Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
payment details.pdf.exe

Overview

General Information

Sample name:payment details.pdf.exe
Analysis ID:1467075
MD5:0f4b5fb26bf123aa8fd8e90add5770fc
SHA1:8c9b1825d6ae3a7a9e8dc0a8a1dada05b8124720
SHA256:c3a045823e045eb117eceefa8d34697c835fc969831e0f1d1401bea5edb8e596
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Double Extension File Execution
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Uses an obfuscated file name to hide its real file extension (double extension)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • payment details.pdf.exe (PID: 2848 cmdline: "C:\Users\user\Desktop\payment details.pdf.exe" MD5: 0F4B5FB26BF123AA8FD8E90ADD5770FC)
    • payment details.pdf.exe (PID: 4412 cmdline: "C:\Users\user\Desktop\payment details.pdf.exe" MD5: 0F4B5FB26BF123AA8FD8E90ADD5770FC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.1510297370.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.1510297370.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2dbd3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x17232:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000003.00000002.1510629541.0000000000BC0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.1510629541.0000000000BC0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2a910:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13f6f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      Process Memory Space: payment details.pdf.exe PID: 2848JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        3.2.payment details.pdf.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.payment details.pdf.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2cdd3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16432:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          3.2.payment details.pdf.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            3.2.payment details.pdf.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2dbd3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x17232:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Suspicious Double Extension File Execution
            Source: Process startedAuthor: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\Desktop\payment details.pdf.exe", CommandLine: "C:\Users\user\Desktop\payment details.pdf.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\payment details.pdf.exe, NewProcessName: C:\Users\user\Desktop\payment details.pdf.exe, OriginalFileName: C:\Users\user\Desktop\payment details.pdf.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: "C:\Users\user\Desktop\payment details.pdf.exe", ProcessId: 2848, ProcessName: payment details.pdf.exe

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: payment details.pdf.exeReversingLabs: Detection: 31%
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.payment details.pdf.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.payment details.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.1510297370.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1510629541.0000000000BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: payment details.pdf.exeJoe Sandbox ML: detected
            Source: payment details.pdf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: payment details.pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: fuHy.pdbSHA256 source: payment details.pdf.exe
            Source: Binary string: fuHy.pdb source: payment details.pdf.exe
            Source: Binary string: wntdll.pdbUGP source: payment details.pdf.exe, 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: payment details.pdf.exe, payment details.pdf.exe, 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.payment details.pdf.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.payment details.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.1510297370.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1510629541.0000000000BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 3.2.payment details.pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 3.2.payment details.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.1510297370.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.1510629541.0000000000BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            .NET source code contains very large array initializations
            Source: 0.2.payment details.pdf.exe.2db8818.1.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
            Source: 0.2.payment details.pdf.exe.5410000.5.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: payment details.pdf.exe
            Source: initial sampleStatic PE information: Filename: payment details.pdf.exe
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0042B0D3 NtClose,3_2_0042B0D3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01182DF0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01182C70
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011835C0 NtCreateMutant,LdrInitializeThunk,3_2_011835C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01184340 NtSetContextThread,3_2_01184340
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01184650 NtSuspendThread,3_2_01184650
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182B60 NtClose,3_2_01182B60
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182B80 NtQueryInformationFile,3_2_01182B80
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182BA0 NtEnumerateValueKey,3_2_01182BA0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182BF0 NtAllocateVirtualMemory,3_2_01182BF0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182BE0 NtQueryValueKey,3_2_01182BE0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182AB0 NtWaitForSingleObject,3_2_01182AB0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182AD0 NtReadFile,3_2_01182AD0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182AF0 NtWriteFile,3_2_01182AF0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182D10 NtMapViewOfSection,3_2_01182D10
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182D00 NtSetInformationFile,3_2_01182D00
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182D30 NtUnmapViewOfSection,3_2_01182D30
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182DB0 NtEnumerateKey,3_2_01182DB0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182DD0 NtDelayExecution,3_2_01182DD0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182C00 NtQueryInformationProcess,3_2_01182C00
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182C60 NtCreateKey,3_2_01182C60
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182CA0 NtQueryInformationToken,3_2_01182CA0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182CC0 NtQueryVirtualMemory,3_2_01182CC0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182CF0 NtOpenProcess,3_2_01182CF0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182F30 NtCreateSection,3_2_01182F30
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182F60 NtCreateProcessEx,3_2_01182F60
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182F90 NtProtectVirtualMemory,3_2_01182F90
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182FB0 NtResumeThread,3_2_01182FB0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182FA0 NtQuerySection,3_2_01182FA0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182FE0 NtCreateFile,3_2_01182FE0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182E30 NtWriteVirtualMemory,3_2_01182E30
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182E80 NtReadVirtualMemory,3_2_01182E80
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182EA0 NtAdjustPrivilegesToken,3_2_01182EA0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182EE0 NtQueueApcThread,3_2_01182EE0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01183010 NtOpenDirectoryObject,3_2_01183010
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01183090 NtSetValueKey,3_2_01183090
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011839B0 NtGetContextThread,3_2_011839B0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01183D10 NtOpenProcessToken,3_2_01183D10
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01183D70 NtOpenThread,3_2_01183D70
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_0108D3640_2_0108D364
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02C65AD00_2_02C65AD0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02C60AE00_2_02C60AE0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02C618C80_2_02C618C8
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02C618B70_2_02C618B7
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02C669F80_2_02C669F8
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02C60F180_2_02C60F18
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D37D580_2_02D37D58
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D300400_2_02D30040
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D3003F0_2_02D3003F
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D3AEB00_2_02D3AEB0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7F7180_2_02D7F718
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7BB700_2_02D7BB70
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7F2C20_2_02D7F2C2
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7F2FB0_2_02D7F2FB
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7F28B0_2_02D7F28B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7F2540_2_02D7F254
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7F21D0_2_02D7F21D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7F3C00_2_02D7F3C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7F0750_2_02D7F075
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7F1E60_2_02D7F1E6
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7F11E0_2_02D7F11E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7F6180_2_02D7F618
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7F4DD0_2_02D7F4DD
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7F4840_2_02D7F484
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7F5E30_2_02D7F5E3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7F5B90_2_02D7F5B9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7F5780_2_02D7F578
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7F5140_2_02D7F514
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7FBC80_2_02D7FBC8
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7BB600_2_02D7BB60
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7EFE50_2_02D7EFE5
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_02D7EFAC0_2_02D7EFAC
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_004030463_2_00403046
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_004030503_2_00403050
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0040E0973_2_0040E097
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_004023623_2_00402362
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_004023703_2_00402370
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_00402B103_2_00402B10
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0042D4C33_2_0042D4C3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0040FCAA3_2_0040FCAA
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0040FCB33_2_0040FCB3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_004165A03_2_004165A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_004165A33_2_004165A3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0040FED33_2_0040FED3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0040DF533_2_0040DF53
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EA1183_2_011EA118
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011401003_2_01140100
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D81583_2_011D8158
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_012041A23_2_012041A2
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_012101AA3_2_012101AA
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_012081CC3_2_012081CC
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E20003_2_011E2000
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120A3523_2_0120A352
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_012103E63_2_012103E6
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115E3F03_2_0115E3F0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F02743_2_011F0274
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D02C03_2_011D02C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011505353_2_01150535
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_012105913_2_01210591
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F44203_2_011F4420
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_012024463_2_01202446
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011FE4F63_2_011FE4F6
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011747503_2_01174750
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011507703_2_01150770
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114C7C03_2_0114C7C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116C6E03_2_0116C6E0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011669623_2_01166962
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0121A9A63_2_0121A9A6
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011529A03_2_011529A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011528403_2_01152840
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115A8403_2_0115A840
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011368B83_2_011368B8
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117E8F03_2_0117E8F0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120AB403_2_0120AB40
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01206BD73_2_01206BD7
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114EA803_2_0114EA80
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011ECD1F3_2_011ECD1F
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115AD003_2_0115AD00
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01168DBF3_2_01168DBF
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114ADE03_2_0114ADE0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150C003_2_01150C00
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F0CB53_2_011F0CB5
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01140CF23_2_01140CF2
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01170F303_2_01170F30
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F2F303_2_011F2F30
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01192F283_2_01192F28
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C4F403_2_011C4F40
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011CEFA03_2_011CEFA0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01142FC83_2_01142FC8
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115CFE03_2_0115CFE0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120EE263_2_0120EE26
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150E593_2_01150E59
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01162E903_2_01162E90
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120CE933_2_0120CE93
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120EEDB3_2_0120EEDB
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0121B16B3_2_0121B16B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113F1723_2_0113F172
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0118516C3_2_0118516C
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115B1B03_2_0115B1B0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120F0E03_2_0120F0E0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_012070E93_2_012070E9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011FF0CC3_2_011FF0CC
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011570C03_2_011570C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120132D3_2_0120132D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113D34C3_2_0113D34C
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0119739A3_2_0119739A
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011552A03_2_011552A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116B2C03_2_0116B2C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F12ED3_2_011F12ED
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_012075713_2_01207571
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011ED5B03_2_011ED5B0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_012195C33_2_012195C3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120F43F3_2_0120F43F
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011414603_2_01141460
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120F7B03_2_0120F7B0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011956303_2_01195630
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_012016CC3_2_012016CC
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E59103_2_011E5910
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011599503_2_01159950
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116B9503_2_0116B950
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BD8003_2_011BD800
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011538E03_2_011538E0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120FB763_2_0120FB76
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116FB803_2_0116FB80
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0118DBF93_2_0118DBF9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C5BF03_2_011C5BF0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01207A463_2_01207A46
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120FA493_2_0120FA49
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C3A6C3_2_011C3A6C
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EDAAC3_2_011EDAAC
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01195AA03_2_01195AA0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F1AA33_2_011F1AA3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011FDAC63_2_011FDAC6
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01207D733_2_01207D73
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01153D403_2_01153D40
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01201D5A3_2_01201D5A
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116FDC03_2_0116FDC0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C9C323_2_011C9C32
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120FCF23_2_0120FCF2
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120FF093_2_0120FF09
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01151F923_2_01151F92
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120FFB13_2_0120FFB1
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01159EB03_2_01159EB0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: String function: 011BEA12 appears 86 times
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: String function: 01197E54 appears 111 times
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: String function: 0113B970 appears 280 times
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: String function: 011CF290 appears 105 times
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: String function: 01185130 appears 58 times
            Source: payment details.pdf.exe, 00000000.00000002.1451521100.0000000000DBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs payment details.pdf.exe
            Source: payment details.pdf.exe, 00000000.00000002.1463252421.0000000005410000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs payment details.pdf.exe
            Source: payment details.pdf.exe, 00000000.00000002.1463952574.0000000007640000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs payment details.pdf.exe
            Source: payment details.pdf.exe, 00000000.00000002.1452738970.0000000002D91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs payment details.pdf.exe
            Source: payment details.pdf.exe, 00000000.00000002.1460658750.0000000003FF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs payment details.pdf.exe
            Source: payment details.pdf.exe, 00000000.00000002.1460658750.000000000476E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs payment details.pdf.exe
            Source: payment details.pdf.exe, 00000003.00000002.1510996715.000000000123D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs payment details.pdf.exe
            Source: payment details.pdf.exeBinary or memory string: OriginalFilenamefuHy.exe> vs payment details.pdf.exe
            Source: payment details.pdf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 3.2.payment details.pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 3.2.payment details.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.1510297370.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.1510629541.0000000000BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: payment details.pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, oP78EGAi8uIN375LbS.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, oP78EGAi8uIN375LbS.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, oP78EGAi8uIN375LbS.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, K0CL2VX2vi7YZH0Wye.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, oP78EGAi8uIN375LbS.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, oP78EGAi8uIN375LbS.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, oP78EGAi8uIN375LbS.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, K0CL2VX2vi7YZH0Wye.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, K0CL2VX2vi7YZH0Wye.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, oP78EGAi8uIN375LbS.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, oP78EGAi8uIN375LbS.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, oP78EGAi8uIN375LbS.csSecurity API names: _0020.AddAccessRule
            Source: classification engineClassification label: mal100.troj.evad.winEXE@3/1@0/0
            Source: C:\Users\user\Desktop\payment details.pdf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\payment details.pdf.exe.logJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeMutant created: NULL
            Source: payment details.pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: payment details.pdf.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\payment details.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: payment details.pdf.exeReversingLabs: Detection: 31%
            Source: unknownProcess created: C:\Users\user\Desktop\payment details.pdf.exe "C:\Users\user\Desktop\payment details.pdf.exe"
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess created: C:\Users\user\Desktop\payment details.pdf.exe "C:\Users\user\Desktop\payment details.pdf.exe"
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess created: C:\Users\user\Desktop\payment details.pdf.exe "C:\Users\user\Desktop\payment details.pdf.exe"Jump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: payment details.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: payment details.pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: payment details.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: fuHy.pdbSHA256 source: payment details.pdf.exe
            Source: Binary string: fuHy.pdb source: payment details.pdf.exe
            Source: Binary string: wntdll.pdbUGP source: payment details.pdf.exe, 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: payment details.pdf.exe, payment details.pdf.exe, 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: payment details.pdf.exe, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 0.2.payment details.pdf.exe.2db8818.1.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.payment details.pdf.exe.2db8818.1.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, oP78EGAi8uIN375LbS.cs.Net Code: GcnEOB6m1p System.Reflection.Assembly.Load(byte[])
            Source: 0.2.payment details.pdf.exe.5410000.5.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.payment details.pdf.exe.5410000.5.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, oP78EGAi8uIN375LbS.cs.Net Code: GcnEOB6m1p System.Reflection.Assembly.Load(byte[])
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, oP78EGAi8uIN375LbS.cs.Net Code: GcnEOB6m1p System.Reflection.Assembly.Load(byte[])
            Source: payment details.pdf.exeStatic PE information: 0xBBC0BB9E [Fri Oct 25 23:45:34 2069 UTC]
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_0108C511 push cs; retf 0_2_0108C516
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_0108C563 push cs; retf 0_2_0108C56E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_0108C428 push cs; retf 0_2_0108C42E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_01084779 push esi; retf 0002h0_2_0108477A
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_010847AF push esi; retf 0002h0_2_010847B2
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_01084659 push edx; retf 0002h0_2_0108465A
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 0_2_0108AC79 pushfd ; retf 0002h0_2_0108AC7A
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_004158A3 pushfd ; ret 3_2_004159BF
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0040E12D push ebp; retf 3_2_0040E132
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0040D21D push ebp; iretd 3_2_0040D220
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_004032C0 push eax; ret 3_2_004032C2
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0041A383 push esi; ret 3_2_0041A46B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0041CBBC pushad ; ret 3_2_0041CBBD
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0041A416 push esi; ret 3_2_0041A46B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_00418553 push esp; retf 3_2_0041858E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_00418553 pushad ; ret 3_2_00418677
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_004075C5 push edi; iretd 3_2_00407615
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_00404DD5 push dword ptr [ebp+3Bh]; ret 3_2_00404DEB
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_00418643 pushad ; ret 3_2_00418677
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_00417E69 push ss; ret 3_2_00417E6C
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_00407600 push edi; iretd 3_2_00407615
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_004076A2 pushfd ; retf 3_2_004076A3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_00411FA3 push cs; iretd 3_2_00411FA5
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0111225F pushad ; ret 3_2_011127F9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011127FA pushad ; ret 3_2_011127F9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011409AD push ecx; mov dword ptr [esp], ecx3_2_011409B6
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0111283D push eax; iretd 3_2_01112858
            Source: payment details.pdf.exeStatic PE information: section name: .text entropy: 7.977882662043647
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, Ubd5ifhlCCckMpONLJ.csHigh entropy of concatenated method names: 'iiLojgBDN7', 'R6VoIWMCCe', 'tdir9mP51h', 'TxcrLBnt2L', 'k4ArGDcmuU', 'MJoreGPgv6', 'qKJr5pkPkL', 'DPerl4bAcn', 'oxkrQoAfkX', 'ik9rklYmb6'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, hb2oKVmDhDZNrVhSTD.csHigh entropy of concatenated method names: 's1Z4THrxim', 'GDE4ubuoVT', 'NnI4of1n9O', 'WBe4DZt8BL', 'qCw4AqSy3W', 'B9Co7xXd8I', 'PdeosHtygm', 'vv8oPmkPwG', 'IBZoWWkVtT', 'D0roVyUwRE'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, YG4v9qsvb7lFSxwxkI.csHigh entropy of concatenated method names: 'oJQpWuAtGU', 'AFvpHeWQED', 'CWuRtUjts4', 'CEnRwLfgNj', 'avSpUKlhqY', 'isnpb1Z0rp', 'Eygp0XoSxC', 'Jdhp1CuHfS', 'R12pBIcf03', 'lQypfQPh4Q'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, Fdiw6oVk4rn7g4DYGU.csHigh entropy of concatenated method names: 'jKjRmhLpbI', 'nubR2qZvSF', 'AY6R9s4l2g', 'rxZRLExJRJ', 'i15R14uRXx', 'RqbRGRAjvd', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, zTFaygwtEoTeQwwsDfw.csHigh entropy of concatenated method names: 'BksSY0OrLb', 'y00SFJinST', 'kBfSOOcqZE', 'DH1S3VIY8Y', 'g0WSj5fCZm', 'SkrSvkwC9L', 'BIBSIobhaL', 'H2nSXvrJ1o', 'HnpSxKGM5g', 'xkJShSrqwA'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, SFCH2cxkswrXkkjswb.csHigh entropy of concatenated method names: 'uJxr3G6Pfj', 'gjcrvfjuDD', 'Ih8rXS55jq', 'yQ9rxsEfQT', 'jFnr83byWB', 'R6krZIXHqy', 'RXNrp36nH3', 'O7UrRWfhi7', 'xOhrSGCdpq', 'gKhriWTxH2'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, w5M2Sw1pFf23YDVxVt.csHigh entropy of concatenated method names: 'Nck8kccIYY', 'k0f8bt0vDA', 'xh5818hkUJ', 'TAP8ByC1Fj', 'Aa482q68LW', 'EFs89Iac0P', 'AVQ8LJZdJa', 'HOF8GGJt5y', 'Bmy8eZbOFw', 'GKG85haZre'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, MGfdY6HUc3ao6ix1lx.csHigh entropy of concatenated method names: 'XJSSw4ZLtj', 'kgWSKISxct', 'QYuSEaVRW3', 'CrKSa0R69U', 'TAqSuccCI0', 'o0pSodU3fH', 'vD8S4IAQsS', 'LCARPvLYwg', 't57RW5ZgRg', 'GZpRVT2Rv4'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, qJ7IipcN8mLRAKZlpZ.csHigh entropy of concatenated method names: 'lmSORBK9i', 'gon3erZFu', 'vCJvX6YnN', 'kjoIJUnep', 'Bq1xd73xN', 'LFwhy6Cds', 'KsN7MhLXyyaE7vduVV', 'lNZFXygQ2Bx7lryRB9', 'vLeRBdwx5', 'HeOiqUmA5'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, vkRSWB0twD3opp7gmy.csHigh entropy of concatenated method names: 'Huh6X1YRs5', 'x7s6xLgoL5', 'dnP6mvqmBr', 'wKc62rqb7u', 'axi6Ls48q4', 'GmE6GCTGxP', 'zSX65tciOs', 'pO46lmpgLl', 'kSK6keRbmc', 'BXb6U5rhBc'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, VOUoZNEqCRcJP5f4pp.csHigh entropy of concatenated method names: 'nSewD0CL2V', 'HviwA7YZH0', 'bkswJwrXkk', 'Bswwdb7bd5', 'qONw8LJob2', 'iKVwZDhDZN', 'AwEBCl2LEbJOFdV6Y3', 'BXgELtiYaq5nE137aH', 'xqLqj34VoSdjWbu5rU', 'lEUwwr7Zid'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, kVXDd1ul49CeEdVFyH.csHigh entropy of concatenated method names: 'Dispose', 'LChwVYAWZS', 'Jt9c2gN4do', 'kYDBBjkdH7', 'seAwHqX0sV', 'DXuwzR5o2p', 'ProcessDialogKey', 'cUhctdiw6o', 'O4rcwn7g4D', 'xGUcclGfdY'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, vBPOQqQqUwaHF6eC4a.csHigh entropy of concatenated method names: 'I5bDYx5IVU', 'hafDFC5r99', 'wpODOoZa3e', 'SVPD3AMvTV', 'PGLDjcVpKY', 'zDMDv3jpHY', 'nVhDIuxbLQ', 'cyVDXRSGrf', 'TZNDxGJvMh', 'mKjDh7OYSE'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, eyNTGUfl7yWmIDHE4F.csHigh entropy of concatenated method names: 'ToString', 'm02ZUi2Wb5', 'rL6Z2BLG2d', 'vxeZ9Y4t3l', 'Hf4ZLvcEqP', 'PLAZG8TAsq', 'TJpZeybtSf', 'Q4rZ5AKEPj', 'GIJZlYYamf', 'vN2ZQCehvN'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, KAqX0sWVXXuR5o2pKU.csHigh entropy of concatenated method names: 'V4xRa2kG98', 'XZERu1p7rl', 'oxbRr1Y4Eh', 'tR7RowiqgZ', 'z3ER4uTB0Z', 'v6NRD0lMyo', 'C8hRAZtT2Y', 'dKiRy3dVlI', 'OccRJC28XH', 'O5xRdEeYKs'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, w5R6lrNuU3btjJjBng.csHigh entropy of concatenated method names: 'FrUpJQQbpg', 'uvbpdpwc6S', 'ToString', 'l2WpaPTlDC', 'R5Dpuc23KO', 'gZxprGjwBt', 'gEfpo5vRIK', 'Xe4p4wrwbY', 'RTNpDMquID', 'F7UpABVhcy'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, uxKyI6wKWspjdZ13DCj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'w7Li1aa1fA', 'N4eiB8USd1', 'wnfifV1aLV', 'tY3iNxUsAm', 'z1Ei7uC3OR', 'd71isARsvp', 'f9liPIskto'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, K0CL2VX2vi7YZH0Wye.csHigh entropy of concatenated method names: 'K2xu1ynmQn', 'SCCuBNPgKu', 'R7EufiZ5Jw', 'BWcuNacIWs', 'sItu7HA7MC', 'f2eusBYbCm', 'beAuPAn7h6', 'YbFuWsNMwF', 'DZXuVpBqUo', 'uxJuHxHIhC'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, WZ4cjv5k1LityMyCyX.csHigh entropy of concatenated method names: 'qI6DabdNLa', 'ukNDrY6NvA', 'gIOD4WrTVc', 'Hqm4HRQMDL', 'oPI4zykeh1', 'HdLDtHxxw8', 'WYwDwX0fJl', 'j79Dc57bMA', 'L9PDKlODir', 'Nl5DEEvThU'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, OBHZCjzXs1LR1lEOu1.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'L3mS68crjB', 'wsjS86fhsI', 'z4ZSZx0TQI', 'MT2Spl3UNX', 'ydgSRFeXO2', 'r1ISSXtMoI', 'CD5SiZHlGX'
            Source: 0.2.payment details.pdf.exe.476e600.3.raw.unpack, oP78EGAi8uIN375LbS.csHigh entropy of concatenated method names: 'sGFKTTS50v', 'TikKaVuvqb', 'mBKKub6HlC', 'qDBKrImV5S', 'FftKo9cjOV', 'Rt0K4kBaC2', 'pmmKD3D2da', 'ettKAm0UUS', 'sS9KyrZUqf', 'FgYKJpHJN5'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, Ubd5ifhlCCckMpONLJ.csHigh entropy of concatenated method names: 'iiLojgBDN7', 'R6VoIWMCCe', 'tdir9mP51h', 'TxcrLBnt2L', 'k4ArGDcmuU', 'MJoreGPgv6', 'qKJr5pkPkL', 'DPerl4bAcn', 'oxkrQoAfkX', 'ik9rklYmb6'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, hb2oKVmDhDZNrVhSTD.csHigh entropy of concatenated method names: 's1Z4THrxim', 'GDE4ubuoVT', 'NnI4of1n9O', 'WBe4DZt8BL', 'qCw4AqSy3W', 'B9Co7xXd8I', 'PdeosHtygm', 'vv8oPmkPwG', 'IBZoWWkVtT', 'D0roVyUwRE'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, YG4v9qsvb7lFSxwxkI.csHigh entropy of concatenated method names: 'oJQpWuAtGU', 'AFvpHeWQED', 'CWuRtUjts4', 'CEnRwLfgNj', 'avSpUKlhqY', 'isnpb1Z0rp', 'Eygp0XoSxC', 'Jdhp1CuHfS', 'R12pBIcf03', 'lQypfQPh4Q'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, Fdiw6oVk4rn7g4DYGU.csHigh entropy of concatenated method names: 'jKjRmhLpbI', 'nubR2qZvSF', 'AY6R9s4l2g', 'rxZRLExJRJ', 'i15R14uRXx', 'RqbRGRAjvd', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, zTFaygwtEoTeQwwsDfw.csHigh entropy of concatenated method names: 'BksSY0OrLb', 'y00SFJinST', 'kBfSOOcqZE', 'DH1S3VIY8Y', 'g0WSj5fCZm', 'SkrSvkwC9L', 'BIBSIobhaL', 'H2nSXvrJ1o', 'HnpSxKGM5g', 'xkJShSrqwA'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, SFCH2cxkswrXkkjswb.csHigh entropy of concatenated method names: 'uJxr3G6Pfj', 'gjcrvfjuDD', 'Ih8rXS55jq', 'yQ9rxsEfQT', 'jFnr83byWB', 'R6krZIXHqy', 'RXNrp36nH3', 'O7UrRWfhi7', 'xOhrSGCdpq', 'gKhriWTxH2'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, w5M2Sw1pFf23YDVxVt.csHigh entropy of concatenated method names: 'Nck8kccIYY', 'k0f8bt0vDA', 'xh5818hkUJ', 'TAP8ByC1Fj', 'Aa482q68LW', 'EFs89Iac0P', 'AVQ8LJZdJa', 'HOF8GGJt5y', 'Bmy8eZbOFw', 'GKG85haZre'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, MGfdY6HUc3ao6ix1lx.csHigh entropy of concatenated method names: 'XJSSw4ZLtj', 'kgWSKISxct', 'QYuSEaVRW3', 'CrKSa0R69U', 'TAqSuccCI0', 'o0pSodU3fH', 'vD8S4IAQsS', 'LCARPvLYwg', 't57RW5ZgRg', 'GZpRVT2Rv4'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, qJ7IipcN8mLRAKZlpZ.csHigh entropy of concatenated method names: 'lmSORBK9i', 'gon3erZFu', 'vCJvX6YnN', 'kjoIJUnep', 'Bq1xd73xN', 'LFwhy6Cds', 'KsN7MhLXyyaE7vduVV', 'lNZFXygQ2Bx7lryRB9', 'vLeRBdwx5', 'HeOiqUmA5'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, vkRSWB0twD3opp7gmy.csHigh entropy of concatenated method names: 'Huh6X1YRs5', 'x7s6xLgoL5', 'dnP6mvqmBr', 'wKc62rqb7u', 'axi6Ls48q4', 'GmE6GCTGxP', 'zSX65tciOs', 'pO46lmpgLl', 'kSK6keRbmc', 'BXb6U5rhBc'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, VOUoZNEqCRcJP5f4pp.csHigh entropy of concatenated method names: 'nSewD0CL2V', 'HviwA7YZH0', 'bkswJwrXkk', 'Bswwdb7bd5', 'qONw8LJob2', 'iKVwZDhDZN', 'AwEBCl2LEbJOFdV6Y3', 'BXgELtiYaq5nE137aH', 'xqLqj34VoSdjWbu5rU', 'lEUwwr7Zid'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, kVXDd1ul49CeEdVFyH.csHigh entropy of concatenated method names: 'Dispose', 'LChwVYAWZS', 'Jt9c2gN4do', 'kYDBBjkdH7', 'seAwHqX0sV', 'DXuwzR5o2p', 'ProcessDialogKey', 'cUhctdiw6o', 'O4rcwn7g4D', 'xGUcclGfdY'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, vBPOQqQqUwaHF6eC4a.csHigh entropy of concatenated method names: 'I5bDYx5IVU', 'hafDFC5r99', 'wpODOoZa3e', 'SVPD3AMvTV', 'PGLDjcVpKY', 'zDMDv3jpHY', 'nVhDIuxbLQ', 'cyVDXRSGrf', 'TZNDxGJvMh', 'mKjDh7OYSE'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, eyNTGUfl7yWmIDHE4F.csHigh entropy of concatenated method names: 'ToString', 'm02ZUi2Wb5', 'rL6Z2BLG2d', 'vxeZ9Y4t3l', 'Hf4ZLvcEqP', 'PLAZG8TAsq', 'TJpZeybtSf', 'Q4rZ5AKEPj', 'GIJZlYYamf', 'vN2ZQCehvN'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, KAqX0sWVXXuR5o2pKU.csHigh entropy of concatenated method names: 'V4xRa2kG98', 'XZERu1p7rl', 'oxbRr1Y4Eh', 'tR7RowiqgZ', 'z3ER4uTB0Z', 'v6NRD0lMyo', 'C8hRAZtT2Y', 'dKiRy3dVlI', 'OccRJC28XH', 'O5xRdEeYKs'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, w5R6lrNuU3btjJjBng.csHigh entropy of concatenated method names: 'FrUpJQQbpg', 'uvbpdpwc6S', 'ToString', 'l2WpaPTlDC', 'R5Dpuc23KO', 'gZxprGjwBt', 'gEfpo5vRIK', 'Xe4p4wrwbY', 'RTNpDMquID', 'F7UpABVhcy'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, uxKyI6wKWspjdZ13DCj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'w7Li1aa1fA', 'N4eiB8USd1', 'wnfifV1aLV', 'tY3iNxUsAm', 'z1Ei7uC3OR', 'd71isARsvp', 'f9liPIskto'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, K0CL2VX2vi7YZH0Wye.csHigh entropy of concatenated method names: 'K2xu1ynmQn', 'SCCuBNPgKu', 'R7EufiZ5Jw', 'BWcuNacIWs', 'sItu7HA7MC', 'f2eusBYbCm', 'beAuPAn7h6', 'YbFuWsNMwF', 'DZXuVpBqUo', 'uxJuHxHIhC'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, WZ4cjv5k1LityMyCyX.csHigh entropy of concatenated method names: 'qI6DabdNLa', 'ukNDrY6NvA', 'gIOD4WrTVc', 'Hqm4HRQMDL', 'oPI4zykeh1', 'HdLDtHxxw8', 'WYwDwX0fJl', 'j79Dc57bMA', 'L9PDKlODir', 'Nl5DEEvThU'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, OBHZCjzXs1LR1lEOu1.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'L3mS68crjB', 'wsjS86fhsI', 'z4ZSZx0TQI', 'MT2Spl3UNX', 'ydgSRFeXO2', 'r1ISSXtMoI', 'CD5SiZHlGX'
            Source: 0.2.payment details.pdf.exe.40b1870.4.raw.unpack, oP78EGAi8uIN375LbS.csHigh entropy of concatenated method names: 'sGFKTTS50v', 'TikKaVuvqb', 'mBKKub6HlC', 'qDBKrImV5S', 'FftKo9cjOV', 'Rt0K4kBaC2', 'pmmKD3D2da', 'ettKAm0UUS', 'sS9KyrZUqf', 'FgYKJpHJN5'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, Ubd5ifhlCCckMpONLJ.csHigh entropy of concatenated method names: 'iiLojgBDN7', 'R6VoIWMCCe', 'tdir9mP51h', 'TxcrLBnt2L', 'k4ArGDcmuU', 'MJoreGPgv6', 'qKJr5pkPkL', 'DPerl4bAcn', 'oxkrQoAfkX', 'ik9rklYmb6'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, hb2oKVmDhDZNrVhSTD.csHigh entropy of concatenated method names: 's1Z4THrxim', 'GDE4ubuoVT', 'NnI4of1n9O', 'WBe4DZt8BL', 'qCw4AqSy3W', 'B9Co7xXd8I', 'PdeosHtygm', 'vv8oPmkPwG', 'IBZoWWkVtT', 'D0roVyUwRE'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, YG4v9qsvb7lFSxwxkI.csHigh entropy of concatenated method names: 'oJQpWuAtGU', 'AFvpHeWQED', 'CWuRtUjts4', 'CEnRwLfgNj', 'avSpUKlhqY', 'isnpb1Z0rp', 'Eygp0XoSxC', 'Jdhp1CuHfS', 'R12pBIcf03', 'lQypfQPh4Q'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, Fdiw6oVk4rn7g4DYGU.csHigh entropy of concatenated method names: 'jKjRmhLpbI', 'nubR2qZvSF', 'AY6R9s4l2g', 'rxZRLExJRJ', 'i15R14uRXx', 'RqbRGRAjvd', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, zTFaygwtEoTeQwwsDfw.csHigh entropy of concatenated method names: 'BksSY0OrLb', 'y00SFJinST', 'kBfSOOcqZE', 'DH1S3VIY8Y', 'g0WSj5fCZm', 'SkrSvkwC9L', 'BIBSIobhaL', 'H2nSXvrJ1o', 'HnpSxKGM5g', 'xkJShSrqwA'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, SFCH2cxkswrXkkjswb.csHigh entropy of concatenated method names: 'uJxr3G6Pfj', 'gjcrvfjuDD', 'Ih8rXS55jq', 'yQ9rxsEfQT', 'jFnr83byWB', 'R6krZIXHqy', 'RXNrp36nH3', 'O7UrRWfhi7', 'xOhrSGCdpq', 'gKhriWTxH2'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, w5M2Sw1pFf23YDVxVt.csHigh entropy of concatenated method names: 'Nck8kccIYY', 'k0f8bt0vDA', 'xh5818hkUJ', 'TAP8ByC1Fj', 'Aa482q68LW', 'EFs89Iac0P', 'AVQ8LJZdJa', 'HOF8GGJt5y', 'Bmy8eZbOFw', 'GKG85haZre'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, MGfdY6HUc3ao6ix1lx.csHigh entropy of concatenated method names: 'XJSSw4ZLtj', 'kgWSKISxct', 'QYuSEaVRW3', 'CrKSa0R69U', 'TAqSuccCI0', 'o0pSodU3fH', 'vD8S4IAQsS', 'LCARPvLYwg', 't57RW5ZgRg', 'GZpRVT2Rv4'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, qJ7IipcN8mLRAKZlpZ.csHigh entropy of concatenated method names: 'lmSORBK9i', 'gon3erZFu', 'vCJvX6YnN', 'kjoIJUnep', 'Bq1xd73xN', 'LFwhy6Cds', 'KsN7MhLXyyaE7vduVV', 'lNZFXygQ2Bx7lryRB9', 'vLeRBdwx5', 'HeOiqUmA5'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, vkRSWB0twD3opp7gmy.csHigh entropy of concatenated method names: 'Huh6X1YRs5', 'x7s6xLgoL5', 'dnP6mvqmBr', 'wKc62rqb7u', 'axi6Ls48q4', 'GmE6GCTGxP', 'zSX65tciOs', 'pO46lmpgLl', 'kSK6keRbmc', 'BXb6U5rhBc'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, VOUoZNEqCRcJP5f4pp.csHigh entropy of concatenated method names: 'nSewD0CL2V', 'HviwA7YZH0', 'bkswJwrXkk', 'Bswwdb7bd5', 'qONw8LJob2', 'iKVwZDhDZN', 'AwEBCl2LEbJOFdV6Y3', 'BXgELtiYaq5nE137aH', 'xqLqj34VoSdjWbu5rU', 'lEUwwr7Zid'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, kVXDd1ul49CeEdVFyH.csHigh entropy of concatenated method names: 'Dispose', 'LChwVYAWZS', 'Jt9c2gN4do', 'kYDBBjkdH7', 'seAwHqX0sV', 'DXuwzR5o2p', 'ProcessDialogKey', 'cUhctdiw6o', 'O4rcwn7g4D', 'xGUcclGfdY'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, vBPOQqQqUwaHF6eC4a.csHigh entropy of concatenated method names: 'I5bDYx5IVU', 'hafDFC5r99', 'wpODOoZa3e', 'SVPD3AMvTV', 'PGLDjcVpKY', 'zDMDv3jpHY', 'nVhDIuxbLQ', 'cyVDXRSGrf', 'TZNDxGJvMh', 'mKjDh7OYSE'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, eyNTGUfl7yWmIDHE4F.csHigh entropy of concatenated method names: 'ToString', 'm02ZUi2Wb5', 'rL6Z2BLG2d', 'vxeZ9Y4t3l', 'Hf4ZLvcEqP', 'PLAZG8TAsq', 'TJpZeybtSf', 'Q4rZ5AKEPj', 'GIJZlYYamf', 'vN2ZQCehvN'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, KAqX0sWVXXuR5o2pKU.csHigh entropy of concatenated method names: 'V4xRa2kG98', 'XZERu1p7rl', 'oxbRr1Y4Eh', 'tR7RowiqgZ', 'z3ER4uTB0Z', 'v6NRD0lMyo', 'C8hRAZtT2Y', 'dKiRy3dVlI', 'OccRJC28XH', 'O5xRdEeYKs'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, w5R6lrNuU3btjJjBng.csHigh entropy of concatenated method names: 'FrUpJQQbpg', 'uvbpdpwc6S', 'ToString', 'l2WpaPTlDC', 'R5Dpuc23KO', 'gZxprGjwBt', 'gEfpo5vRIK', 'Xe4p4wrwbY', 'RTNpDMquID', 'F7UpABVhcy'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, uxKyI6wKWspjdZ13DCj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'w7Li1aa1fA', 'N4eiB8USd1', 'wnfifV1aLV', 'tY3iNxUsAm', 'z1Ei7uC3OR', 'd71isARsvp', 'f9liPIskto'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, K0CL2VX2vi7YZH0Wye.csHigh entropy of concatenated method names: 'K2xu1ynmQn', 'SCCuBNPgKu', 'R7EufiZ5Jw', 'BWcuNacIWs', 'sItu7HA7MC', 'f2eusBYbCm', 'beAuPAn7h6', 'YbFuWsNMwF', 'DZXuVpBqUo', 'uxJuHxHIhC'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, WZ4cjv5k1LityMyCyX.csHigh entropy of concatenated method names: 'qI6DabdNLa', 'ukNDrY6NvA', 'gIOD4WrTVc', 'Hqm4HRQMDL', 'oPI4zykeh1', 'HdLDtHxxw8', 'WYwDwX0fJl', 'j79Dc57bMA', 'L9PDKlODir', 'Nl5DEEvThU'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, OBHZCjzXs1LR1lEOu1.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'L3mS68crjB', 'wsjS86fhsI', 'z4ZSZx0TQI', 'MT2Spl3UNX', 'ydgSRFeXO2', 'r1ISSXtMoI', 'CD5SiZHlGX'
            Source: 0.2.payment details.pdf.exe.7640000.7.raw.unpack, oP78EGAi8uIN375LbS.csHigh entropy of concatenated method names: 'sGFKTTS50v', 'TikKaVuvqb', 'mBKKub6HlC', 'qDBKrImV5S', 'FftKo9cjOV', 'Rt0K4kBaC2', 'pmmKD3D2da', 'ettKAm0UUS', 'sS9KyrZUqf', 'FgYKJpHJN5'

