.OLEAUT32(?), ref: 00440123
                                                          • SysFreeString.OLEAUT32(?), ref: 00440145
                                                          • SysFreeString.OLEAUT32(?), ref: 0044014E
                                                          • SysFreeString.OLEAUT32(?), ref: 00440181
                                                          • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 004401BB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: String$AllocFree$Variant$BlanketClearCreateInformationInitInstanceProxyVolume
                                                          • String ID: "_kQ$1[!]$9k?m$bS3U$hKpM$l3u5$q7bI
                                                          • API String ID: 2573436264-1023481837
                                                          • Opcode ID: 3b03e2147dce430a0f8925663908d52cba351bca58096ea1b67891df1644cd7a
                                                          • Instruction ID: abc33ae36a095545e2bb41dcd0e979c6fcd6de482cd85a6a90bd509a0ecf98e9
                                                          • Opcode Fuzzy Hash: 3b03e2147dce430a0f8925663908d52cba351bca58096ea1b67891df1644cd7a
                                                          • Instruction Fuzzy Hash: 1FE16974100B01EFE3208F15C985B16BBF1FF4AB02F148969E59A8BAA1C775F855CF98
                                                          Function 0040D390 Relevance: 6.2, APIs: 4, Instructions: 154threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 134 40d390-40d39b call 445660 137 40d3a1-40d3b0 GetInputState call 43d120 134->137 138 40d57e-40d580 ExitProcess 134->138 141 40d3b6-40d3eb GetCurrentThreadId GetCurrentProcessId 137->141 142 40d579 call 446020 137->142 143 40d416-40d43b 141->143 144 40d3ed-40d3ef 141->144 142->138 147 40d466-40d482 143->147 148 40d43d-40d43f 143->148 146 40d3f0-40d414 call 40d590 144->146 146->143 150 40d484 147->150 151 40d4b6-40d4b8 147->151 149 40d440-40d464 call 40d5e0 148->149 149->147 154 40d490-40d4b4 call 40d630 150->154 155 40d516-40d53a 151->155 156 40d4ba-40d4df 151->156 154->151 161 40d566-40d56d call 40ebe0 155->161 162 40d53c-40d53f 155->162 156->155 160 40d4e1 156->160 166 40d4f0-40d514 call 40d670 160->166 161->142 171 40d56f call 412670 161->171 163 40d540-40d564 call 40d6e0 162->163 163->161 166->155 174 40d574 call 410640 171->174 174->142
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: CurrentProcess$ExitInputStateThread
                                                          • String ID:
                                                          • API String ID: 1029096631-0
                                                          • Opcode ID: 91b0cbc643e4b4ebeb18023be9ae76da3501924d19314061550aa6d351ab72eb
                                                          • Instruction ID: 7fe0d86d4b211a0ed1928a564c0dc3b48ff1420feaec6627cd99d8fdc632b15c
                                                          • Opcode Fuzzy Hash: 91b0cbc643e4b4ebeb18023be9ae76da3501924d19314061550aa6d351ab72eb
                                                          • Instruction Fuzzy Hash: CE41277480C240ABD301BFA9D544A1EFBF5EF56708F148D2EE5C4A7392D23AD8148B6B
                                                          Function 004464F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 288 4464f0-446522 LdrInitializeThunk
                                                          APIs
                                                          • LdrInitializeThunk.NTDLL(00449A1D,005C003F,00000006,?,?,00000018,,?,?), ref: 0044651E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-3019521637
                                                          • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                          • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                          • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                          • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                          Function 004126B3 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 301COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 81 4126b3-4126f8 call 43f9e0 84 412740-4127b5 81->84 85 4126fa 81->85 87 4127f1-412802 84->87 88 4127b7 84->88 86 412700-41273e call 41bd40 85->86 86->84 89 412804-41280b 87->89 90 41281b-412823 87->90 92 4127c0-4127ef call 41bcd0 88->92 93 412810-412819 89->93 94 412825-412826 90->94 95 41283b-412848 90->95 92->87 93->90 93->93 98 412830-412839 94->98 99 41286b-412873 95->99 100 41284a-412851 95->100 98->95 98->98 103 412875-412876 99->103 104 41288b-4129d1 99->104 102 412860-412869 100->102 102->99 102->102 105 412880-412889 103->105 106 412a20-412a52 104->106 107 4129d3 104->107 105->104 105->105 108 412a91-412acc call 410650 106->108 109 412a54 106->109 110 4129e0-412a1e call 41be00 107->110 118 412ad3-412ae0 108->118 119 412ae7 108->119 120 412b66 108->120 121 412aed-412b15 GetSystemDirectoryW 108->121 111 412a60-412a8f call 41bd90 109->111 110->106 111->108 118->119 118->120 122 412b17-412b1a 121->122 123 412b1c 121->123 122->123 124 412b1d-412b25 122->124 123->124 125 412b27-412b2a 124->125 126 412b2c 124->126 125->126 127 412b2d-412b3a call 40cb00 call 4406c0 125->127 126->127 131 412b3f-412b5f call 443aa0 127->131 131->119 131->120