            Hooking and other Techniques for Hiding and Protection

            barindex
            Uses an obfuscated file name to hide its real file extension (double extension)
            Source: Possible double extension: pdf.exeStatic PE information: payment details.pdf.exe
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: payment details.pdf.exe PID: 2848, type: MEMORYSTR
            Source: C:\Users\user\Desktop\payment details.pdf.exeMemory allocated: 1080000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeMemory allocated: 2D90000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeMemory allocated: 2BF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeMemory allocated: 7F70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeMemory allocated: 8F70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeMemory allocated: 9130000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeMemory allocated: A130000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeMemory allocated: A4B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeMemory allocated: B4B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeMemory allocated: 7F70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeMemory allocated: 9130000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeMemory allocated: A4B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0118096E rdtsc 3_2_0118096E
            Source: C:\Users\user\Desktop\payment details.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeAPI coverage: 0.6 %
            Source: C:\Users\user\Desktop\payment details.pdf.exe TID: 6676Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exe TID: 6760Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0118096E rdtsc 3_2_0118096E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_00417553 LdrLoadDll,3_2_00417553
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EA118 mov ecx, dword ptr fs:[00000030h]3_2_011EA118
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EA118 mov eax, dword ptr fs:[00000030h]3_2_011EA118
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EA118 mov eax, dword ptr fs:[00000030h]3_2_011EA118
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EA118 mov eax, dword ptr fs:[00000030h]3_2_011EA118
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EE10E mov eax, dword ptr fs:[00000030h]3_2_011EE10E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EE10E mov ecx, dword ptr fs:[00000030h]3_2_011EE10E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EE10E mov eax, dword ptr fs:[00000030h]3_2_011EE10E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EE10E mov eax, dword ptr fs:[00000030h]3_2_011EE10E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EE10E mov ecx, dword ptr fs:[00000030h]3_2_011EE10E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EE10E mov eax, dword ptr fs:[00000030h]3_2_011EE10E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EE10E mov eax, dword ptr fs:[00000030h]3_2_011EE10E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EE10E mov ecx, dword ptr fs:[00000030h]3_2_011EE10E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EE10E mov eax, dword ptr fs:[00000030h]3_2_011EE10E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EE10E mov ecx, dword ptr fs:[00000030h]3_2_011EE10E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01170124 mov eax, dword ptr fs:[00000030h]3_2_01170124
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01200115 mov eax, dword ptr fs:[00000030h]3_2_01200115
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01146154 mov eax, dword ptr fs:[00000030h]3_2_01146154
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01146154 mov eax, dword ptr fs:[00000030h]3_2_01146154
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113C156 mov eax, dword ptr fs:[00000030h]3_2_0113C156
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D8158 mov eax, dword ptr fs:[00000030h]3_2_011D8158
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01214164 mov eax, dword ptr fs:[00000030h]3_2_01214164
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01214164 mov eax, dword ptr fs:[00000030h]3_2_01214164
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D4144 mov eax, dword ptr fs:[00000030h]3_2_011D4144
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D4144 mov eax, dword ptr fs:[00000030h]3_2_011D4144
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D4144 mov ecx, dword ptr fs:[00000030h]3_2_011D4144
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D4144 mov eax, dword ptr fs:[00000030h]3_2_011D4144
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D4144 mov eax, dword ptr fs:[00000030h]3_2_011D4144
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C019F mov eax, dword ptr fs:[00000030h]3_2_011C019F
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C019F mov eax, dword ptr fs:[00000030h]3_2_011C019F
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C019F mov eax, dword ptr fs:[00000030h]3_2_011C019F
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C019F mov eax, dword ptr fs:[00000030h]3_2_011C019F
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113A197 mov eax, dword ptr fs:[00000030h]3_2_0113A197
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113A197 mov eax, dword ptr fs:[00000030h]3_2_0113A197
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113A197 mov eax, dword ptr fs:[00000030h]3_2_0113A197
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011FC188 mov eax, dword ptr fs:[00000030h]3_2_011FC188
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011FC188 mov eax, dword ptr fs:[00000030h]3_2_011FC188
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01180185 mov eax, dword ptr fs:[00000030h]3_2_01180185
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E4180 mov eax, dword ptr fs:[00000030h]3_2_011E4180
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E4180 mov eax, dword ptr fs:[00000030h]3_2_011E4180
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_012161E5 mov eax, dword ptr fs:[00000030h]3_2_012161E5
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BE1D0 mov eax, dword ptr fs:[00000030h]3_2_011BE1D0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BE1D0 mov eax, dword ptr fs:[00000030h]3_2_011BE1D0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BE1D0 mov ecx, dword ptr fs:[00000030h]3_2_011BE1D0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BE1D0 mov eax, dword ptr fs:[00000030h]3_2_011BE1D0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BE1D0 mov eax, dword ptr fs:[00000030h]3_2_011BE1D0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_012061C3 mov eax, dword ptr fs:[00000030h]3_2_012061C3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_012061C3 mov eax, dword ptr fs:[00000030h]3_2_012061C3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011701F8 mov eax, dword ptr fs:[00000030h]3_2_011701F8
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115E016 mov eax, dword ptr fs:[00000030h]3_2_0115E016
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115E016 mov eax, dword ptr fs:[00000030h]3_2_0115E016
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115E016 mov eax, dword ptr fs:[00000030h]3_2_0115E016
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115E016 mov eax, dword ptr fs:[00000030h]3_2_0115E016
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C4000 mov ecx, dword ptr fs:[00000030h]3_2_011C4000
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E2000 mov eax, dword ptr fs:[00000030h]3_2_011E2000
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E2000 mov eax, dword ptr fs:[00000030h]3_2_011E2000
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E2000 mov eax, dword ptr fs:[00000030h]3_2_011E2000
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E2000 mov eax, dword ptr fs:[00000030h]3_2_011E2000
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E2000 mov eax, dword ptr fs:[00000030h]3_2_011E2000
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E2000 mov eax, dword ptr fs:[00000030h]3_2_011E2000
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E2000 mov eax, dword ptr fs:[00000030h]3_2_011E2000
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E2000 mov eax, dword ptr fs:[00000030h]3_2_011E2000
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D6030 mov eax, dword ptr fs:[00000030h]3_2_011D6030
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113A020 mov eax, dword ptr fs:[00000030h]3_2_0113A020
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113C020 mov eax, dword ptr fs:[00000030h]3_2_0113C020
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01142050 mov eax, dword ptr fs:[00000030h]3_2_01142050
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C6050 mov eax, dword ptr fs:[00000030h]3_2_011C6050
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116C073 mov eax, dword ptr fs:[00000030h]3_2_0116C073
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_012060B8 mov eax, dword ptr fs:[00000030h]3_2_012060B8
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_012060B8 mov ecx, dword ptr fs:[00000030h]3_2_012060B8
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114208A mov eax, dword ptr fs:[00000030h]3_2_0114208A
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011380A0 mov eax, dword ptr fs:[00000030h]3_2_011380A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D80A8 mov eax, dword ptr fs:[00000030h]3_2_011D80A8
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C20DE mov eax, dword ptr fs:[00000030h]3_2_011C20DE
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113C0F0 mov eax, dword ptr fs:[00000030h]3_2_0113C0F0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011820F0 mov ecx, dword ptr fs:[00000030h]3_2_011820F0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113A0E3 mov ecx, dword ptr fs:[00000030h]3_2_0113A0E3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C60E0 mov eax, dword ptr fs:[00000030h]3_2_011C60E0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011480E9 mov eax, dword ptr fs:[00000030h]3_2_011480E9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113C310 mov ecx, dword ptr fs:[00000030h]3_2_0113C310
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01218324 mov eax, dword ptr fs:[00000030h]3_2_01218324
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01218324 mov ecx, dword ptr fs:[00000030h]3_2_01218324
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01218324 mov eax, dword ptr fs:[00000030h]3_2_01218324
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01218324 mov eax, dword ptr fs:[00000030h]3_2_01218324
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01160310 mov ecx, dword ptr fs:[00000030h]3_2_01160310
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117A30B mov eax, dword ptr fs:[00000030h]3_2_0117A30B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117A30B mov eax, dword ptr fs:[00000030h]3_2_0117A30B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117A30B mov eax, dword ptr fs:[00000030h]3_2_0117A30B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C035C mov eax, dword ptr fs:[00000030h]3_2_011C035C
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C035C mov eax, dword ptr fs:[00000030h]3_2_011C035C
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C035C mov eax, dword ptr fs:[00000030h]3_2_011C035C
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C035C mov ecx, dword ptr fs:[00000030h]3_2_011C035C
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C035C mov eax, dword ptr fs:[00000030h]3_2_011C035C
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C035C mov eax, dword ptr fs:[00000030h]3_2_011C035C
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E8350 mov ecx, dword ptr fs:[00000030h]3_2_011E8350
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C2349 mov eax, dword ptr fs:[00000030h]3_2_011C2349
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C2349 mov eax, dword ptr fs:[00000030h]3_2_011C2349
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C2349 mov eax, dword ptr fs:[00000030h]3_2_011C2349
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C2349 mov eax, dword ptr fs:[00000030h]3_2_011C2349
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C2349 mov eax, dword ptr fs:[00000030h]3_2_011C2349
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C2349 mov eax, dword ptr fs:[00000030h]3_2_011C2349
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C2349 mov eax, dword ptr fs:[00000030h]3_2_011C2349
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C2349 mov eax, dword ptr fs:[00000030h]3_2_011C2349
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C2349 mov eax, dword ptr fs:[00000030h]3_2_011C2349
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C2349 mov eax, dword ptr fs:[00000030h]3_2_011C2349
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C2349 mov eax, dword ptr fs:[00000030h]3_2_011C2349
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C2349 mov eax, dword ptr fs:[00000030h]3_2_011C2349
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C2349 mov eax, dword ptr fs:[00000030h]3_2_011C2349
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C2349 mov eax, dword ptr fs:[00000030h]3_2_011C2349
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C2349 mov eax, dword ptr fs:[00000030h]3_2_011C2349
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E437C mov eax, dword ptr fs:[00000030h]3_2_011E437C
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0121634F mov eax, dword ptr fs:[00000030h]3_2_0121634F
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120A352 mov eax, dword ptr fs:[00000030h]3_2_0120A352
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01138397 mov eax, dword ptr fs:[00000030h]3_2_01138397
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01138397 mov eax, dword ptr fs:[00000030h]3_2_01138397
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01138397 mov eax, dword ptr fs:[00000030h]3_2_01138397
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116438F mov eax, dword ptr fs:[00000030h]3_2_0116438F
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116438F mov eax, dword ptr fs:[00000030h]3_2_0116438F
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113E388 mov eax, dword ptr fs:[00000030h]3_2_0113E388
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113E388 mov eax, dword ptr fs:[00000030h]3_2_0113E388
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113E388 mov eax, dword ptr fs:[00000030h]3_2_0113E388
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EE3DB mov eax, dword ptr fs:[00000030h]3_2_011EE3DB
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EE3DB mov eax, dword ptr fs:[00000030h]3_2_011EE3DB
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EE3DB mov ecx, dword ptr fs:[00000030h]3_2_011EE3DB
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EE3DB mov eax, dword ptr fs:[00000030h]3_2_011EE3DB
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E43D4 mov eax, dword ptr fs:[00000030h]3_2_011E43D4
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E43D4 mov eax, dword ptr fs:[00000030h]3_2_011E43D4
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011FC3CD mov eax, dword ptr fs:[00000030h]3_2_011FC3CD
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114A3C0 mov eax, dword ptr fs:[00000030h]3_2_0114A3C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114A3C0 mov eax, dword ptr fs:[00000030h]3_2_0114A3C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114A3C0 mov eax, dword ptr fs:[00000030h]3_2_0114A3C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114A3C0 mov eax, dword ptr fs:[00000030h]3_2_0114A3C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114A3C0 mov eax, dword ptr fs:[00000030h]3_2_0114A3C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114A3C0 mov eax, dword ptr fs:[00000030h]3_2_0114A3C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011483C0 mov eax, dword ptr fs:[00000030h]3_2_011483C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011483C0 mov eax, dword ptr fs:[00000030h]3_2_011483C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011483C0 mov eax, dword ptr fs:[00000030h]3_2_011483C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011483C0 mov eax, dword ptr fs:[00000030h]3_2_011483C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C63C0 mov eax, dword ptr fs:[00000030h]3_2_011C63C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115E3F0 mov eax, dword ptr fs:[00000030h]3_2_0115E3F0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115E3F0 mov eax, dword ptr fs:[00000030h]3_2_0115E3F0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115E3F0 mov eax, dword ptr fs:[00000030h]3_2_0115E3F0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011763FF mov eax, dword ptr fs:[00000030h]3_2_011763FF
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011503E9 mov eax, dword ptr fs:[00000030h]3_2_011503E9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011503E9 mov eax, dword ptr fs:[00000030h]3_2_011503E9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011503E9 mov eax, dword ptr fs:[00000030h]3_2_011503E9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011503E9 mov eax, dword ptr fs:[00000030h]3_2_011503E9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011503E9 mov eax, dword ptr fs:[00000030h]3_2_011503E9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011503E9 mov eax, dword ptr fs:[00000030h]3_2_011503E9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011503E9 mov eax, dword ptr fs:[00000030h]3_2_011503E9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011503E9 mov eax, dword ptr fs:[00000030h]3_2_011503E9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113823B mov eax, dword ptr fs:[00000030h]3_2_0113823B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113A250 mov eax, dword ptr fs:[00000030h]3_2_0113A250
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01146259 mov eax, dword ptr fs:[00000030h]3_2_01146259
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011FA250 mov eax, dword ptr fs:[00000030h]3_2_011FA250
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011FA250 mov eax, dword ptr fs:[00000030h]3_2_011FA250
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C8243 mov eax, dword ptr fs:[00000030h]3_2_011C8243
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C8243 mov ecx, dword ptr fs:[00000030h]3_2_011C8243
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F0274 mov eax, dword ptr fs:[00000030h]3_2_011F0274
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F0274 mov eax, dword ptr fs:[00000030h]3_2_011F0274
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F0274 mov eax, dword ptr fs:[00000030h]3_2_011F0274
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F0274 mov eax, dword ptr fs:[00000030h]3_2_011F0274
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F0274 mov eax, dword ptr fs:[00000030h]3_2_011F0274
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F0274 mov eax, dword ptr fs:[00000030h]3_2_011F0274
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F0274 mov eax, dword ptr fs:[00000030h]3_2_011F0274
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F0274 mov eax, dword ptr fs:[00000030h]3_2_011F0274
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F0274 mov eax, dword ptr fs:[00000030h]3_2_011F0274
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F0274 mov eax, dword ptr fs:[00000030h]3_2_011F0274
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F0274 mov eax, dword ptr fs:[00000030h]3_2_011F0274
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F0274 mov eax, dword ptr fs:[00000030h]3_2_011F0274
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01144260 mov eax, dword ptr fs:[00000030h]3_2_01144260
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01144260 mov eax, dword ptr fs:[00000030h]3_2_01144260
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01144260 mov eax, dword ptr fs:[00000030h]3_2_01144260
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113826B mov eax, dword ptr fs:[00000030h]3_2_0113826B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0121625D mov eax, dword ptr fs:[00000030h]3_2_0121625D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117E284 mov eax, dword ptr fs:[00000030h]3_2_0117E284
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117E284 mov eax, dword ptr fs:[00000030h]3_2_0117E284
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C0283 mov eax, dword ptr fs:[00000030h]3_2_011C0283
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C0283 mov eax, dword ptr fs:[00000030h]3_2_011C0283
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C0283 mov eax, dword ptr fs:[00000030h]3_2_011C0283
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011502A0 mov eax, dword ptr fs:[00000030h]3_2_011502A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011502A0 mov eax, dword ptr fs:[00000030h]3_2_011502A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D62A0 mov eax, dword ptr fs:[00000030h]3_2_011D62A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D62A0 mov ecx, dword ptr fs:[00000030h]3_2_011D62A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D62A0 mov eax, dword ptr fs:[00000030h]3_2_011D62A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D62A0 mov eax, dword ptr fs:[00000030h]3_2_011D62A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D62A0 mov eax, dword ptr fs:[00000030h]3_2_011D62A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D62A0 mov eax, dword ptr fs:[00000030h]3_2_011D62A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114A2C3 mov eax, dword ptr fs:[00000030h]3_2_0114A2C3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114A2C3 mov eax, dword ptr fs:[00000030h]3_2_0114A2C3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114A2C3 mov eax, dword ptr fs:[00000030h]3_2_0114A2C3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114A2C3 mov eax, dword ptr fs:[00000030h]3_2_0114A2C3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114A2C3 mov eax, dword ptr fs:[00000030h]3_2_0114A2C3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011502E1 mov eax, dword ptr fs:[00000030h]3_2_011502E1
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011502E1 mov eax, dword ptr fs:[00000030h]3_2_011502E1
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011502E1 mov eax, dword ptr fs:[00000030h]3_2_011502E1
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_012162D6 mov eax, dword ptr fs:[00000030h]3_2_012162D6
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D6500 mov eax, dword ptr fs:[00000030h]3_2_011D6500
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150535 mov eax, dword ptr fs:[00000030h]3_2_01150535
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150535 mov eax, dword ptr fs:[00000030h]3_2_01150535
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150535 mov eax, dword ptr fs:[00000030h]3_2_01150535
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150535 mov eax, dword ptr fs:[00000030h]3_2_01150535
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150535 mov eax, dword ptr fs:[00000030h]3_2_01150535
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150535 mov eax, dword ptr fs:[00000030h]3_2_01150535
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01214500 mov eax, dword ptr fs:[00000030h]3_2_01214500
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01214500 mov eax, dword ptr fs:[00000030h]3_2_01214500
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01214500 mov eax, dword ptr fs:[00000030h]3_2_01214500
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01214500 mov eax, dword ptr fs:[00000030h]3_2_01214500
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01214500 mov eax, dword ptr fs:[00000030h]3_2_01214500
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01214500 mov eax, dword ptr fs:[00000030h]3_2_01214500
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01214500 mov eax, dword ptr fs:[00000030h]3_2_01214500
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116E53E mov eax, dword ptr fs:[00000030h]3_2_0116E53E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116E53E mov eax, dword ptr fs:[00000030h]3_2_0116E53E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116E53E mov eax, dword ptr fs:[00000030h]3_2_0116E53E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116E53E mov eax, dword ptr fs:[00000030h]3_2_0116E53E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116E53E mov eax, dword ptr fs:[00000030h]3_2_0116E53E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01148550 mov eax, dword ptr fs:[00000030h]3_2_01148550
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01148550 mov eax, dword ptr fs:[00000030h]3_2_01148550
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117656A mov eax, dword ptr fs:[00000030h]3_2_0117656A
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117656A mov eax, dword ptr fs:[00000030h]3_2_0117656A
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117656A mov eax, dword ptr fs:[00000030h]3_2_0117656A
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117E59C mov eax, dword ptr fs:[00000030h]3_2_0117E59C
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01142582 mov eax, dword ptr fs:[00000030h]3_2_01142582
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01142582 mov ecx, dword ptr fs:[00000030h]3_2_01142582
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01174588 mov eax, dword ptr fs:[00000030h]3_2_01174588
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011645B1 mov eax, dword ptr fs:[00000030h]3_2_011645B1
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011645B1 mov eax, dword ptr fs:[00000030h]3_2_011645B1
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C05A7 mov eax, dword ptr fs:[00000030h]3_2_011C05A7
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C05A7 mov eax, dword ptr fs:[00000030h]3_2_011C05A7
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C05A7 mov eax, dword ptr fs:[00000030h]3_2_011C05A7
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011465D0 mov eax, dword ptr fs:[00000030h]3_2_011465D0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117A5D0 mov eax, dword ptr fs:[00000030h]3_2_0117A5D0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117A5D0 mov eax, dword ptr fs:[00000030h]3_2_0117A5D0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117E5CF mov eax, dword ptr fs:[00000030h]3_2_0117E5CF
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117E5CF mov eax, dword ptr fs:[00000030h]3_2_0117E5CF
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116E5E7 mov eax, dword ptr fs:[00000030h]3_2_0116E5E7
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116E5E7 mov eax, dword ptr fs:[00000030h]3_2_0116E5E7
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116E5E7 mov eax, dword ptr fs:[00000030h]3_2_0116E5E7
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116E5E7 mov eax, dword ptr fs:[00000030h]3_2_0116E5E7
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116E5E7 mov eax, dword ptr fs:[00000030h]3_2_0116E5E7
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116E5E7 mov eax, dword ptr fs:[00000030h]3_2_0116E5E7
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116E5E7 mov eax, dword ptr fs:[00000030h]3_2_0116E5E7
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116E5E7 mov eax, dword ptr fs:[00000030h]3_2_0116E5E7
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011425E0 mov eax, dword ptr fs:[00000030h]3_2_011425E0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117C5ED mov eax, dword ptr fs:[00000030h]3_2_0117C5ED
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117C5ED mov eax, dword ptr fs:[00000030h]3_2_0117C5ED
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01178402 mov eax, dword ptr fs:[00000030h]3_2_01178402
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01178402 mov eax, dword ptr fs:[00000030h]3_2_01178402
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01178402 mov eax, dword ptr fs:[00000030h]3_2_01178402
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117A430 mov eax, dword ptr fs:[00000030h]3_2_0117A430
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113E420 mov eax, dword ptr fs:[00000030h]3_2_0113E420
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113E420 mov eax, dword ptr fs:[00000030h]3_2_0113E420
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113E420 mov eax, dword ptr fs:[00000030h]3_2_0113E420
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113C427 mov eax, dword ptr fs:[00000030h]3_2_0113C427
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C6420 mov eax, dword ptr fs:[00000030h]3_2_011C6420
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C6420 mov eax, dword ptr fs:[00000030h]3_2_011C6420
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C6420 mov eax, dword ptr fs:[00000030h]3_2_011C6420
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C6420 mov eax, dword ptr fs:[00000030h]3_2_011C6420
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C6420 mov eax, dword ptr fs:[00000030h]3_2_011C6420
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C6420 mov eax, dword ptr fs:[00000030h]3_2_011C6420
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C6420 mov eax, dword ptr fs:[00000030h]3_2_011C6420
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011FA456 mov eax, dword ptr fs:[00000030h]3_2_011FA456
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116245A mov eax, dword ptr fs:[00000030h]3_2_0116245A
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113645D mov eax, dword ptr fs:[00000030h]3_2_0113645D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117E443 mov eax, dword ptr fs:[00000030h]3_2_0117E443
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117E443 mov eax, dword ptr fs:[00000030h]3_2_0117E443
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117E443 mov eax, dword ptr fs:[00000030h]3_2_0117E443
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117E443 mov eax, dword ptr fs:[00000030h]3_2_0117E443
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117E443 mov eax, dword ptr fs:[00000030h]3_2_0117E443
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117E443 mov eax, dword ptr fs:[00000030h]3_2_0117E443
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117E443 mov eax, dword ptr fs:[00000030h]3_2_0117E443
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117E443 mov eax, dword ptr fs:[00000030h]3_2_0117E443
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116A470 mov eax, dword ptr fs:[00000030h]3_2_0116A470
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116A470 mov eax, dword ptr fs:[00000030h]3_2_0116A470
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116A470 mov eax, dword ptr fs:[00000030h]3_2_0116A470
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011CC460 mov ecx, dword ptr fs:[00000030h]3_2_011CC460
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011FA49A mov eax, dword ptr fs:[00000030h]3_2_011FA49A
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011744B0 mov ecx, dword ptr fs:[00000030h]3_2_011744B0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011CA4B0 mov eax, dword ptr fs:[00000030h]3_2_011CA4B0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011464AB mov eax, dword ptr fs:[00000030h]3_2_011464AB
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011404E5 mov ecx, dword ptr fs:[00000030h]3_2_011404E5
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01140710 mov eax, dword ptr fs:[00000030h]3_2_01140710
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01170710 mov eax, dword ptr fs:[00000030h]3_2_01170710
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117C700 mov eax, dword ptr fs:[00000030h]3_2_0117C700
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117273C mov eax, dword ptr fs:[00000030h]3_2_0117273C
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117273C mov ecx, dword ptr fs:[00000030h]3_2_0117273C
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117273C mov eax, dword ptr fs:[00000030h]3_2_0117273C
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BC730 mov eax, dword ptr fs:[00000030h]3_2_011BC730
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117C720 mov eax, dword ptr fs:[00000030h]3_2_0117C720
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117C720 mov eax, dword ptr fs:[00000030h]3_2_0117C720
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011CE75D mov eax, dword ptr fs:[00000030h]3_2_011CE75D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01140750 mov eax, dword ptr fs:[00000030h]3_2_01140750
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182750 mov eax, dword ptr fs:[00000030h]3_2_01182750
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182750 mov eax, dword ptr fs:[00000030h]3_2_01182750
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C4755 mov eax, dword ptr fs:[00000030h]3_2_011C4755
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117674D mov esi, dword ptr fs:[00000030h]3_2_0117674D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117674D mov eax, dword ptr fs:[00000030h]3_2_0117674D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117674D mov eax, dword ptr fs:[00000030h]3_2_0117674D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01148770 mov eax, dword ptr fs:[00000030h]3_2_01148770
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150770 mov eax, dword ptr fs:[00000030h]3_2_01150770
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150770 mov eax, dword ptr fs:[00000030h]3_2_01150770
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150770 mov eax, dword ptr fs:[00000030h]3_2_01150770
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150770 mov eax, dword ptr fs:[00000030h]3_2_01150770
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150770 mov eax, dword ptr fs:[00000030h]3_2_01150770
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150770 mov eax, dword ptr fs:[00000030h]3_2_01150770
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150770 mov eax, dword ptr fs:[00000030h]3_2_01150770
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150770 mov eax, dword ptr fs:[00000030h]3_2_01150770
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150770 mov eax, dword ptr fs:[00000030h]3_2_01150770
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150770 mov eax, dword ptr fs:[00000030h]3_2_01150770
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150770 mov eax, dword ptr fs:[00000030h]3_2_01150770
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150770 mov eax, dword ptr fs:[00000030h]3_2_01150770
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E678E mov eax, dword ptr fs:[00000030h]3_2_011E678E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011407AF mov eax, dword ptr fs:[00000030h]3_2_011407AF
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F47A0 mov eax, dword ptr fs:[00000030h]3_2_011F47A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114C7C0 mov eax, dword ptr fs:[00000030h]3_2_0114C7C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C07C3 mov eax, dword ptr fs:[00000030h]3_2_011C07C3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011447FB mov eax, dword ptr fs:[00000030h]3_2_011447FB
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011447FB mov eax, dword ptr fs:[00000030h]3_2_011447FB
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011627ED mov eax, dword ptr fs:[00000030h]3_2_011627ED
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011627ED mov eax, dword ptr fs:[00000030h]3_2_011627ED
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011627ED mov eax, dword ptr fs:[00000030h]3_2_011627ED
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011CE7E1 mov eax, dword ptr fs:[00000030h]3_2_011CE7E1
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01182619 mov eax, dword ptr fs:[00000030h]3_2_01182619
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BE609 mov eax, dword ptr fs:[00000030h]3_2_011BE609
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115260B mov eax, dword ptr fs:[00000030h]3_2_0115260B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115260B mov eax, dword ptr fs:[00000030h]3_2_0115260B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115260B mov eax, dword ptr fs:[00000030h]3_2_0115260B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115260B mov eax, dword ptr fs:[00000030h]3_2_0115260B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115260B mov eax, dword ptr fs:[00000030h]3_2_0115260B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115260B mov eax, dword ptr fs:[00000030h]3_2_0115260B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115260B mov eax, dword ptr fs:[00000030h]3_2_0115260B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115E627 mov eax, dword ptr fs:[00000030h]3_2_0115E627
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01176620 mov eax, dword ptr fs:[00000030h]3_2_01176620
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01178620 mov eax, dword ptr fs:[00000030h]3_2_01178620
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114262C mov eax, dword ptr fs:[00000030h]3_2_0114262C
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120866E mov eax, dword ptr fs:[00000030h]3_2_0120866E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120866E mov eax, dword ptr fs:[00000030h]3_2_0120866E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0115C640 mov eax, dword ptr fs:[00000030h]3_2_0115C640
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01172674 mov eax, dword ptr fs:[00000030h]3_2_01172674
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117A660 mov eax, dword ptr fs:[00000030h]3_2_0117A660
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117A660 mov eax, dword ptr fs:[00000030h]3_2_0117A660
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01144690 mov eax, dword ptr fs:[00000030h]3_2_01144690
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01144690 mov eax, dword ptr fs:[00000030h]3_2_01144690
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011766B0 mov eax, dword ptr fs:[00000030h]3_2_011766B0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117C6A6 mov eax, dword ptr fs:[00000030h]3_2_0117C6A6
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0117A6C7
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117A6C7 mov eax, dword ptr fs:[00000030h]3_2_0117A6C7
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BE6F2 mov eax, dword ptr fs:[00000030h]3_2_011BE6F2
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BE6F2 mov eax, dword ptr fs:[00000030h]3_2_011BE6F2
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BE6F2 mov eax, dword ptr fs:[00000030h]3_2_011BE6F2
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BE6F2 mov eax, dword ptr fs:[00000030h]3_2_011BE6F2
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C06F1 mov eax, dword ptr fs:[00000030h]3_2_011C06F1
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C06F1 mov eax, dword ptr fs:[00000030h]3_2_011C06F1
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01138918 mov eax, dword ptr fs:[00000030h]3_2_01138918
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01138918 mov eax, dword ptr fs:[00000030h]3_2_01138918
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011CC912 mov eax, dword ptr fs:[00000030h]3_2_011CC912
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BE908 mov eax, dword ptr fs:[00000030h]3_2_011BE908
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BE908 mov eax, dword ptr fs:[00000030h]3_2_011BE908
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C892A mov eax, dword ptr fs:[00000030h]3_2_011C892A
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D892B mov eax, dword ptr fs:[00000030h]3_2_011D892B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C0946 mov eax, dword ptr fs:[00000030h]3_2_011C0946
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011CC97C mov eax, dword ptr fs:[00000030h]3_2_011CC97C
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01214940 mov eax, dword ptr fs:[00000030h]3_2_01214940
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E4978 mov eax, dword ptr fs:[00000030h]3_2_011E4978
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E4978 mov eax, dword ptr fs:[00000030h]3_2_011E4978
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01166962 mov eax, dword ptr fs:[00000030h]3_2_01166962
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01166962 mov eax, dword ptr fs:[00000030h]3_2_01166962
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01166962 mov eax, dword ptr fs:[00000030h]3_2_01166962
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0118096E mov eax, dword ptr fs:[00000030h]3_2_0118096E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0118096E mov edx, dword ptr fs:[00000030h]3_2_0118096E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0118096E mov eax, dword ptr fs:[00000030h]3_2_0118096E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C89B3 mov esi, dword ptr fs:[00000030h]3_2_011C89B3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C89B3 mov eax, dword ptr fs:[00000030h]3_2_011C89B3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011C89B3 mov eax, dword ptr fs:[00000030h]3_2_011C89B3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011529A0 mov eax, dword ptr fs:[00000030h]3_2_011529A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011529A0 mov eax, dword ptr fs:[00000030h]3_2_011529A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011529A0 mov eax, dword ptr fs:[00000030h]3_2_011529A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011529A0 mov eax, dword ptr fs:[00000030h]3_2_011529A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011529A0 mov eax, dword ptr fs:[00000030h]3_2_011529A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011529A0 mov eax, dword ptr fs:[00000030h]3_2_011529A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011529A0 mov eax, dword ptr fs:[00000030h]3_2_011529A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011529A0 mov eax, dword ptr fs:[00000030h]3_2_011529A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011529A0 mov eax, dword ptr fs:[00000030h]3_2_011529A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011529A0 mov eax, dword ptr fs:[00000030h]3_2_011529A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011529A0 mov eax, dword ptr fs:[00000030h]3_2_011529A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011529A0 mov eax, dword ptr fs:[00000030h]3_2_011529A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011529A0 mov eax, dword ptr fs:[00000030h]3_2_011529A0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011409AD mov eax, dword ptr fs:[00000030h]3_2_011409AD
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011409AD mov eax, dword ptr fs:[00000030h]3_2_011409AD
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114A9D0 mov eax, dword ptr fs:[00000030h]3_2_0114A9D0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114A9D0 mov eax, dword ptr fs:[00000030h]3_2_0114A9D0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114A9D0 mov eax, dword ptr fs:[00000030h]3_2_0114A9D0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114A9D0 mov eax, dword ptr fs:[00000030h]3_2_0114A9D0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114A9D0 mov eax, dword ptr fs:[00000030h]3_2_0114A9D0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114A9D0 mov eax, dword ptr fs:[00000030h]3_2_0114A9D0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011749D0 mov eax, dword ptr fs:[00000030h]3_2_011749D0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D69C0 mov eax, dword ptr fs:[00000030h]3_2_011D69C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011729F9 mov eax, dword ptr fs:[00000030h]3_2_011729F9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011729F9 mov eax, dword ptr fs:[00000030h]3_2_011729F9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120A9D3 mov eax, dword ptr fs:[00000030h]3_2_0120A9D3
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011CE9E0 mov eax, dword ptr fs:[00000030h]3_2_011CE9E0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011CC810 mov eax, dword ptr fs:[00000030h]3_2_011CC810
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01162835 mov eax, dword ptr fs:[00000030h]3_2_01162835
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01162835 mov eax, dword ptr fs:[00000030h]3_2_01162835
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01162835 mov eax, dword ptr fs:[00000030h]3_2_01162835
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01162835 mov ecx, dword ptr fs:[00000030h]3_2_01162835
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01162835 mov eax, dword ptr fs:[00000030h]3_2_01162835
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01162835 mov eax, dword ptr fs:[00000030h]3_2_01162835
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E483A mov eax, dword ptr fs:[00000030h]3_2_011E483A
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E483A mov eax, dword ptr fs:[00000030h]3_2_011E483A
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117A830 mov eax, dword ptr fs:[00000030h]3_2_0117A830
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01170854 mov eax, dword ptr fs:[00000030h]3_2_01170854
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01144859 mov eax, dword ptr fs:[00000030h]3_2_01144859
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01144859 mov eax, dword ptr fs:[00000030h]3_2_01144859
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01152840 mov ecx, dword ptr fs:[00000030h]3_2_01152840
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D6870 mov eax, dword ptr fs:[00000030h]3_2_011D6870
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D6870 mov eax, dword ptr fs:[00000030h]3_2_011D6870
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011CE872 mov eax, dword ptr fs:[00000030h]3_2_011CE872
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011CE872 mov eax, dword ptr fs:[00000030h]3_2_011CE872
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011CC89D mov eax, dword ptr fs:[00000030h]3_2_011CC89D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01140887 mov eax, dword ptr fs:[00000030h]3_2_01140887
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120A8E4 mov eax, dword ptr fs:[00000030h]3_2_0120A8E4
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116E8C0 mov eax, dword ptr fs:[00000030h]3_2_0116E8C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_012108C0 mov eax, dword ptr fs:[00000030h]3_2_012108C0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117C8F9 mov eax, dword ptr fs:[00000030h]3_2_0117C8F9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117C8F9 mov eax, dword ptr fs:[00000030h]3_2_0117C8F9
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BEB1D mov eax, dword ptr fs:[00000030h]3_2_011BEB1D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BEB1D mov eax, dword ptr fs:[00000030h]3_2_011BEB1D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BEB1D mov eax, dword ptr fs:[00000030h]3_2_011BEB1D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BEB1D mov eax, dword ptr fs:[00000030h]3_2_011BEB1D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BEB1D mov eax, dword ptr fs:[00000030h]3_2_011BEB1D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BEB1D mov eax, dword ptr fs:[00000030h]3_2_011BEB1D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BEB1D mov eax, dword ptr fs:[00000030h]3_2_011BEB1D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BEB1D mov eax, dword ptr fs:[00000030h]3_2_011BEB1D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BEB1D mov eax, dword ptr fs:[00000030h]3_2_011BEB1D
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01208B28 mov eax, dword ptr fs:[00000030h]3_2_01208B28
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01208B28 mov eax, dword ptr fs:[00000030h]3_2_01208B28
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01214B00 mov eax, dword ptr fs:[00000030h]3_2_01214B00
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116EB20 mov eax, dword ptr fs:[00000030h]3_2_0116EB20
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116EB20 mov eax, dword ptr fs:[00000030h]3_2_0116EB20
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01138B50 mov eax, dword ptr fs:[00000030h]3_2_01138B50
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EEB50 mov eax, dword ptr fs:[00000030h]3_2_011EEB50
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F4B4B mov eax, dword ptr fs:[00000030h]3_2_011F4B4B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F4B4B mov eax, dword ptr fs:[00000030h]3_2_011F4B4B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011E8B42 mov eax, dword ptr fs:[00000030h]3_2_011E8B42
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D6B40 mov eax, dword ptr fs:[00000030h]3_2_011D6B40
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011D6B40 mov eax, dword ptr fs:[00000030h]3_2_011D6B40
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0120AB40 mov eax, dword ptr fs:[00000030h]3_2_0120AB40
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0113CB7E mov eax, dword ptr fs:[00000030h]3_2_0113CB7E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01212B57 mov eax, dword ptr fs:[00000030h]3_2_01212B57
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01212B57 mov eax, dword ptr fs:[00000030h]3_2_01212B57
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01212B57 mov eax, dword ptr fs:[00000030h]3_2_01212B57
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01212B57 mov eax, dword ptr fs:[00000030h]3_2_01212B57
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150BBE mov eax, dword ptr fs:[00000030h]3_2_01150BBE
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150BBE mov eax, dword ptr fs:[00000030h]3_2_01150BBE
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F4BB0 mov eax, dword ptr fs:[00000030h]3_2_011F4BB0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011F4BB0 mov eax, dword ptr fs:[00000030h]3_2_011F4BB0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EEBD0 mov eax, dword ptr fs:[00000030h]3_2_011EEBD0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01140BCD mov eax, dword ptr fs:[00000030h]3_2_01140BCD
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01140BCD mov eax, dword ptr fs:[00000030h]3_2_01140BCD
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01140BCD mov eax, dword ptr fs:[00000030h]3_2_01140BCD
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01160BCB mov eax, dword ptr fs:[00000030h]3_2_01160BCB
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01160BCB mov eax, dword ptr fs:[00000030h]3_2_01160BCB
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01160BCB mov eax, dword ptr fs:[00000030h]3_2_01160BCB
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01148BF0 mov eax, dword ptr fs:[00000030h]3_2_01148BF0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01148BF0 mov eax, dword ptr fs:[00000030h]3_2_01148BF0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01148BF0 mov eax, dword ptr fs:[00000030h]3_2_01148BF0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116EBFC mov eax, dword ptr fs:[00000030h]3_2_0116EBFC
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011CCBF0 mov eax, dword ptr fs:[00000030h]3_2_011CCBF0
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011CCA11 mov eax, dword ptr fs:[00000030h]3_2_011CCA11
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01164A35 mov eax, dword ptr fs:[00000030h]3_2_01164A35
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01164A35 mov eax, dword ptr fs:[00000030h]3_2_01164A35
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117CA38 mov eax, dword ptr fs:[00000030h]3_2_0117CA38
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117CA24 mov eax, dword ptr fs:[00000030h]3_2_0117CA24
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0116EA2E mov eax, dword ptr fs:[00000030h]3_2_0116EA2E
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01146A50 mov eax, dword ptr fs:[00000030h]3_2_01146A50
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01146A50 mov eax, dword ptr fs:[00000030h]3_2_01146A50
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01146A50 mov eax, dword ptr fs:[00000030h]3_2_01146A50
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01146A50 mov eax, dword ptr fs:[00000030h]3_2_01146A50
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01146A50 mov eax, dword ptr fs:[00000030h]3_2_01146A50
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01146A50 mov eax, dword ptr fs:[00000030h]3_2_01146A50
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01146A50 mov eax, dword ptr fs:[00000030h]3_2_01146A50
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150A5B mov eax, dword ptr fs:[00000030h]3_2_01150A5B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01150A5B mov eax, dword ptr fs:[00000030h]3_2_01150A5B
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BCA72 mov eax, dword ptr fs:[00000030h]3_2_011BCA72
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011BCA72 mov eax, dword ptr fs:[00000030h]3_2_011BCA72
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117CA6F mov eax, dword ptr fs:[00000030h]3_2_0117CA6F
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117CA6F mov eax, dword ptr fs:[00000030h]3_2_0117CA6F
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0117CA6F mov eax, dword ptr fs:[00000030h]3_2_0117CA6F
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_011EEA60 mov eax, dword ptr fs:[00000030h]3_2_011EEA60
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01178A90 mov edx, dword ptr fs:[00000030h]3_2_01178A90
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114EA80 mov eax, dword ptr fs:[00000030h]3_2_0114EA80
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114EA80 mov eax, dword ptr fs:[00000030h]3_2_0114EA80
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114EA80 mov eax, dword ptr fs:[00000030h]3_2_0114EA80
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114EA80 mov eax, dword ptr fs:[00000030h]3_2_0114EA80
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114EA80 mov eax, dword ptr fs:[00000030h]3_2_0114EA80
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114EA80 mov eax, dword ptr fs:[00000030h]3_2_0114EA80
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114EA80 mov eax, dword ptr fs:[00000030h]3_2_0114EA80
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114EA80 mov eax, dword ptr fs:[00000030h]3_2_0114EA80
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_0114EA80 mov eax, dword ptr fs:[00000030h]3_2_0114EA80
            Source: C:\Users\user\Desktop\payment details.pdf.exeCode function: 3_2_01214A80 mov eax, dword ptr fs:[00000030h]3_2_01214A80
            Source: C:\Users\user\Desktop\payment details.pdf.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\payment details.pdf.exeMemory written: C:\Users\user\Desktop\payment details.pdf.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeProcess created: C:\Users\user\Desktop\payment details.pdf.exe "C:\Users\user\Desktop\payment details.pdf.exe"Jump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeQueries volume information: C:\Users\user\Desktop\payment details.pdf.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\payment details.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.payment details.pdf.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.payment details.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.1510297370.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1510629541.0000000000BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.payment details.pdf.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.payment details.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.1510297370.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1510629541.0000000000BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		111
            Process Injection            		11
            Masquerading            		OS Credential Dumping2
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
            Process Injection            		NTDS12
            System Information Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts13
            Obfuscated Files or Information            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            Timestomp            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            payment details.pdf.exe32%ReversingLabsByteCode-MSIL.Trojan.Swotter
            payment details.pdf.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            No contacted domains info

            World Map of Contacted IPs

            No contacted IP infos

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1467075
            Start date and time:2024-07-03 17:47:09 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 7m 5s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:8
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:payment details.pdf.exe
            Detection:MAL
            Classification:mal100.troj.evad.winEXE@3/1@0/0
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 98%
            • Number of executed functions: 159
            • Number of non-executed functions: 271
            Cookbook Comments:
            • Found application associated with file extension: .exe

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • VT rate limit hit for: payment details.pdf.exe

            Simulations

            Behavior and APIs

            TimeTypeDescription
            11:48:09API Interceptor4x Sleep call for process: payment details.pdf.exe modified

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\payment details.pdf.exe.log

            Download File
            Process:C:\Users\user\Desktop\payment details.pdf.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1216
            Entropy (8bit):5.34331486778365
            Encrypted:false
            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
            MD5:1330C80CAAC9A0FB172F202485E9B1E8
            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
            Malicious:true
            Reputation:high, very likely benign file
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Entropy (8bit):7.950676148320351
            TrID:
            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            • Win32 Executable (generic) a (10002005/4) 49.75%
            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
            • Windows Screen Saver (13104/52) 0.07%
            • Generic Win/DOS Executable (2004/3) 0.01%
            File name:payment details.pdf.exe
            File size:984'064 bytes
            MD5:0f4b5fb26bf123aa8fd8e90add5770fc
            SHA1:8c9b1825d6ae3a7a9e8dc0a8a1dada05b8124720
            SHA256:c3a045823e045eb117eceefa8d34697c835fc969831e0f1d1401bea5edb8e596
            SHA512:9121102beedcf9e164450814339d5629c8dca899d11b51df0f74184b80eec48a09dde917a863087b3cdce8e4d33c4df89a23dc5fa79f9432e20a49b8b1770464
            SSDEEP:24576:M8YI5axhPU3Mvbb719Jy784CFRodKRDQbpEN:M8BqPU3Mvfh7a8JFRQbuN
            TLSH:A22523331B64DF80E9741FF100B03A0847F2FCABA161C61E6D82B4EB59B5761466BB97
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0......f........... ........@.. .......................`............@................................

            File Icon

            Icon Hash:66666667e69c310e

            Static PE Info

            General

            Entrypoint:0x4ebbce
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0xBBC0BB9E [Fri Oct 25 23:45:34 2069 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

            Entrypoint Preview

            Instruction
            jmp dword ptr [00402000h]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0xebb790x4f.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0xec0000x6400.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0xf40000xc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0xe9e580x70.text
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000xe9bd40xe9c003e3429bcdd8b58223dd8a975e0f0d2ffFalse0.9723470922459893data7.977882662043647IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rsrc0xec0000x64000x64008eb408d59cb984c3a9246d6708ad0f26False0.3955859375data5.147871031638994IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0xf40000xc0x20035711cf2dd8d5cadf51855ae5e94ffebFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_ICON0xec1e00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 00.2701612903225806
            RT_ICON0xec4d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 00.4966216216216216
            RT_ICON0xec6100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.5439765458422174
            RT_ICON0xed4c80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.6656137184115524
            RT_ICON0xedd800x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5021676300578035
            RT_ICON0xee2f80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3157676348547718
            RT_ICON0xf08b00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4090056285178236
            RT_ICON0xf19680x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.5859929078014184
            RT_GROUP_ICON0xf1de00x76data0.6440677966101694
            RT_VERSION0xf1e680x398OpenPGP Public Key0.4206521739130435
            RT_MANIFEST0xf22100x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

            Imports

            DLLImport
            mscoree.dll_CorExeMain

            Network Behavior

            No network behavior found

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:11:48:09
            Start date:03/07/2024
            Path:C:\Users\user\Desktop\payment details.pdf.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\payment details.pdf.exe"
            Imagebase:0x820000
            File size:984'064 bytes
            MD5 hash:0F4B5FB26BF123AA8FD8E90ADD5770FC
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:3
            Start time:11:48:10
            Start date:03/07/2024
            Path:C:\Users\user\Desktop\payment details.pdf.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\payment details.pdf.exe"
            Imagebase:0x550000
            File size:984'064 bytes
            MD5 hash:0F4B5FB26BF123AA8FD8E90ADD5770FC
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1510297370.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.1510297370.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1510629541.0000000000BC0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.1510629541.0000000000BC0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
            Reputation:low
            Has exited:true

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:11.2%
              Dynamic/Decrypted Code Coverage:100%
              Signature Coverage:0%
              Total number of Nodes:300
              Total number of Limit Nodes:17
              execution_graph 44710 108af98 44711 108afda 44710->44711 44712 108afe0 GetModuleHandleW 44710->44712 44711->44712 44713 108b00d 44712->44713 44733 1084668 44734 108467a 44733->44734 44735 1084686 44734->44735 44739 1084783 44734->44739 44744 1084218 44735->44744 44737 10846a5 44740 108479d 44739->44740 44748 1084888 44740->44748 44752 1084887 44740->44752 44745 1084223 44744->44745 44760 1085c6c 44745->44760 44747 1087048 44747->44737 44750 10848af 44748->44750 44749 108498c 44749->44749 44750->44749 44756 10844e0 44750->44756 44754 10848af 44752->44754 44753 108498c 44753->44753 44754->44753 44755 10844e0 CreateActCtxA 44754->44755 44755->44753 44757 1085918 CreateActCtxA 44756->44757 44759 10859db 44757->44759 44761 1085c77 44760->44761 44764 1085c8c 44761->44764 44763 10870ed 44763->44747 44765 1085c97 44764->44765 44768 1085cbc 44765->44768 44767 10871c2 44767->44763 44769 1085cc7 44768->44769 44770 1085cec LoadLibraryExW 44769->44770 44771 10872c5 44770->44771 44771->44767 44776 108d438 44777 108d47e 44776->44777 44780 108d618 44777->44780 44783 108b790 44780->44783 44784 108d680 DuplicateHandle 44783->44784 44785 108d56b 44784->44785 44646 2d34050 44647 2d34092 44646->44647 44649 2d34099 44646->44649 44648 2d340ea CallWindowProcW 44647->44648 44647->44649 44648->44649 44714 2c64bd0 44715 2c64be9 44714->44715 44717 2c620dc 44714->44717 44718 2c620e7 44717->44718 44719 2c64d77 44718->44719 44721 2c6205c 44718->44721 44719->44715 44722 2c648a0 PostMessageW 44721->44722 44723 2c6490c 44722->44723 44723->44719 44724 2c61350 44725 2c61383 44724->44725 44726 2c613f1 44725->44726 44728 2c61738 44725->44728 44729 2c616a2 44728->44729 44729->44728 44730 2c616be 44729->44730 44731 2c6178a ResumeThread 44729->44731 44730->44726 44732 2c617b1 44731->44732 44732->44726 44772 2c64620 44773 2c64646 44772->44773 44774 2c647ab 44772->44774 44773->44774 44775 2c6205c PostMessageW 44773->44775 44775->44773 44786 2c67170 44787 2c6718e 44786->44787 44788 2c67198 44786->44788 44791 2c671d7 44787->44791 44796 2c671d8 44787->44796 44792 2c671e6 44791->44792 44795 2c67205 44791->44795 44801 2c662b8 44792->44801 44795->44788 44797 2c671e6 44796->44797 44799 2c67205 44796->44799 44798 2c662b8 FindCloseChangeNotification 44797->44798 44800 2c67201 44798->44800 44799->44788 44800->44788 44802 2c67350 FindCloseChangeNotification 44801->44802 44803 2c67201 44802->44803 44803->44788 44804 2c62b30 44805 2c62b36 44804->44805 44807 2c62a97 44804->44807 44806 2c628a5 44807->44806 44810 2c63288 44807->44810 44816 2c63278 44807->44816 44811 2c6329d 44810->44811 44822 2c63326 44811->44822 44845 2c632b8 44811->44845 44867 2c632c8 44811->44867 44812 2c632af 44812->44807 44817 2c63288 44816->44817 44819 2c63326 12 API calls 44817->44819 44820 2c632c8 12 API calls 44817->44820 44821 2c632b8 12 API calls 44817->44821 44818 2c632af 44818->44807 44819->44818 44820->44818 44821->44818 44823 2c632b4 44822->44823 44825 2c63329 44822->44825 44889 2c63a2a 44823->44889 44894 2c63b6c 44823->44894 44898 2c63b8e 44823->44898 44902 2c637c0 44823->44902 44907 2c63ca3 44823->44907 44912 2c63842 44823->44912 44917 2c63987 44823->44917 44922 2c63d1b 44823->44922 44926 2c636bb 44823->44926 44931 2c6369b 44823->44931 44936 2c63efc 44823->44936 44942 2c63cd2 44823->44942 44946 2c63732 44823->44946 44951 2c639f4 44823->44951 44956 2c63d97 44823->44956 44960 2c63857 44823->44960 44965 2c63fc8 44823->44965 44969 2c63a08 44823->44969 44974 2c6372a 44823->44974 44824 2c63306 44824->44812 44825->44812 44846 2c632c8 44845->44846 44848 2c63987 2 API calls 44846->44848 44849 2c63842 2 API calls 44846->44849 44850 2c63ca3 2 API calls 44846->44850 44851 2c637c0 2 API calls 44846->44851 44852 2c63b8e 2 API calls 44846->44852 44853 2c63b6c 2 API calls 44846->44853 44854 2c63a2a 2 API calls 44846->44854 44855 2c6372a 2 API calls 44846->44855 44856 2c63a08 2 API calls 44846->44856 44857 2c63fc8 2 API calls 44846->44857 44858 2c63857 2 API calls 44846->44858 44859 2c63d97 2 API calls 44846->44859 44860 2c639f4 2 API calls 44846->44860 44861 2c63732 2 API calls 44846->44861 44862 2c63cd2 2 API calls 44846->44862 44863 2c63efc 2 API calls 44846->44863 44864 2c6369b 2 API calls 44846->44864 44865 2c636bb 2 API calls 44846->44865 44866 2c63d1b 2 API calls 44846->44866 44847 2c63306 44847->44812 44848->44847 44849->44847 44850->44847 44851->44847 44852->44847 44853->44847 44854->44847 44855->44847 44856->44847 44857->44847 44858->44847 44859->44847 44860->44847 44861->44847 44862->44847 44863->44847 44864->44847 44865->44847 44866->44847 44868 2c632e2 44867->44868 44870 2c63987 2 API calls 44868->44870 44871 2c63842 2 API calls 44868->44871 44872 2c63ca3 2 API calls 44868->44872 44873 2c637c0 2 API calls 44868->44873 44874 2c63b8e 2 API calls 44868->44874 44875 2c63b6c 2 API calls 44868->44875 44876 2c63a2a 2 API calls 44868->44876 44877 2c6372a 2 API calls 44868->44877 44878 2c63a08 2 API calls 44868->44878 44879 2c63fc8 2 API calls 44868->44879 44880 2c63857 2 API calls 44868->44880 44881 2c63d97 2 API calls 44868->44881 44882 2c639f4 2 API calls 44868->44882 44883 2c63732 2 API calls 44868->44883 44884 2c63cd2 2 API calls 44868->44884 44885 2c63efc 2 API calls 44868->44885 44886 2c6369b 2 API calls 44868->44886 44887 2c636bb 2 API calls 44868->44887 44888 2c63d1b 2 API calls 44868->44888 44869 2c63306 44869->44812 44870->44869 44871->44869 44872->44869 44873->44869 44874->44869 44875->44869 44876->44869 44877->44869 44878->44869 44879->44869 44880->44869 44881->44869 44882->44869 44883->44869 44884->44869 44885->44869 44886->44869 44887->44869 44888->44869 44890 2c63a4d 44889->44890 44980 2c61dc0 44890->44980 44984 2c61db8 44890->44984 44891 2c63e97 44895 2c63baa 44894->44895 44896 2c61dc0 WriteProcessMemory 44895->44896 44897 2c61db8 WriteProcessMemory 44895->44897 44896->44895 44897->44895 44899 2c63baa 44898->44899 44900 2c61dc0 WriteProcessMemory 44899->44900 44901 2c61db8 WriteProcessMemory 44899->44901 44900->44899 44901->44899 44903 2c637c6 44902->44903 44904 2c637f4 44903->44904 44988 2c6243d 44903->44988 44993 2c62448 44903->44993 44904->44824 44908 2c63ce1 44907->44908 44909 2c63cf4 44908->44909 44997 2c61eb0 44908->44997 45001 2c61ea8 44908->45001 44913 2c63880 44912->44913 44916 2c61738 ResumeThread 44913->44916 45006 2c61740 44913->45006 44914 2c638ae 44914->44824 44916->44914 44918 2c63a53 44917->44918 45010 2c61d00 44918->45010 45014 2c61cf8 44918->45014 44919 2c63a74 44919->44824 44923 2c63b98 44922->44923 44924 2c61dc0 WriteProcessMemory 44923->44924 44925 2c61db8 WriteProcessMemory 44923->44925 44924->44923 44925->44923 44927 2c636bd 44926->44927 44929 2c6243d CreateProcessA 44927->44929 44930 2c62448 CreateProcessA 44927->44930 44928 2c637f4 44928->44824 44929->44928 44930->44928 44932 2c636c4 44931->44932 44934 2c6243d CreateProcessA 44932->44934 44935 2c62448 CreateProcessA 44932->44935 44933 2c637f4 44933->44824 44934->44933 44935->44933 44937 2c63e8f 44936->44937 44938 2c63eff 44936->44938 44940 2c61dc0 WriteProcessMemory 44937->44940 44941 2c61db8 WriteProcessMemory 44937->44941 44939 2c63e97 44940->44939 44941->44939 44944 2c61eb0 ReadProcessMemory 44942->44944 44945 2c61ea8 ReadProcessMemory 44942->44945 44943 2c63cf4 44944->44943 44945->44943 44947 2c6369f 44946->44947 44949 2c6243d CreateProcessA 44947->44949 44950 2c62448 CreateProcessA 44947->44950 44948 2c637f4 44948->44824 44949->44948 44950->44948 44952 2c63c31 44951->44952 45019 2c617f0 44952->45019 45023 2c617e9 44952->45023 44953 2c63a23 44953->44824 44958 2c61dc0 WriteProcessMemory 44956->44958 44959 2c61db8 WriteProcessMemory 44956->44959 44957 2c6381c 44957->44824 44958->44957 44959->44957 44961 2c6385d 44960->44961 44962 2c638ae 44961->44962 44963 2c61740 ResumeThread 44961->44963 44964 2c61738 ResumeThread 44961->44964 44962->44824 44963->44962 44964->44962 44967 2c617f0 Wow64SetThreadContext 44965->44967 44968 2c617e9 Wow64SetThreadContext 44965->44968 44966 2c63fe2 44967->44966 44968->44966 44970 2c63a4c 44969->44970 44972 2c61d00 VirtualAllocEx 44970->44972 44973 2c61cf8 VirtualAllocEx 44970->44973 44971 2c63a74 44971->44824 44972->44971 44973->44971 44975 2c636bd 44974->44975 44976 2c6424a 44975->44976 44978 2c6243d CreateProcessA 44975->44978 44979 2c62448 CreateProcessA 44975->44979 44976->44824 44977 2c637f4 44977->44824 44978->44977 44979->44977 44981 2c61e08 WriteProcessMemory 44980->44981 44983 2c61e5f 44981->44983 44983->44891 44985 2c61dc0 WriteProcessMemory 44984->44985 44987 2c61e5f 44985->44987 44987->44891 44989 2c6240c 44988->44989 44990 2c62447 CreateProcessA 44988->44990 44992 2c62693 44990->44992 44994 2c624d1 CreateProcessA 44993->44994 44996 2c62693 44994->44996 44996->44996 44998 2c61efb ReadProcessMemory 44997->44998 45000 2c61f3f 44998->45000 45000->44909 45002 2c61e74 45001->45002 45003 2c61eaf ReadProcessMemory 45001->45003 45002->44909 45005 2c61f3f 45003->45005 45005->44909 45007 2c61780 ResumeThread 45006->45007 45009 2c617b1 45007->45009 45009->44914 45011 2c61d40 VirtualAllocEx 45010->45011 45013 2c61d7d 45011->45013 45013->44919 45015 2c61cc4 45014->45015 45016 2c61cff VirtualAllocEx 45014->45016 45015->44919 45018 2c61d7d 45016->45018 45018->44919 45020 2c61835 Wow64SetThreadContext 45019->45020 45022 2c6187d 45020->45022 45022->44953 45024 2c617f0 Wow64SetThreadContext 45023->45024 45026 2c6187d 45024->45026 45026->44953 44650 108ff40 44653 1085cec 44650->44653 44652 108ff6e 44654 1085cf7 44653->44654 44656 10885cb 44654->44656 44659 108ac83 44654->44659 44655 1088609 44655->44652 44656->44655 44663 108cd70 44656->44663 44667 108aca8 44659->44667 44672 108acb0 44659->44672 44660 108ac8e 44660->44656 44664 108cd91 44663->44664 44665 108cdb5 44664->44665 44698 108cf20 44664->44698 44665->44655 44668 108acb0 44667->44668 44676 108ada8 44668->44676 44681 108ada3 44668->44681 44669 108acbf 44669->44660 44674 108ada8 LoadLibraryExW 44672->44674 44675 108ada3 LoadLibraryExW 44672->44675 44673 108acbf 44673->44660 44674->44673 44675->44673 44677 108adb9 44676->44677 44678 108add4 44676->44678 44677->44678 44686 108b03f 44677->44686 44690 108b040 44677->44690 44678->44669 44682 108adb9 44681->44682 44683 108add4 44681->44683 44682->44683 44684 108b03f LoadLibraryExW 44682->44684 44685 108b040 LoadLibraryExW 44682->44685 44683->44669 44684->44683 44685->44683 44687 108b054 44686->44687 44688 108b079 44687->44688 44694 108a168 44687->44694 44688->44678 44691 108b054 44690->44691 44692 108a168 LoadLibraryExW 44691->44692 44693 108b079 44691->44693 44692->44693 44693->44678 44695 108b220 LoadLibraryExW 44694->44695 44697 108b299 44695->44697 44697->44688 44699 108cf2d 44698->44699 44701 108cf67 44699->44701 44702 108b780 44699->44702 44701->44665 44704 108b78b 44702->44704 44703 108dc78 44704->44703 44706 108d084 44704->44706 44707 108d08f 44706->44707 44708 1085cec LoadLibraryExW 44707->44708 44709 108dce7 44708->44709 44709->44703