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: FDC4083636995F720D9873CDC0963854$GD$fch%$sergei-esenin.com$tBA$wCA
                                                          • API String ID: 0-1831508817
                                                          • Opcode ID: 18b95ce0547799c8335b9632188030b7790c54437027a763add69c76ec3f01d7
                                                          • Instruction ID: d035267a3a9853f3dfc0ceb4180196f553011948bb1c76c1f0fbabd1dc92564a
                                                          • Opcode Fuzzy Hash: 18b95ce0547799c8335b9632188030b7790c54437027a763add69c76ec3f01d7
                                                          • Instruction Fuzzy Hash: F6B158B04093C1CBE7318F149554BEFBBE0BB8A348F140A6EE4C99B242D7799545CB66
                                                          Function 00446040 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 176 446040-446054 177 446074-44608e 176->177 178 446066-44606d 176->178 179 446060 176->179 180 4460f0-4460f6 call 443a20 176->180 181 4460d0 176->181 182 4460d2 176->182 183 4460ff-446108 call 443aa0 176->183 184 4460d8-4460e1 call 443a20 176->184 185 44610a-44610f 176->185 187 4460b6-4460ca RtlReAllocateHeap 177->187 188 446090-4460b4 call 446490 177->188 178->177 178->181 178->183 178->185 179->178 180->183 181->182 182->184 183->185 184->180 187->181 188->187
                                                          APIs
                                                          • RtlReAllocateHeap.NTDLL(?,00000000), ref: 004460C4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID: aD$;:9
                                                          • API String ID: 1279760036-3784982549
                                                          • Opcode ID: b2b91b6383baed23bd5779aad5e8932164b52d5e1660306671fc792bfb274a1b
                                                          • Instruction ID: 81d8e38a202773684cb26477d2aab6f794b7f55265c2f37ac0847f9732ca8712
                                                          • Opcode Fuzzy Hash: b2b91b6383baed23bd5779aad5e8932164b52d5e1660306671fc792bfb274a1b
                                                          • Instruction Fuzzy Hash: 70119D75508200EBD301EF28E900A1ABBF5AF86B16F05483DE5C58B212E73AD854CB9B
                                                          Function 00446709 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetForegroundWindow.USER32 ref: 00446709
                                                          • GetForegroundWindow.USER32 ref: 00446720
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: ForegroundWindow
                                                          • String ID:
                                                          • API String ID: 2020703349-0
                                                          • Opcode ID: 61e954c21ccda2bc507880c9326b32b816de450e3ecc2bacd25776dc5b00f227
                                                          • Instruction ID: 906c729b96ff40db5e6bb0cb1f2bfce635365c04e2c32f2be8addff1d813b1a5
                                                          • Opcode Fuzzy Hash: 61e954c21ccda2bc507880c9326b32b816de450e3ecc2bacd25776dc5b00f227
                                                          • Instruction Fuzzy Hash: 4ED05EACA12240A7EA04FB37FC1E85B3615E79221E7464838E40686312D636E851C65B
                                                          Function 00445C4A Relevance: 1.6, APIs: 1, Instructions: 71libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 321 445c4a-445c94 322 445c96 321->322 323 445ccb-445ce0 LoadLibraryExW 321->323 324 445ca0-445cc9 call 446340 322->324 325 445ce6-445d0f 323->325 326 445fdb-44601a 323->326 324->323 325->326
                                                          APIs
                                                          • LoadLibraryExW.KERNEL32(33A03193,00000000,00000800), ref: 00445CD7
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID:
                                                          • API String ID: 1029625771-0
                                                          • Opcode ID: 72bf814f0518dc5835282787a3600c9ebb27de0fde571f4b41e5eadb2c516951
                                                          • Instruction ID: 1ed73a75136f75e105c7bb7e785e3dfd24c55cc57a7816ce4e470644bd5d90c0
                                                          • Opcode Fuzzy Hash: 72bf814f0518dc5835282787a3600c9ebb27de0fde571f4b41e5eadb2c516951
                                                          • Instruction Fuzzy Hash: 7A218C7520C380AFE745CF29E99061BBBE1ABC9205F58C82DF5C987352C238D905DB6A