              Executed Functions

              Function 02D37D58 Relevance: .6, Instructions: 592COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452663190.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d30000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 04273bf5e29ae830da8d3ee28d0c7aa39f5d57979535e6b8c07705860ce0a1b9
              • Instruction ID: 51fd75b82e22f1528fd971e73ccc37ed6e6fb1e9cbc7e21a62c8ad8271d548d4
              • Opcode Fuzzy Hash: 04273bf5e29ae830da8d3ee28d0c7aa39f5d57979535e6b8c07705860ce0a1b9
              • Instruction Fuzzy Hash: C7526B34A003058FDB14DF28C844B99B7B2FF89314F2582A9D5586F3A2DB71AD82CF81
              Function 02D3AEB0 Relevance: .6, Instructions: 579COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452663190.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d30000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e7e1d3285d93a784319d3742397b917bcdfabc135f1317785bb8a5f923b68a27
              • Instruction ID: 4514e96b5d9e1c3705321ef5cd2c7268d7d3fbb584a38adf6927a3c8f9ed9cc6
              • Opcode Fuzzy Hash: e7e1d3285d93a784319d3742397b917bcdfabc135f1317785bb8a5f923b68a27
              • Instruction Fuzzy Hash: 83526B34A003458FDB15DF28C844B99B7B2FF89314F2582A9D5586F3A2DB71AD82CF81
              Function 02D7BB70 Relevance: .4, Instructions: 382COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c3a18a2399cd21a56dff18833c657bb9389f256aee42d22bc202374c3d59b25
              • Instruction ID: 6e28a28b5bb8b84032f2b3c3b84083ddb9a00e7c6a4c60bf320e390138dc50da
              • Opcode Fuzzy Hash: 9c3a18a2399cd21a56dff18833c657bb9389f256aee42d22bc202374c3d59b25
              • Instruction Fuzzy Hash: 0012B57591061A8FCB10DF68C880AE9F7B1FF59300F15C6AAD858A7311EB74AAC5CF90
              Function 02D7BB60 Relevance: .4, Instructions: 376COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 39726e7d980c0768808e4cb7f554843cabddf092a7d5a29226fd2d9e3610d464
              • Instruction ID: da3a150ebca521959ce0b3ec3a1f080f6a82c0d6a7ecbadea04e4a9e886310e0
              • Opcode Fuzzy Hash: 39726e7d980c0768808e4cb7f554843cabddf092a7d5a29226fd2d9e3610d464
              • Instruction Fuzzy Hash: 9612A37590061A8FCB14DF68C880AD9F7B1FF99300F15C6AAD859A7311EB74AAC5CF90
              Function 02D7F075 Relevance: .3, Instructions: 254COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 62c66789c257dc78aa6ee7014633415d381469b6ba2bddca67e065994594f49c
              • Instruction ID: 663bea5f90d705dd57de7f76ef120232b17baf9864e29b557b3b603c1d3bca0d
              • Opcode Fuzzy Hash: 62c66789c257dc78aa6ee7014633415d381469b6ba2bddca67e065994594f49c
              • Instruction Fuzzy Hash: CD911530A252848FC714CB74C856AEEBBF2EF85340F19C0AAD8819B361D735ED0ADB51
              Function 02D7F3C0 Relevance: .2, Instructions: 238COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ff2bf46304ed0464516579f23a2e290b8d14dbf1b5bbd58d9e390e99c0f774cf
              • Instruction ID: 0ba413635bfe572d77701b937a3e572604a0bc81a18e21469173c130df2f78d3
              • Opcode Fuzzy Hash: ff2bf46304ed0464516579f23a2e290b8d14dbf1b5bbd58d9e390e99c0f774cf
              • Instruction Fuzzy Hash: 34810730A252858FDB05CB74C8526FEFFB2EF85340F1480AAD881AB752DA359D07DB91
              Function 02D7F2FB Relevance: .2, Instructions: 235COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5dbcb477f84a80fb93fe2baebd1a1b1ef453b6b15953d50408b2262ba9abca10
              • Instruction ID: d34f83ce277797dbf57f1dbbcc12ee3fd994324b5236f863220892e3d708230a
              • Opcode Fuzzy Hash: 5dbcb477f84a80fb93fe2baebd1a1b1ef453b6b15953d50408b2262ba9abca10
              • Instruction Fuzzy Hash: 49812630A252858FD705CB7488566EEBFF2EF89380F1480ABD8819B752D6369D0BDB41
              Function 02D7EFAC Relevance: .2, Instructions: 234COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f5b4c7301f07a6b942be945baa2a6286b1ac8a81197254dfedfa88bd4675a4e
              • Instruction ID: 1733cfad2ce0fc8888d1cfa3b8265893641257014d59536d59086e720c3654ef
              • Opcode Fuzzy Hash: 2f5b4c7301f07a6b942be945baa2a6286b1ac8a81197254dfedfa88bd4675a4e
              • Instruction Fuzzy Hash: 68814730B252858FDB048B7488526EEBFB2EF85340F1880BBD981DB351DA369D0BD751
              Function 02D7EFE5 Relevance: .2, Instructions: 232COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99aa197d84d46c64d418a092c2c60088f1d33368c5b142397ff75b743e024b74
              • Instruction ID: b58aa43793200d34a679c10a570b16f5ef21b99888519d924b3b3cf6a7c6a22a
              • Opcode Fuzzy Hash: 99aa197d84d46c64d418a092c2c60088f1d33368c5b142397ff75b743e024b74
              • Instruction Fuzzy Hash: 77812630A252858FDB058B7488526FEBFB2EF85380F1880ABD981DB751DA359D0BD751
              Function 02D7F5E3 Relevance: .2, Instructions: 226COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 36c205c89515ac77616dbc8f031f278ece4120af2da9fce50b07f449f5d28b57
              • Instruction ID: 019d90cc2259935d0c2eb2b5818fdaa67ce7bf6e081630b99d571c9b1094f97a
              • Opcode Fuzzy Hash: 36c205c89515ac77616dbc8f031f278ece4120af2da9fce50b07f449f5d28b57
              • Instruction Fuzzy Hash: 31813930B252858FD7058B7488566EEBFB2EF85380F1480BBD881DB761D6369D0BD751
              Function 02D7F578 Relevance: .2, Instructions: 226COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e58904aaab84fe5ffc363f1de023c4721636f0d5f6d7add304604dc6ba4e7959
              • Instruction ID: 3d28d021774be76ceaee75c9471b23a5c393fb465192bd76ea6032f7f04d59fd
              • Opcode Fuzzy Hash: e58904aaab84fe5ffc363f1de023c4721636f0d5f6d7add304604dc6ba4e7959
              • Instruction Fuzzy Hash: 0A812630B252858FD7058B7488666EEBFB2EF85380F1880BBD881DB751D6369D0BDB51
              Function 02D7F514 Relevance: .2, Instructions: 226COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 98a2ad80b1b69056e1cb0ae5b745df9f15330f213e2ad29b9af3ce51a48d8d85
              • Instruction ID: fbeb6b4a0bab97ebd0775782800f4ff103db8cbdfb2ad5b444eab0ad4987fd1b
              • Opcode Fuzzy Hash: 98a2ad80b1b69056e1cb0ae5b745df9f15330f213e2ad29b9af3ce51a48d8d85
              • Instruction Fuzzy Hash: 1B813630A252858FD7058B7488566EEBFF2EF85380F1880BBD881DB751D6369D0BDB51
              Function 02D7F28B Relevance: .2, Instructions: 224COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4197eddf964caa2bfb4509ec68b7100bd8e769d7c2bf66b7366d6fa2514f7c33
              • Instruction ID: 3011123ac8c697000bc921a97f0b5fbd80c78f37c68a223ba4d01d997cfd7d64
              • Opcode Fuzzy Hash: 4197eddf964caa2bfb4509ec68b7100bd8e769d7c2bf66b7366d6fa2514f7c33
              • Instruction Fuzzy Hash: 7D714830B262858FD7058B7488566EEBFB2EF85380F1480BBD881DB761DA369D0BD741
              Function 02D7F254 Relevance: .2, Instructions: 224COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3dc859706bf6ab63aa5d8b886ccc74a81ffcd47fce709fe0908fc35e40d1c8ee
              • Instruction ID: 3890831dae097e9fe0c60f84ca178cc262a2ea91d744437451707ccf06b014b2
              • Opcode Fuzzy Hash: 3dc859706bf6ab63aa5d8b886ccc74a81ffcd47fce709fe0908fc35e40d1c8ee
              • Instruction Fuzzy Hash: 05713730B252858FDB058B7488526EEBFB2EF85380F1880BBD981DB751DA369D0BD741
              Function 02D7F21D Relevance: .2, Instructions: 224COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a6857b347da4b135698e0c88081f605cb297edf567b1b162f6f2e4162ced5e02
              • Instruction ID: 401e6ac3853d838144dc96a2e65f5616f3b0e74c9fbf163e473b278c5d940786
              • Opcode Fuzzy Hash: a6857b347da4b135698e0c88081f605cb297edf567b1b162f6f2e4162ced5e02
              • Instruction Fuzzy Hash: F6714830B262858FD7058B7488566EEBFB2EF85380F1880BBD981DB751D6369D0BDB41
              Function 02D7F1E6 Relevance: .2, Instructions: 224COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53fef7d10b109cb1d6d872d5da1db415267a756d873357ecdedfabe8953a6fa2
              • Instruction ID: 0e69f3065f6e4cf9aa7257805526e91fbfb41b01ad8addb76d74a53f2820fb31
              • Opcode Fuzzy Hash: 53fef7d10b109cb1d6d872d5da1db415267a756d873357ecdedfabe8953a6fa2
              • Instruction Fuzzy Hash: 89713830B252858FD7058B7488526EEBFB2EF89380F1480BBD881DB751D6369D0BDB51
              Function 02D7F4DD Relevance: .2, Instructions: 224COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b777d41206961c0b46b7242d3f4e2dfe9cd7f93492178978f3ee089dcb32e74b
              • Instruction ID: 83f658c5fba332984bb833736aed4394d637d0630a48027bba74a37fd93b8103
              • Opcode Fuzzy Hash: b777d41206961c0b46b7242d3f4e2dfe9cd7f93492178978f3ee089dcb32e74b
              • Instruction Fuzzy Hash: 00712730A262858FD7058B7488526EEBFF2EF89380F1480BBD8819B751D6369D0BD751
              Function 02D7F484 Relevance: .2, Instructions: 224COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 808fc6c7756dc6149389cd2b7b425ab0ab57600baebd51e75460bfe7c50c1911
              • Instruction ID: b992a7fbe7a25769f7ded61e0b72157828ddc32a25aba0bfaef4c4601c711716
              • Opcode Fuzzy Hash: 808fc6c7756dc6149389cd2b7b425ab0ab57600baebd51e75460bfe7c50c1911
              • Instruction Fuzzy Hash: 23713830B262858FD7058B7488566EEBFB2EF85380F1880BBD981DB751D6369D0BD741
              Function 02D7F618 Relevance: .2, Instructions: 222COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5160e4edcc141931cc6a90864b34187e8eb594298bd7213836cd686be0c1367b
              • Instruction ID: 629613351df9d900d709454f3baecefc24863960ada72980d118965f93b3b6ae
              • Opcode Fuzzy Hash: 5160e4edcc141931cc6a90864b34187e8eb594298bd7213836cd686be0c1367b
              • Instruction Fuzzy Hash: DB712730A252854FDB058B7488626FEBFB2EF85380F1880ABD9819B751DA369D0BD751
              Function 02D7F5B9 Relevance: .2, Instructions: 221COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7c29cadc4b4b0900ea7452b5ec2d7352adcc325de02a9b78a8f0c72065b090f6
              • Instruction ID: 883db0c454740837db9f99aa4d4643d2fe1069815969b29af80d9677b4a4563d
              • Opcode Fuzzy Hash: 7c29cadc4b4b0900ea7452b5ec2d7352adcc325de02a9b78a8f0c72065b090f6
              • Instruction Fuzzy Hash: 94712830B252854FDB058B7488626FEBFB2EF85380F1880ABD9819B751DA369D0BD751
              Function 02D7F2C2 Relevance: .2, Instructions: 220COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 053b4c86a42252feb8061141c98475d387113946748ca39bd09fcc6f2223359b
              • Instruction ID: 60abd35cf2c33e1b1dc9fd6bdc9411e5d857317a74ddaa377b796f8bc4ab3a5e
              • Opcode Fuzzy Hash: 053b4c86a42252feb8061141c98475d387113946748ca39bd09fcc6f2223359b
              • Instruction Fuzzy Hash: A8711630B252854FDB058B7488626EEBFB2EF85380F1880BBD981DB751DA369D0BD751
              Function 02D7F11E Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ee2ee52b250bb61f63486d2ef95c6c64c8f5207af5e963d9d787fb5d738de1c7
              • Instruction ID: 0ec4111520d9ce6004518eb80563167f73d7a77eefe44961c724ea6091c04350
              • Opcode Fuzzy Hash: ee2ee52b250bb61f63486d2ef95c6c64c8f5207af5e963d9d787fb5d738de1c7
              • Instruction Fuzzy Hash: 09712830B252858FDB058B7488526EEBFB2EF85380F1880BBD981DB751DA369D0BD751
              Function 02D7F718 Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 84b19ac4f9eee8d54fc0bb31ac04579357491fb016d246a705a2ca560916f0c2
              • Instruction ID: adb62a40a354bb7d2c4433528ccfbc09a3bdded46086f0472d36fb8cb36aacdb
              • Opcode Fuzzy Hash: 84b19ac4f9eee8d54fc0bb31ac04579357491fb016d246a705a2ca560916f0c2
              • Instruction Fuzzy Hash: FD41E175B101198FDB18DBA9C8556BEBBB7FBC8300F21812AE502EB790DA34CD01DB91
              Function 02D7FBC8 Relevance: .1, Instructions: 109COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 70bb01bd78b2ffd979dac5ed3b7ce16e7cd432ad480e1984887a54dcb74f474a
              • Instruction ID: a2d60a1ca146811113d653fa7b6c8be861870a66b7c3e4d4e9c3275f160aac71
              • Opcode Fuzzy Hash: 70bb01bd78b2ffd979dac5ed3b7ce16e7cd432ad480e1984887a54dcb74f474a
              • Instruction Fuzzy Hash: 974103B5A042158FCB14CFA9E5C15BEBBF3AB88200F11846BE845EB790D238CD52CB91
              Function 02C6243D Relevance: 1.8, APIs: 1, Instructions: 251processCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 512 2c6243d-2c62445 513 2c62447-2c624dd 512->513 514 2c6240c-2c62417 512->514 516 2c62516-2c62536 513->516 517 2c624df-2c624e9 513->517 525 2c6256f-2c6259e 516->525 526 2c62538-2c62542 516->526 517->516 519 2c624eb-2c624ed 517->519 520 2c62510-2c62513 519->520 521 2c624ef-2c624f9 519->521 520->516 523 2c624fd-2c6250c 521->523 524 2c624fb 521->524 523->523 527 2c6250e 523->527 524->523 534 2c625d7-2c62691 CreateProcessA 525->534 535 2c625a0-2c625aa 525->535 526->525 528 2c62544-2c62546 526->528 527->520 529 2c62548-2c62552 528->529 530 2c62569-2c6256c 528->530 532 2c62556-2c62565 529->532 533 2c62554 529->533 530->525 532->532 536 2c62567 532->536 533->532 546 2c62693-2c62699 534->546 547 2c6269a-2c62720 534->547 535->534 537 2c625ac-2c625ae 535->537 536->530 539 2c625b0-2c625ba 537->539 540 2c625d1-2c625d4 537->540 541 2c625be-2c625cd 539->541 542 2c625bc 539->542 540->534 541->541 544 2c625cf 541->544 542->541 544->540 546->547 557 2c62722-2c62726 547->557 558 2c62730-2c62734 547->558 557->558 559 2c62728 557->559 560 2c62736-2c6273a 558->560 561 2c62744-2c62748 558->561 559->558 560->561 562 2c6273c 560->562 563 2c6274a-2c6274e 561->563 564 2c62758-2c6275c 561->564 562->561 563->564 565 2c62750 563->565 566 2c6276e-2c62775 564->566 567 2c6275e-2c62764 564->567 565->564 568 2c62777-2c62786 566->568 569 2c6278c 566->569 567->566 568->569 571 2c6278d 569->571 571->571
              APIs
              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02C6267E
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: 17df93d9420d45458aca1f523b3989a97ca554b3161f14448bc2ecc8c7344573
              • Instruction ID: e5cfd7e894e7a4155ec1503d936842189479f453675d473d545f7737960e4cf4
              • Opcode Fuzzy Hash: 17df93d9420d45458aca1f523b3989a97ca554b3161f14448bc2ecc8c7344573
              • Instruction Fuzzy Hash: E3A15B71D00619CFEB20DF68C895BEDBBB2BF84314F1485A9D849A7240DB749A85CF92
              Function 02C62448 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 572 2c62448-2c624dd 574 2c62516-2c62536 572->574 575 2c624df-2c624e9 572->575 582 2c6256f-2c6259e 574->582 583 2c62538-2c62542 574->583 575->574 576 2c624eb-2c624ed 575->576 577 2c62510-2c62513 576->577 578 2c624ef-2c624f9 576->578 577->574 580 2c624fd-2c6250c 578->580 581 2c624fb 578->581 580->580 584 2c6250e 580->584 581->580 591 2c625d7-2c62691 CreateProcessA 582->591 592 2c625a0-2c625aa 582->592 583->582 585 2c62544-2c62546 583->585 584->577 586 2c62548-2c62552 585->586 587 2c62569-2c6256c 585->587 589 2c62556-2c62565 586->589 590 2c62554 586->590 587->582 589->589 593 2c62567 589->593 590->589 603 2c62693-2c62699 591->603 604 2c6269a-2c62720 591->604 592->591 594 2c625ac-2c625ae 592->594 593->587 596 2c625b0-2c625ba 594->596 597 2c625d1-2c625d4 594->597 598 2c625be-2c625cd 596->598 599 2c625bc 596->599 597->591 598->598 601 2c625cf 598->601 599->598 601->597 603->604 614 2c62722-2c62726 604->614 615 2c62730-2c62734 604->615 614->615 616 2c62728 614->616 617 2c62736-2c6273a 615->617 618 2c62744-2c62748 615->618 616->615 617->618 619 2c6273c 617->619 620 2c6274a-2c6274e 618->620 621 2c62758-2c6275c 618->621 619->618 620->621 622 2c62750 620->622 623 2c6276e-2c62775 621->623 624 2c6275e-2c62764 621->624 622->621 625 2c62777-2c62786 623->625 626 2c6278c 623->626 624->623 625->626 628 2c6278d 626->628 628->628
              APIs
              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02C6267E
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: 4decaeb82739b6d81eb3fdfeb898f8df2e9d9b391a6f784bdc5cef0c00e7f9fb
              • Instruction ID: 8fbe0247caee678437e6bffa6cb8eee7946574df5515226fca76bf234c5b4e55
              • Opcode Fuzzy Hash: 4decaeb82739b6d81eb3fdfeb898f8df2e9d9b391a6f784bdc5cef0c00e7f9fb
              • Instruction Fuzzy Hash: C9915B71D0061ACFEB20DF68C895BEDBBB2BF84314F148569D849A7240DB749A85CF92
              Function 010844E0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1141 10844e0-10859d9 CreateActCtxA 1144 10859db-10859e1 1141->1144 1145 10859e2-1085a3c 1141->1145 1144->1145 1152 1085a4b-1085a4f 1145->1152 1153 1085a3e-1085a41 1145->1153 1154 1085a60 1152->1154 1155 1085a51-1085a5d 1152->1155 1153->1152 1157 1085a61 1154->1157 1155->1154 1157->1157
              APIs
              • CreateActCtxA.KERNEL32(?), ref: 010859C9
              Memory Dump Source
              • Source File: 00000000.00000002.1452070302.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_1080000_payment details.jbxd
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: b1890bdb9c495b64278e132a7a3b9b9e9804b11f5ec55a38528139fdaa8203a9
              • Instruction ID: 4229b15f137788b2a8bdedd2c859d751a692f470f1246c1cc25f65c9afda6905
              • Opcode Fuzzy Hash: b1890bdb9c495b64278e132a7a3b9b9e9804b11f5ec55a38528139fdaa8203a9
              • Instruction Fuzzy Hash: 8641E0B1C04719CBEB24DFA9C88479EBBF5BF89704F20806AD448AB251DB755945CF90
              Function 02D34050 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1174 2d34050-2d3408c 1175 2d34092-2d34097 1174->1175 1176 2d3413c-2d3415c 1174->1176 1177 2d340ea-2d34122 CallWindowProcW 1175->1177 1178 2d34099-2d340d0 1175->1178 1182 2d3415f-2d3416c 1176->1182 1179 2d34124-2d3412a 1177->1179 1180 2d3412b-2d3413a 1177->1180 1185 2d340d2-2d340d8 1178->1185 1186 2d340d9-2d340e8 1178->1186 1179->1180 1180->1182 1185->1186 1186->1182
              APIs
              • CallWindowProcW.USER32(?,?,?,?,?), ref: 02D34111
              Memory Dump Source
              • Source File: 00000000.00000002.1452663190.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d30000_payment details.jbxd
              Similarity
              • API ID: CallProcWindow
              • String ID:
              • API String ID: 2714655100-0
              • Opcode ID: 8d3eabe296670e474c20fee20ab32612d0bbe08805570503921fee6907250f11
              • Instruction ID: 8f50e45820a72702d15f54864e7e2f2886350e55c838b59002e2d58502dac93e
              • Opcode Fuzzy Hash: 8d3eabe296670e474c20fee20ab32612d0bbe08805570503921fee6907250f11
              • Instruction Fuzzy Hash: E34149B8A00709CFCB15CF99C448B9ABBF5FF88314F248499D519AB321D374A841CFA0
              Function 01085917 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1158 1085917-10859d9 CreateActCtxA 1160 10859db-10859e1 1158->1160 1161 10859e2-1085a3c 1158->1161 1160->1161 1168 1085a4b-1085a4f 1161->1168 1169 1085a3e-1085a41 1161->1169 1170 1085a60 1168->1170 1171 1085a51-1085a5d 1168->1171 1169->1168 1173 1085a61 1170->1173 1171->1170 1173->1173
              APIs
              • CreateActCtxA.KERNEL32(?), ref: 010859C9
              Memory Dump Source
              • Source File: 00000000.00000002.1452070302.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_1080000_payment details.jbxd
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: 16e89c915b6d94f728c544f83f0114025f0fc285165a7f3d3b8838d5199a8a97
              • Instruction ID: ccd9b3c917d9dd6cca66aa162ad76cd04c79cd1d9041aa183b86414f8e15a8c6
              • Opcode Fuzzy Hash: 16e89c915b6d94f728c544f83f0114025f0fc285165a7f3d3b8838d5199a8a97
              • Instruction Fuzzy Hash: 3B41DDB1C00719CEEB24DFA9C884B9EBBB5BF88704F20816AD448AB250DB715946CF50
              Function 02C61738 Relevance: 1.6, APIs: 1, Instructions: 87threadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1188 2c61738-2c6173d 1189 2c61704-2c61715 1188->1189 1190 2c6173f-2c61783 1188->1190 1191 2c61717-2c61719 1189->1191 1192 2c616a2-2c616bc 1189->1192 1197 2c6178a-2c617af ResumeThread 1190->1197 1196 2c61721-2c6172a 1191->1196 1194 2c6172e 1192->1194 1195 2c616be-2c616d1 1192->1195 1194->1188 1198 2c617b1-2c617b7 1197->1198 1199 2c617b8-2c617dd 1197->1199 1198->1199
              APIs
              • ResumeThread.KERNELBASE(?), ref: 02C617A2
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID: ResumeThread
              • String ID:
              • API String ID: 947044025-0
              • Opcode ID: 955a72af26d19afd5e1fe60cecdc49586d476672789ddda8a0de29f98648410b
              • Instruction ID: b0266386b5521e8058165f1239a44bfe1863a14af09116ec74f615323292e58f
              • Opcode Fuzzy Hash: 955a72af26d19afd5e1fe60cecdc49586d476672789ddda8a0de29f98648410b
              • Instruction Fuzzy Hash: F231DC71D002488FDB20CFAAC4857EEBBF1EF89214F18809AD809AB311CB359A05CF91
              Function 02C61EA8 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1204 2c61ea8-2c61ead 1205 2c61e74-2c61e96 1204->1205 1206 2c61eaf-2c61f3d ReadProcessMemory 1204->1206 1210 2c61f46-2c61f76 1206->1210 1211 2c61f3f-2c61f45 1206->1211 1211->1210
              APIs
              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02C61F30
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID: MemoryProcessRead
              • String ID:
              • API String ID: 1726664587-0
              • Opcode ID: 6b7ef040523d74d40872d7a441a48a78f7de423148099e58676eeb089559d23f
              • Instruction ID: 8e753073a58900b4be04a713324cb3798668dbb2667613fadec127a1bbb114c8
              • Opcode Fuzzy Hash: 6b7ef040523d74d40872d7a441a48a78f7de423148099e58676eeb089559d23f
              • Instruction Fuzzy Hash: F6314A72D002499FDB10CFA9C8817EEBBB5FF88320F54842AE558A3241C7759915DF60
              Function 02C61CF8 Relevance: 1.6, APIs: 1, Instructions: 71memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1215 2c61cf8-2c61cfd 1216 2c61cc4-2c61cc8 1215->1216 1217 2c61cff-2c61d7b VirtualAllocEx 1215->1217 1218 2c61cd2 1216->1218 1219 2c61cca-2c61cd0 1216->1219 1224 2c61d84-2c61da9 1217->1224 1225 2c61d7d-2c61d83 1217->1225 1220 2c61cd5-2c61cea 1218->1220 1219->1220 1225->1224
              APIs
              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02C61D6E
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: 22850d8b84cc5ad01adc08d61239f6bb9ff57f75cd87f7ec7037c238c86a8336
              • Instruction ID: 0fed1a5c04ed14e8a85dbd08cc082b187d36faf4882e85091e5f04a5c5825fe6
              • Opcode Fuzzy Hash: 22850d8b84cc5ad01adc08d61239f6bb9ff57f75cd87f7ec7037c238c86a8336
              • Instruction Fuzzy Hash: CA2155719002498FDF21CFAAC884BEEBBF1EF88320F14841AD559A7250C7799911CFA0
              Function 02C61DB8 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1230 2c61db8-2c61e0e 1233 2c61e10-2c61e1c 1230->1233 1234 2c61e1e-2c61e5d WriteProcessMemory 1230->1234 1233->1234 1236 2c61e66-2c61e96 1234->1236 1237 2c61e5f-2c61e65 1234->1237 1237->1236
              APIs
              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02C61E50
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID: MemoryProcessWrite
              • String ID:
              • API String ID: 3559483778-0
              • Opcode ID: 0de617e6f262966bb12c0f486159df2429963e7d54b036f5e354fb339a659fde
              • Instruction ID: 3fef3ceb9254aebca2f8146b6eaa44fb9790f3ec555328218d21886205e38e15
              • Opcode Fuzzy Hash: 0de617e6f262966bb12c0f486159df2429963e7d54b036f5e354fb339a659fde
              • Instruction Fuzzy Hash: 5F2117B59003499FDB10DFAAC885BEEBBF5FF48310F148429E958A7340C7789954DBA4
              Function 02C61DC0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1241 2c61dc0-2c61e0e 1243 2c61e10-2c61e1c 1241->1243 1244 2c61e1e-2c61e5d WriteProcessMemory 1241->1244 1243->1244 1246 2c61e66-2c61e96 1244->1246 1247 2c61e5f-2c61e65 1244->1247 1247->1246
              APIs
              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02C61E50
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID: MemoryProcessWrite
              • String ID:
              • API String ID: 3559483778-0
              • Opcode ID: 0073e963814b7c9c0d0c066e735687758ce1dbc48822f8b81923bb1b928a4fd5
              • Instruction ID: ab1f7a1dbed81debaf5a64caa00486e210354e61d99b94796bce54f729ad00e1
              • Opcode Fuzzy Hash: 0073e963814b7c9c0d0c066e735687758ce1dbc48822f8b81923bb1b928a4fd5
              • Instruction Fuzzy Hash: 372128759003499FDB10DFAAC885BEEBBF5FF48310F148429E958A7340C7789954CBA0
              Function 02C617E9 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1257 2c617e9-2c6183b 1260 2c6183d-2c61849 1257->1260 1261 2c6184b-2c6187b Wow64SetThreadContext 1257->1261 1260->1261 1263 2c61884-2c618b4 1261->1263 1264 2c6187d-2c61883 1261->1264 1264->1263
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02C6186E
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: d334f7dbd9d47479f71f51036bf08c8b7651b0329fd30109b86981ca3d0b680d
              • Instruction ID: 49760263d35cea0be9f12191794078191ae88765ef3da24f4a24a7c5e5b54910
              • Opcode Fuzzy Hash: d334f7dbd9d47479f71f51036bf08c8b7651b0329fd30109b86981ca3d0b680d
              • Instruction Fuzzy Hash: 752137B1D003098FDB10DFAAC8857AEBBF4AF88324F14842AD559A7340CB789945CFA5
              Function 0108B790 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1251 108b790-108d714 DuplicateHandle 1253 108d71d-108d73a 1251->1253 1254 108d716-108d71c 1251->1254 1254->1253
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0108D646,?,?,?,?,?), ref: 0108D707
              Memory Dump Source
              • Source File: 00000000.00000002.1452070302.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_1080000_payment details.jbxd
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 484217146dea42ee8ed28ff6f92b186f1527cb5fe8b09caa395150851dfcf831
              • Instruction ID: 3758d9eac9a90f32fb3a3aaeee91e0c220a9b730be96a80a8a6b654bcbdb2c39
              • Opcode Fuzzy Hash: 484217146dea42ee8ed28ff6f92b186f1527cb5fe8b09caa395150851dfcf831
              • Instruction Fuzzy Hash: 2C2103B590024C9FDB10DFAAD884ADEBBF8FB48310F14841AE958A3350D374A950CFA4
              Function 02C61EB0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
              Download Yara Rule
              APIs
              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02C61F30
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID: MemoryProcessRead
              • String ID:
              • API String ID: 1726664587-0
              • Opcode ID: e1b0c8b04746d21ed6ffab42f3921ee368e8f22f12a7a549d06dcad70125d3e3
              • Instruction ID: 6c6d62df9fec76847c0090b19e21ba59995250b9848357ea69cde70b1ed31405
              • Opcode Fuzzy Hash: e1b0c8b04746d21ed6ffab42f3921ee368e8f22f12a7a549d06dcad70125d3e3
              • Instruction Fuzzy Hash: 272128B1D003499FDB10DFAAC885BEEBBF5FF48310F54842AE558A7240C7799510CBA5
              Function 02C617F0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1268 2c617f0-2c6183b 1270 2c6183d-2c61849 1268->1270 1271 2c6184b-2c6187b Wow64SetThreadContext 1268->1271 1270->1271 1273 2c61884-2c618b4 1271->1273 1274 2c6187d-2c61883 1271->1274 1274->1273
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02C6186E
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: c33233ce18237dc6da46a1dccf30cd63ed3661600ac35caff5e1d11993ed7139
              • Instruction ID: c61666937cbf05e650798d74f3e8259f24eee9f4d54163e9604288c49f04390d
              • Opcode Fuzzy Hash: c33233ce18237dc6da46a1dccf30cd63ed3661600ac35caff5e1d11993ed7139
              • Instruction Fuzzy Hash: 45211571D003098FDB14DFAAC4857EEBBF4AF88224F14842AD559A7340DB789A45CFA5
              Function 0108A168 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0108B079,00000800,00000000,00000000), ref: 0108B28A
              Memory Dump Source
              • Source File: 00000000.00000002.1452070302.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_1080000_payment details.jbxd
              Similarity
              • API ID: LibraryLoad
              • String ID:
              • API String ID: 1029625771-0
              • Opcode ID: d2568d8eef4f645534f1c3ec92f59952b78663de57a23641cd2dd3c724f42e99
              • Instruction ID: dd9b0bdfdb2996fc9c3eb22b17e218a5bd00871cb74d59f2389d3988688402d3
              • Opcode Fuzzy Hash: d2568d8eef4f645534f1c3ec92f59952b78663de57a23641cd2dd3c724f42e99
              • Instruction Fuzzy Hash: A61114B69043498FDB10DF9AC444BDEFBF4EB88720F10842ED559A7210C375A945CFA5
              Function 02C61D00 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02C61D6E
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: cabe7d3603c949004e25bc046cf73a0cbba22ef052748b35b5786208882501ed
              • Instruction ID: 162c7d980e838e64c1da3759c9c1bc64a301042c7e26c02851c57dab629c654d
              • Opcode Fuzzy Hash: cabe7d3603c949004e25bc046cf73a0cbba22ef052748b35b5786208882501ed
              • Instruction Fuzzy Hash: 9B1137759003499FDB10DFAAC845BEFBBF5EF88320F148819E519A7250C7759950CFA0
              Function 0108B21B Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0108B079,00000800,00000000,00000000), ref: 0108B28A
              Memory Dump Source
              • Source File: 00000000.00000002.1452070302.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_1080000_payment details.jbxd
              Similarity
              • API ID: LibraryLoad
              • String ID:
              • API String ID: 1029625771-0
              • Opcode ID: e231916046c89e333f083de9402489e336c9d4f1af61868f1d82ffc7db5c816c
              • Instruction ID: 583f0cceb9076e0d3a891bed1ca84b61206f3b891ceb40c5a6dfac6edae183b3
              • Opcode Fuzzy Hash: e231916046c89e333f083de9402489e336c9d4f1af61868f1d82ffc7db5c816c
              • Instruction Fuzzy Hash: CC111FB68042499FDB14DFAAC444BDEFBF4AB88320F10842ED999A7210C379A545CFA5
              Function 02C662B8 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
              Download Yara Rule
              APIs
              • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,02C67201,?,?), ref: 02C673A8
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: 3fcb9b63aae4193372178597bbeb99ed18fe1524d326d69e6000212081b9100e
              • Instruction ID: ac958ad6a60f2150d816b16a3237a47affb3870157d04269501fa5cc6887c7f8
              • Opcode Fuzzy Hash: 3fcb9b63aae4193372178597bbeb99ed18fe1524d326d69e6000212081b9100e
              • Instruction Fuzzy Hash: 6B1128B58003498FDB10DF9AC489BEEFBF4EB48324F148469D958A7340D779A544CFA5
              Function 02C67349 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
              Download Yara Rule
              APIs
              • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,02C67201,?,?), ref: 02C673A8
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: a1ecea0fd5a2f4d17d2e869f3c5b641d76fa28132f7f0c1d390f9b2fd88b3839
              • Instruction ID: 470ac1e12b09f41e01339f4d718265242a526225b1a1c4d0a8984b76b4424e5b
              • Opcode Fuzzy Hash: a1ecea0fd5a2f4d17d2e869f3c5b641d76fa28132f7f0c1d390f9b2fd88b3839
              • Instruction Fuzzy Hash: C21128B5800349CFDB10DF9AC585BDEFBF4EB48324F148459D958A7240D739A944CFA5
              Function 02C61740 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
              Download Yara Rule
              APIs
              • ResumeThread.KERNELBASE(?), ref: 02C617A2
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID: ResumeThread
              • String ID:
              • API String ID: 947044025-0
              • Opcode ID: 9da97de6e6862bf63d26428d640a8172017416707148d1fe11bcf540f111d555
              • Instruction ID: 836983ba238c4d041cf841a839013c526b7ff1a32967cfa2b56a07cb651034aa
              • Opcode Fuzzy Hash: 9da97de6e6862bf63d26428d640a8172017416707148d1fe11bcf540f111d555
              • Instruction Fuzzy Hash: 10113AB5D003498FDB10DFAAC4457EEFBF5AF88624F148419D519A7340CB756544CF94
              Function 0108AF95 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
              Download Yara Rule
              APIs
              • GetModuleHandleW.KERNELBASE(00000000), ref: 0108AFFE
              Memory Dump Source
              • Source File: 00000000.00000002.1452070302.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_1080000_payment details.jbxd
              Similarity
              • API ID: HandleModule
              • String ID:
              • API String ID: 4139908857-0
              • Opcode ID: 1aab8707b0fc6bf079207c519a26f4ebdab851ac176c680b34a7b76393841a81
              • Instruction ID: de2f0bcbc3e85cb96f33eb4a34b7b14dda8c1785da2a7dc1b668fe51864cff12
              • Opcode Fuzzy Hash: 1aab8707b0fc6bf079207c519a26f4ebdab851ac176c680b34a7b76393841a81
              • Instruction Fuzzy Hash: 681113B5C002498FDB24DF9AC444BDEFBF4AF88314F10845AD5A9A7610C379A546CFA1
              Function 02C6205C Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,00000010,00000000,?), ref: 02C648FD
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: 623cbd859ba6fb7f8f12949e1d4bb79ca8d55dddb31c7d64b98b23b3ae89005d
              • Instruction ID: 22971f4d56d0a9631db12e419045630ec808835656c19a7ff7502380223738e6
              • Opcode Fuzzy Hash: 623cbd859ba6fb7f8f12949e1d4bb79ca8d55dddb31c7d64b98b23b3ae89005d
              • Instruction Fuzzy Hash: 9511F5B59003499FDB20DF9AD489BEEBBF8FB48310F10841AE518A7640C375A954CFA5
              Function 0108AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
              Download Yara Rule
              APIs
              • GetModuleHandleW.KERNELBASE(00000000), ref: 0108AFFE
              Memory Dump Source
              • Source File: 00000000.00000002.1452070302.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_1080000_payment details.jbxd
              Similarity
              • API ID: HandleModule
              • String ID:
              • API String ID: 4139908857-0
              • Opcode ID: 83f06bc8a9af275a57d16e18e6cbc30a98d8a5f2d162beaa209de2fefd6f8dc4
              • Instruction ID: 6321a47e9ee614c3fe0152e708b3f8b7dc21afbe76067f6fabccc7cce9ad03b7
              • Opcode Fuzzy Hash: 83f06bc8a9af275a57d16e18e6cbc30a98d8a5f2d162beaa209de2fefd6f8dc4
              • Instruction Fuzzy Hash: 261110B5C003498FDB24DF9AC444BDEFBF4AF88324F10841AD568A7610C379A546CFA1
              Function 02C64899 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,00000010,00000000,?), ref: 02C648FD
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: e7460831ce09b42e91e2205ff81a5c0ec5c5438fa9b64e3ccf53fe9a5cc8ab53
              • Instruction ID: 2900e110f84f003471d474fc73065949274bf0a5a562d3b941fede97c2eb063e
              • Opcode Fuzzy Hash: e7460831ce09b42e91e2205ff81a5c0ec5c5438fa9b64e3ccf53fe9a5cc8ab53
              • Instruction Fuzzy Hash: A011F5B59003499FDB20DF9AD885BDEFBF8FB48310F10845AD518A7640C375A544CFA1
              Function 02D73F28 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 59d0b1a115907d14f39f2d8bfb6404393c51dd1772775c93bfc521d89a7a8bf1
              • Instruction ID: a06d26ed9943bc4d04774437542e427674cd85f2cdb5ce583632f948020c9045
              • Opcode Fuzzy Hash: 59d0b1a115907d14f39f2d8bfb6404393c51dd1772775c93bfc521d89a7a8bf1
              • Instruction Fuzzy Hash: CF81E339710610CFCB15EF28D498A697BF6FF89A05B2541AAE906CB371DB71EC01CB80
              Function 02D75628 Relevance: .2, Instructions: 214COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bdc1f37e66f93965ee15e5f422e773fa0d64a4bf7c88aba44715e46bff42a6b3
              • Instruction ID: 6c322c609b16468ec08fea1bb211a3931ff88c36f787c9c2eb48982651321f37
              • Opcode Fuzzy Hash: bdc1f37e66f93965ee15e5f422e773fa0d64a4bf7c88aba44715e46bff42a6b3
              • Instruction Fuzzy Hash: 9B814A74E003598FDB08DFA9D8546AEBBF2FF89310F54856AE405AB350DB389D05CBA1
              Function 02D739D8 Relevance: .2, Instructions: 193COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 298c084d73c6c772a87f8be838d7e4e2ed187dd02c958a549a53a82ec062b138
              • Instruction ID: 959cf9a19ad4632e736c344d87208d3e6103ff1850a608086d424b2d35b31abd
              • Opcode Fuzzy Hash: 298c084d73c6c772a87f8be838d7e4e2ed187dd02c958a549a53a82ec062b138
              • Instruction Fuzzy Hash: 8B714835B002188FDB54EBA4C595AADB7F2FF89310F2444A9D442AB3A1DB39EC41CF61
              Function 02D7483C Relevance: .2, Instructions: 179COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5c270dd5098cfd7e31b2d847a07cbc3fd81c14e1ea3aa0f787e84f56b08d14f8
              • Instruction ID: bc32bd5f55d6427ac74a097891c4068251f72e6f34ec7a8f459dd72d64d014fe
              • Opcode Fuzzy Hash: 5c270dd5098cfd7e31b2d847a07cbc3fd81c14e1ea3aa0f787e84f56b08d14f8
              • Instruction Fuzzy Hash: C1519B30A06348EFCB05DFA4D8545ADBFB6EF86300F1584AAD481A7395EB38DC59CB90
              Function 02D75D50 Relevance: .2, Instructions: 176COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 70d0696b1f6296675120f487f165ad35b30ac5403be87c4433b2289f4d96498d
              • Instruction ID: 37da1e0860dadeac83760f0014923c99650101c518b8b87cee78c032601cd68d
              • Opcode Fuzzy Hash: 70d0696b1f6296675120f487f165ad35b30ac5403be87c4433b2289f4d96498d
              • Instruction Fuzzy Hash: 9E51E530B002499FDB05AFA8D44566E7FF7EFC5300B54846AE94697391EF388D05CBA6
              Function 02D72D30 Relevance: .2, Instructions: 168COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 81efc5bc7f53439178926814486d45a1b54ff4eb67ef9e6a3ec02a0ee8b75394
              • Instruction ID: 56003c0b1cf008fb0c5f21e28919164d35259de97e2afd8d7361d983f371ebb2
              • Opcode Fuzzy Hash: 81efc5bc7f53439178926814486d45a1b54ff4eb67ef9e6a3ec02a0ee8b75394
              • Instruction Fuzzy Hash: F7719D34A01248AFCB15DFA9D888EAEBBB2FF49714F514499F901AB361D735EC81CB50
              Function 02D74734 Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 384cd377ee1ac685d882fc7f9ffc6c72c4208947b426479a22c9f6669d60d5eb
              • Instruction ID: fed60c3e79cb4183ab4c00e9ef2e6bf04465abee13450dac3406790bfab7e2a2
              • Opcode Fuzzy Hash: 384cd377ee1ac685d882fc7f9ffc6c72c4208947b426479a22c9f6669d60d5eb
              • Instruction Fuzzy Hash: FA517274E002499FCB14DFAAD8446AFBBFAEF88710F50852AD455E7340EB789D05CBA1
              Function 02D7A7D8 Relevance: .2, Instructions: 155COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f5c11abf99c9c7352b53e0dcd4128a36f7a041f92d74e41cec4735abc557838e
              • Instruction ID: e12f56e1ef35e2b51f1c45e29011a28a0ae2d28b198fe534ab0d1b4576fbcfd1
              • Opcode Fuzzy Hash: f5c11abf99c9c7352b53e0dcd4128a36f7a041f92d74e41cec4735abc557838e
              • Instruction Fuzzy Hash: CA5122306003449FCB29DB78D8047AEBBE6EF85304F58856AE4498B391DB38DC06CBA1
              Function 02D7B8B0 Relevance: .2, Instructions: 153COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 145ccec8a8107693513734d2104a4c82cbade9b88a7c650100bd074e63f912b7
              • Instruction ID: ceecbe7f6d80b5137b826a0a9764f0234f154291bb545f67e47e04aa61c26aa7
              • Opcode Fuzzy Hash: 145ccec8a8107693513734d2104a4c82cbade9b88a7c650100bd074e63f912b7
              • Instruction Fuzzy Hash: CE51AE30A003499FDB48EFB588103AE7BB6AFC9304F14C56AD845AB381DF399D01D7A2
              Function 02D70AF8 Relevance: .1, Instructions: 135COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9662f5b3c2f6b34ff9051574c298b5fbea3cebb6eca49fe50252e858b29792a3
              • Instruction ID: a9b64141bd0679a1a0431945e2259dd250b52ebca2dd24187194bcd9504d7718
              • Opcode Fuzzy Hash: 9662f5b3c2f6b34ff9051574c298b5fbea3cebb6eca49fe50252e858b29792a3
              • Instruction Fuzzy Hash: AB41E331B002109FCB15EF29D4447AD77A6EFC9309F1981AAE449AB791DB39AC43C7E1
              Function 02D72D21 Relevance: .1, Instructions: 126COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 79a7e4d2d11ab98193125238cf4eca0c12c94e1ee938bedd134e2e2db17b41b7
              • Instruction ID: 6c018458ad2480f4363a018b65087cd5a725877580af63bfc3843b8beafb6ebb
              • Opcode Fuzzy Hash: 79a7e4d2d11ab98193125238cf4eca0c12c94e1ee938bedd134e2e2db17b41b7
              • Instruction Fuzzy Hash: F351B238A01648EFCB15DF68D898DADBBB2FF49720B114499F941AB361DB35EC41CB50
              Function 02D74878 Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a5418aca27523fca4da32a598312197471c1fe0ed195870efc1a5542e49b76f2
              • Instruction ID: fa0b6146b398d50ddfca5ac6dec7935b1c6b677ab0de3c70262e48a10469d02e
              • Opcode Fuzzy Hash: a5418aca27523fca4da32a598312197471c1fe0ed195870efc1a5542e49b76f2
              • Instruction Fuzzy Hash: 11415E35E00219CFDB16EBB8D0547AEBBB2EB88314F144569D402A7384EF398D80CFA5
              Function 02D764F8 Relevance: .1, Instructions: 120COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 83160cb22729521973fe2559783d64c9cd6d2b384ff44dedc7e430e540ff63ac
              • Instruction ID: a8b55dee37c7167544363ad234b35e2e0fa99400158a0f5cd7678548b660175c
              • Opcode Fuzzy Hash: 83160cb22729521973fe2559783d64c9cd6d2b384ff44dedc7e430e540ff63ac
              • Instruction Fuzzy Hash: E241AFB1A043488FDB15DFA9D844AAEBFF9EF89210F14845EE445E7341E7389D01CBA1
              Function 02D78360 Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d2b1ad2a9665d3e583472c16da26c8b0292b52962f42c43cc36925e8c7d49bad
              • Instruction ID: 4f708d4c7dc93d47dd0878cc80d2536bc39ed8f34277d74d07b5f76fce3a1050
              • Opcode Fuzzy Hash: d2b1ad2a9665d3e583472c16da26c8b0292b52962f42c43cc36925e8c7d49bad
              • Instruction Fuzzy Hash: B741C834A002198FDB54EBA8C898BDDBBB1BF48718F114069E545EB3A1DB79DC01DBA0
              Function 02D74868 Relevance: .1, Instructions: 116COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8259f271924fbeac31fb9366e2b07b35595629b00645c393a5714b9723ebe6dc
              • Instruction ID: ca499ea27848b26668e4d967ce67db932a03625623a6f38d79a67be1ece32e32
              • Opcode Fuzzy Hash: 8259f271924fbeac31fb9366e2b07b35595629b00645c393a5714b9723ebe6dc
              • Instruction Fuzzy Hash: 39418F31E00215DBDB26EB74C4547AEBBB6EB89310F114979D442A7340EF398D45CBE5
              Function 02D70098 Relevance: .1, Instructions: 114COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 659dcc5a96af895434cd7fb80c164c28923f64507644379832aee643ad92e852
              • Instruction ID: 6f528f6331ad8d5ede0b98f36421a749a54f1a5f5cf6bef76ad15b383bd367d3
              • Opcode Fuzzy Hash: 659dcc5a96af895434cd7fb80c164c28923f64507644379832aee643ad92e852
              • Instruction Fuzzy Hash: 61416532D00B4A9ACB01EFB9C8444DAFB71FF96300B558B5AD55967121FB30A599CB80
              Function 02D7B2C0 Relevance: .1, Instructions: 107COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 229ef1896f5eb14bd0437d824001eb3331e425a07f83fffafbbbf8aa2c5b2629
              • Instruction ID: f0231bf2bc8c5ebacdafa4451376f7be6defa85be64e4c27fe64d7af27ff28c3
              • Opcode Fuzzy Hash: 229ef1896f5eb14bd0437d824001eb3331e425a07f83fffafbbbf8aa2c5b2629
              • Instruction Fuzzy Hash: F841E230D10B4A8ECB41EFA8C454AADB7B1FF55300F55866AD499B7221FB34E9C5CB50
              Function 02D78228 Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 75c4c2f3f3123b59693b2c39f4f42b39f136172373d0e13554c3b2253818f700
              • Instruction ID: 80deffc98e44ee75de0d8847c4b05ccb53f1e74851584135639bf3595b2fa7c6
              • Opcode Fuzzy Hash: 75c4c2f3f3123b59693b2c39f4f42b39f136172373d0e13554c3b2253818f700
              • Instruction Fuzzy Hash: A331D330B042448FCB59EB7AC81466E7BA7EFC9611B54C5AAD146CB361DF349C02D7A1
              Function 02D74728 Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2acbaf187bd385dce705ccd70526b1e0f477bd8f6f5fe4bd313571018b7ace2e
              • Instruction ID: ad989089f397fa5d8a0418f06f9eba1150111f785285e347a1a37bcdb3bc21bb
              • Opcode Fuzzy Hash: 2acbaf187bd385dce705ccd70526b1e0f477bd8f6f5fe4bd313571018b7ace2e
              • Instruction Fuzzy Hash: 0141BFB0D10359DFDB14CF9AD884A9EFBB1BF48710F60812AE818AB350DB756845CF91
              Function 02D75910 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4210970780a7006e6cda891fff13706ade5c41e1d53d188011af540b425a8fde
              • Instruction ID: 3efc796118699eeecd18bb25fee7e082f424e91d2f114d614871945187d9be17
              • Opcode Fuzzy Hash: 4210970780a7006e6cda891fff13706ade5c41e1d53d188011af540b425a8fde
              • Instruction Fuzzy Hash: 6F217F71A002559FCB12DBA998019BFBBBAAFC5300F10815AD855D3351FB748E05CBE1
              Function 02D7D8E0 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e4012e88fa9a4e7552f65961a31fc838c5b4b6125c8e31b9bbcfc1fdb75abed4
              • Instruction ID: 27c6345b1e0143edd47c138abb135fdd0338e6d29cb346378b0d6411fe23560c
              • Opcode Fuzzy Hash: e4012e88fa9a4e7552f65961a31fc838c5b4b6125c8e31b9bbcfc1fdb75abed4
              • Instruction Fuzzy Hash: 5D217C367102158FCB18EB7DD414A6E77EAEFC862571540AAEA09CB365EF35DC01CBA0
              Function 02D75F50 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a33ff629813c496b99f813f97c0885bfdf5cf5b7bcdd560d1c21e4bba9906b3e
              • Instruction ID: 0d2a6f70561519bfa0a1014cd620668bcfe535e93cec6799f7099fe502d06663
              • Opcode Fuzzy Hash: a33ff629813c496b99f813f97c0885bfdf5cf5b7bcdd560d1c21e4bba9906b3e
              • Instruction Fuzzy Hash: 25316934A052889FDB05DFA4E840ADDBFB1FF89300F1484AAE445AB361E735D945CB61
              Function 02D70A98 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4ec391c15b72589002d7e8f9bbec8e954910e3d16a1a38abbf5cb44203df6d74
              • Instruction ID: 08d5dfeccbbd16b24af0c77a81fea33dc656d79f4e30f416e85c9eda5469b14a
              • Opcode Fuzzy Hash: 4ec391c15b72589002d7e8f9bbec8e954910e3d16a1a38abbf5cb44203df6d74
              • Instruction Fuzzy Hash: E5214871909651AFC3298F58D004629FBB0FF85709F08446FD88487782E738BD51C7E2
              Function 02D75614 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef6f20ebdf022d2d01835c1840e0b4aaa99357089264e47b0acdce17c4d7df98
              • Instruction ID: ebe7d93f4f4b018a3e7586888a805dc258ad53d582fa3080332aafd15b6faf6f
              • Opcode Fuzzy Hash: ef6f20ebdf022d2d01835c1840e0b4aaa99357089264e47b0acdce17c4d7df98
              • Instruction Fuzzy Hash: 4221B375E0024A8FDF05EFB898505EEBBB2AFC9250B584566D445E7341EB394D01CBA2
              Function 02D7C1D1 Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2aee4bdf6fcc7f6840723fbb2d3397686103123bf0050f2e5c302eb2af4693e7
              • Instruction ID: 653e883f5a4aca0b7eca54b90f4c2c804bd66f6ed49bb871ccbd5fdf8c89ba95
              • Opcode Fuzzy Hash: 2aee4bdf6fcc7f6840723fbb2d3397686103123bf0050f2e5c302eb2af4693e7
              • Instruction Fuzzy Hash: 71310A31C14B4A8ECB01EFA8C8546A9FBB0FF55200F45C69AD4997B122FB34A9C5CB90
              Function 02D74D27 Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ff8a6940c5c03064d9101e56d97943272787d3eeed83adca40aa5de25916918e
              • Instruction ID: 1fd7660de3b0b7588cf9f24c3333fa6620f20df654d94db896dc74031da42262
              • Opcode Fuzzy Hash: ff8a6940c5c03064d9101e56d97943272787d3eeed83adca40aa5de25916918e
              • Instruction Fuzzy Hash: 1231D035A00219AFDB059FB0D8989DEBBB2FF89300F15851AF102AB364DF399805CB81
              Function 02D78639 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b1c4b50799d68bc2b026081f842967ff8819fd2e310802b3e116ae21fa9c9f4b
              • Instruction ID: 9bad9b1a2b3b603e98f69f9d215cff6cdb8ff08a347540c1946412330728b65b
              • Opcode Fuzzy Hash: b1c4b50799d68bc2b026081f842967ff8819fd2e310802b3e116ae21fa9c9f4b
              • Instruction Fuzzy Hash: 2D215E343006109FDB58EB39C858B6A77E6EFC5719B24806EE506CB3A1EB75DC42DB50
              Function 02D74D30 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 290f212a04bab9f40f5dfe859d32a8407d59b326a3f5ef0568419d9704466cac
              • Instruction ID: 719ae8b304fd2b40468d6b316394ec286034bd0e8ab5d59ccd60cd02ddff0a90
              • Opcode Fuzzy Hash: 290f212a04bab9f40f5dfe859d32a8407d59b326a3f5ef0568419d9704466cac
              • Instruction Fuzzy Hash: 5F21A135A00219EFDB05AFA0D8589DEBBB2FF89314F15851AF102AB364DF35A914CB91
              Function 00FDD3D8 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1451809006.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_fdd000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 450308089715db198ede99a3bff61633cd0dff30cc861bf37f94e5486a9fb4ed
              • Instruction ID: 5987389f5ec54af8e787d07223b67ee91ffbfde3a911f04923822a53a0403109
              • Opcode Fuzzy Hash: 450308089715db198ede99a3bff61633cd0dff30cc861bf37f94e5486a9fb4ed
              • Instruction Fuzzy Hash: 7A210676504304DFDB04DF10D9C4B16BB66FB95324F28C16AD8090B356C336E856EBA2
              Function 02D700A8 Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b4617aa7328367117cab485867e959d5dd39098bcefed90f8c3d1c9c2adf6706
              • Instruction ID: 150abd38c29ff957bb7041ace7120d7270f10b3714fab978e401040e533f671e
              • Opcode Fuzzy Hash: b4617aa7328367117cab485867e959d5dd39098bcefed90f8c3d1c9c2adf6706
              • Instruction Fuzzy Hash: 1131DF32D10B0ADACB01EFA8C8548D9F7B1FF95340B518B5AE95967221FB30E695CB81
              Function 00FED01C Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1451884725.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_fed000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f3953e8421990835e2a20251a6da7f8432d46449d2836cbbb2430d00abd96a83
              • Instruction ID: 0935721f4b75c0e5e7582ed8fd97a749d2a41bd9e692713ccf9713c4a1a6ea02
              • Opcode Fuzzy Hash: f3953e8421990835e2a20251a6da7f8432d46449d2836cbbb2430d00abd96a83
              • Instruction Fuzzy Hash: 3D212276604380DFDB14DF10D884B16BB61FB84324F28C56DDA0A0BA8AC33AD807DA62
              Function 00FED1D4 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1451884725.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_fed000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 542c5d06e19bb4a44516f7046786f0591985aaf536e6e7fdd2fad31f337bcbf0
              • Instruction ID: 1c4a4e770d730b9d00beace1b5aba368305b4be1600dceb072c9f44a3fa5eea7
              • Opcode Fuzzy Hash: 542c5d06e19bb4a44516f7046786f0591985aaf536e6e7fdd2fad31f337bcbf0
              • Instruction Fuzzy Hash: 81216B75A04384DFDB04DF11D9C0B15BB61FB84324F20C56DD9094B782C336D806EB62
              Function 02D7357F Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: df2c9aafde770bc662eeadccf45f7638cf971cda9051c01d13947561a5d01a08
              • Instruction ID: cc38031d8fbd815c42838b234bbca2fbced69a8eca6f5caa1a07af02a3a46740
              • Opcode Fuzzy Hash: df2c9aafde770bc662eeadccf45f7638cf971cda9051c01d13947561a5d01a08
              • Instruction Fuzzy Hash: 4F211972E0024ADFCB45DFA9C8409EEFBB5EF99210B10869BE518E7211E7709956CB90
              Function 02D72C60 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bbac7d16f0b0a2b60b8239a9e9ed420add35226d28e809920ae4495fb0852709
              • Instruction ID: 1079d7905b09174f9b420b2a41246b5f1722ba15425b51ed533657ca87c13f6b
              • Opcode Fuzzy Hash: bbac7d16f0b0a2b60b8239a9e9ed420add35226d28e809920ae4495fb0852709
              • Instruction Fuzzy Hash: 1E219F357006909FCB21DF25C884E6A7BB6EF99710B10446EE94587761DB35EC41CB60
              Function 02D72C70 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 62dcadc8e5f4397124c6b2c437b9351c5ab29919f2028262a8499f6c4a9247db
              • Instruction ID: 7cd5f8fce7da65fb085e36c17dcd43586d8e7c40ae41adf0f896214fe1b95b1a
              • Opcode Fuzzy Hash: 62dcadc8e5f4397124c6b2c437b9351c5ab29919f2028262a8499f6c4a9247db
              • Instruction Fuzzy Hash: D3218C367006548FCB24DF19D984E6AB3BAFBD8721F10442EE94687751DB35EC41CBA0
              Function 02D70C88 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5841f746e68f68eb645f23a28f92dabccc6b757e3e1919da803202d58178b916
              • Instruction ID: bb43535ac07993cd8cbd203425c47f250ecaff77b7394e98bd2dde5487dca82f
              • Opcode Fuzzy Hash: 5841f746e68f68eb645f23a28f92dabccc6b757e3e1919da803202d58178b916
              • Instruction Fuzzy Hash: AE113B303043409FD7259634C850BA6B7A6EFC2314F58C469E445CB7C1DB79DC06CB41
              Function 02D74A10 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 95b3e06a4b0ce595ba6a876335dfe2653c32de159fed8ae3effa5d180492e378
              • Instruction ID: 77d669ede7d5891a18567d79bc6677d56d38069b6cf4d9892304f1537b4cd474
              • Opcode Fuzzy Hash: 95b3e06a4b0ce595ba6a876335dfe2653c32de159fed8ae3effa5d180492e378
              • Instruction Fuzzy Hash: 57216D35A44109CFDB46EFA8D0946EDBBB2EF88328F24055ED405A7350EB349C41CF94
              Function 00FED005 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1451884725.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_fed000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a82da95d09e4912410e090c10461564908e6a905ba14312e82dd79f66c1aae17
              • Instruction ID: c05d78c351e3cd1a364aa581954703aeb6e53c59fb33d70b976f745115f2a00a
              • Opcode Fuzzy Hash: a82da95d09e4912410e090c10461564908e6a905ba14312e82dd79f66c1aae17
              • Instruction Fuzzy Hash: EE216F755093C08FCB12CF24D994715BF71EB46324F28C5EAD9498F6A7C33A980ACB62
              Function 02D73590 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfe2a5b54a4d98136b50c1e16ae94144f5483b391ac73231d1d7d3d0799e82af
              • Instruction ID: 34279a2258ff4e13b74012c1c5a1c5f8f811e4ff8734cd307c66f4d1e27ef478
              • Opcode Fuzzy Hash: cfe2a5b54a4d98136b50c1e16ae94144f5483b391ac73231d1d7d3d0799e82af
              • Instruction Fuzzy Hash: 3D21EA71E0020A9F8B04DFA9C8448AFFBF9FF98310B10865AE518E7210E770A952CB90
              Function 02D77ED8 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: faa9925b3ae679dabb557d40c284596fd766ee469e681edd886d54d02121d5c0
              • Instruction ID: 29252a5cad3410f2a2a1944519f046f27eda0fd2da2cc95581f106ee915049d5
              • Opcode Fuzzy Hash: faa9925b3ae679dabb557d40c284596fd766ee469e681edd886d54d02121d5c0
              • Instruction Fuzzy Hash: 5C01D232B002244BDB08A7B994143EFBB96EFC5751F55882AE50ADB384EF388D4287D1
              Function 02D70C98 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d8d7cc589cb9ed28024be7f17a7fa683b7166d3412c7c23da92af810306e6218
              • Instruction ID: 8d42e6a3d1cc20ba3702be364f6566fce230d40d40486ff530a7e4dcfdda9e03
              • Opcode Fuzzy Hash: d8d7cc589cb9ed28024be7f17a7fa683b7166d3412c7c23da92af810306e6218
              • Instruction Fuzzy Hash: 8E11C2303043049FDB24D625C850B6AB396FBC4325F58C829E949CB7C4DB79EC06CB81
              Function 02D79E52 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 33b52e7b2d7c91d7427fc2f32eebabdb6aeb5c183a3c7c626386c5c84fc321d8
              • Instruction ID: edcd41bd8c82b9cbdcdfba04bb328ed3ff103f9ec943dce961ec51c7b7e20f05
              • Opcode Fuzzy Hash: 33b52e7b2d7c91d7427fc2f32eebabdb6aeb5c183a3c7c626386c5c84fc321d8
              • Instruction Fuzzy Hash: F011E571714A054FE724EA78D891B9F7BDAFB88300F15452DD1C6C7785DBB9A8018B80
              Function 00FDD3D3 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1451809006.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_fdd000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
              • Instruction ID: 5ae64232035f70524d8ab20b5d6801511ebc02b9aa6e1e0785db4936e2189422
              • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
              • Instruction Fuzzy Hash: AB110376904240DFCB15CF00D5C0B16BF72FB94324F28C2AAD8090B356C33AE856DBA1
              Function 02D76550 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 25aaec83f3922a6ac34883ff71fae9787a8d267a3e62ba4af7e3e50e804f31fa
              • Instruction ID: 24b3de954979b641d6d46b647b57dbdcf09672674bce3f48d45c072b0daced20
              • Opcode Fuzzy Hash: 25aaec83f3922a6ac34883ff71fae9787a8d267a3e62ba4af7e3e50e804f31fa
              • Instruction Fuzzy Hash: C3010031F052A49BDB0377B848205BE7FB6EF86700F0400A6D904AB382EA284D05CBF6
              Function 02D79E60 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c6736b70c5dcebcdcadc00c3d481309a4485cfae4fc682796ac121e4431e5e2c
              • Instruction ID: 5d8ed0c9c4cbb49a33f9456837b07bcfc2b694c8bce9cb0201b10d1598dc9bff
              • Opcode Fuzzy Hash: c6736b70c5dcebcdcadc00c3d481309a4485cfae4fc682796ac121e4431e5e2c
              • Instruction Fuzzy Hash: CF11D231314A058FE724EA68D85179F7BDAFB88700F50453DD2CAC7785DBBAA8018B90
              Function 02D74228 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 559365d6f5686acf705d6eced75dd4998943854ce7b723452b4420dfd8c5431a
              • Instruction ID: f2fbfe02db99859057edd128cdcaa12153d97830f16621bfcd6a0e0aec3262a6
              • Opcode Fuzzy Hash: 559365d6f5686acf705d6eced75dd4998943854ce7b723452b4420dfd8c5431a
              • Instruction Fuzzy Hash: 3701DE307083159FDF27AAB884003AA76F98FA4618F00806A8D8AC2781FF28CC11C762
              Function 00FED1CF Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1451884725.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_fed000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
              • Instruction ID: a9ec4af6571d9528eb290f4dab4aa3958f87cf30274e891100133b74de335b12
              • Opcode Fuzzy Hash: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
              • Instruction Fuzzy Hash: 6211DD79904280DFCB05CF10C9C0B15FBB2FB84324F24C6ADD9494B696C33AD80ADB61
              Function 02D74778 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e04508d4ea796954127c3b142949e59ab4e5f1abb2d8186407f79b096417bb74
              • Instruction ID: 469b34926f8d59b42c8c56805fc5c83e268bda2ca70d77f863174c0ec732d713
              • Opcode Fuzzy Hash: e04508d4ea796954127c3b142949e59ab4e5f1abb2d8186407f79b096417bb74
              • Instruction Fuzzy Hash: 171102B5D0464D9FDB10DF9AD548B9EFBF8EB88220F10841AE859A7310D778A905CFA1
              Function 02D76518 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0f4e32e28da3b83c9bd96a3c85f8636a766b6dc88420b5b72e4ae61e61e6f600
              • Instruction ID: 361441e1663bc7702756393206fdff9e5bf6452e39cdb84979ecf24cd46e0bad
              • Opcode Fuzzy Hash: 0f4e32e28da3b83c9bd96a3c85f8636a766b6dc88420b5b72e4ae61e61e6f600
              • Instruction Fuzzy Hash: 6A01F730B093549FEB059B78945059D7FFADF87210F0488E7D849C7341E9388C45C791
              Function 02D75C33 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 091915b508d1fad149cece9c78a6eb7456936f5ae5165c320c8e857ee19b34e0
              • Instruction ID: d4f6e1c06b9bd27bb7b4e89ead5144364fcd1fe15a2f829da906224b609b1eeb
              • Opcode Fuzzy Hash: 091915b508d1fad149cece9c78a6eb7456936f5ae5165c320c8e857ee19b34e0
              • Instruction Fuzzy Hash: F411F0B5D046499FCB10DFAAD444B8EFBF8AB89320F14841AE859A7310D379A905CFA5
              Function 02D74902 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 79d510403ffdfe1a1332751eaff0b60942bb637f917bd7bf33ab67a7b08f3b6f
              • Instruction ID: d7c040783f4b7f44a7c6c423f18d3594aba8a83c067192418520e38b7a05a698
              • Opcode Fuzzy Hash: 79d510403ffdfe1a1332751eaff0b60942bb637f917bd7bf33ab67a7b08f3b6f
              • Instruction Fuzzy Hash: FB115E31E40209CFEB26EF64C4143ADB6B2EB88355F14446DD001A7384EB7C8D84CFA5
              Function 02D76CC8 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 01e3142445d6374de75d19f64170695d39958d0cd9ec0e0766f78d55773ec85e
              • Instruction ID: 2aa264cb0c4cb0a2c55173208948245aa76c2e856596fe20ea39347e168fbc6d
              • Opcode Fuzzy Hash: 01e3142445d6374de75d19f64170695d39958d0cd9ec0e0766f78d55773ec85e
              • Instruction Fuzzy Hash: 2E1136B59003088FDB10DF9AC444B9EFBF4FB48320F20881AD958A7300D378A944CFA5
              Function 02D76D1C Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4300ae93a9a914f36822441e2bc06f1592ca639685f8d7daa2fa786a582ca62f
              • Instruction ID: 27a937100a09baf34a879f8412639277f3ab60078a0aacb63d43450356069815
              • Opcode Fuzzy Hash: 4300ae93a9a914f36822441e2bc06f1592ca639685f8d7daa2fa786a582ca62f
              • Instruction Fuzzy Hash: A51106B59007498FDB10DF9AC444B9EFBF4FB48320F20881AD959A7340D779A944CFA5
              Function 02D7FE48 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f84b72ad6e45fe249e5a03ba980a2ce6dd026f380f1a3415fbd7e0af8e39dc84
              • Instruction ID: 0252b2df67e331c94cc7dc6be2375814aef619d0bf1d4fd92ceb287863830366
              • Opcode Fuzzy Hash: f84b72ad6e45fe249e5a03ba980a2ce6dd026f380f1a3415fbd7e0af8e39dc84
              • Instruction Fuzzy Hash: EF012B62B046145BD3248F2E9881202FAABFBC4611B58C53BE50DC3B52EB74DD50C6D2
              Function 00FDD759 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1451809006.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_fdd000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 05d6e8371df0623a9e659f2b74edeb0c3689ecec6d89d4cf355602ab3bffa659
              • Instruction ID: 5743e100afe5b02896d2f7a9216b5481fbe7ac0e91733005b4b08bce57b2a55c
              • Opcode Fuzzy Hash: 05d6e8371df0623a9e659f2b74edeb0c3689ecec6d89d4cf355602ab3bffa659
              • Instruction Fuzzy Hash: 3901A2725053449AE7205A65CC84B66BFD9EF41735F2CC89BED094A386C3799840DBB2
              Function 02D7730A Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 516adf6d0b6fecfe52ef35afc91e515535ec84a1adb44b8dbdeaf1ea2f12efde
              • Instruction ID: 269bca3781f42db34df603e82cd6f719f450828ed476b1faf4eb3c6a01d156af
              • Opcode Fuzzy Hash: 516adf6d0b6fecfe52ef35afc91e515535ec84a1adb44b8dbdeaf1ea2f12efde
              • Instruction Fuzzy Hash: 3E1103B5D002098FDB10DF99C585B9EFBF4BB48220F20881AD559A7740D378A944CFA1
              Function 02D785C8 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ed0cc1a63d94b2b79a25e2b34312be29d7f03547a731c9c92c28598a822b88f5
              • Instruction ID: cd834e896f158bbd1a287184ac0ccfec89eccd43406c1d64180e9c6528cd8665
              • Opcode Fuzzy Hash: ed0cc1a63d94b2b79a25e2b34312be29d7f03547a731c9c92c28598a822b88f5
              • Instruction Fuzzy Hash: C7F0B4327402141BEB24A239EC55BAF328BC7C5B11F08843AE609DB3C0DEB99C4297D5
              Function 02D7BAD9 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: caf1681705af4efa313474918c0e528efa5d1b4cbac9e32a6a641e20940b6db0
              • Instruction ID: 38d9b5e5974a60e7e17aee737f367c487c82a5896bea9ef92b070b5a74ef38b9
              • Opcode Fuzzy Hash: caf1681705af4efa313474918c0e528efa5d1b4cbac9e32a6a641e20940b6db0
              • Instruction Fuzzy Hash: D4017C312147009FCB14DB28E444F26B7B6BF85319B55C1ABD8058B365DB74DC06CB51
              Function 02D7FE58 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0e49075da2e7191374df724e2add7e7704b4d08e7c820bb5b7e746a18744d1e7
              • Instruction ID: c9f354ff1b89f035a164d67ead0b89813b30088114408bd7212a8a52e5360a80
              • Opcode Fuzzy Hash: 0e49075da2e7191374df724e2add7e7704b4d08e7c820bb5b7e746a18744d1e7
              • Instruction Fuzzy Hash: 33F0FF32B04A199BD3288B2E9880513F6ABBBC4A11314C13BA50DC2B12EF74ED50C6D2
              Function 02D7BAE8 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d868af9443190dd98697adec7ed477fe6d2b218a8403936de9220a7070939abe
              • Instruction ID: 48e6d67c679f16b9007fd71d69e2335eeff951334889a02d82ec8f055b007537
              • Opcode Fuzzy Hash: d868af9443190dd98697adec7ed477fe6d2b218a8403936de9220a7070939abe
              • Instruction Fuzzy Hash: 26016D302102009FCB14DB69D444E26B3AABF85329B54C56AD90987365EB75EC06CB91
              Function 02D76578 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8e52c56b8f299b64a27131e217da6feb5f2e199e4bad808f29f7ecbd48d400c
              • Instruction ID: f3511a7d1dc4b1ccf1cf86ed164f95991b7430db9f4a83315bad5a0dda43939c
              • Opcode Fuzzy Hash: e8e52c56b8f299b64a27131e217da6feb5f2e199e4bad808f29f7ecbd48d400c
              • Instruction Fuzzy Hash: BDF03675F005595B8F56B7A858505BFBABBEBC8710F100029E509A7341EF394D118BF5
              Function 02D76ED0 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 73e1ef2613089550e700b073a321d3cf2b52da68dbb00fce0e60c1e4bf8fa8c9
              • Instruction ID: 7e4e57ece010bacbb6e1f734c42e3dfb60d8244b84392a35540db5e77a66195c
              • Opcode Fuzzy Hash: 73e1ef2613089550e700b073a321d3cf2b52da68dbb00fce0e60c1e4bf8fa8c9
              • Instruction Fuzzy Hash: 0AF0E9727096956FA7169A6C9C549BB7FFDDA8651070400AAE804C7342F661CC01CBF0
              Function 00FDD758 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1451809006.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_fdd000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32138bded750523b4ed5d0a3dc788ea6966dc33d76251f0a04544bcb1b0f6c82
              • Instruction ID: 5ffd98e72133bd9273fbfc48dc046800ca834ad45461340744b41fb765878c97
              • Opcode Fuzzy Hash: 32138bded750523b4ed5d0a3dc788ea6966dc33d76251f0a04544bcb1b0f6c82
              • Instruction Fuzzy Hash: 97F06D71805344AEE7208A16DC84B66FFE8EF51735F18C49BED084A386C279A844CBB1
              Function 02D77F87 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 66e8d8d5ba85a0f0e93f17e693f325e36ce0a73105066dd1f5ddcbf524016591
              • Instruction ID: 200e277e21cf3851e06996d3b9d83d65788728f92b834279339e1b52c35157ae
              • Opcode Fuzzy Hash: 66e8d8d5ba85a0f0e93f17e693f325e36ce0a73105066dd1f5ddcbf524016591
              • Instruction Fuzzy Hash: A9F0E2729012099FEB00DFB8DD417F8BBB4DF112A5F1504A6E840D7292FA3ACA42DB00
              Function 02D74218 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 64771b2bb16de463b1fb2bc3f5fea3a3b893669f51457796ff298fe2282ecaf0
              • Instruction ID: 496ed2e3c50706aef7eae44326b476a570ee72d6b064dabc528e8d43760f3a73
              • Opcode Fuzzy Hash: 64771b2bb16de463b1fb2bc3f5fea3a3b893669f51457796ff298fe2282ecaf0
              • Instruction Fuzzy Hash: BFF0823160D3819FDB23DA6495406E6BFF94B96214F1581EBD488C2B42EB389D55C722
              Function 02D73BE1 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7682e7ca4caad8e116223316f2987560f46669d76798d885af6ac6405407ca33
              • Instruction ID: 4f8cbae48d0fae9faf11f001cb38262984c30ebfc32408b99a35a88b2b211c45
              • Opcode Fuzzy Hash: 7682e7ca4caad8e116223316f2987560f46669d76798d885af6ac6405407ca33
              • Instruction Fuzzy Hash: 40F0F935B00118CFCB10EB58D9449DDB3F6FF88A25B154099D945B7361CB35AD45DB90
              Function 02D7B8A0 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 73c426c9065bfb1b9c9e652ab2b209bc7c7ee9f30fce46aae1f5fb14db6ee883
              • Instruction ID: 12a4cf671539612d75c50dd8e9dc7a3f103e6511288b9b164106c341acac311b
              • Opcode Fuzzy Hash: 73c426c9065bfb1b9c9e652ab2b209bc7c7ee9f30fce46aae1f5fb14db6ee883
              • Instruction Fuzzy Hash: 7BF0B43650428CAF8F119E68CC005EE3B70EF09329F148567F9A4D6241E3389D24CBA1
              Function 02D77E70 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4f7f33f46a713d0d32ba545e9fddcab60a5f263bbe2ef877bfe0debf02994e53
              • Instruction ID: bc6141305600f849f39e0128ce75c30ed449b0e6b8ac547a057a5ad767e4c9c3
              • Opcode Fuzzy Hash: 4f7f33f46a713d0d32ba545e9fddcab60a5f263bbe2ef877bfe0debf02994e53
              • Instruction Fuzzy Hash: 43E02BB35085505FD30187A4E8919D87FA0DF29361F1784A7D004C72E2C511CC42CF40
              Function 02D7DB8C Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f78e3e2ab1282665aaa246cbbedbca874a99f1610c160bf1da10e5bf058878d2
              • Instruction ID: 100a85a14bef358e5dc18eba6879c0b13a3ce4ced1331f68936b53b495baad7d
              • Opcode Fuzzy Hash: f78e3e2ab1282665aaa246cbbedbca874a99f1610c160bf1da10e5bf058878d2
              • Instruction Fuzzy Hash: D1F01731600115DFDB10DE68D4897A933F2FF4432AF540065D049973A1EB7CCD89CB60
              Function 02D7495D Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cef98728ebef64d00dd5d21d38ad67d1ba1e25a53e1ea3266514aad31852fb25
              • Instruction ID: 8ad384ff91377bf8429f4e503a472748654c9e784a533bf89db0a76ccc2c36f0
              • Opcode Fuzzy Hash: cef98728ebef64d00dd5d21d38ad67d1ba1e25a53e1ea3266514aad31852fb25
              • Instruction Fuzzy Hash: 9BF03A30A40209CBEB19EFB5D4183ADB7B2BF85355F00882DC002A7380EB798884CFA5
              Function 02D7CE28 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2e338dd067c58ec5c7457ca563217f86c50154b9de27ff5c18a64a13c94b5a85
              • Instruction ID: 0a3f9f4283b4a958e3e48b7576b6f8b5ec7d7dadcc31c2b58f6730bf84f10385
              • Opcode Fuzzy Hash: 2e338dd067c58ec5c7457ca563217f86c50154b9de27ff5c18a64a13c94b5a85
              • Instruction Fuzzy Hash: 95F0E2322043886FCB029B599800A6A7FAADBCA310F088587F984C7262C6749C11C765
              Function 02D77F98 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ba71120b641a48bcd81f2458d607e5963ddf073aae2020ae62a35542815715ce
              • Instruction ID: cfce2f049bbce71b5a2e64bdb32ade382deb55e84cf30c4a6d188960c818ea3f
              • Opcode Fuzzy Hash: ba71120b641a48bcd81f2458d607e5963ddf073aae2020ae62a35542815715ce
              • Instruction Fuzzy Hash: 57F0ED32A1520EEFEB00EFB5CE027A9B7B8EF01248B1444B5A800D3361FB39DA11DB40
              Function 02D79F3A Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4fe7e52e1482f9dcd5e9796c58bfa0d673e470299ffe10d3fa7d8c318d98760
              • Instruction ID: 7f2bbd8c25358b930e651c8c774784a4e80fdfa72880bb1044566083ed45125d
              • Opcode Fuzzy Hash: f4fe7e52e1482f9dcd5e9796c58bfa0d673e470299ffe10d3fa7d8c318d98760
              • Instruction Fuzzy Hash: 8AF08276D001159FCB20DA79E8486DEBBF1EB84355F044569D945D3340E734691ACF90
              Function 02D76918 Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 88617f05b0e69100cf819edef1ec814b4e6d93fe1393de0169d95c651c798d3b
              • Instruction ID: 189ebcd7dcc03966e734fe347776690ad1af54b7440a28bf8ed73c0282d1b4de
              • Opcode Fuzzy Hash: 88617f05b0e69100cf819edef1ec814b4e6d93fe1393de0169d95c651c798d3b
              • Instruction Fuzzy Hash: 43E04F72B001182B9B08DEAA9C409AFBAEFCB84650F10807AA508D7344FF30DD028BE0
              Function 02D72B2B Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 43d54099cd023be8137817a4884b84c600f1767d7fd64adbc6773986f9e02f3e
              • Instruction ID: dd71fce3aa62f968ed593862d5dcf76505f48217f291e8577d1a17f3aaf16bf1
              • Opcode Fuzzy Hash: 43d54099cd023be8137817a4884b84c600f1767d7fd64adbc6773986f9e02f3e
              • Instruction Fuzzy Hash: 53E09261304154CFD306EBA8A820BED3BA2EFCA654B4800ABE245CB39ACA148C024382
              Function 02D7CE38 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a54b48861017843200181e97ccb89b11f0b10e5740d4ab3d106a39128fb5c0f8
              • Instruction ID: 7ffc49f8b1c24abdb2e8647ec2ac54c31cd9eabc57719344dc610fd10884fa8c
              • Opcode Fuzzy Hash: a54b48861017843200181e97ccb89b11f0b10e5740d4ab3d106a39128fb5c0f8
              • Instruction Fuzzy Hash: 6FE092322002586BCB019E4EE800EAE7FEEEBC8311B04841AF959C7211CA75982197A1
              Function 02D79F48 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9492108f0617b89f7aacda1952795de012303c7f6666a3a02eed3b5a612a8010
              • Instruction ID: 3a52ff61a6b2a09ed458a70c899923b20a5c3bf27cfd108d58a1d4be517d3481
              • Opcode Fuzzy Hash: 9492108f0617b89f7aacda1952795de012303c7f6666a3a02eed3b5a612a8010
              • Instruction Fuzzy Hash: DDE06D36A002199FCB10EA6DE8086DEB7F5FB88315F004929E949D3344E774AA19CFD0
              Function 02D7F424 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 18c82c2926d06e7a2731edf61c3a8c61a658e99730033dd81c76b94df37007cf
              • Instruction ID: 94c0dbc546065b6d042155fcc1b4407719a9407bc2f4ef3a515f635a2bb15a4a
              • Opcode Fuzzy Hash: 18c82c2926d06e7a2731edf61c3a8c61a658e99730033dd81c76b94df37007cf
              • Instruction Fuzzy Hash: 66F08C306203008FCB44EB38E94984E7BF2FF84200B10896AD0029B7A4DF70ED058F95
              Function 02D768C6 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dea7abc76371b17c050a7554eb27a169d6b6c75030751bf9193147ad94976013
              • Instruction ID: e0457c8c4b4f29ef186a4e37a708611f715341a539d401b0858aebf17ca25712
              • Opcode Fuzzy Hash: dea7abc76371b17c050a7554eb27a169d6b6c75030751bf9193147ad94976013
              • Instruction Fuzzy Hash: 53E04FB1D5021EDADF149F91E9047FDBB74FB4435AF200426D102B1A90FB798994CED0
              Function 02D741E0 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 48c0d240344d084e93662c9e39d2c2a1a6736aeeec9ffe2eab36ca7a0f9ca863
              • Instruction ID: d73ccfe8329f02574d1589c5859df6e7ed5272cf986f7f39e0aad610792c8a67
              • Opcode Fuzzy Hash: 48c0d240344d084e93662c9e39d2c2a1a6736aeeec9ffe2eab36ca7a0f9ca863
              • Instruction Fuzzy Hash: CEE0E21060F7C05FEB03AB7408224A5BF308D0320079E48CBD0C0CB5A7D509080FC722
              Function 02D72B38 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0a83a897f728fee65368f7c17203aa155f1e8105801420cf338ebfe3550a2af8
              • Instruction ID: 37771f93b54ae2efda35fa90105ff05d2644d968296464f79064b45a65efd280
              • Opcode Fuzzy Hash: 0a83a897f728fee65368f7c17203aa155f1e8105801420cf338ebfe3550a2af8
              • Instruction Fuzzy Hash: 33E0CD6130011857D205FB9DBC11BDE339AEBC5A54F44002BE305CB349DF545C0103D6
              Function 02D7DB50 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 577e67a35edb3af2f29114bd0e38f8a38034be179a2487351e2c0acc7686d2e9
              • Instruction ID: b4ee51d65c9299a88c70a58612fb80c1945fb0e4bfb5cda9dbd16a172e4c97f6
              • Opcode Fuzzy Hash: 577e67a35edb3af2f29114bd0e38f8a38034be179a2487351e2c0acc7686d2e9
              • Instruction Fuzzy Hash: 6DE01A32610014CFCF00DE68E4887E833F2FF4432AF5040A5E109DB2A1DF389945CB50
              Function 02D72B00 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f64f777f90e0234ec8f857cde16fe8da78bec0b835a9e29f7f1e4d61530f9a6
              • Instruction ID: 8c15f1335525d3dc50a6dcf76f3a992e020b6fdde436940b854752f4a7b0c320
              • Opcode Fuzzy Hash: 2f64f777f90e0234ec8f857cde16fe8da78bec0b835a9e29f7f1e4d61530f9a6
              • Instruction Fuzzy Hash: 90D05E323901248FC340DFBCF849F9277ECDB48665B0540A6E60CCB221DA62DC0087C0
              Function 02D72C30 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53847943a922214b0a27b04dc1539256880761e938ec847640edffaaa5b61a37
              • Instruction ID: 26e0f5ac0036297c1985431c077e970289bff085e34aedeb8a2016ffc9aebcee
              • Opcode Fuzzy Hash: 53847943a922214b0a27b04dc1539256880761e938ec847640edffaaa5b61a37
              • Instruction Fuzzy Hash: D3D0172224A295BFEB0326A468119A67F35AF47294F1900C7E6848F6A3D553885ACB92
              Function 02D78749 Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a6e01a95362a59344ca6d51cf804b421889a426f368eee7cb8a1908082a2533d
              • Instruction ID: 93416a5ba434f47f05e60049850f80de1832facf295d643d4ab1b6c578f3f6de
              • Opcode Fuzzy Hash: a6e01a95362a59344ca6d51cf804b421889a426f368eee7cb8a1908082a2533d
              • Instruction Fuzzy Hash: 3BD05BB394814057EB04D718D58A34977C69778254F18D876D245C6151E53CC097D657
              Function 02D74430 Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4e1192101249d927f21da91cbbf73f69eb52b26827d4503a495a76d649f085fa
              • Instruction ID: 0c876f6812112e45ae2558fe109e835bc4630f0ffb7008e950de9f66979d7c49
              • Opcode Fuzzy Hash: 4e1192101249d927f21da91cbbf73f69eb52b26827d4503a495a76d649f085fa
              • Instruction Fuzzy Hash: 00E0177910A3D2AFEF03AB64A455B503FB0AF43304F0494E2C8808A257D364488DEF12
              Function 02D7BAA8 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7abe829eac46230f5034c5afbc73566f11dfd053ff27b9d92b2f78cbef326175
              • Instruction ID: ed2eaa8f4457ba69bcb9eeed597f986997f07927063c270a6cce369ca44aab0e
              • Opcode Fuzzy Hash: 7abe829eac46230f5034c5afbc73566f11dfd053ff27b9d92b2f78cbef326175
              • Instruction Fuzzy Hash: 6ED05B766443447FC7429BE0C840C967F75AF25390B159147F948CE192C1718851CB21
              Function 02D77EA0 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d8734717e053eda63125b92dd8f9b8ef7f1aceaa85fa5056d4287632812c92c
              • Instruction ID: 6724d1e46b83c1d004dd38a2976d08da052ade7434fcc20f414218ff016aa62a
              • Opcode Fuzzy Hash: 1d8734717e053eda63125b92dd8f9b8ef7f1aceaa85fa5056d4287632812c92c
              • Instruction Fuzzy Hash: A9D0C936740124AF87049F58E404CA97BE9EB5D6613014066F909C7371CA71DC51DBD4
              Function 02D749D0 Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ed90113d99bfb464ac672c5fc6210e5b9417ab7564e0cdd7c9f4b6575c302aae
              • Instruction ID: ed448ffb909c9cdd4fffa5c4cec7e7e9e1f2c9fccf5116237ca56060bc423f98
              • Opcode Fuzzy Hash: ed90113d99bfb464ac672c5fc6210e5b9417ab7564e0cdd7c9f4b6575c302aae
              • Instruction Fuzzy Hash: B2E0E27494020ACFDB00DF68D099AADBBB0BF08300F208419E402A7360DB349C04CF90
              Function 02D72C40 Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 56b0bedd64de1da9a2f41e6b389552caa4426f12984ffc3ef3e4bfbc1601afb4
              • Instruction ID: 4e5a6839854a8ebbd5f9cc30e6cc3ef988510e040d7fc1d7236996de3e5cb097
              • Opcode Fuzzy Hash: 56b0bedd64de1da9a2f41e6b389552caa4426f12984ffc3ef3e4bfbc1601afb4
              • Instruction Fuzzy Hash: A6C080336401147FC50136C49C01D957B2DFB45754F180089F7040F102D553DC5387D0
              Function 02D77180 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f9134b9f4f78336eb25c9353506a405e9e310efc3b7e45987258bb5701732bfb
              • Instruction ID: 53821c97f7138f7d139b45e14a413f36f22d75d77891b763e84504d11a607422
              • Opcode Fuzzy Hash: f9134b9f4f78336eb25c9353506a405e9e310efc3b7e45987258bb5701732bfb
              • Instruction Fuzzy Hash: FBB09B2171553913D508319D642069E728F8786760F100077A50D87741ECD5DC4102E9
              Function 02D79F10 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 140af2ed6fdf0f795c48323e690adb17346e4bffeca32c04c5267be9a922c2f6
              • Instruction ID: a97bacb83d22261c2eef9342dafb01417237693c3380889196251b17fe765a0b
              • Opcode Fuzzy Hash: 140af2ed6fdf0f795c48323e690adb17346e4bffeca32c04c5267be9a922c2f6
              • Instruction Fuzzy Hash: AEC012B2C047504AD7249E55A48074365918B91300F56C97E9094872C9D13988419FB1
              Function 02D72AFF Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 63a6bdbbad1d0fecbe5a2a8be3c13c2214482665e49b2d62004cfab9a3e67aac
              • Instruction ID: 45a145e214bb276fdb8515e8f567ee9e4fcab6d9cbccb3a616bc88063a17b937
              • Opcode Fuzzy Hash: 63a6bdbbad1d0fecbe5a2a8be3c13c2214482665e49b2d62004cfab9a3e67aac
              • Instruction Fuzzy Hash: 4DC09B327541545957B159BD38866F66B588A451657040576D845D2101E556CC128780
              Function 02D7BAB8 Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ea95ae04ae076a1de0d521a6407ef62cbd6297b919a4b6944c21cde00d1a0451
              • Instruction ID: 9d76e866eeef3de5de250eb41b38ba54ca5eaa7984c61c1606ffce6903e1c0c9
              • Opcode Fuzzy Hash: ea95ae04ae076a1de0d521a6407ef62cbd6297b919a4b6944c21cde00d1a0451
              • Instruction Fuzzy Hash: DCC08C3A24020CBFDB81AFD4C840D96776EFB18710F50D001FE080E201C272ECA2DBA0
              Function 02D7EF39 Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2daba9f7a095c8e9ec6e9b3cc7d80833fa0790b48e076258184d228f1aedc1db
              • Instruction ID: 9310e6e3df8ebca34ca803b42e7954748c73e8edf3298448b4c5b96f19f03f4b
              • Opcode Fuzzy Hash: 2daba9f7a095c8e9ec6e9b3cc7d80833fa0790b48e076258184d228f1aedc1db
              • Instruction Fuzzy Hash: EFC09BF7C414044BD3010FD0EF872953754D7162D3F375815B10EC25C2D651C1415915
              Function 02D7B388 Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 510d8d76b698067539b511ad8c60bc65e6c7a397aed45a77afd55fe48d1c5801
              • Instruction ID: 164fa65121ec2622481fe6dd02936cb86db605d35a17401bca55f8ba8a1271ff
              • Opcode Fuzzy Hash: 510d8d76b698067539b511ad8c60bc65e6c7a397aed45a77afd55fe48d1c5801
              • Instruction Fuzzy Hash: 00C09B5419934057D141A374448472A9FD0BBD1705F54DC477584493C1D515CC16DB27
              Function 02D7CF7A Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 761b9111091df11e582706201659946ef13428376525532a15ff1f3180599a71
              • Instruction ID: 2ff4f1c9687d51ad40b2a2b75f88d7b3727aecbd436dd3615b629f4013b0a99e
              • Opcode Fuzzy Hash: 761b9111091df11e582706201659946ef13428376525532a15ff1f3180599a71
              • Instruction Fuzzy Hash: CDC02BE508430005C3019DF450807057F90DFF0305F00C559D18CCB281C025CC138F32
              Function 02D7D8B0 Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b32a0b41fdf03d491101ca7e5a090d4382f228cfe9d9775983319991c61032cc
              • Instruction ID: 48068adf22e3aa0439f6a56c3cd20ff6544daa8cf981be20ee53b47bbf6c1867
              • Opcode Fuzzy Hash: b32a0b41fdf03d491101ca7e5a090d4382f228cfe9d9775983319991c61032cc
              • Instruction Fuzzy Hash: D8B002A3814508A7DD14DB60DD4BB9767D5D752301F65D0D0D541C1344DD2D45019D12
              Function 02D7F555 Relevance: .0, Instructions: 7COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 71b66ab6b30b7c02f75bab886e6acf6908690cdb21964a3471741663087cac00
              • Instruction ID: e77903e6b540059dc07afe6eded234a7e9d571ffa134be70a7094ad8278490a8
              • Opcode Fuzzy Hash: 71b66ab6b30b7c02f75bab886e6acf6908690cdb21964a3471741663087cac00
              • Instruction Fuzzy Hash: 0EC02B708030188AC708D7A0C1E105FFE6AE7C4300F306247D10175784D0288F419306
              Function 02D79E30 Relevance: .0, Instructions: 7COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aefde408b896847a65c18588a5021be47bb2566fa3cef6e447022b8a6ae92400
              • Instruction ID: b434b04fc3484629c89e7ea8dc567b60b7d21325a3563c68f37764b6dbcd7597
              • Opcode Fuzzy Hash: aefde408b896847a65c18588a5021be47bb2566fa3cef6e447022b8a6ae92400
              • Instruction Fuzzy Hash: 5AC09B555092C04FD64157608C9D7463E516742315FCD40EEC4C44A7D7DA5D440AD713
              Function 02D77901 Relevance: .0, Instructions: 6COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a53a26353ec5e7bfd0410c7ce69548d8227f9a8196fdc3997ef276b630cbdf6d
              • Instruction ID: bce317643447ea62f6180055c34f4aaf4b42c650c237930baeeed1bdb4bbf95d
              • Opcode Fuzzy Hash: a53a26353ec5e7bfd0410c7ce69548d8227f9a8196fdc3997ef276b630cbdf6d
              • Instruction Fuzzy Hash: 58B002DBD5D58547D72502549C6635427B4F755149FDD00D34545C478AE04CC5054515
              Function 02D7EF48 Relevance: .0, Instructions: 6COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452704305.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d70000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bd9aaf916ff47d2d943096bac2d14d7d4e6583ee3dbd85507ab248049eb26714
              • Instruction ID: 082b66148d3894cce3b06f989ad7bc37d03a2fcdf921bbd2923907d990b127bd
              • Opcode Fuzzy Hash: bd9aaf916ff47d2d943096bac2d14d7d4e6583ee3dbd85507ab248049eb26714
              • Instruction Fuzzy Hash: 16A022330A820CCFE2003FB0FA0F0083FBCEA08302F800028FB0F880038F2028008A80

              Non-executed Functions

              Function 02C65AD0 Relevance: .3, Instructions: 333COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 180bf40854d222dd6ac683259868f89bd91c7f368f87ecdc5f74e8d969464494
              • Instruction ID: dddb550055f3bc25a44f0a9195a3507db3cf047dcadc0ac4795f611d17c0253e
              • Opcode Fuzzy Hash: 180bf40854d222dd6ac683259868f89bd91c7f368f87ecdc5f74e8d969464494
              • Instruction Fuzzy Hash: EFC1AA707006009FEB29EB75C494BBEB7F7AFC9744F64446AD1868B691CB38E901CB51
              Function 02D30040 Relevance: .3, Instructions: 315COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452663190.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d30000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8154d28becff9fa50e5096cf7af5d7e5591fffa194cebc6969b50c2b2bea6380
              • Instruction ID: a4653764951e9dfadf6904d40f7ec6f9149877f9e99d1338a84f88bd7da132e4
              • Opcode Fuzzy Hash: 8154d28becff9fa50e5096cf7af5d7e5591fffa194cebc6969b50c2b2bea6380
              • Instruction Fuzzy Hash: A81262B1401F499EE330EF65EC4C1893AB1B785328BD14309D2A16A6EDDBBE154BCF84
              Function 02C60AE0 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1233e79388bdee8af59c4c2e2416cbca0e75ebed839c8642e74c8cc2207d14bd
              • Instruction ID: 6bc305fa68c62fd9ec07dd15d07d7644ebfe1eaf130ac929acf71d1d714bd687
              • Opcode Fuzzy Hash: 1233e79388bdee8af59c4c2e2416cbca0e75ebed839c8642e74c8cc2207d14bd
              • Instruction Fuzzy Hash: BBE13874E102198FDB14DFA9C584AAEFBB2FF89304F248169D854AB356D731AD42CF60
              Function 02C618C8 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ce2a5535a4cac5a3ceb4da4e8ec607da506e4fd0a2acac8dda6170ce7e7ee7a2
              • Instruction ID: 9d6323e47ee34fef52bec758b59a54e71c59def78941bf6d2feb84ae2522cc21
              • Opcode Fuzzy Hash: ce2a5535a4cac5a3ceb4da4e8ec607da506e4fd0a2acac8dda6170ce7e7ee7a2
              • Instruction Fuzzy Hash: 47E12C74E102198FDB14DFA9C584AAEFBF2FF89305F248169D418AB315D771A942CF60
              Function 02C60F18 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 91f404c5c908a04ce67379bd9b4ba53f5a430889f4f420e754484483e907a49c
              • Instruction ID: 2e29c9f98aec6c36a7795cd22df0c012fdb96e6b7989ba2891a39cd4a3054c16
              • Opcode Fuzzy Hash: 91f404c5c908a04ce67379bd9b4ba53f5a430889f4f420e754484483e907a49c
              • Instruction Fuzzy Hash: 65E13A74E002598FDB14DFA9C584AAEFBF2FF89305F248169D418AB355C771A942CFA0
              Function 02C669F8 Relevance: .3, Instructions: 298COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 722fa68a8e3d52e2fdb2a842e3ce236eaf94b21d50e45e74d9ae1e645ebd9fb3
              • Instruction ID: 6b7641e7a22c2792ed4e3c89d12594c395ae06cb95dcafca9eb92cf6faca1be8
              • Opcode Fuzzy Hash: 722fa68a8e3d52e2fdb2a842e3ce236eaf94b21d50e45e74d9ae1e645ebd9fb3
              • Instruction Fuzzy Hash: 43D1B434A00609CFDB18DF69C598AA9B7F6BF8C705F2580A9E405AB371DB35AD41CF60
              Function 0108D364 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452070302.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_1080000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 42a503ebe304ebb58a7c6ac592df2a4197a8c2acac24c9dbdfd3beda60544371
              • Instruction ID: edf3a8c97566d84344e3281f109052afca9cbf6ce652052bb8b5866711754b19
              • Opcode Fuzzy Hash: 42a503ebe304ebb58a7c6ac592df2a4197a8c2acac24c9dbdfd3beda60544371
              • Instruction Fuzzy Hash: E1A17036E10216CFCF15EFB4C8405DEBBB2FF89300B1541AAE981AB265DB71D916CB40
              Function 02D3003F Relevance: .2, Instructions: 217COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452663190.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2d30000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 94d6b38a9f5013c14ccb268c2075960f19ba08d06400076f57632764be860e2b
              • Instruction ID: a3ba5206798ce8e7c5228998a87167bc17eda472ddf0eb829ad584db3cb5b200
              • Opcode Fuzzy Hash: 94d6b38a9f5013c14ccb268c2075960f19ba08d06400076f57632764be860e2b
              • Instruction Fuzzy Hash: 6BC1E7B1801B4A9ED730EF65EC481897BB1BB85324F914309D2A16B2DDDBBE154BCF84
              Function 02C618B7 Relevance: .1, Instructions: 132COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1452417258.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2c60000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 148c47689b277873824a5f2a76676b5656f84b77f6d4c79a708235c1a3dc4ab4
              • Instruction ID: 3d782fd260b2b4e2b61183ad5bb368e6e2b8e347f107966ee1609de2833a8230
              • Opcode Fuzzy Hash: 148c47689b277873824a5f2a76676b5656f84b77f6d4c79a708235c1a3dc4ab4
              • Instruction Fuzzy Hash: BD512D71E102198FDB14DFA9C5846AEFBF2FF89305F248169D418AB315D7319A42CFA1