                                                          Function 00443A20 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 329 443a20-443a49 330 443a76-443a8f RtlAllocateHeap 329->330 331 443a4b 329->331 332 443a50-443a74 call 446390 331->332 332->330
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 00443A83
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: bbe3c0725eeb12269a4fd9373789c992c7f1f0aafca5c16579677f982f5a7c14
                                                          • Instruction ID: 208812190be25b9880a5f29952ef9a922b1c788544e9e186d94aa430ee1b0748
                                                          • Opcode Fuzzy Hash: bbe3c0725eeb12269a4fd9373789c992c7f1f0aafca5c16579677f982f5a7c14
                                                          • Instruction Fuzzy Hash: 67F0373410C2409BE301EF19D954A0EBBF4EF9A701F14886CE4C89B2A2C335E814CBAB
                                                          Function 00443AA0 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 335 443aa0-443aaf 336 443ab6-443acb 335->336 337 443b09-443b0d 335->337 338 443af6-443b03 RtlFreeHeap 336->338 339 443acd-443acf 336->339 338->337 340 443ad0-443af4 call 446410 339->340 340->338
                                                          APIs
                                                          • RtlFreeHeap.NTDLL(?,00000000), ref: 00443B03
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID:
                                                          • API String ID: 3298025750-0
                                                          • Opcode ID: 5c61f5cf0f16499e49ba7738a8fe8bc67c56cab5a0bd252042df475734ab51e5
                                                          • Instruction ID: 302f255876a8acf85142c7b8a32416b12f9909014dbe577f3d47d642ddc48781
                                                          • Opcode Fuzzy Hash: 5c61f5cf0f16499e49ba7738a8fe8bc67c56cab5a0bd252042df475734ab51e5
                                                          • Instruction Fuzzy Hash: 84F04F3450C2509BD701AF18E945A1EFBF5EF56706F454C68F4C4AB261C339DD60CB9A
                                                          Function 00412691 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 343 412691-4126a9 CoInitializeSecurity
                                                          APIs
                                                          • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 004126A3
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: InitializeSecurity
                                                          • String ID:
                                                          • API String ID: 640775948-0
                                                          • Opcode ID: e9df4fc844a5e07cbbefe421b72ccffe98448086396df1b717bb8be3043df058
                                                          • Instruction ID: 4c0f3c5f42d7220d9aedfcf1f234b57b5b7164098ac87d9a597ab882ad0731d6
                                                          • Opcode Fuzzy Hash: e9df4fc844a5e07cbbefe421b72ccffe98448086396df1b717bb8be3043df058
                                                          • Instruction Fuzzy Hash: CAD092383C8300B6F6700B18AC07F443510A302F32F300360F3647C0E689E0B1018A1D
                                                          Function 00412670 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CoInitialize.OLE32(00000000), ref: 00412681
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: Initialize
                                                          • String ID:
                                                          • API String ID: 2538663250-0
                                                          • Opcode ID: c4feaf63b10f42a3045f7c724361a4ce193798e6ca91a7440d318b448d146723
                                                          • Instruction ID: 0784f48afee8c68dd4e30585e0345d15e948a6c307a9b784e72b9a1c24a16a3d
                                                          • Opcode Fuzzy Hash: c4feaf63b10f42a3045f7c724361a4ce193798e6ca91a7440d318b448d146723
                                                          • Instruction Fuzzy Hash: 66C08C60024208A7F310272EAC0AF42396CE343772F000334B9A0400E36E116414C5BA

                                                          Non-executed Functions

                                                          Function 0042D9A0 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 396COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 9u9s$Dtgr$RB$WJL{$sLlS$sB$US
                                                          • API String ID: 0-3351958040
                                                          • Opcode ID: 276c1ab203addd20c735120bb759d55bade8af3356c5969ab96734506833bd0c
                                                          • Instruction ID: cba3938b4c7428f4d552087925c859a69b1ab55a6ae02eac8884ff4f61b23fd4