              Execution Graph

              Execution Coverage:0.8%
              Dynamic/Decrypted Code Coverage:4.1%
              Signature Coverage:8.3%
              Total number of Nodes:121
              Total number of Limit Nodes:12
              execution_graph 95854 42e043 95855 42e053 95854->95855 95856 42e059 95854->95856 95859 42d043 95856->95859 95858 42e07f 95862 42b3e3 95859->95862 95861 42d05e 95861->95858 95863 42b3fd 95862->95863 95864 42b40e RtlAllocateHeap 95863->95864 95864->95861 95865 42a6e3 95866 42a6fd 95865->95866 95869 1182df0 LdrInitializeThunk 95866->95869 95867 42a725 95869->95867 95870 424263 95875 424272 95870->95875 95871 4242f9 95872 4242b9 95878 42cf63 95872->95878 95875->95871 95875->95872 95876 4242f4 95875->95876 95877 42cf63 RtlFreeHeap 95876->95877 95877->95871 95881 42b433 95878->95881 95880 4242c6 95882 42b44d 95881->95882 95883 42b45e RtlFreeHeap 95882->95883 95883->95880 95884 427ae3 95885 427a8c 95884->95885 95886 427ad7 95885->95886 95889 423913 95885->95889 95888 427ab9 95891 423920 95889->95891 95890 423a33 95890->95888 95891->95890 95892 423aa3 95891->95892 95893 423ab8 95891->95893 95894 42b0d3 NtClose 95892->95894 95901 42b0d3 95893->95901 95896 423aac 95894->95896 95896->95888 95897 423aed 95897->95888 95898 423ac1 95898->95897 95899 42cf63 RtlFreeHeap 95898->95899 95900 423ae1 95899->95900 95900->95888 95902 42b0ed 95901->95902 95903 42b0fe NtClose 95902->95903 95903->95898 95991 423ed3 95992 423eef 95991->95992 95993 423f17 95992->95993 95994 423f2b 95992->95994 95995 42b0d3 NtClose 95993->95995 95996 42b0d3 NtClose 95994->95996 95997 423f20 95995->95997 95998 423f34 95996->95998 96001 42d083 RtlAllocateHeap 95998->96001 96000 423f3f 96001->96000 95904 413903 95908 413919 95904->95908 95906 41397c 95907 413974 95908->95906 95909 41aca3 RtlFreeHeap LdrInitializeThunk 95908->95909 95909->95907 95910 41dc83 95911 41dca9 95910->95911 95915 41dd97 95911->95915 95916 42e173 95911->95916 95913 41dd3b 95913->95915 95922 42a733 95913->95922 95917 42e0e3 95916->95917 95918 42e140 95917->95918 95919 42d043 RtlAllocateHeap 95917->95919 95918->95913 95920 42e11d 95919->95920 95921 42cf63 RtlFreeHeap 95920->95921 95921->95918 95923 42a74d 95922->95923 95926 1182c0a 95923->95926 95924 42a779 95924->95915 95927 1182c1f LdrInitializeThunk 95926->95927 95928 1182c11 95926->95928 95927->95924 95928->95924 96002 417553 96004 417577 96002->96004 96003 41757e 96004->96003 96005 4175b3 LdrLoadDll 96004->96005 96006 4175ca 96004->96006 96005->96006 95929 401a65 95930 401a70 95929->95930 95933 42e503 95930->95933 95936 42cb53 95933->95936 95937 42cb79 95936->95937 95946 407333 95937->95946 95939 42cb8f 95945 401acd 95939->95945 95950 41a993 95939->95950 95941 42cbae 95942 42cbc3 95941->95942 95943 42b483 ExitProcess 95941->95943 95961 42b483 95942->95961 95943->95942 95947 407334 95946->95947 95964 416283 95947->95964 95949 407340 95949->95939 95951 41a9bf 95950->95951 95975 41a883 95951->95975 95954 41aa04 95957 41aa20 95954->95957 95959 42b0d3 NtClose 95954->95959 95955 41a9ec 95956 41a9f7 95955->95956 95958 42b0d3 NtClose 95955->95958 95956->95941 95957->95941 95958->95956 95960 41aa16 95959->95960 95960->95941 95962 42b49d 95961->95962 95963 42b4ab ExitProcess 95962->95963 95963->95945 95965 41629a 95964->95965 95967 4162b3 95965->95967 95968 42baf3 95965->95968 95967->95949 95970 42bb0b 95968->95970 95969 42bb2f 95969->95967 95970->95969 95971 42a733 LdrInitializeThunk 95970->95971 95972 42bb81 95971->95972 95973 42cf63 RtlFreeHeap 95972->95973 95974 42bb97 95973->95974 95974->95967 95976 41a89d 95975->95976 95980 41a979 95975->95980 95981 42a7d3 95976->95981 95979 42b0d3 NtClose 95979->95980 95980->95954 95980->95955 95982 42a7f0 95981->95982 95985 11835c0 LdrInitializeThunk 95982->95985 95983 41a96d 95983->95979 95985->95983

              Executed Functions

              Function 00417553 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 29 417553-41756f 30 417577-41757c 29->30 31 417572 call 42dc63 29->31 32 417582-417590 call 42e183 30->32 33 41757e-417581 30->33 31->30 36 4175a0-4175b1 call 42c623 32->36 37 417592-41759d call 42e423 32->37 42 4175b3-4175c7 LdrLoadDll 36->42 43 4175ca-4175cd 36->43 37->36 42->43
              APIs
              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004175C5
              Memory Dump Source
              • Source File: 00000003.00000002.1510297370.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_payment details.jbxd
              Yara matches
              Similarity
              • API ID: Load
              • String ID:
              • API String ID: 2234796835-0
              • Opcode ID: 60649801836bbc3b7d335e88a05832327e3b5b3953f5200478c210aca565a30d
              • Instruction ID: 3e0f51616dc3f0a46b189d9d312683988b130d353c1935c3893a1a185256866a
              • Opcode Fuzzy Hash: 60649801836bbc3b7d335e88a05832327e3b5b3953f5200478c210aca565a30d
              • Instruction Fuzzy Hash: 6A015EB1E0020DBBDB10DAE1DC82FEEB7B89B54308F0441AAE90897240F634EB548B95
              Function 0042B0D3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 54 42b0d3-42b10c call 404763 call 42c153 NtClose
              APIs
              Memory Dump Source
              • Source File: 00000003.00000002.1510297370.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_payment details.jbxd
              Yara matches
              Similarity
              • API ID: Close
              • String ID:
              • API String ID: 3535843008-0
              • Opcode ID: caac69b30945ab4d4249f2ae84c140c25e996a78b47738183aa6edbcdcc3c335
              • Instruction ID: ead8f87f59a7477dca86eb7ac325204c2a1a09cfa91024c7d1756e9503fd9546
              • Opcode Fuzzy Hash: caac69b30945ab4d4249f2ae84c140c25e996a78b47738183aa6edbcdcc3c335
              • Instruction Fuzzy Hash: 4DE086756102147BD210FA5ADC42FDB776CDFC5754F404019FA0C67241C674B91087F5
              Function 01182DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 69 1182df0-1182dfc LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 64219fee77333a259f408d763f81a0787eccba63899a90f91f6c0b869c75a0c2
              • Instruction ID: c0c5458101673816b02ba26aa5e1acba579bbf911d0bf756699f354be363f8c4
              • Opcode Fuzzy Hash: 64219fee77333a259f408d763f81a0787eccba63899a90f91f6c0b869c75a0c2
              • Instruction Fuzzy Hash: C790023160140813D61571584604707000997D1241F95C412A0529558DD75A8A52A225
              Function 01182C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 68 1182c70-1182c7c LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 4a2f198333afbaac0c0dd9239819dcd55ad63414a4a78a3e43f1e4f4d2194b14
              • Instruction ID: 30689f61dd810cf3603ead9ca9d9ed3fd1d02fd747140383557d48c4b58b9aa8
              • Opcode Fuzzy Hash: 4a2f198333afbaac0c0dd9239819dcd55ad63414a4a78a3e43f1e4f4d2194b14
              • Instruction Fuzzy Hash: 1290023160148C02D6147158850474A000597D1301F59C411A4529658DC79989917225
              Function 011835C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 70 11835c0-11835cc LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 774690b69b33b97f2f5c4965475795bdebd26cebad3e38f4ddeefcc0e1412543
              • Instruction ID: c69c9fc33a7f4114a80cc5d3d98ced325acaacba2db3faa974abbb3cf96745a6
              • Opcode Fuzzy Hash: 774690b69b33b97f2f5c4965475795bdebd26cebad3e38f4ddeefcc0e1412543
              • Instruction Fuzzy Hash: 15900231A0550802D60471584614706100597D1201F65C411A0529568DC7998A5166A6
              Function 0042B3E3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 44 42b3e3-42b424 call 404763 call 42c153 RtlAllocateHeap
              APIs
              • RtlAllocateHeap.NTDLL(?,0041DD3B,?,?,00000000,?,0041DD3B,?,?,?), ref: 0042B41F
              Memory Dump Source
              • Source File: 00000003.00000002.1510297370.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_payment details.jbxd
              Yara matches
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: b0220e2413ae7f899cc93ea41584be7f9dfdcfee8839de6ded3c334601118f86
              • Instruction ID: 9955499f36a77fa172427ecef06a7ce641d11791fca8c5b2a220c81637ef79c3
              • Opcode Fuzzy Hash: b0220e2413ae7f899cc93ea41584be7f9dfdcfee8839de6ded3c334601118f86
              • Instruction Fuzzy Hash: 0AE039716042147BD614EA59EC82F9B33ACDBC5750F004019F908A7241C670B910CAB9
              Function 0042B433 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 49 42b433-42b474 call 404763 call 42c153 RtlFreeHeap
              APIs
              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,FF8DE851,00000007,00000000,00000004,00000000,00416E24,000000F4,?,?,?,?,?), ref: 0042B46F
              Memory Dump Source
              • Source File: 00000003.00000002.1510297370.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_payment details.jbxd
              Yara matches
              Similarity
              • API ID: FreeHeap
              • String ID:
              • API String ID: 3298025750-0
              • Opcode ID: 7c4d29dc8d40fe552ae6a9e384f52fea95ec9dd9bc9a265e531a0e66e301623b
              • Instruction ID: 742517635c0193d80781f4b697db539b8ed5703bc3a2e112650d81e6abfb2b0f
              • Opcode Fuzzy Hash: 7c4d29dc8d40fe552ae6a9e384f52fea95ec9dd9bc9a265e531a0e66e301623b
              • Instruction Fuzzy Hash: 3BE06D712042047BD610EE59EC81F9B37ACDFC5750F40401AFA0CA7241CA70B9108BB4
              Function 0042B483 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 59 42b483-42b4b9 call 404763 call 42c153 ExitProcess
              APIs
              Memory Dump Source
              • Source File: 00000003.00000002.1510297370.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_payment details.jbxd
              Yara matches
              Similarity
              • API ID: ExitProcess
              • String ID:
              • API String ID: 621844428-0
              • Opcode ID: 7d1ad23578bb9afdfc775427b6b6eb62468f2d890b79ab50936a1cefa38d7c97
              • Instruction ID: 3366a77ac3685acef9242aed91bcd2cafb1336ceb03e1fbe1248632e28cfe4ec
              • Opcode Fuzzy Hash: 7d1ad23578bb9afdfc775427b6b6eb62468f2d890b79ab50936a1cefa38d7c97
              • Instruction Fuzzy Hash: 5FE04F752002147BD110BA5ADC81F9B775CDBC5754F404019FA0C67242C674BA1187F5
              Function 01182C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 64 1182c0a-1182c0f 65 1182c1f-1182c26 LdrInitializeThunk 64->65 66 1182c11-1182c18 64->66
              APIs
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 6be6f1172b680e587512639fdb1a1fc43343166a54fd6db2e6d505164294d7ae
              • Instruction ID: e7f4d61e65c81b80bab9f237f4750aa9cc9bc76564ea464632f9ed30a0aefddf
              • Opcode Fuzzy Hash: 6be6f1172b680e587512639fdb1a1fc43343166a54fd6db2e6d505164294d7ae
              • Instruction Fuzzy Hash: FFB09B71D019C5C5DF16F7644708717790077D1701F25C061D2134645F473CC1D1E675

              Non-executed Functions

              Function 011C2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
              • API String ID: 0-2160512332
              • Opcode ID: 199d7836dc8c03e02fb984a875d4a8e68e95401d0b89da5daed25c27a823fc1a
              • Instruction ID: 99094ed79f37d37a1c74f0f73dc003cf4a604f7e8c21edb828993924f28a2dc4
              • Opcode Fuzzy Hash: 199d7836dc8c03e02fb984a875d4a8e68e95401d0b89da5daed25c27a823fc1a
              • Instruction Fuzzy Hash: CD929F71614742AFE729DF28C880F6BB7E8BBA4B54F04492DFA94D7250D770E844CB92
              Function 01178620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
              Download Yara Rule
              Strings
              • Address of the debug info found in the active list., xrefs: 011B54AE, 011B54FA
              • undeleted critical section in freed memory, xrefs: 011B542B
              • Thread identifier, xrefs: 011B553A
              • corrupted critical section, xrefs: 011B54C2
              • double initialized or corrupted critical section, xrefs: 011B5508
              • Thread is in a state in which it cannot own a critical section, xrefs: 011B5543
              • Critical section address, xrefs: 011B5425, 011B54BC, 011B5534
              • Critical section debug info address, xrefs: 011B541F, 011B552E
              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011B540A, 011B5496, 011B5519
              • 8, xrefs: 011B52E3
              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011B54CE
              • Invalid debug info address of this critical section, xrefs: 011B54B6
              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011B54E2
              • Critical section address., xrefs: 011B5502
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
              • API String ID: 0-2368682639
              • Opcode ID: e364782040ba47d618120cd20e672b1f40e168984ca49ffe3e22d634c53d2e61
              • Instruction ID: 1094ec94fc61aa333bd0eebb7f3223972d6588d09c2fbfb1dc0df6eb36e094fd
              • Opcode Fuzzy Hash: e364782040ba47d618120cd20e672b1f40e168984ca49ffe3e22d634c53d2e61
              • Instruction Fuzzy Hash: 3B818AB0A41359EFEB68CF99C889BAEBBF6FB48714F104119F504B7250D3B5A941CB60
              Function 011729F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
              Download Yara Rule
              Strings
              • @, xrefs: 011B259B
              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 011B25EB
              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 011B2498
              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 011B24C0
              • RtlpResolveAssemblyStorageMapEntry, xrefs: 011B261F
              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 011B2506
              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 011B2624
              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 011B2409
              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 011B2412
              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 011B22E4
              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 011B2602
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
              • API String ID: 0-4009184096
              • Opcode ID: b84b9d961732211797afe29bc486f4b076eff6395c28efe906d7910b46bc2e26
              • Instruction ID: 4b09d52678da1365dae56274f0477491283c3dcdfde389006128025be5ac71e2
              • Opcode Fuzzy Hash: b84b9d961732211797afe29bc486f4b076eff6395c28efe906d7910b46bc2e26
              • Instruction Fuzzy Hash: AE0271F1D002299BDB39DB54CC80BEAB7B8AF54704F0141DAE649A7241EB70AF85CF59
              Function 011E8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
              • API String ID: 0-2515994595
              • Opcode ID: f480fcc3edbb1342687c5f1fdd1eb58b3f980e834b222a24f3f30425d477d528
              • Instruction ID: c6444ed944b677fc2bc4e6e00346fd60bb3ab61a71b08f2dabf0c7e25c681d80
              • Opcode Fuzzy Hash: f480fcc3edbb1342687c5f1fdd1eb58b3f980e834b222a24f3f30425d477d528
              • Instruction Fuzzy Hash: 5051EF71104B019BC32DDF588848BABBBECFF99654F14492DFA99C3284E771D608CB92
              Function 011F0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
              • API String ID: 0-1700792311
              • Opcode ID: 7529bc2a1fc94893d8ee0b9d80f065d62d3081eba68a544f18be6a5e6f0eb4a8
              • Instruction ID: 1ee0ed4f0c99463773f69962d42e145576979f469d67e7a59c6e908772ba4d17
              • Opcode Fuzzy Hash: 7529bc2a1fc94893d8ee0b9d80f065d62d3081eba68a544f18be6a5e6f0eb4a8
              • Instruction Fuzzy Hash: 4BD1FB31604682DFDB2EDF68C405AAABBF2FF8A714F09805DF6459B252E734D981CB14
              Function 011C89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
              Download Yara Rule
              Strings
              • HandleTraces, xrefs: 011C8C8F
              • VerifierDlls, xrefs: 011C8CBD
              • VerifierFlags, xrefs: 011C8C50
              • AVRF: -*- final list of providers -*- , xrefs: 011C8B8F
              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 011C8A3D
              • VerifierDebug, xrefs: 011C8CA5
              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 011C8A67
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
              • API String ID: 0-3223716464
              • Opcode ID: 30c91f7e8cf98be009e675d879ca8682e6ecb023c7f8a3ab6c8a998e4acebb73
              • Instruction ID: bf1a8844659b51b5028d5942862fc407f8fecc39a7276ba669431673e69a2b1c
              • Opcode Fuzzy Hash: 30c91f7e8cf98be009e675d879ca8682e6ecb023c7f8a3ab6c8a998e4acebb73
              • Instruction Fuzzy Hash: E79137B1645712AFD72DDF68E8C4B6AB7E4ABA4F18F06041CFA446B240C770DD01CB96
              Function 0114EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
              • API String ID: 0-1109411897
              • Opcode ID: a2badc4d905e5bee24e6d261ec015d63d9603a6b88d03c60b1b44a61e9292568
              • Instruction ID: fc073f29a676e61315858f50ea94ba9b4cc33ba637fa02e2d133ea414e933c4b
              • Opcode Fuzzy Hash: a2badc4d905e5bee24e6d261ec015d63d9603a6b88d03c60b1b44a61e9292568
              • Instruction Fuzzy Hash: FFA25774A0562ACFDB68CF18C888BA9BBB1BF45704F5442E9D90DA7750DB749E81CF01
              Function 011763FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
              • API String ID: 0-792281065
              • Opcode ID: dba52b7e7c4d2f232d10c64b0042aa14d2be0a0e8c491ee31dd058e776b28608
              • Instruction ID: 0b52620588a08be65255da9c503581000860f6b6bbe73c198c4837f34711cdc4
              • Opcode Fuzzy Hash: dba52b7e7c4d2f232d10c64b0042aa14d2be0a0e8c491ee31dd058e776b28608
              • Instruction Fuzzy Hash: 04913770B00B15ABFB2DDF18F888BEA7BB1BF51B18F044168E5066B782D7749801C791
              Function 0113645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
              Download Yara Rule
              Strings
              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 011999ED
              • LdrpInitShimEngine, xrefs: 011999F4, 01199A07, 01199A30
              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01199A2A
              • apphelp.dll, xrefs: 01136496
              • minkernel\ntdll\ldrinit.c, xrefs: 01199A11, 01199A3A
              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01199A01
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
              • API String ID: 0-204845295
              • Opcode ID: 69590ee9e5b0bfe99282936aedfeb668c0c3bdaecc9dcb7d42785a19dbbdbb58
              • Instruction ID: 2beaacda1fadfe62b963978a5dab22eee1708115b79464e24b0d84be65f08692
              • Opcode Fuzzy Hash: 69590ee9e5b0bfe99282936aedfeb668c0c3bdaecc9dcb7d42785a19dbbdbb58
              • Instruction Fuzzy Hash: CC519171208305AFEB2DDF24D845BAB77E8FB84648F00492DE59597194E734EA44CB93
              Function 01172674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
              Download Yara Rule
              Strings
              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 011B219F
              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 011B2178
              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 011B2180
              • RtlGetAssemblyStorageRoot, xrefs: 011B2160, 011B219A, 011B21BA
              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 011B21BF
              • SXS: %s() passed the empty activation context, xrefs: 011B2165
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
              • API String ID: 0-861424205
              • Opcode ID: 65e97a0a7081400adace87d87a39dd498900bcd8fbf3484fd12e0eec31a6afdb
              • Instruction ID: f8cc2e2e5ceb6e3c2ba68e1df5619b0dc3d973aabefa0f0ed59074d2ae4ccbb2
              • Opcode Fuzzy Hash: 65e97a0a7081400adace87d87a39dd498900bcd8fbf3484fd12e0eec31a6afdb
              • Instruction Fuzzy Hash: 8C31FB36F4022577F72D8A998C86F9BBB79DB75A90F05405DFB04B7241D370AA02C7A1
              Function 0117C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
              Download Yara Rule
              Strings
              • minkernel\ntdll\ldrredirect.c, xrefs: 011B8181, 011B81F5
              • Unable to build import redirection Table, Status = 0x%x, xrefs: 011B81E5
              • Loading import redirection DLL: '%wZ', xrefs: 011B8170
              • LdrpInitializeProcess, xrefs: 0117C6C4
              • LdrpInitializeImportRedirection, xrefs: 011B8177, 011B81EB
              • minkernel\ntdll\ldrinit.c, xrefs: 0117C6C3
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
              • API String ID: 0-475462383
              • Opcode ID: e25ca7722a948e6020a81606f014410bad7bd9bc00aa600c42939b7fee91f237
              • Instruction ID: 65e6007e50023a77f4a2600a0ecb46e951c06d7976bd8484261e4e173f589800
              • Opcode Fuzzy Hash: e25ca7722a948e6020a81606f014410bad7bd9bc00aa600c42939b7fee91f237
              • Instruction Fuzzy Hash: 5631F571644346AFD21CEF29D886F5A77E8EF94B18F04055CF944AB391E720ED04CBA2
              Function 0118096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 01182DF0: LdrInitializeThunk.NTDLL ref: 01182DFA
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01180BA3
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01180BB6
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01180D60
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01180D74
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
              • String ID:
              • API String ID: 1404860816-0
              • Opcode ID: 9bea629e25fa8ab0c753fe9f3cb134865eff84d677fdbb494ff52f4467eb3211
              • Instruction ID: 0ea613a75771d0ce09003bd1c7241e3604afd231a4843f1312b0ee1184b8f5a9
              • Opcode Fuzzy Hash: 9bea629e25fa8ab0c753fe9f3cb134865eff84d677fdbb494ff52f4467eb3211
              • Instruction Fuzzy Hash: DE427D71900719DFDB69DF28C880BEAB7F4BF48304F1485A9E989DB241E770A985CF61
              Function 0114A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
              • API String ID: 0-379654539
              • Opcode ID: e702f423aa5e9e9330106ae61e6fe37c88a4e02394a16fd4f4c4d3c8b58a39fa
              • Instruction ID: b77db27a0d16c4efe650ac20fb7a555480fd41aeca44d3881e5b0ce9f5aec3fc
              • Opcode Fuzzy Hash: e702f423aa5e9e9330106ae61e6fe37c88a4e02394a16fd4f4c4d3c8b58a39fa
              • Instruction Fuzzy Hash: F6C1AD75148382CFD719CF58D144B6ABBE4FF84B04F0A886AF9968B251E734C949CB93
              Function 01178402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
              Download Yara Rule
              Strings
              • @, xrefs: 01178591
              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0117855E
              • LdrpInitializeProcess, xrefs: 01178422
              • minkernel\ntdll\ldrinit.c, xrefs: 01178421
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
              • API String ID: 0-1918872054
              • Opcode ID: 4af0f1cd7df60659ddeb99c3e644d79189176b4cfd99b63b4a7439b3e2b30198
              • Instruction ID: 0cc9c0e623cb9648a0485771a7bb96694d86de721431af12dbb8e28fec40e51a
              • Opcode Fuzzy Hash: 4af0f1cd7df60659ddeb99c3e644d79189176b4cfd99b63b4a7439b3e2b30198
              • Instruction Fuzzy Hash: 96918E71508345AFD72AEF65CC84FABBAECBF84744F40492EFA8492251E770D944CB62
              Function 0117273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
              Download Yara Rule
              Strings
              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 011B21D9, 011B22B1
              • .Local, xrefs: 011728D8
              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 011B22B6
              • SXS: %s() passed the empty activation context, xrefs: 011B21DE
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
              • API String ID: 0-1239276146
              • Opcode ID: 1228fda842fd1646480b35f92ff4b469a638b845ffd54236f1b72c787c7acf41
              • Instruction ID: daf5065e9f4b46fb99c2377e4d136b352bf7d44da9a9bc9135cf24b9ea346de2
              • Opcode Fuzzy Hash: 1228fda842fd1646480b35f92ff4b469a638b845ffd54236f1b72c787c7acf41
              • Instruction Fuzzy Hash: B1A1A131900229DBDB2DCF68C884BE9B7B1BF58354F1941E9D908A7351E730AE86CF91
              Function 011464AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
              Download Yara Rule
              Strings
              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 011A106B
              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 011A1028
              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 011A10AE
              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 011A0FE5
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
              • API String ID: 0-1468400865
              • Opcode ID: a396523a9e4b1102051993e47eb1bac0871c3f5f051dafd3a1efd73a676bae6f
              • Instruction ID: af60f0beddf2ab8bf0f54582d4f65d9741a1447226de04cf5f50f44b571e1be6
              • Opcode Fuzzy Hash: a396523a9e4b1102051993e47eb1bac0871c3f5f051dafd3a1efd73a676bae6f
              • Instruction Fuzzy Hash: 6871F2B1904345AFCB25EF14C884B977FA9AF95BA8F400468F9488B146D334D589CFD2
              Function 0116245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
              Download Yara Rule
              Strings
              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 011AA992
              • apphelp.dll, xrefs: 01162462
              • LdrpDynamicShimModule, xrefs: 011AA998
              • minkernel\ntdll\ldrinit.c, xrefs: 011AA9A2
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
              • API String ID: 0-176724104
              • Opcode ID: 0d60422ef3c5f6ec6afb91d45022a43e96d8beacbe08fc3ec02141c9a9959912
              • Instruction ID: 90179b60e5f43f77ff011686619fb6e94bfa24dc02cf1535bf96dc5bca196c32
              • Opcode Fuzzy Hash: 0d60422ef3c5f6ec6afb91d45022a43e96d8beacbe08fc3ec02141c9a9959912
              • Instruction Fuzzy Hash: 67314A75A00302EBDB3DDF5DF849AAA7BB8FF84B04F560019E9016B245D7B09A51C780
              Function 011529A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
              Download Yara Rule
              Strings
              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0115327D
              • HEAP[%wZ]: , xrefs: 01153255
              • HEAP: , xrefs: 01153264
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
              • API String ID: 0-617086771
              • Opcode ID: ef0f8e6786c4fcae9a3c61e1415f5cc4033c22e5e7ec18bb7276eff0a7f6843e
              • Instruction ID: 30b106aeb0594844bc1be1afcf5382d15366eb4470cb0e781840db42d4839b26
              • Opcode Fuzzy Hash: ef0f8e6786c4fcae9a3c61e1415f5cc4033c22e5e7ec18bb7276eff0a7f6843e
              • Instruction Fuzzy Hash: 0D92CD71A04649DFDB69CF68C444BAEBBF1FF48304F188099E869AB392D735A941CF50
              Function 01150770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-4253913091
              • Opcode ID: 908931b0760e9dba248d2600aa7d20a7afaa230a48b3c658910a0c9cb2830385
              • Instruction ID: db1c5803d1f09615b81dcc20321786901511def1105587d2025faa09cfe240f9
              • Opcode Fuzzy Hash: 908931b0760e9dba248d2600aa7d20a7afaa230a48b3c658910a0c9cb2830385
              • Instruction Fuzzy Hash: CFF1CF34A04606DFDB5DCFA8C894F6ABBB2FF48304F154169E8269B385D730E981CB51
              Function 01166962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: $@
              • API String ID: 0-1077428164
              • Opcode ID: bf4ac688bff722c6a30086bc082393dd0ea3ac0ddf975a54b39c28257abbf2d7
              • Instruction ID: 25b0c107251edd5e85a15c9d4409c9d08786f6f2b264978d128ae399fe147692
              • Opcode Fuzzy Hash: bf4ac688bff722c6a30086bc082393dd0ea3ac0ddf975a54b39c28257abbf2d7
              • Instruction Fuzzy Hash: 72C290716083419FE72DCF28C840BABBBE9BF88758F05892DE989C7241D735D855CB92
              Function 0113A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: FilterFullPath$UseFilter$\??\
              • API String ID: 0-2779062949
              • Opcode ID: b4040c4afc4d39d86dc56980d40282212a6db0548d3ed2f46cda3e4722747f5a
              • Instruction ID: d77fd4eb2d43b743ef2a8ce176eb722d71ac0023582c689684abf198f92a7ad9
              • Opcode Fuzzy Hash: b4040c4afc4d39d86dc56980d40282212a6db0548d3ed2f46cda3e4722747f5a
              • Instruction Fuzzy Hash: EAA15B719112299BDF39DF28CC88BEAB7B8EF48704F1041E9E958A7250D7359E84CF90
              Function 01160BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
              Download Yara Rule
              Strings
              • LdrpCheckModule, xrefs: 011AA117
              • Failed to allocated memory for shimmed module list, xrefs: 011AA10F
              • minkernel\ntdll\ldrinit.c, xrefs: 011AA121
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
              • API String ID: 0-161242083
              • Opcode ID: 900fc82bbc5168ec6e77f09f56ead6c487a643bc8cbad5c224907f9756f96fe4
              • Instruction ID: f76b9eec6cfdab87bb681e555d9102d476372708040891c6b5e54b458ab83c50
              • Opcode Fuzzy Hash: 900fc82bbc5168ec6e77f09f56ead6c487a643bc8cbad5c224907f9756f96fe4
              • Instruction Fuzzy Hash: 5571F074A00205EFDB2DDF68D984ABEBBF8FF48204F04446DE8029B245E735AE51CB41
              Function 01150A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-1334570610
              • Opcode ID: 53997cab687ddf5c393208f9639b04672ed1f254354be8e57b268f2e8d3d9668
              • Instruction ID: 9abeb2f69266cfedd0ff905cfeaf06d1a2ddb08d38932febca4b63b87dcfe92e
              • Opcode Fuzzy Hash: 53997cab687ddf5c393208f9639b04672ed1f254354be8e57b268f2e8d3d9668
              • Instruction Fuzzy Hash: 6F61BE74604301DFDB6DCF68C480B6ABBE2FF89704F158559F8698B296D770E881CB91
              Function 0117C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
              Download Yara Rule
              Strings
              • Failed to reallocate the system dirs string !, xrefs: 011B82D7
              • LdrpInitializePerUserWindowsDirectory, xrefs: 011B82DE
              • minkernel\ntdll\ldrinit.c, xrefs: 011B82E8
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
              • API String ID: 0-1783798831
              • Opcode ID: 593150fc7f405544b91458ca174ba93b21c003da5bb5d12c9b1b169fcff582ad
              • Instruction ID: 6c86270ae5ee9d3f86b4c527d954710f4a0e77c5d4d58d8ad292368f539f0ffd
              • Opcode Fuzzy Hash: 593150fc7f405544b91458ca174ba93b21c003da5bb5d12c9b1b169fcff582ad
              • Instruction Fuzzy Hash: 7F411372554702EBD729EB68E845B9BBBECEF45B54F00492AF948D3250EB74D800CBD2
              Function 011FC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
              Download Yara Rule
              Strings
              • PreferredUILanguages, xrefs: 011FC212
              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 011FC1C5
              • @, xrefs: 011FC1F1
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
              • API String ID: 0-2968386058
              • Opcode ID: a6088dd2c3526a442ba918b85a2857662745cad1ba0ee32ca02a6215c0b5774e
              • Instruction ID: 1b5f7670c602cd51c03118da4efbf69a393beeecf37a323bf6611c07a0b27842
              • Opcode Fuzzy Hash: a6088dd2c3526a442ba918b85a2857662745cad1ba0ee32ca02a6215c0b5774e
              • Instruction Fuzzy Hash: CC418275E0020DEBDF19DAD8C841FEEBBB9EB14704F04406EEA19B7240D7749A44DB90
              Function 011D4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
              • API String ID: 0-1373925480
              • Opcode ID: edd9b2bdf60c6fa9620c13f93b5df97407fb7cb71f1f68389b8438cafdc80bef
              • Instruction ID: 39642bdc511ba74952db17cdd63eb146c0cb36bf1c94abc2f11b4139368fc543
              • Opcode Fuzzy Hash: edd9b2bdf60c6fa9620c13f93b5df97407fb7cb71f1f68389b8438cafdc80bef
              • Instruction Fuzzy Hash: F2414232A00259CBEB2EDBE8D840BADBBB8FF65384F15045AD911EBF81D7349901CB11
              Function 011C4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              Strings
              • LdrpCheckRedirection, xrefs: 011C488F
              • minkernel\ntdll\ldrredirect.c, xrefs: 011C4899
              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 011C4888
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
              • API String ID: 0-3154609507
              • Opcode ID: a503f4feeda4f663a59543d00111d4efe1a94e14d81e111d57516d5d3b805de1
              • Instruction ID: a7e9643994b699b211b00d367b4f4a4e838b3e0acebd5f5047f3816bccf18cd0
              • Opcode Fuzzy Hash: a503f4feeda4f663a59543d00111d4efe1a94e14d81e111d57516d5d3b805de1
              • Instruction Fuzzy Hash: 5C41D432A187519FCB29CF9CD860A27BBE4EF69E50B06056DED88D7B55D730D800CB92
              Function 01150BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-2558761708
              • Opcode ID: 33eae89813c088181a0b67398d8f2f5b16e87a51e958bca7a19ed723732f2f54
              • Instruction ID: e360334c51eedad71632eccae24a0154cdb627cd8a4b96f352c62915159d3817
              • Opcode Fuzzy Hash: 33eae89813c088181a0b67398d8f2f5b16e87a51e958bca7a19ed723732f2f54
              • Instruction Fuzzy Hash: 58113335318102DFDBADCA18C485B7ABBA6EF84719F1A812DF816CB256FB30D840C756
              Function 011C20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
              Download Yara Rule
              Strings
              • Process initialization failed with status 0x%08lx, xrefs: 011C20F3
              • LdrpInitializationFailure, xrefs: 011C20FA
              • minkernel\ntdll\ldrinit.c, xrefs: 011C2104
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
              • API String ID: 0-2986994758
              • Opcode ID: ff72e556b7e4c78cb8ca18d3d50fc154fb496650df6b9e8e841b030b346a6343
              • Instruction ID: 3c75daf45dacef739d0c8241d7179115152aea7824a12b9b78a82ef9f3d4236f
              • Opcode Fuzzy Hash: ff72e556b7e4c78cb8ca18d3d50fc154fb496650df6b9e8e841b030b346a6343
              • Instruction Fuzzy Hash: C5F0C235640319BBE72CEA4DEC46F993BA8EB91F58F50006DF60077685E7F0AA10CA91
              Function 011503E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: #%u
              • API String ID: 48624451-232158463
              • Opcode ID: dd110ca5632f1ead36b0c15754322c3712efa593b949a7a077168a00e0ca77a3
              • Instruction ID: b65694c337e1020fb1abddb8a4a86f7de66f72dafbc82d03a73564ba8b1410b5
              • Opcode Fuzzy Hash: dd110ca5632f1ead36b0c15754322c3712efa593b949a7a077168a00e0ca77a3
              • Instruction Fuzzy Hash: F2716871A0014ADFDB09DFA8C980BAEBBF8FF18744F154065E915A7251EB74EE01CBA1
              Function 0114A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
              Download Yara Rule
              Strings
              • LdrResSearchResource Enter, xrefs: 0114AA13
              • LdrResSearchResource Exit, xrefs: 0114AA25
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
              • API String ID: 0-4066393604
              • Opcode ID: 52a483b6dbf4677b258f90266ae50b5a80caa94ff6aa28301d438d8542e50d68
              • Instruction ID: a2b7e1f9c075e317a956f4714a7b8a6890b0f95e9e808bb7d2be95d327b7eedc
              • Opcode Fuzzy Hash: 52a483b6dbf4677b258f90266ae50b5a80caa94ff6aa28301d438d8542e50d68
              • Instruction Fuzzy Hash: AEE19275E802199FEB2ECF98D980BAEBBB9FF44714F12442AE912E7241D734D940CB51
              Function 0120A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: `$`
              • API String ID: 0-197956300
              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
              • Instruction ID: 8153e0d8ccbb18374daa44082ce70e6e703f8587164450e409832b8e842f8dc4
              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
              • Instruction Fuzzy Hash: 2CC1AF312243429BEB26CF28C841B6BBBE5AFD4318F444B2CF6968B2D2D775D545CB41
              Function 011BE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: Legacy$UEFI
              • API String ID: 2994545307-634100481
              • Opcode ID: 32b0c917efee5da31790b53579fea0beeba784a2fef77fef94492161c9fb4533
              • Instruction ID: a04e6c79fa9642a78be1bc00ef6fb41e208c568cb2ae0db8015a8524967dbc60
              • Opcode Fuzzy Hash: 32b0c917efee5da31790b53579fea0beeba784a2fef77fef94492161c9fb4533
              • Instruction Fuzzy Hash: AE616C72E017199FDB19DFA8C880BEEBBB5FB48704F14816DE659EB251E731A900CB50
              Function 011E43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: @$MUI
              • API String ID: 0-17815947
              • Opcode ID: 4ba98015af89d61aad653276c0d161c7512938f19e41cf243825fc53fbcf1c5d
              • Instruction ID: 886b341f51b85c4e9acc004d3401a172fcb57185c4733281f7f1c856b5b66442
              • Opcode Fuzzy Hash: 4ba98015af89d61aad653276c0d161c7512938f19e41cf243825fc53fbcf1c5d
              • Instruction Fuzzy Hash: 64511771E0061EAFDB15DFE9CC84AEEBBF8AF44758F104529E611E7690D7309A05CB60
              Function 011404E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
              Download Yara Rule
              Strings
              • kLsE, xrefs: 01140540
              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0114063D
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
              • API String ID: 0-2547482624
              • Opcode ID: 73bb5f86501a63f905f435618f0d035bf17db0b70ecc4c64cdfaf8c6a9590bb3
              • Instruction ID: 96a328b92cc69fc84b28c29e61d0262897ae6f7f43575d1bc2a6d5b55f0bb63a
              • Opcode Fuzzy Hash: 73bb5f86501a63f905f435618f0d035bf17db0b70ecc4c64cdfaf8c6a9590bb3
              • Instruction Fuzzy Hash: 6951BF715047429BD728DF6AC4406E7B7E8AF88B04F10483EE6EA87241E770D545CF92
              Function 0114A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
              Download Yara Rule
              Strings
              • RtlpResUltimateFallbackInfo Exit, xrefs: 0114A309
              • RtlpResUltimateFallbackInfo Enter, xrefs: 0114A2FB
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
              • API String ID: 0-2876891731
              • Opcode ID: 31ab6bc1619fd32a9708ca3f62491ebe0007f3dd9a587389f2fb2d8b7b1a48ef
              • Instruction ID: fe1f20fbdea1b6b75f49521ae85809c642b38f98055dce5152bf45d7fb8127ba
              • Opcode Fuzzy Hash: 31ab6bc1619fd32a9708ca3f62491ebe0007f3dd9a587389f2fb2d8b7b1a48ef
              • Instruction Fuzzy Hash: D5411235A48245CFDB2DCF69D840B6EBBB4FF85B04F1640A9E912DB291E3B5D900CB41
              Function 0117A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: Cleanup Group$Threadpool!
              • API String ID: 2994545307-4008356553
              • Opcode ID: 06b1be0bb0705e0c412a94297834d45192c33a870b9cb0c9e25cbc511db318fe
              • Instruction ID: 34f019aa1f939aa9d47f53e321486063081712640a95c1538678e8555e6287df
              • Opcode Fuzzy Hash: 06b1be0bb0705e0c412a94297834d45192c33a870b9cb0c9e25cbc511db318fe
              • Instruction Fuzzy Hash: 3901F4B2240704AFD316DF14DD49F1A77F9EB85719F058939B648C7694E334D904CB46
              Function 0114C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: MUI
              • API String ID: 0-1339004836
              • Opcode ID: 7e1f8dd0c430b2908d8cacb34e224b3ca9d230c054b4ac3446c59bce843adb97
              • Instruction ID: 5436cd21b720be1c8405fe21bc9845280ed6e4ef9b34b16a819e4b48c5a0daf1
              • Opcode Fuzzy Hash: 7e1f8dd0c430b2908d8cacb34e224b3ca9d230c054b4ac3446c59bce843adb97
              • Instruction Fuzzy Hash: F1827B75E012198FEF29CFA9D880BEDBBB1BF48B50F14816AD919AB350D7309941CF91
              Function 011C6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-3916222277
              • Opcode ID: 05d234c9437050fe9f1255f37f5d14375053d059c14d1e3cf4ad38369b3589b6
              • Instruction ID: f9978d007d2b5c0eb0f0b2e234a47672d9f88a8f5baa15d15374716e6f6bb13b
              • Opcode Fuzzy Hash: 05d234c9437050fe9f1255f37f5d14375053d059c14d1e3cf4ad38369b3589b6
              • Instruction Fuzzy Hash: C9918372900219AFEB29DF95CC85FAEBBB8EF24B54F104019F601AB291D775ED00CB60
              Function 011EE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-3916222277
              • Opcode ID: d349a47b6618f0412a4d38469f93c30b50031ea23b4319a7b46eb5979ecee4e6
              • Instruction ID: e5fa7f23eba8f10e0e99789d2344ac01456f9244d0cb0ba8d9bb6b95c2354b2e
              • Opcode Fuzzy Hash: d349a47b6618f0412a4d38469f93c30b50031ea23b4319a7b46eb5979ecee4e6
              • Instruction Fuzzy Hash: E991AF31902A0AAFDB2AAFE5DC48FEFBBB9EF45744F140029F511A7250EB749901CB51
              Function 0117A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: GlobalTags
              • API String ID: 0-1106856819
              • Opcode ID: 3774ceaa6699ef9f5a7729dfd8e00ace83fef413da378d9b4ff4d6b15a5ec178
              • Instruction ID: 87ccc432c79965ae32832d52ed0fb4e3b05abf3e2d9e618486562aaf2e5711c1
              • Opcode Fuzzy Hash: 3774ceaa6699ef9f5a7729dfd8e00ace83fef413da378d9b4ff4d6b15a5ec178
              • Instruction Fuzzy Hash: FD7159B5E0021A9FDF2CCF98D590AEDBBB2BF68704F14812EE905A7245E7319941CB60
              Function 011E4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: .mui
              • API String ID: 0-1199573805
              • Opcode ID: 78272a99e533309f557ffc028168149f88ced713940c7abc3ee32da852cd9f86
              • Instruction ID: 48c3ae51b3ccf9ad0d7d7c9f1317d5671d346dd789bde121ddb39691cc54e30b
              • Opcode Fuzzy Hash: 78272a99e533309f557ffc028168149f88ced713940c7abc3ee32da852cd9f86
              • Instruction Fuzzy Hash: 69519372D0062ADBDF18DFD9D848AAEBBF5AF44A54F054129EA11FB740D3349801CBE4
              Function 0115E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: EXT-
              • API String ID: 0-1948896318
              • Opcode ID: a0309d4b64497eeaaf4453a322771887751392264524ab635f9226b6c6a2b83d
              • Instruction ID: 9697d6f22be901a6bbf987fab01bc0f60b38458ff2ab0225406f80c40ce7115e
              • Opcode Fuzzy Hash: a0309d4b64497eeaaf4453a322771887751392264524ab635f9226b6c6a2b83d
              • Instruction Fuzzy Hash: E441A072909702DBD759DA75C840B6BFBE8AF88708F44092DFAA4D7180E774DA04C797
              Function 011BC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: BinaryHash
              • API String ID: 0-2202222882
              • Opcode ID: 9b39677631f8e4c4dabb57607abae41739060df1df40877c19c18bf2d98fa2ae
              • Instruction ID: 484925d1c1e349b25de99d87d96408bda28f9cc3fb3b3e7da3dcba79c58b74fb
              • Opcode Fuzzy Hash: 9b39677631f8e4c4dabb57607abae41739060df1df40877c19c18bf2d98fa2ae
              • Instruction Fuzzy Hash: E24142B1D0012DABDB25DA50CC84FDEB77CAB54718F0085A5EA08AB140DB709E89CFE4
              Function 011D6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: #
              • API String ID: 0-1885708031
              • Opcode ID: 3511d574ca01bf236e94dc9099eeb40b4009826d3f148836e01627e95c94ee35
              • Instruction ID: 43cb6b691c3c945b893a3d976ad1a9033693a8d4f5208b462af992e5b3d4b86f
              • Opcode Fuzzy Hash: 3511d574ca01bf236e94dc9099eeb40b4009826d3f148836e01627e95c94ee35
              • Instruction Fuzzy Hash: D6314831A00719DBEB3ADF69C854BEEBBB8DF05708F144028E954AB282DB75E905CB50
              Function 011BCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: BinaryName
              • API String ID: 0-215506332
              • Opcode ID: 085f2c4dfca75ca1135c08c1098e7c7251859b08a890fd42217c215e3855273b
              • Instruction ID: 5a127b7385a6ec33458f3095f3c5e6fb8bfec8bd0883d37686e4158fa94d8525
              • Opcode Fuzzy Hash: 085f2c4dfca75ca1135c08c1098e7c7251859b08a890fd42217c215e3855273b
              • Instruction Fuzzy Hash: BB312736900515AFEB1EDB59C991FEFBB75EF80790F018129E911A7250D7309E00DBE0
              Function 011C892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
              Download Yara Rule
              Strings
              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 011C895E
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
              • API String ID: 0-702105204
              • Opcode ID: 285bf74a33caee6b3c574b491d8c606354a9363396c4c8faf279b1db7f14fa74
              • Instruction ID: 1cdc7844f0a2b57ea4b9a82eac14244e49cbff512b5540cdade51e68729743c5
              • Opcode Fuzzy Hash: 285bf74a33caee6b3c574b491d8c606354a9363396c4c8faf279b1db7f14fa74
              • Instruction Fuzzy Hash: 79017B723102029BEA2C5B19DCC9ADABB64EFE1F58B04001CF64506111EB20AC80C796
              Function 011E2000 Relevance: .8, Instructions: 757COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: df5e01f792355697a5a1e38638e39bbe221e1899bc6c89823f7e3f1054034ecf
              • Instruction ID: ab5e46e463705a0c715ab2fce9e3354398f4b3c7626004cf3d11de3c143ad320
              • Opcode Fuzzy Hash: df5e01f792355697a5a1e38638e39bbe221e1899bc6c89823f7e3f1054034ecf
              • Instruction Fuzzy Hash: E342EA71608B418FD71DCFA8C8A4A6FBBE9BF98304F08492DFA9287250D771D945CB52
              Function 011D8158 Relevance: .6, Instructions: 617COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eef2af494280b41d9264449d62789a676db9bba8a681b5bc916fc8c9750ff451
              • Instruction ID: e2ae22fdfff4bf82523f4b0112eecbde59c81565e11a0f339141fb1e159ac2fc
              • Opcode Fuzzy Hash: eef2af494280b41d9264449d62789a676db9bba8a681b5bc916fc8c9750ff451
              • Instruction Fuzzy Hash: 6A426D71E102199FEB28CF69C881BADBBF5BF88314F158199E94DEB241DB349981CF50
              Function 01152840 Relevance: .6, Instructions: 605COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 86a29e5569f9836ca2770bba8cb50b49d1a35e2ab9b8f573d2020aa60433cddb
              • Instruction ID: ab8cde032b8adf773641651fd3dcc6c70fdc7a9b3c173efb42a4ff9c5d369672
              • Opcode Fuzzy Hash: 86a29e5569f9836ca2770bba8cb50b49d1a35e2ab9b8f573d2020aa60433cddb
              • Instruction Fuzzy Hash: A132BA78A00755CBEB2DCF69C8447BABFF2AF84304F68411DD59A9B285E735A802CB51
              Function 011EA118 Relevance: .6, Instructions: 591COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1273580780c0ad1ab630a0c0fb1891a3787a5ae543d73f0b828e9739ef74a11a
              • Instruction ID: f96ef592060c57b211970c22fb25633dc31bafd6618ddfae356f1b6adcf60aec
              • Opcode Fuzzy Hash: 1273580780c0ad1ab630a0c0fb1891a3787a5ae543d73f0b828e9739ef74a11a
              • Instruction Fuzzy Hash: CE22E374604E618BEB2DCFADE098372BBF1AF45300F098459E9978F286D335E452CB61
              Function 01146A50 Relevance: .5, Instructions: 548COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d42b2afb9699ab6a546269c26bae9949349385529d3ed8ea3f559f58c0eca4e9
              • Instruction ID: 75b1f20cddec72d78baadf2d8ea83bb5fe698bb7ac50654402f851972354dec1
              • Opcode Fuzzy Hash: d42b2afb9699ab6a546269c26bae9949349385529d3ed8ea3f559f58c0eca4e9
              • Instruction Fuzzy Hash: AF32FF74A00205DFDB29CF68C480BAEBBF1FF49714F24856AE956AB391D730E841CB91
              Function 01164A35 Relevance: .4, Instructions: 423COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
              • Instruction ID: 221f72400c901743739e1a72864e9cd66ce2e2af04ccc9b0d00bd8baacfc3a65
              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
              • Instruction Fuzzy Hash: 79F1AF74E0020A9BDB1DCF99C480BAEBBF9BF58714F098129E905EB744E735D851CB60
              Function 011D892B Relevance: .4, Instructions: 386COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1df200ed10e87b995b99cbc872f52ea1af5ed628ffe736133c3ec8384f9b823a
              • Instruction ID: 6fbf219e17ada2064a0ec9e79ceb89227826d1cbca68941f284861f6d5b3f9f6
              • Opcode Fuzzy Hash: 1df200ed10e87b995b99cbc872f52ea1af5ed628ffe736133c3ec8384f9b823a
              • Instruction Fuzzy Hash: F7D1E171E0060A9BDF0DCF69C841BFEB7F1AF88304F198169D955A7281E735E905CB60
              Function 011465D0 Relevance: .4, Instructions: 383COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0c47044839be8708a0906033fc8503d53a4ade07f417b8c7ac8686e25dad9e16
              • Instruction ID: a8186ce6deaf9b42c5de31a51b3c52e9bc14013ce4afd377a65d952e19171f11
              • Opcode Fuzzy Hash: 0c47044839be8708a0906033fc8503d53a4ade07f417b8c7ac8686e25dad9e16
              • Instruction Fuzzy Hash: 26E1B275608342CFC719CF28C490A6ABBE1FF8A718F05896DE99587351E731E905CF92
              Function 01138397 Relevance: .4, Instructions: 380COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d4b483d251cd1b76d36e81f8e432ef11e2cd7a17d71cd2d6250dcad0c4b6d167
              • Instruction ID: e1079a99440c544739746080d48bfa853ab24ccf1e1243bd3e43de6d88f923ef
              • Opcode Fuzzy Hash: d4b483d251cd1b76d36e81f8e432ef11e2cd7a17d71cd2d6250dcad0c4b6d167
              • Instruction Fuzzy Hash: 2CD1E4B1A006069BDF1DDF69D880FBA77A5BF94308F05422DF925DB284E730E951CB90
              Function 011C8243 Relevance: .3, Instructions: 322COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
              • Instruction ID: 829c38693c217f8ff4b4bbf5e8674c44009093b2a3fce3f2ff99229e31526bf1
              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
              • Instruction Fuzzy Hash: B3B1A674A006059FDF28DF99C984EAFBBBAFFA4704F14445EAA4297790DB34E905CB10
              Function 01150535 Relevance: .3, Instructions: 300COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
              • Instruction ID: 40110aefd67d10caf4a7dcda2ed356318fa47d283baf6387dbe4a059d1621911
              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
              • Instruction Fuzzy Hash: 13B13735604646EFDB1DCBA8C850BBEBFF6AF48304F190169EA6297281D770ED41CB91
              Function 011483C0 Relevance: .3, Instructions: 281COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bdda4525741970e76e52d0cea0b5307b301dbf94ee8beb300256111b04a81357
              • Instruction ID: 399c576f8062e893b15090d616cdba99a402e3c9b7400d38019819a2a7c26837
              • Opcode Fuzzy Hash: bdda4525741970e76e52d0cea0b5307b301dbf94ee8beb300256111b04a81357
              • Instruction Fuzzy Hash: 5BC16974608341DFD768CF58C484BABBBE5BF88704F44496DE9898B291D774E908CF92
              Function 0113C427 Relevance: .3, Instructions: 280COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7997a2fe253284666c2f5bb18264def334bef3bcb020688e5addef289615c0be
              • Instruction ID: 1b2752b227e9f7e56b52c4f21d800984e42cd056a9b6740bf89362d15a4733a9
              • Opcode Fuzzy Hash: 7997a2fe253284666c2f5bb18264def334bef3bcb020688e5addef289615c0be
              • Instruction Fuzzy Hash: 68B18470B002658BDB68DF58C890BA9B7B5EF84704F0485EAD54AE7285EB30DD86CF61
              Function 0116E5E7 Relevance: .3, Instructions: 278COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1241e7bf51108950e683453a68008c088c9fa9f6ba796e5574fc6fb48e184bcf
              • Instruction ID: 6b45dab0f49d9b414628ad87ed61a6f31713676e7f354e30096de4e5240be81f
              • Opcode Fuzzy Hash: 1241e7bf51108950e683453a68008c088c9fa9f6ba796e5574fc6fb48e184bcf
              • Instruction Fuzzy Hash: 52A11739E0161A9FEB2DDB58C848FAEBFB8AF00714F050215EA11AB291D7789D51CBD1
              Function 01180185 Relevance: .3, Instructions: 276COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b92394ae10720688c230d90e456ff7019836ee6f87d83feb9f99d4151be1e93c
              • Instruction ID: a120f5989a66d62b73e76d53d3f51d13428657bb1ac5dc542828ea55f35bcbf8
              • Opcode Fuzzy Hash: b92394ae10720688c230d90e456ff7019836ee6f87d83feb9f99d4151be1e93c
              • Instruction Fuzzy Hash: A8A1C571B0161E9FDB2DEF69C490BAAB7B5FF58318F008029EA4597281DB74E816CF50
              Function 01214500 Relevance: .3, Instructions: 275COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ec25ad8ec05cf165ed2d9718a93f56bac6701ce2fcfd9ad3962eea3bfc0345a4
              • Instruction ID: 9f1963c1768e85311d8ad46af644a92ae0ef32a343df2d4866f16ecf7c20dfd8
              • Opcode Fuzzy Hash: ec25ad8ec05cf165ed2d9718a93f56bac6701ce2fcfd9ad3962eea3bfc0345a4
              • Instruction Fuzzy Hash: 7FA1E172624292EFC726EF18CD80B1AB7E9FF68748F050528EA599B654C374ED01CF91
              Function 01212B57 Relevance: .3, Instructions: 266COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
              • Instruction ID: d8b2a439f6bcf49c90e6c2b7716bb4c34cc44c7515ec4c5a94046f0bd5d60390
              • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
              • Instruction Fuzzy Hash: 93B13A71E1061ADFDF19CFA9C880AADBBF5FF58314F248169EA14A7358D730A941CB90
              Function 011C60E0 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 828187470f608d0a2f97c9168eca1364493afab02c6fb2672f4b7c63f4d4ac5c
              • Instruction ID: eac32959ae68cf17e102cdbeb028f64b3321565e5b5f1b393f94e02e0589b893
              • Opcode Fuzzy Hash: 828187470f608d0a2f97c9168eca1364493afab02c6fb2672f4b7c63f4d4ac5c
              • Instruction Fuzzy Hash: D991B171D04216AFDB19CFA8D894BAEBBB5AF58B10F15416DE614AB341D734E900CBA0
              Function 0115E3F0 Relevance: .3, Instructions: 261COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 045ab07340490098a5783f6ee0e7946ddea9643f796d7a3d0523c7d66c5afa9c
              • Instruction ID: 313e6bb41b5806c83a824550bc5feea9c63095713ebd685018a331ac66715ee4
              • Opcode Fuzzy Hash: 045ab07340490098a5783f6ee0e7946ddea9643f796d7a3d0523c7d66c5afa9c
              • Instruction Fuzzy Hash: F391363AE0161ADBEB6CDB68C440BBEBFA2EF94718F054065ED25DB240E734DA41CB51
              Function 0120AB40 Relevance: .2, Instructions: 222COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
              • Instruction ID: 5072d9fda58a26f7bf788f63f1229b0fabf0e166298c84e81e12043c9112bc9e
              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
              • Instruction Fuzzy Hash: 9E81B531A207069FDF1ACF58C491AAEBBF2FF94310F198669D9169B386D774E901CB40
              Function 0117E284 Relevance: .2, Instructions: 212COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4997de58e8250e5dd5c2713f1ce8805c2287d288fd0a9a42d4b5de1d52c9af56
              • Instruction ID: fbef6a7cca65676fee7bd833518c5855bc3fee457fe0aa71cf2102383adda2a2
              • Opcode Fuzzy Hash: 4997de58e8250e5dd5c2713f1ce8805c2287d288fd0a9a42d4b5de1d52c9af56
              • Instruction Fuzzy Hash: 9C814C71A05609AFDB29DFA9C880AEEBBFAFF48354F104429E556A7350D730AC45CB60
              Function 0115C640 Relevance: .2, Instructions: 206COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b2395c5b2f1631c7f4a5985756fec052120e0b28c244261869b1d9b5bfa05db8
              • Instruction ID: 6dec605bb1e1110ed1f596ee8153fe9ee53850684b921e1b00be6bfb3e9ea671
              • Opcode Fuzzy Hash: b2395c5b2f1631c7f4a5985756fec052120e0b28c244261869b1d9b5bfa05db8
              • Instruction Fuzzy Hash: 1C71ABB9D00669DBCB298F59D8907FEBBB9FF58710F15411AE952AB350E3349900CBE0
              Function 011F47A0 Relevance: .2, Instructions: 202COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 239a272efcfb95dda27bfb679c0b38e8feda0272dc31bd1c30773a275fc1cc46
              • Instruction ID: dfcd064b4bc8ed901e96f5a28817396db72ca968d97a0f981676a1575dcd3b80
              • Opcode Fuzzy Hash: 239a272efcfb95dda27bfb679c0b38e8feda0272dc31bd1c30773a275fc1cc46
              • Instruction Fuzzy Hash: A871B5B0A00209EFDB28DF99E948A9BBBF9FFC5304F00815EE715A7658D7318A44CB54
              Function 0115260B Relevance: .2, Instructions: 201COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5b402f77e7ebc68b8c477baae81dbdb6962671851c6cc3308961af7e1903732c
              • Instruction ID: 7fec4d0835fbad612780309e0089ac46f044dfde02c0222518cc10f17ad7e25d
              • Opcode Fuzzy Hash: 5b402f77e7ebc68b8c477baae81dbdb6962671851c6cc3308961af7e1903732c
              • Instruction Fuzzy Hash: 5071D236604642CFD359DF28C480B2AB7E5FF94314F0585AAEC698B351DB74D846CBA2
              Function 011C035C Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
              • Instruction ID: 770158d95cdd3d0cbf864c6f87c61e7bdd309f582ece3ac124ae97f37ba22948
              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
              • Instruction Fuzzy Hash: 56719E71A00609EFCB15DFA9C984EEEBBB8FF58744F104569E915A7250DB34EA01CB50
              Function 011D62A0 Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6bf9e25f0fbf5d08d0227805d2ffdf3ca27ea4b8cc66fcbf8c3913361bf0d835
              • Instruction ID: 92d946348445bb59ab81de5869c5da9184f2abd4bb3b7453232c8e2ae34067cb
              • Opcode Fuzzy Hash: 6bf9e25f0fbf5d08d0227805d2ffdf3ca27ea4b8cc66fcbf8c3913361bf0d835
              • Instruction Fuzzy Hash: 0371E232200B01EFE73ADF58C844F5ABBE6FF40764F158528E65A8B2A0DB75E944CB50
              Function 01218324 Relevance: .2, Instructions: 192COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fd073111c42fd971fc49ff4698857dc79b1ca3cbc13715616e2bc1b850b84908
              • Instruction ID: 8cc4861df8d700339cedd01506de64795c744bdde76fbdd1185fd9bc71367788
              • Opcode Fuzzy Hash: fd073111c42fd971fc49ff4698857dc79b1ca3cbc13715616e2bc1b850b84908
              • Instruction Fuzzy Hash: 95711C71E5020ABFDB16DF94C881FEEBBF9FB14354F104119E620A7294E774AA05CB90
              Function 011FA250 Relevance: .2, Instructions: 184COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e55889319b804166a5689d0833662ca328560b06e01e92c6482470753f7fd89a
              • Instruction ID: 9cc2a45458aa47d6aaf3d649f06ed21d083575d2bc6c8f584d229027396ae057
              • Opcode Fuzzy Hash: e55889319b804166a5689d0833662ca328560b06e01e92c6482470753f7fd89a
              • Instruction Fuzzy Hash: AB51CD72504712AFD31ADE68D884B5BBBE8EFC4714F05492DBB48DB110E734ED058BA2
              Function 011E8350 Relevance: .2, Instructions: 161COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5b95d36fe35e38b3f83f5f2162dd1b56f396b3dc235779ad472ce900eb54311c
              • Instruction ID: 58a7925d473f9d2cfa2653d0aa16631c90eb901e1abbc0189dc138f06499ebc5
              • Opcode Fuzzy Hash: 5b95d36fe35e38b3f83f5f2162dd1b56f396b3dc235779ad472ce900eb54311c
              • Instruction Fuzzy Hash: 2251BE70900B059FD729DF9AC888BABFBF8FF54714F10461ED252576A1D770A541CB90
              Function 0117E443 Relevance: .2, Instructions: 158COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0233d700eee2567e000823e9807e18c363d347180aea662f9d2cc144b2b42757
              • Instruction ID: 6ff9e3f97eaf8db45aeb9f8f9936de85941d361c0be7e3c4071bf9906e381bd2
              • Opcode Fuzzy Hash: 0233d700eee2567e000823e9807e18c363d347180aea662f9d2cc144b2b42757
              • Instruction Fuzzy Hash: 55518F71211A09DFCB2AEF69C9C0EAAB3F9FF14798F41046AE652C7260D734E941CB51
              Function 011E4180 Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f5e188ffa696d75ad78825f90177dda7f752b6a73451a79b385fc0bf8946e13
              • Instruction ID: cfe890529c3ceb316f15e453ca831caaeb568dd402b2ce5c1f1cf182d002f979
              • Opcode Fuzzy Hash: 7f5e188ffa696d75ad78825f90177dda7f752b6a73451a79b385fc0bf8946e13
              • Instruction Fuzzy Hash: 7A5199716087128FD758DFA9C884A6BBBE5FFC8208F444A2EF599C7650EB30D905CB52
              Function 011645B1 Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
              • Instruction ID: 45db7c1a6e2175a7ea0ada40ee12a62c66f2c60463b9e3656da1d137bb1ca8f7
              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
              • Instruction Fuzzy Hash: 3051DE35E0061AABDF19DF98C440BFEBBB9AF45344F04806AEA04EB640D739DD54CBA4
              Function 011CE9E0 Relevance: .2, Instructions: 154COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
              • Instruction ID: 30e1a794f01e672753ddb4e558589f2224704216e83b99add694e8d9bfb74d6d
              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
              • Instruction Fuzzy Hash: 0351A77190221AAFDF299E94C884BBEBF75AF10B18F15465DD91267190D730DD40CBA1
              Function 01208B28 Relevance: .2, Instructions: 152COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 297803a15b0485bed9f86db17ba779c45642846b9ddf294ff4c81044432f7855
              • Instruction ID: c74edb559917f4e03207498af08d372f1058897e4e80206a40b872f6ea6a0ff4
              • Opcode Fuzzy Hash: 297803a15b0485bed9f86db17ba779c45642846b9ddf294ff4c81044432f7855
              • Instruction Fuzzy Hash: 1F41B971B21A129BD72BDB2DC854B7BBBAAEF90620F044319EA55C72C3DB70D841C791
              Function 011CCBF0 Relevance: .1, Instructions: 148COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e9c493b735b95e38ed59bdaab43e1a3a7af95bc7cb09cb3566086a5a2d4c88a
              • Instruction ID: 6eacfbc82860517512316de9cbd693478f505bb56b89bcf4ef189d442b8f6a8e
              • Opcode Fuzzy Hash: 9e9c493b735b95e38ed59bdaab43e1a3a7af95bc7cb09cb3566086a5a2d4c88a
              • Instruction Fuzzy Hash: 2251B071A00216EFCB28DFA8D480AAEBBB9FF68B58B15451DD509A7704D734AE41CFD0
              Function 0117A430 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: caaf7b03de54dd0175a61b25f5d45cec2ba464e02887fd8c79b478e5ca4ce417
              • Instruction ID: d75bb724cd40eace2ff8a3e19056f6e3f9c86159a757d05242a9aa1bb0f3df48
              • Opcode Fuzzy Hash: caaf7b03de54dd0175a61b25f5d45cec2ba464e02887fd8c79b478e5ca4ce417
              • Instruction Fuzzy Hash: 9741A371740602ABDF2DEE69B8C5B6E7775AB5671CF05002DED029B341EBB1D840CB91
              Function 0120A9D3 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
              • Instruction ID: 0951b56390776727cd158b706c00076aad063f90a5eb531698810ea82386fc9c
              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
              • Instruction Fuzzy Hash: 4D41E9326207179FD72ACF18C980A6AB7A9FF90214B45472DEA16876C2EB30ED54C7D0
              Function 011701F8 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3e5ee766bd1808f5928fbdb28c06911f85039f32ac0eeac5e442c049cb695cfd
              • Instruction ID: ea5b5d3bb905de9d014f3bd221534a39216090b433eca5218533b8a4029095e3
              • Opcode Fuzzy Hash: 3e5ee766bd1808f5928fbdb28c06911f85039f32ac0eeac5e442c049cb695cfd
              • Instruction Fuzzy Hash: 9B41AA36A00219DBDB18DF98C440AEEBBB4BF4E714F19816AF816E7340E7359D41CBA5
              Function 0116EBFC Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0ae85e37b4b5d34053febf6e410991ab75688c924ee6bf9fb3bc7ad43f0710b7
              • Instruction ID: e70ff53903748095fe0fcb8fd9b5dd0163c56ca426930908d79d83f5605b19e7
              • Opcode Fuzzy Hash: 0ae85e37b4b5d34053febf6e410991ab75688c924ee6bf9fb3bc7ad43f0710b7