                                                          • Opcode Fuzzy Hash: 276c1ab203addd20c735120bb759d55bade8af3356c5969ab96734506833bd0c
                                                          • Instruction Fuzzy Hash: B1F167B4508340DFD710AF66E89061BBBF0AF86345F54892EF5848B362D3B9C844CF9A
                                                          Function 004396A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99clipboardCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                          • String ID: =
                                                          • API String ID: 2832541153-2322244508
                                                          • Opcode ID: 78c8dc26131ed5dac9393a6ada90e30b4fdfd99cd617a6bba74dde0b2099fdf1
                                                          • Instruction ID: 322da3c77394848e095178107a49c73a551c132a77b07a9a0bf135f40f579efd
                                                          • Opcode Fuzzy Hash: 78c8dc26131ed5dac9393a6ada90e30b4fdfd99cd617a6bba74dde0b2099fdf1
                                                          • Instruction Fuzzy Hash: 4941537551C381CED311AF7C944831EBFE09B96224F044E6DF4E5862D1D3788945C797
                                                          Function 004365E8 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearInit
                                                          • String ID: O$Q$S$U$W$Y$[$]$_
                                                          • API String ID: 2610073882-3709029455
                                                          • Opcode ID: bf4df09837cc0999f8912889e458b68c9d6c2582af1171711b600cbe8bd283c9
                                                          • Instruction ID: 617472aee6f7647b6791f64ddb482ed0964e05965680e50c34387cf75e2fd40f
                                                          • Opcode Fuzzy Hash: bf4df09837cc0999f8912889e458b68c9d6c2582af1171711b600cbe8bd283c9
                                                          • Instruction Fuzzy Hash: 8041E970008B81CED721DF38C894756BFE0AB56314F08869DD8EA4F3D6C775A549CB66
                                                          Function 004360C9 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 73COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearInit
                                                          • String ID: O$Q$S$U$W$Y$[$]$_
                                                          • API String ID: 2610073882-3709029455
                                                          • Opcode ID: f7635afb3bd54eb494f8a0a77bb65c5c2b8a5d4eaa981fde32eb2f6ea89c106d
                                                          • Instruction ID: 3870ab933f990c28619918e5480d85312f3f30b48fe24ca90a854e860725b9d7
                                                          • Opcode Fuzzy Hash: f7635afb3bd54eb494f8a0a77bb65c5c2b8a5d4eaa981fde32eb2f6ea89c106d
                                                          • Instruction Fuzzy Hash: 9C41B474009BC1CEE725DF38C898B46BFA06B56314F088A9DD8E94F296C375A515CB62
                                                          Function 00438B2F Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: InitVariant
                                                          • String ID: d$i$p$t$|$}
                                                          • API String ID: 1927566239-2434808017
                                                          • Opcode ID: 554a65b0e6783a8a587c5d9d5a1a59090ef91d405a8573379fac870fe920457a
                                                          • Instruction ID: 0b84109ddb38ce271a869d6b766c0ab2b1e4120020a45687ac22dc4c2f8272eb
                                                          • Opcode Fuzzy Hash: 554a65b0e6783a8a587c5d9d5a1a59090ef91d405a8573379fac870fe920457a
                                                          • Instruction Fuzzy Hash: FE411870508781CED725CF28C494716BFE0AB66324F08869DD8EA4F397C775E515CBA2
                                                          Function 00438417 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                          Similarity
                                                          • API ID: InitVariant
                                                          • String ID: d$i$p$t$|$}
                                                          • API String ID: 1927566239-2434808017
                                                          • Opcode ID: 752ed3a4123867835ced7968c358781d81873fa4b79cdbc7d9d63c2e707b67c3
                                                          • Instruction ID: 90d411813917745457a09f1c6fb0e7b6a5668ded3b473b778bf00fa4b3dd6296
                                                          • Opcode Fuzzy Hash: 752ed3a4123867835ced7968c358781d81873fa4b79cdbc7d9d63c2e707b67c3
                                                          • Instruction Fuzzy Hash: 9541D760108781CED721DF2CC484716BFE06B66214F088A8DD8EA4F7D7C375D519CB62