              • Instruction Fuzzy Hash: 5241F676201302DFD72DDF28C844A6B7BE9FF84228F014929E957C7615DB32E855CB91
              Function 01182750 Relevance: .1, Instructions: 137COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
              • Instruction ID: 6edb91c2d0e85b9b646a8f5817f76865aab58f997fdd700a6a1b531b5e18b321
              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
              • Instruction Fuzzy Hash: 3B516A75A00219DFCB19CF9CC580AAEF7B2FF88710F2881A9D915A7351D774AE42CB90
              Function 01146154 Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ad5831a090af3697d52d3583ab50c7b1c65e6b1be899eade7916d3b9ce0f9e27
              • Instruction ID: c91ac7876b2f61f11b4b18dff9c89ca9c8eb4feb073357171a1926c111b43207
              • Opcode Fuzzy Hash: ad5831a090af3697d52d3583ab50c7b1c65e6b1be899eade7916d3b9ce0f9e27
              • Instruction Fuzzy Hash: 5351F7B0900216EBDB2DDB28CC00BA8BBB5EF5671CF1482A5E529972C1E7345981CF80
              Function 01140BCD Relevance: .1, Instructions: 130COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7042dca17b534be5b46edf272a070f8be78a4162daa335a52d5b489e78b88447
              • Instruction ID: 1300026fa57f387c5359fe812f735daa1d88228965ecddc59a633d520bbb39d5
              • Opcode Fuzzy Hash: 7042dca17b534be5b46edf272a070f8be78a4162daa335a52d5b489e78b88447
              • Instruction Fuzzy Hash: B7419231A01229DBDF29DF69C940BEE77B8EF49B50F0100A5EA18AB241D774DE81CF95
              Function 0120866E Relevance: .1, Instructions: 129COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
              • Instruction ID: c958a37a01a10eccadcd1e13e026c341781cd1fba399dc19c69e503a8250c273
              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
              • Instruction Fuzzy Hash: 7A41C875F20216AFDB1ADF99CC84ABFBBBAAF84200F154169E60097396D770DD40CB50
              Function 01140887 Relevance: .1, Instructions: 128COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1682a476b29f8f2ef7286843e5d3ac91d9e0928d6975e61853bdc56dc634351e
              • Instruction ID: 44757055b0a29d42cdd48eaef938a39a7b94155d650605771deba87f7e58a326
              • Opcode Fuzzy Hash: 1682a476b29f8f2ef7286843e5d3ac91d9e0928d6975e61853bdc56dc634351e
              • Instruction Fuzzy Hash: 7E41E571600702DFE72DCF2AC580AA2B7F9FF49718B104A6DE65B87A50E730E845CB90
              Function 0116A470 Relevance: .1, Instructions: 127COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 48d7496507c81d117f9615ca60883c98c45c1259e5fdbd1e187f55ee17a2571d
              • Instruction ID: 5f818f2851cea1d6a8132f8b61635f433a07e06dfb4714da95a12e2204a5fc26
              • Opcode Fuzzy Hash: 48d7496507c81d117f9615ca60883c98c45c1259e5fdbd1e187f55ee17a2571d
              • Instruction Fuzzy Hash: A841CD32A41215CFDB2DEF68E8987AD7BF8BF18314F490195D411BB281DB36A910CBA1
              Function 01148BF0 Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8fe25ce5f4295bf8cd25bf65e520a09701b9d7f0a2ad4664ecedcb1190ac1aa6
              • Instruction ID: c0afdc61434de0ea63f79ca32e300e2a728876663f614167dfa7b5d85a71e28c
              • Opcode Fuzzy Hash: 8fe25ce5f4295bf8cd25bf65e520a09701b9d7f0a2ad4664ecedcb1190ac1aa6
              • Instruction Fuzzy Hash: BA414932A01242CBD72CEF8CD844A9EBBB1FF95B08F19802DD9015B245C379D842CF90
              Function 01138918 Relevance: .1, Instructions: 123COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 242d7ddca26651aae42d560c766d48c7c6c00586f871349a06b680cbcb53ab38
              • Instruction ID: b5d47daf9053c16a46c56feab7d19d362975c75655578da67d28cb683bde4569
              • Opcode Fuzzy Hash: 242d7ddca26651aae42d560c766d48c7c6c00586f871349a06b680cbcb53ab38
              • Instruction Fuzzy Hash: 13418C315087069EE71ADF689840A6BF7E9AFC4B94F410A2AF990D7250E731DE148B93
              Function 0113A020 Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
              • Instruction ID: b833aa03e242b10d927d1724acad2d9abce032465fed280b683003af31e83cb2
              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
              • Instruction Fuzzy Hash: 1B413B31A08221DBEF1DDE68A444BBAFB61EFD0754F16806AE995CB244D7328D40CB92
              Function 011409AD Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 351228b5df9c7d851f3701fa4fbfc4e8a2b0be2235998104af4b120d690be4dd
              • Instruction ID: 6de6b8965d19d9d33e373df06d871462715ef70d3442918bd82f23c046e4f89f
              • Opcode Fuzzy Hash: 351228b5df9c7d851f3701fa4fbfc4e8a2b0be2235998104af4b120d690be4dd
              • Instruction Fuzzy Hash: CD41BB71600301EFD729CF19C840B66BBF5FF58B18F248A2AE959CB251E770E942CB91
              Function 01170710 Relevance: .1, Instructions: 121COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
              • Instruction ID: 21e321b95bae59d6f30b410d6630b0a777d9316ebebd88d2126216f2cc794038
              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
              • Instruction Fuzzy Hash: 0A412871A00705EFDB28CF98C980AAABBF4FF19700B10496DE596D7350D330AA44CF50
              Function 0114262C Relevance: .1, Instructions: 119COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dc0e315362855f140182a80d4357b1e26724e0f5542f7e5956995a671f2aaad6
              • Instruction ID: 084311642a2b4e63755e0afa584f7fc296a1f32b67fd37eedec80d2237f51c95
              • Opcode Fuzzy Hash: dc0e315362855f140182a80d4357b1e26724e0f5542f7e5956995a671f2aaad6
              • Instruction Fuzzy Hash: 1741F6B1901701DFCB2DEF28E900B65B7F5FF99B14F118169E4169B2A1DB309981CF51
              Function 0117C8F9 Relevance: .1, Instructions: 116COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7e2604a09e326c18b84de3cbc3c2d19637c753d8fe7db33e40b868abd4943b02
              • Instruction ID: 2e6e52dfdc76f5b9ad8786e0822b4368b0286b97699f922afb8d709ff0a3bbde
              • Opcode Fuzzy Hash: 7e2604a09e326c18b84de3cbc3c2d19637c753d8fe7db33e40b868abd4943b02
              • Instruction Fuzzy Hash: DE3179B1A00256DFDB5ADF58D040799BBF4EB09728F2085AED119EB391E7369902CF90
              Function 011C07C3 Relevance: .1, Instructions: 114COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a202507b7e5790319022814535cc55f217962452cd5a9f81b7d79d4e505c1420
              • Instruction ID: 944189c8b35c04dad2c4d5c162c229550878badd6e82416eb453c11a4b8aecaa
              • Opcode Fuzzy Hash: a202507b7e5790319022814535cc55f217962452cd5a9f81b7d79d4e505c1420
              • Instruction Fuzzy Hash: 2E41AC71908301EFD724DF28C844B9BBBE8FF98614F008A2EF598D7290D7709904CB92
              Function 011380A0 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f40e72ccd29e57e94f986c6d4aa751847dd0080c3d912d43b12e0e2d3f30fc97
              • Instruction ID: ea6034d0d52c33de22786de7f5a6b7cacaf2ce77a11026282db282993eb89687
              • Opcode Fuzzy Hash: f40e72ccd29e57e94f986c6d4aa751847dd0080c3d912d43b12e0e2d3f30fc97
              • Instruction Fuzzy Hash: 6241F071A04616EFDB1DDF18C880AA9BBB1BF94764F258329E815A7284DB34ED418BD0
              Function 011C05A7 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0eaf43758c4f1dffebd1643cf433499fc7ac81c8b4ff33b047a4592e4123de8d
              • Instruction ID: 6603db0ce6dc17e992633f1ec758197a42185e2e288416bee30348cdb9801b99
              • Opcode Fuzzy Hash: 0eaf43758c4f1dffebd1643cf433499fc7ac81c8b4ff33b047a4592e4123de8d
              • Instruction Fuzzy Hash: 6C41E176604752DFC328DF68C840A6AB7E9FFD8B00F14462DF99587680E730E905C7A6
              Function 01144859 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4f416c9ba6d0cfd899340302fd5fd4768effea82fffa9c0d2966146a96b2b15
              • Instruction ID: 6afd6be3ca952d53bf37fe8038fefed38aec52963f5f66cd56a3d8028e59474e
              • Opcode Fuzzy Hash: f4f416c9ba6d0cfd899340302fd5fd4768effea82fffa9c0d2966146a96b2b15
              • Instruction Fuzzy Hash: CE41F3752043028FE72DCF28D884B2ABBEAFF84B54F14442DEA558B691EB70D901DB91
              Function 01138B50 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 49f6f4cc3f57f1d044ac24a23c7a330ca282fa6cd29b1b9270bd15844355eb2b
              • Instruction ID: aaa2675638f69cb230b99c326b66f3c0ef73d403c6cf868f69d266714c15723e
              • Opcode Fuzzy Hash: 49f6f4cc3f57f1d044ac24a23c7a330ca282fa6cd29b1b9270bd15844355eb2b
              • Instruction Fuzzy Hash: 0A419071A01615CFCB1DDF69C9809DDBBF1FFC8324B21862AE466A7254DB349941CB50
              Function 011502E1 Relevance: .1, Instructions: 106COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
              • Instruction ID: 31ba329e3bfed99b0e873842e83389f2333615a6800f0d238e73da821eb039f7
              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
              • Instruction Fuzzy Hash: 97312832A04245EFDB9ACBA8CC44B9BBFE9EF18350F044165F825D7352C3B49944CBA1
              Function 011EE3DB Relevance: .1, Instructions: 105COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9f297ef8f181c4a86163fcfd1054690a6aff978da40627951fd605d0195b44e6
              • Instruction ID: 3ec265ee2c906fd9f05997ff1b547c013b1f9bc63b4bacd4757c6f1a7659f2b3
              • Opcode Fuzzy Hash: 9f297ef8f181c4a86163fcfd1054690a6aff978da40627951fd605d0195b44e6
              • Instruction Fuzzy Hash: 6D31A831751756ABD72AAF958C45FAF7AE9AB58B54F000028FA00EB391DBA4DC01C7A0
              Function 011F4B4B Relevance: .1, Instructions: 104COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4f7c4f7732550694cdd116d918a7b201130e9b62b875864f420408c9c8ad773d
              • Instruction ID: d4e5c46f520eaa6f033a09f7acc90f9640dd79432f03b18cf0457839e61149ce
              • Opcode Fuzzy Hash: 4f7c4f7732550694cdd116d918a7b201130e9b62b875864f420408c9c8ad773d
              • Instruction Fuzzy Hash: 1C31C132205205DFC329DF19E894F66B7FAFB81364F0A446EEA958BA51D730A901CB91
              Function 01144260 Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 26a954f2b05a427f2bcc66f4a6b92859494d3e2bbd2c1a842af3d71a85a393f0
              • Instruction ID: 906fadbad814654fd8f43c62fbe7ce181f4ed7b3aa02a21ce75a0950b59335f6
              • Opcode Fuzzy Hash: 26a954f2b05a427f2bcc66f4a6b92859494d3e2bbd2c1a842af3d71a85a393f0
              • Instruction Fuzzy Hash: E941BF35200B45DFD72ACF28C480FDABBE9AF49B54F11842AF69A8B650C774E804CB50
              Function 011F4BB0 Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8200863b449ff10acd9cb2f3c298e4a5474a967affea5e01e6d490cfd61574aa
              • Instruction ID: d5cd405de64149aaa12c2d5fdb2e1262ee3d54364887c61f93960052d10c0cf3
              • Opcode Fuzzy Hash: 8200863b449ff10acd9cb2f3c298e4a5474a967affea5e01e6d490cfd61574aa
              • Instruction Fuzzy Hash: F431CF712042019FD328DF29D894B2BB7E5FB84724F05492DFA558BB51E730ED00CB91
              Function 011BEB1D Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 54e967a9522edca107e3d27c8cfdf485d9305f859e4b8db978980c0fc59c0dd6
              • Instruction ID: 2c7f8b513f868d97ca88e2fdaaf10c60adb70b1c536e21bce55c96838727355f
              • Opcode Fuzzy Hash: 54e967a9522edca107e3d27c8cfdf485d9305f859e4b8db978980c0fc59c0dd6
              • Instruction Fuzzy Hash: B831C431202682DBF72E575CCE88BE57BE8BB45B84F1D00A4EF569B6D1DB28D840C265
              Function 012061C3 Relevance: .1, Instructions: 97COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e3162c38022343ac3ae9a82d4a580cbc9789f698c14c58ed03a80fc61b9e4c34
              • Instruction ID: cae0ebaf5c775542a9259f2a53c2e49003c093831e29f3187145c9c7118b48db
              • Opcode Fuzzy Hash: e3162c38022343ac3ae9a82d4a580cbc9789f698c14c58ed03a80fc61b9e4c34
              • Instruction Fuzzy Hash: 2631E475A10216EFDB16DF98CC40BAEB7B5FB44B44F454268E900AB285D770ED11CBA4
              Function 011E483A Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 60ab2a9d606c60fa659745f8bbb690a18f43a609673bb134b31e12cfa9f76e70
              • Instruction ID: 6d95d44f9599e50c82c6687c92e727438e61eba94e4c92de83e449fe2325e320
              • Opcode Fuzzy Hash: 60ab2a9d606c60fa659745f8bbb690a18f43a609673bb134b31e12cfa9f76e70
              • Instruction Fuzzy Hash: EA315376A4052DABCB25DF94DC88BDEBBF9AB98750F1000E5A508E7250DB30DE91CF90
              Function 0116EB20 Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 61f55d0ded73c170a1a0fd21788b31fdec405ca99b5bf4b9fc8e6f6532b24762
              • Instruction ID: 541c0206ca4afc922a578f7c1c1e3d5b2c8fd49885c31fdd07c37bab3c09b491
              • Opcode Fuzzy Hash: 61f55d0ded73c170a1a0fd21788b31fdec405ca99b5bf4b9fc8e6f6532b24762
              • Instruction Fuzzy Hash: A531D376E01215AFDB2ADFA9C840AAEBBBCEF04750F014525E926E7250D7719E018BA1
              Function 012060B8 Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 55558e26fc25f0aafe5dbb1a4b1c0e085f770b1bcd65876933b5ac4515a6ad84
              • Instruction ID: 755bbe40e50e87f2f54088e4009470e312ac15847a0bb880ef03c5e33fd40b7b
              • Opcode Fuzzy Hash: 55558e26fc25f0aafe5dbb1a4b1c0e085f770b1bcd65876933b5ac4515a6ad84
              • Instruction Fuzzy Hash: C231F671760202EFDB17DF59C840B6AB7B5EF44358F104169E611DB382DB70DD008B90
              Function 011407AF Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3efdb8dadc47963b4387a8d5db2eb7371e60990f350f6026a990a513c7a2a4fd
              • Instruction ID: d9a5264a5b06f9d18a5c412062732451b5ff873c3fa93d14d857666bedfb3776
              • Opcode Fuzzy Hash: 3efdb8dadc47963b4387a8d5db2eb7371e60990f350f6026a990a513c7a2a4fd
              • Instruction Fuzzy Hash: C731E432A05653DBD71ADE29C940AABBBA5AFD8A50F024529FE5597200EB30DC1187E2
              Function 01148550 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 86e5cc1f5aabe63226a1472421fd5849a7cf2e4e00aa77d022fae078dd183d78
              • Instruction ID: 148ae9785a77fd62ded900b61d93ce9ee1f257831f5d8f57134f8a36c2995181
              • Opcode Fuzzy Hash: 86e5cc1f5aabe63226a1472421fd5849a7cf2e4e00aa77d022fae078dd183d78
              • Instruction Fuzzy Hash: AF31AB756093018FE328CF19C940B2BFBE5FB98B10F45496EEA889B355D771E844CB92
              Function 0117A6C7 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
              • Instruction ID: 87c02946935ca1bd5d19f0b184b809c687af2845241a20925fc1f6da4e03b394
              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
              • Instruction Fuzzy Hash: 46311C72B00B01AFD769CF69DD81B5ABBF8AF58650F18452DA59AC3750E731E900CB50
              Function 011EEBD0 Relevance: .1, Instructions: 91COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c99f6c7f754da09c15b98f4548599ca45c3983d4be662c9ff172f19ca4214951
              • Instruction ID: aa871471567eeed96ca0fc779ca7e1ef198b09cf36949fb468830d5714d2c175
              • Opcode Fuzzy Hash: c99f6c7f754da09c15b98f4548599ca45c3983d4be662c9ff172f19ca4214951
              • Instruction Fuzzy Hash: FB31CBB1606702DFCB19DF19C54895ABBF5FF8A218F0449AEE8889B311D331DA54CF92
              Function 0116438F Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 112ae709ef925566e477fb93543903bf099cce1e09bbf16648e3f0d7afd6ba6e
              • Instruction ID: 53681594cdc7a23bb00d543801dfd9c9ed44b658d06ef524f556a55f7cda3b0d
              • Opcode Fuzzy Hash: 112ae709ef925566e477fb93543903bf099cce1e09bbf16648e3f0d7afd6ba6e
              • Instruction Fuzzy Hash: 7D31D431B04245DFD72CEFB9C981A6EBBFEAB84308F00852AD505D7A54D731E945CB90
              Function 0113CB7E Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
              • Instruction ID: 27646c69eada5e80ea503ffba63611e4a6d4d116219f7a9ff60355bdc20f6ed7
              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
              • Instruction Fuzzy Hash: C5210932E0425BAADB199BB98810BEFBBB5AF55740F068036DE25F7340E370DA0487D1
              Function 0113C156 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b1115ea162a4ca84d84d609e53ca8f61a7a1e891046e731d88ae59feb30c7bc3
              • Instruction ID: d708ff8487f3ef2a9325a27b1f44519c5260ce947f56acd75e5315b38197d87b
              • Opcode Fuzzy Hash: b1115ea162a4ca84d84d609e53ca8f61a7a1e891046e731d88ae59feb30c7bc3
              • Instruction Fuzzy Hash: 2D3159B25002019BDF2DAF68DC41BB97BB4EF50308F9481A9DD569B386DB34D986CF90
              Function 011FC3CD Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
              • Instruction ID: 38e514679c3ec61ab02fe9f2204c5a8dd8bbb3610c4b1e480937bed51839593a
              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
              • Instruction Fuzzy Hash: 90212B3660065AA6CB1DAB95C800FBABBB4EF90714F44801EFBA587691E734D940D7E0
              Function 0113E420 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8ead078fa25c3d6c447357f8c7f66c91ac2f9787ab400b41fe4f35d2bc47b35c
              • Instruction ID: 0dc67bc59ce155038b0d47d3a1a30d71e6a6504beb554597865e0caf429dcf75
              • Opcode Fuzzy Hash: 8ead078fa25c3d6c447357f8c7f66c91ac2f9787ab400b41fe4f35d2bc47b35c
              • Instruction Fuzzy Hash: 5631C232A02628DBDB399B18CC41BEEB7B9AB55744F0100A1E655A7290D7B4AE818F91
              Function 01174588 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
              • Instruction ID: c81b189a240c1956caa95378db36463da08d28b64c9995ede1f7fe28be7a6029
              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
              • Instruction Fuzzy Hash: FA217175A00609EBCB19CF58C980A9EBBB5FF48714F208065FE159B741D771EE05CB90
              Function 011744B0 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1135f85338330d23b87baedae56ed023769a86b32088b1b22fdbe006968661a
              • Instruction ID: 241c9d7270148ca1dff0275e8f74cbacdf3facc996f4b9f126bacfb77a3704cf
              • Opcode Fuzzy Hash: c1135f85338330d23b87baedae56ed023769a86b32088b1b22fdbe006968661a
              • Instruction Fuzzy Hash: 6221C1726047469BCB2ADF18C880B6BB7F9FF88760F014519FD549BB41D730E9018BA2
              Function 0113E388 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
              • Instruction ID: 7347aa3c69d446c89eb9f4d15ae5fa4716093c65d93264bbf07adda210d79551
              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
              • Instruction Fuzzy Hash: 4D319A31601605EFEB29DF68C884F6AB7F9EF85358F1045A9E512CB294E770EE02CB51
              Function 011BE609 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c0a1ba4a311e58d32c89b763aa0337c5f04dd2b720170f82ee592b112e7aaaba
              • Instruction ID: cf2b2f4f1adf3553092a8516eb618302f0dfb47db622fb573d0facae99fabfec
              • Opcode Fuzzy Hash: c0a1ba4a311e58d32c89b763aa0337c5f04dd2b720170f82ee592b112e7aaaba
              • Instruction Fuzzy Hash: 9B317F75A01206EFCB18CF1CC8849EEB7B9FF84704F15845AE80A9B391E771EA50CB95
              Function 011C06F1 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 83e73d1abba77c2fa25505dc8e8c40597a9d4f30d7e13cf146ccf7796bee28d5
              • Instruction ID: 882d9185a895c19a0348f1add1f18c2b653dc48ccbbeb534283324b689a40e38
              • Opcode Fuzzy Hash: 83e73d1abba77c2fa25505dc8e8c40597a9d4f30d7e13cf146ccf7796bee28d5
              • Instruction Fuzzy Hash: 1E21B175900629DBCF19DF59C881ABEB7F4FF48744B400069F941A7240E778AD51CFA0
              Function 011C019F Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2cf766ddfde8fee2b8ed88c211f1a3edee8500f2cd9a5bf9d177575ef5f5cc37
              • Instruction ID: ae21b8fc4a28a7ec9560cc50b8cb421e041079ac64d9fb957b632cd954aa2df2
              • Opcode Fuzzy Hash: 2cf766ddfde8fee2b8ed88c211f1a3edee8500f2cd9a5bf9d177575ef5f5cc37
              • Instruction Fuzzy Hash: F321A971600645EBD71ADB6CC840A6AB7B8FF98B84F140069F904DB6A0E734ED00CBA8
              Function 011C0283 Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4313fe74de3d5b8bd3ed381710dcdf4018618da8e83b01e27a641a4bfebdf3b0
              • Instruction ID: 49c3901df00d87b60acbaa67f1c10ebf47e64dd199569f47a8fbca5239cf14fb
              • Opcode Fuzzy Hash: 4313fe74de3d5b8bd3ed381710dcdf4018618da8e83b01e27a641a4bfebdf3b0
              • Instruction Fuzzy Hash: 2C21F272908346DFD719EF59C844B6BBBECAFA5A44F08046EBD90CB251D730D904C6A2
              Function 01162835 Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f431a339c213cb9b346d8c3d3b9f2ac8bfe7ff096489e45344b3287bc517cea0
              • Instruction ID: e8eee262e51ab06dc863dc4a88a9970fc39853aa78d9d3c83e6c04ebac0290cd
              • Opcode Fuzzy Hash: f431a339c213cb9b346d8c3d3b9f2ac8bfe7ff096489e45344b3287bc517cea0
              • Instruction Fuzzy Hash: 6C21D731605681DBE32E976C9C04B2C7BD8AF41B74F190364FA719B6D2D779C851C241
              Function 0117A30B Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2858750e82d91530aa83f52e9d977c3af8001a67f6ac669f573da4cafac4b4b9
              • Instruction ID: 0e496537cd068a323a313296df319ab792051f52617ddf3ace06437d2e4d7308
              • Opcode Fuzzy Hash: 2858750e82d91530aa83f52e9d977c3af8001a67f6ac669f573da4cafac4b4b9
              • Instruction Fuzzy Hash: EA21A975210A41EFC729DF29C841B46B7F5FF58B48F288468E519CBB61E371E842CB94
              Function 011FA49A Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be82786851a3638a7bc63fa7e3ae0b92430f4d4df1bf60127ec4374663866dfd
              • Instruction ID: 4709ca56a65fffde10e81d5e4a6ecbb83cd2d974051e929c898bda7b3bb83e2a
              • Opcode Fuzzy Hash: be82786851a3638a7bc63fa7e3ae0b92430f4d4df1bf60127ec4374663866dfd
              • Instruction Fuzzy Hash: E7113A32340B11BFD32A5555AC04F6BB69ADFD4B20F11402CB71CCB190DB74DC018795
              Function 011C0946 Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b32bad68b186c47108fbb6ebad81c201ac90a89a3891de10deb060a63ea61b58
              • Instruction ID: e821d9933efa699e3e82bf1cec43996236d1984e3c8f581f3713028a257fe635
              • Opcode Fuzzy Hash: b32bad68b186c47108fbb6ebad81c201ac90a89a3891de10deb060a63ea61b58
              • Instruction Fuzzy Hash: F821EBB1E10219ABDB14DF9AE985AAEFBF9FF98610F10412EE409A7244D7709941CF50
              Function 011D80A8 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
              • Instruction ID: 25cd81374cffa979c450f164df912bd4e8c4ec38c6e31b48c42312baed7e9c88
              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
              • Instruction Fuzzy Hash: D8218972A0020AEFDF169FA8CC40BAEBBBAEF88354F214859F910A7251D774D9519B50
              Function 01170124 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
              • Instruction ID: 6e3810d475bab33ffd69a5ff0edd17dad0ad9636fbc7322126b264578159d4a5
              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
              • Instruction Fuzzy Hash: 7A11E272600705AFD72A9B44DC40F9BBBB9EB85758F104029F6018B280D7B1ED44CB50
              Function 01148770 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8652cf86444a98889fc87f2bfdc3450c60ad0769ba141a28da6293e11e4009db
              • Instruction ID: 2159d8d5e406c704546a922b810c0b4c20f862a158ca9394f8b9e368dc77421a
              • Opcode Fuzzy Hash: 8652cf86444a98889fc87f2bfdc3450c60ad0769ba141a28da6293e11e4009db
              • Instruction Fuzzy Hash: DE11C471700A119BDB19CFCDC4D0A26BBE9AF8AF61B19406DEE089F204D7B2D901C790
              Function 011480E9 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 988904a1dac271ea67c8adbe20cd35fb05c0c4f0734fad52870b05bad5c93e21
              • Instruction ID: fbcb272ff204c33a2b0d8674236ef39b02977e6ad0ad2d0fad64e9936879f151
              • Opcode Fuzzy Hash: 988904a1dac271ea67c8adbe20cd35fb05c0c4f0734fad52870b05bad5c93e21
              • Instruction Fuzzy Hash: 0B218175A00205DFCB19CF98C581A6EBBF5FB88B18F24416ED505A7311C771AD46CBD0
              Function 0117674D Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2cd073fb8ef5fdf3673f66600cb57cc9a2172a3d0d8186bc350ccfec58c04ceb
              • Instruction ID: 86786594411aa5e0d3169d74d1d0a0fe230751ff0a2a13beea269428e4d88377
              • Opcode Fuzzy Hash: 2cd073fb8ef5fdf3673f66600cb57cc9a2172a3d0d8186bc350ccfec58c04ceb
              • Instruction Fuzzy Hash: B3218E71610E01EFE7289F68C880B66B7F8FF84390F44882DE5AAC7350DB70A940CB61
              Function 011D6870 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e2c83f611cca384cee8e72ae8b02a959e57b56b907ea6ec4d6ebc70d7a36437e
              • Instruction ID: 0148c9f73e91beff576b5d4ab4e174574fd876a2c58de96ea745ec0453dbd23d
              • Opcode Fuzzy Hash: e2c83f611cca384cee8e72ae8b02a959e57b56b907ea6ec4d6ebc70d7a36437e
              • Instruction Fuzzy Hash: 4311A332240614EFC72ADF6DCD40F9AB7A8EF99754F114025F615DB251EB70E901C790
              Function 0116E8C0 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c28061d4b18d1d98f8ebbbf58689e076564f39ac8708221718ba2efa81b1fb20
              • Instruction ID: dae1cb599b5e7f84ff1be5158a6c6c18666890233cb0fb272f87da988376d15c
              • Opcode Fuzzy Hash: c28061d4b18d1d98f8ebbbf58689e076564f39ac8708221718ba2efa81b1fb20
              • Instruction Fuzzy Hash: 61114877300111ABCB1EDB29CC80A2FBA6AEFD1374B65452DD9228B280EB319812C390
              Function 011766B0 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 69725e5bff7a42bd5274a6d9aeb49234d1becb37ec56bd729ab50366bb2e4bd5
              • Instruction ID: fd8cda76feda8cc3eb893902d69b04336f58e1f63f1a9798199a315b401001ff
              • Opcode Fuzzy Hash: 69725e5bff7a42bd5274a6d9aeb49234d1becb37ec56bd729ab50366bb2e4bd5
              • Instruction Fuzzy Hash: D911E376A01A45EFDB2DCF59D580A5AFBF9EF84690B164079D9059B310E730DD00CB90
              Function 0120A8E4 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
              • Instruction ID: 7a4c7edc5a1abbb5fa6daec3094fccd6e536d66f525109037e0214e6dcd80fd8
              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
              • Instruction Fuzzy Hash: C8110836A10519AFDB19CB58C801B9EB7B5EF84310F054269EC5697381D671BD41CB80
              Function 011CE7E1 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
              • Instruction ID: 7512baeb3a036b04524db4a8939a0824a5586a30f8e7ed0dceb481697fbd0c3b
              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
              • Instruction Fuzzy Hash: 2F11A331602605EFE7299F48C840B5BBFA6EF65F54F05842CEA099B254D731DC40DB90
              Function 011627ED Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 82ce7a9b5f200da1c840cb7e0c23d5d4eb818e3bff4ebc201290225a5058a1c7
              • Instruction ID: 34d9d5d70c6e516c1b083de759f43c378853df29955c9fb7d7aa63e98d9d8448
              • Opcode Fuzzy Hash: 82ce7a9b5f200da1c840cb7e0c23d5d4eb818e3bff4ebc201290225a5058a1c7
              • Instruction Fuzzy Hash: A6010475206646ABE32EA26DAC44F6B7ADCEF917A4F464065F9018B240DB25DC00C2E1
              Function 01144690 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d8bb75c8371b62203fe9ffa9c40c60895fa7b727e4783db4d3368fcd9397095e
              • Instruction ID: 04042a7c9337fb2daae09566330a43f4987c951217936f50efae95b1776e0b42
              • Opcode Fuzzy Hash: d8bb75c8371b62203fe9ffa9c40c60895fa7b727e4783db4d3368fcd9397095e
              • Instruction Fuzzy Hash: 1B11CE7A241A45AFDB2ECF59D840F56BBA9EB96F65F014129FA048BB50C370E801CF60
              Function 01214B00 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 092174e6828df12335060a29909a29a46a12357946f22b9f312e8f6cc8760fb1
              • Instruction ID: b661d84c112e6f2ce8a8a24462c6e67b20d0fd54eeb58778cfbd069746e851c5
              • Opcode Fuzzy Hash: 092174e6828df12335060a29909a29a46a12357946f22b9f312e8f6cc8760fb1
              • Instruction Fuzzy Hash: 061129326106429FD721EA29D840F27B7E5FFE4710F194429EB8AC7298EB30F902C790
              Function 01176620 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b22049a1ecf2a1497e3224eb8494baf765746a70ffaab10c467018d08d55ebc
              • Instruction ID: 40ec973dfc2701a0c165b27d089c84418241916e25f87fb84024e84af7a68712
              • Opcode Fuzzy Hash: 2b22049a1ecf2a1497e3224eb8494baf765746a70ffaab10c467018d08d55ebc
              • Instruction Fuzzy Hash: 0D11C272A00B15ABEB25DF59C980B5EFBB8EF84744F900459EA04A7300D770AE01CB60
              Function 0116EA2E Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3ee597faf87fc05458e439d67a27717528f7ed9097c603865250c829be590e84
              • Instruction ID: 0f490f8925165b12abd13686fe15e471bb63052d81febc17055e5a9a6ad0ffab
              • Opcode Fuzzy Hash: 3ee597faf87fc05458e439d67a27717528f7ed9097c603865250c829be590e84
              • Instruction Fuzzy Hash: 4D01B17550110AAFD729DF19E448F1ABBFDFF85718F21866AE1098B260C771EC42CB90
              Function 0116E53E Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
              • Instruction ID: 0f6fd8ecf30b8e7da813aa4fb265945b641d6d423722af69ddf9c27572930ba0
              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
              • Instruction Fuzzy Hash: 9111E97D2026C3DBE72F971CC554B697FA8EB00798F5A00A1ED4187692F329C853C251
              Function 011CE75D Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
              • Instruction ID: ae518b68d6c7021d5b6b23c8e2bbd62e99a96734e5a6cfd26c6818afcb1dad22
              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
              • Instruction Fuzzy Hash: 44019632602B05AFEB2D9F58C801F5A7EA9EB65F54F058428EA059B260E771DD50CBD0
              Function 0113A250 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
              • Instruction ID: 474f63c93c43e067edb49d23f0b5a11ba0d6dbea9a6a96bedc0f4f13e0d3e2fc
              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
              • Instruction Fuzzy Hash: 35012232404B229BCF398F59E840A36BBA5EF95B607018A2DFCD5CB281D331D800CBA0
              Function 01214940 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 13171d7630efafcfe04503f38dc830ef1418ceb49137d7375e8c0c68f35a1b82
              • Instruction ID: 2d772a11c1ea60f7cbb06111fe7bb81c21ec91973d6e3cc41bb913d7c8cf0773
              • Opcode Fuzzy Hash: 13171d7630efafcfe04503f38dc830ef1418ceb49137d7375e8c0c68f35a1b82
              • Instruction Fuzzy Hash: C0012633561142DFC332EF1CD800E12B7E9EBA1374B254226EA6C9B19AD730D801CBD0
              Function 011BE1D0 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 57b8eca3c711b40a059b3b4b2eafed75aa234d3b137e59d9a79cde78fbb9f998
              • Instruction ID: 16d91290e1599bad540ed0d82642e07334d7fa351de731cf54e2901dc2a918b0
              • Opcode Fuzzy Hash: 57b8eca3c711b40a059b3b4b2eafed75aa234d3b137e59d9a79cde78fbb9f998
              • Instruction Fuzzy Hash: 7711A132242241EFDB19EF19CD80F967BB8FF54B48F2000A5F9059B651C335ED01CA90
              Function 01146259 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ead89e9ffb34bf83f3a86768402b747f52d0bcab8a7304f9944a284410a1240f
              • Instruction ID: ab40ec7515e031f18e123b8fc92b79e39dadde9a2f9a68a736e721be1c76c11d
              • Opcode Fuzzy Hash: ead89e9ffb34bf83f3a86768402b747f52d0bcab8a7304f9944a284410a1240f
              • Instruction Fuzzy Hash: 2F117071642219ABDB2AEB64CC41FED73B4BF04718F5081D5A318A61E0D7709E81CF85
              Function 011C6050 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b0ad597f99a427e117aea7fe3076a32b473ed9d0a8b14574a84a61d5dc20259
              • Instruction ID: ea11f038f99d1ebbcb8584b5c594f26bbeb23c6b3f50adb6a04f1b08647fe289
              • Opcode Fuzzy Hash: 3b0ad597f99a427e117aea7fe3076a32b473ed9d0a8b14574a84a61d5dc20259
              • Instruction Fuzzy Hash: F6111772900119ABCB16DB94CC84DDFBB7CEF58258F044166A906A7211EB34AA15CBA1
              Function 0114208A Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
              • Instruction ID: fcb8f92562942919ccc71b28d0a46c26c36270cc5076f157c38b92ddf31225fb
              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
              • Instruction Fuzzy Hash: 4401F5322001019BDF1D9A19E880B967BA6BFD4B10F5641A5FD15CF246DB71C882C390
              Function 011D6500 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aaaf2884a17c43368e1b616333afe121557087d82964c8e9f33aeba0c9f76ffb
              • Instruction ID: afe5f9f3e815a4ef6fdb671a315891fd62c0b60fa6ce67ac05d730d8a3764b8f
              • Opcode Fuzzy Hash: aaaf2884a17c43368e1b616333afe121557087d82964c8e9f33aeba0c9f76ffb
              • Instruction Fuzzy Hash: 1111E1326001469FC709CF58D800BA6BBB9FB5A344F488159E8488B315D732EC80CBA0
              Function 011CC810 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e53f280712bdfe42b2cf2a77064dec1faeaff00bb7a542b1fa04ab90ec8d2a33
              • Instruction ID: 5313d39f594a7689b337ec17d7ae2d86cb37028aca433752c9633576f44f3538
              • Opcode Fuzzy Hash: e53f280712bdfe42b2cf2a77064dec1faeaff00bb7a542b1fa04ab90ec8d2a33
              • Instruction Fuzzy Hash: 221118B1A002099BCB04DFA9D541AAEBBF8FF58750F10806AB915E7351D774EE018BA4
              Function 011EEA60 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5276dd4a244bd3eceb1a35df700218a348facbfdf2de1e608a2f91de2a306aa6
              • Instruction ID: e74173fc64e3dc4b89a8738c8b6792321ad195837a021443efe3d41017d9e06c
              • Opcode Fuzzy Hash: 5276dd4a244bd3eceb1a35df700218a348facbfdf2de1e608a2f91de2a306aa6
              • Instruction Fuzzy Hash: E7012432142611DBC73EAF59C408D76BBF9FFD2698B05442EE5120B200CB31DC41CB91
              Function 0113C020 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
              • Instruction ID: d605f4918bd27a25bf67226f928a10b9474f8e7c6fa5b4b37a4c4db1a3c8281c
              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
              • Instruction Fuzzy Hash: 5601F932100745DFEF2A966AD400B67B7F9FFD5254F05841AA59687544DB70E401C790
              Function 011820F0 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aee31cc878ae8aa14f6e939be745dc4534fbee1ec761bbeeaad14af0d21890e8
              • Instruction ID: 262680be1136f2c67477d4a47e15bb35679520cfd8d50bac6bcfe1ef5b9ba3cb
              • Opcode Fuzzy Hash: aee31cc878ae8aa14f6e939be745dc4534fbee1ec761bbeeaad14af0d21890e8
              • Instruction Fuzzy Hash: 1811AD35A0020DABCB09EFA4C840BAE7BB5EF44344F108058F90197280EB35AE01CF90
              Function 0117E5CF Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 07b8eb0e84062f6215d225e668e61bfa60814f592992b4b79fe5f918d1f2ec4b
              • Instruction ID: ec03310995babee5c6e8e72beb7fb829fdc663d45dc7835c0174232973769fde
              • Opcode Fuzzy Hash: 07b8eb0e84062f6215d225e668e61bfa60814f592992b4b79fe5f918d1f2ec4b
              • Instruction Fuzzy Hash: 5701F7B2211505FFC359AB79CD80E57BBBCFF996987000525B61583550DB34EC01C6E0
              Function 011D69C0 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5af9de9a0f81f31d539365601ba711f4c32bef6488ec213b6fef4e2049451b97
              • Instruction ID: 26e3f57e1cc6e8a20d8b50707523a24d8a7e148c4c64d6b660a4a2e9cb0fc57f
              • Opcode Fuzzy Hash: 5af9de9a0f81f31d539365601ba711f4c32bef6488ec213b6fef4e2049451b97
              • Instruction Fuzzy Hash: C501F032224212DBC328DF69D488967BBA8FF58664F114219F96587180E730D905C7D2
              Function 011CC460 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fda07de3f7bcc375dd0cb48b1bf5423e11e856b56e35480b542f9cf761db9335
              • Instruction ID: 4bb4f6b120895c032e62a44a100f97afdcdd24f65800940132b98f66761a7b0a
              • Opcode Fuzzy Hash: fda07de3f7bcc375dd0cb48b1bf5423e11e856b56e35480b542f9cf761db9335
              • Instruction Fuzzy Hash: 5C115B71A00209EBDB19EFA8C854FAEBBB5EB58754F008059FD0597340DB34EE11CB91
              Function 011CC97C Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3cb280cebac568601c855c227a16acc8707aa46dd652b4a95aab5421fdf775b2
              • Instruction ID: fec24792f24bef26f679b85e06ae697f3b29a9ac70283db9de0ebf50b6b05796
              • Opcode Fuzzy Hash: 3cb280cebac568601c855c227a16acc8707aa46dd652b4a95aab5421fdf775b2
              • Instruction Fuzzy Hash: 8B1139B16183099FC704DF69D442A9BBBE8EF98750F00851EB998D7391E730E901CB92
              Function 011CCA11 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ebd0e6503b4916deb2f5910ca3bfc61c5d26155ba18f89ae5077424c15dcb055
              • Instruction ID: 2b118dd68d29cb0d37bb8a94412c831c9527cf04b962cf8e4c0fc8f1a9f68017
              • Opcode Fuzzy Hash: ebd0e6503b4916deb2f5910ca3bfc61c5d26155ba18f89ae5077424c15dcb055
              • Instruction Fuzzy Hash: 261157B16183099FC304DF69D445A4ABBE8AF99750F00851EB958D73A0E730E9008B92
              Function 01214A80 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
              • Instruction ID: 3df14e2b28a6c920049528ce8c4b5d636e683f684ab19d417632bcdc853eaffd
              • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
              • Instruction Fuzzy Hash: 270128332106429FD725EA59D850F96B7EAFBD1310F054519E7468B654DBB0F840C790
              Function 0115E016 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
              • Instruction ID: 56238776cfec0391446f771356031d1a77a4c629dc99c8d4d40704d76199b04f
              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
              • Instruction Fuzzy Hash: AA017132705584DFE72A8A1DC948F27BBD8EB44754F0904A5F925CB691D728DE40C622
              Function 0113826B Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fec8dce257f6a6b405a85e462d449efeb9577520a98008d8bb711d5039252813
              • Instruction ID: 0602f8ec604edba0ffe3fa91b1bae2f0f83cc338ff5cbca23358cbf777ad526f
              • Opcode Fuzzy Hash: fec8dce257f6a6b405a85e462d449efeb9577520a98008d8bb711d5039252813
              • Instruction Fuzzy Hash: 3001A232710605EFD71CEBAAE9049AEB7B9FFD0624F158129E901A7748EF20DD01C691
              Function 011EEB50 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 3898387dd63267273072ab7fb044b4548fe48ed95ecee45d90b55ee517370e79
              • Instruction ID: 5846fa631d99aefc52526d60c79f67b63f4a34a58c31a03afdf84f9767dbe324
              • Opcode Fuzzy Hash: 3898387dd63267273072ab7fb044b4548fe48ed95ecee45d90b55ee517370e79
              • Instruction Fuzzy Hash: 3C01F2B1241B01EFD33E9F59D804F06BAE8EF55B54F11442AF6068F390D7B09840CB54
              Function 01142582 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 774d0f3b8ba993bae53fbb15f03a896180eed3cf846eed6eca8d2e9e493efad7
              • Instruction ID: f192a92435e6ecc1abdcf2d2373edc7f0e0081864b5cb6e54302614357412f07
              • Opcode Fuzzy Hash: 774d0f3b8ba993bae53fbb15f03a896180eed3cf846eed6eca8d2e9e493efad7
              • Instruction Fuzzy Hash: 0AF0F932651621B7C7399F569C40F4BBEA9EB84F90F054029B61597600C730ED02CAE0
              Function 0116C073 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
              • Instruction ID: b95eb51445174eb872b03f108b3120444368cc7417e3f7af2d027f9e4de9dffb
              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
              • Instruction Fuzzy Hash: E5F0C2B6600615ABD329CF4DDC40F67FBEEDBD1A84F048128A555C7220EB31ED05CB90
              Function 0113C310 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
              • Instruction ID: d56f1dbe70bd90086c6d5152c3590709dfedadbad2edfa7fe853b60dcb610b60
              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
              • Instruction Fuzzy Hash: A3F0FC33208633DBD73E16594840B6BAA958FE1A64F1A0037E615BB208CF708D0256D2
              Function 0121634F Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5713e7c9d2f30b36e76d9cb20d772f73b73dad5fbb07e45eff5459d7f0821be8
              • Instruction ID: 185b42b30ef4e5a3821b723b3eeb44c2d8ccdf3e5c6ffab78d8bb16078818ebf
              • Opcode Fuzzy Hash: 5713e7c9d2f30b36e76d9cb20d772f73b73dad5fbb07e45eff5459d7f0821be8
              • Instruction Fuzzy Hash: 1D018F71A2020AEFCB04DFA9E441AAEB7F8FF58704F10402AF910E7350D774DA018BA0
              Function 0121625D Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b53d1e51270c6651b9f8d4718f1322390913f00847a95660dcbf458ce66fc63
              • Instruction ID: d7b803d4b76c3409ceb81dd31901b28801721df7058a465c77870abfeed8b33c
              • Opcode Fuzzy Hash: 4b53d1e51270c6651b9f8d4718f1322390913f00847a95660dcbf458ce66fc63
              • Instruction Fuzzy Hash: B5017171A1020AEBCB04DFA9D441AAEB7F8EF58304F10801AF910E7350D774DA018BA0
              Function 012162D6 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 685b17c9d67f6eb03f18fa2b4ee45bdae3e6f979f17840347be1400956068fdc
              • Instruction ID: 56c6234720f3b08903259e6d05d8dd61ed55c5e124e642d0d649d7b1dba0594f
              • Opcode Fuzzy Hash: 685b17c9d67f6eb03f18fa2b4ee45bdae3e6f979f17840347be1400956068fdc
              • Instruction Fuzzy Hash: FB012171A1024AEBDB04DFA9D445A9EB7F8EF58704F50805AF915E7350D774DA018BA0
              Function 0117CA6F Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
              • Instruction ID: bb0725c817e4b994b715e323f1931cf93ea93741ca854809436411fc974ec34c
              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
              • Instruction Fuzzy Hash: 6801D136200A86DFD72EA61DC845B99BBACEF51B54F0940A5FA148B7A1E778C800C251
              Function 012161E5 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 500452825e9a7a6b62c19ff9f602cbdf4209efb0e6fba984bdb19beec920c3f6
              • Instruction ID: 10e57aecd2516dc5efaf843eb35c977dfddfbd62144ec5f033f9a483fce97ee8
              • Opcode Fuzzy Hash: 500452825e9a7a6b62c19ff9f602cbdf4209efb0e6fba984bdb19beec920c3f6
              • Instruction Fuzzy Hash: 94018F71A10249DBCB04DFA9D445AEEBBF8BF58314F14405AF901A7280D774EA01CB94
              Function 011C63C0 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
              • Instruction ID: 87f89776665acc1fa28e68a4a5025ab1b78eab1f02e4868853657860f2bf3b74
              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
              • Instruction Fuzzy Hash: D1F0F97220001DBFEF059F94DD80DAF7B7EEB59698B104129BA11A2160D731DD21EBA0
              Function 011CA4B0 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 65f8d9b4881bc6e2656a5282d3259240639dcd9b66888ef8683937114fd24bae
              • Instruction ID: 3c0397aa278cc92c6cf9b261f5fc1fcd41190c018fd719f4cc65d6cce2655cbd
              • Opcode Fuzzy Hash: 65f8d9b4881bc6e2656a5282d3259240639dcd9b66888ef8683937114fd24bae
              • Instruction Fuzzy Hash: F201853610020DABCF169E84E844EDA7F66FF5CB64F068205FE1866220C332D971EB81
              Function 0113C0F0 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f744f2609f7323d08147bc3adda607f1ffdf3eab7d4f605ebdf370fe74a39017
              • Instruction ID: 8198b6106db25aba7add06c8736710ba07c87da7065d5c06015decd39ee76d93
              • Opcode Fuzzy Hash: f744f2609f7323d08147bc3adda607f1ffdf3eab7d4f605ebdf370fe74a39017
              • Instruction Fuzzy Hash: 35F02472304241DBF75CA6199D01B22739AE7D0650F65803BEB05AB3C9FB70DC0183E5
              Function 0117656A Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 33acb9719f6cb90895967ec146c1c0b19542b345ca1f4c0910e67e403110c169
              • Instruction ID: 91bfe337c057ec8d62e6ab2285021db63d02480d1eb4a7f82bd33b54da8988aa
              • Opcode Fuzzy Hash: 33acb9719f6cb90895967ec146c1c0b19542b345ca1f4c0910e67e403110c169
              • Instruction Fuzzy Hash: 4001A470245B86DFF32E972CDD8CB6937B4BB54B84F494190FA128BBE6D728D441C611
              Function 011E437C Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
              • Instruction ID: 434dcccdb6df6bc98c06f57bdce4c66f543cfe8f79d2502c530110a3254cfb2c
              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
              • Instruction Fuzzy Hash: 49F0E935349D3347E77EAAAF8414B2EA6D69F90940B15062C9651CBA80DF20D80087A4
              Function 011CE872 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
              • Instruction ID: 83a7754615bea259586d2cd3246d44c725b726cfcf632eab74f4156cde27b66f
              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
              • Instruction Fuzzy Hash: D6F08933752511DBD7399A4DDC80F17BB68EFE5E60F5A006DAA149B660C760EC02C7D0
              Function 011CC89D Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c947baaa138123fd22c41be6d2038d59eea95dfc523ba4255d098ca0b3c33f1a
              • Instruction ID: 9365a8ae6674d11032a5aea32dce3c2dffe0e9e448b23c93b1a103fa340afa8f
              • Opcode Fuzzy Hash: c947baaa138123fd22c41be6d2038d59eea95dfc523ba4255d098ca0b3c33f1a
              • Instruction Fuzzy Hash: B0F0A4706153049FC318EF68C445A1BB7E4FF58714F40465EB898DB390E734E901CB96
              Function 01170854 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
              • Instruction ID: 24672a1b88e8e769a69f9bbffc026aa68c37a022a1cf3f5a383ed26dec4e2a0d
              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
              • Instruction Fuzzy Hash: 95F024B2A10204AFE318DB21CC00F86B6F9EF9D304F148078A945C7260FBB0EE40C754
              Function 011CC912 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 26ced865f5468d21de6ff1564f4e3b0d544b459a4cf7fc3678869efae42da0dd
              • Instruction ID: b1236c17926690c310e8e033a17969f8deb1622f6f1bb079dcca13e777c1ea35
              • Opcode Fuzzy Hash: 26ced865f5468d21de6ff1564f4e3b0d544b459a4cf7fc3678869efae42da0dd
              • Instruction Fuzzy Hash: 32F04F70A11249DFCB08EFA9D515B9EB7B4EF28704F108159B959EB385EB34EA01CB90
              Function 011447FB Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9bfea3c63cf1f293287d8581d619e9eaa619c0886e58d3a9144a0505ed3ab29a
              • Instruction ID: 2adc17c629b3b2de4c4071574cd72cddff0c57a00b05bafedd364adf54587d4c
              • Opcode Fuzzy Hash: 9bfea3c63cf1f293287d8581d619e9eaa619c0886e58d3a9144a0505ed3ab29a
              • Instruction Fuzzy Hash: 02F0BE319166E39FF73ADBECC144B21BBD49B00E24F09896AD99987D22C775D880C651
              Function 01200115 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7bb5594a2b6fa0b0c243289640054162abeebea1a84b64cfc21ea1857be6132e
              • Instruction ID: 1aa2b28be8892bf33c6b326ba438e9bd96466eed889c593dec25e8a96a2f7ac9
              • Opcode Fuzzy Hash: 7bb5594a2b6fa0b0c243289640054162abeebea1a84b64cfc21ea1857be6132e
              • Instruction Fuzzy Hash: B2F05C67439AC21AEF335B3C74643D1AF79A741064F0A1189D6A557287C6789683C328
              Function 0117C5ED Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 696881808ebffb88c9e39930669fc146ba20ff9b98c0867fec74e9cf6d392ac5
              • Instruction ID: f462f28cf5213a85d19e69b51d36228e752357ddd3b02b4847107d44831aa3f2
              • Opcode Fuzzy Hash: 696881808ebffb88c9e39930669fc146ba20ff9b98c0867fec74e9cf6d392ac5
              • Instruction Fuzzy Hash: DBF0E2715156939FE32ED72CC1C8B21BBF49B407A4F099465F90687712C360E880CAD1
              Function 01182619 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
              • Instruction ID: 0c3445794a14dfc1147ceee54480ac6f947c29e8270c6b57b1103b3cfae189db
              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
              • Instruction Fuzzy Hash: ECE0D8723006416BE727AE598CC0F57776EDFD2B18F144079B9045F251CBE2DC09C6A4
              Function 011D6030 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
              • Instruction ID: 53f548cd322289930bdf59329418b95b092fe6e02a9d7e94baa6ac1c7bd81fa2
              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
              • Instruction Fuzzy Hash: 3FF0E572100204DFE3298F09D840F52B7F8EB05364F02C025E6088B160D339EC40CBA0
              Function 01140710 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
              • Instruction ID: 2537ab1dc51df6524badd5a7cddd7c15c01fbb8c5888d7a7ffdb2a8d86e21a03
              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
              • Instruction Fuzzy Hash: 31F0E539204745DBDB1EDF1AC040AD97BA4FB45760B010054FD928B341D731E981CB52
              Function 011749D0 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
              • Instruction ID: 5148ebba4df40d87e7e6fcdc6429f2bcb7424ffcec774ac5aeda11f463032b93
              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
              • Instruction Fuzzy Hash: F4E0D832654185ABD32A7A598800B6A77B6DBD07A0F160429E6028BB60EB70DC40D7D8
              Function 01214164 Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 812b618e161f077ab9de16c32a8ccb51726360f2491af912c3c32696b9bf0e6e
              • Instruction ID: 7f2c9a7383b8f30433957c54cf8e5f051f3afa885998b2ed944d4331c2e1b47b
              • Opcode Fuzzy Hash: 812b618e161f077ab9de16c32a8ccb51726360f2491af912c3c32696b9bf0e6e
              • Instruction Fuzzy Hash: ADF0E532A355D28FE772EB2CD240B5177E0AB30730F1A09A4D50C8791AC320DC40C650
              Function 011E678E Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
              • Instruction ID: 1c477726c721b6b81ed3cfab7e75334a15a0af64e3b5f17db2e6c3f2927ec866
              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
              • Instruction Fuzzy Hash: 43E0DF32A40920FBDB2A97998D05F9ABEBCDBA4EA4F050055BA00E7194E630EE40D690
              Function 012108C0 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
              • Instruction ID: d8d707d12dc254d71b3ce04e92c8b29412b45c0a8e4bd43f8ca5db07a906b610
              • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
              • Instruction Fuzzy Hash: 40E09B316643518BCB25CA2DC141A63B7E8DFB5664F168069EE0547616C271F892C6D4
              Function 011425E0 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eab073dbe8b4efd4f6a6c6c2db25e0adbfc1246aabcb2530186ca54bf18bdfd3
              • Instruction ID: 3c07e5357883d1c8757d7adc54952957428b2e21af6e5de2969ed152c5ea3cce
              • Opcode Fuzzy Hash: eab073dbe8b4efd4f6a6c6c2db25e0adbfc1246aabcb2530186ca54bf18bdfd3
              • Instruction Fuzzy Hash: 75E0D832100554ABC326FF29DD01F8B77DAEF647A8F014515F12557590CB34AD50CBD4
              Function 011FA456 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
              • Instruction ID: 2e6f8674b38ae682dfdeac95836391635987343863384a8f106fde5ffae54308
              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
              • Instruction Fuzzy Hash: 63E09231011612DFE73A6F2AD808B56BBE0BF50715F188C2DA19A025B0C7B998D1CA40
              Function 011C4000 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
              • Instruction ID: 07ab8f9f6b2e63fc4b36474a7883069befc2087d5379015634360ac9e39105db
              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
              • Instruction Fuzzy Hash: A0E0C2343443058FE719CF19C050BA27BB6BFE5A10F28C068A9488F605EB32E852CB40
              Function 0117CA38 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a5f6b017cfdb261884ae4330e73d65fccf971f4c846d6fbc965a7b847c215b44
              • Instruction ID: 7368c557b7865a18c2829c91bd4a9d0a25b3b0fafda1bafa28d219d2d1a024ee
              • Opcode Fuzzy Hash: a5f6b017cfdb261884ae4330e73d65fccf971f4c846d6fbc965a7b847c215b44
              • Instruction Fuzzy Hash: 8CD02B324810726ACB7EF1187C04F933A6DDB55321F024860F50892110E754CC9197C4
              Function 0113823B Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
              • Instruction ID: b3e3e45d1d040872bfbfbe9470dd00da41ca1f69187408c8c0e7d2dce7c72e77
              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
              • Instruction Fuzzy Hash: 2EE08C31005A10EFDB3E2F29DC00F5176A1FB94B64F228A2AF081160A887B4A882CA45
              Function 01142050 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4cbd3f0718a8ca9a4cb3f9131a50494a63ad0628cefcd78986a457d72d51bb3b
              • Instruction ID: d6d9747b7a10ac09f8fa26b4173d99be1fd36af8f7dd6ea477023f5e3ea82c62
              • Opcode Fuzzy Hash: 4cbd3f0718a8ca9a4cb3f9131a50494a63ad0628cefcd78986a457d72d51bb3b
              • Instruction Fuzzy Hash: 28E0C232200450ABC316FF5DED10F4A739EEFA57A4F000121F56087694CB74AD41C7A4
              Function 01178A90 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
              • Instruction ID: 0b32bc8eb184da98d46a57b093ac93a153b07b840ba719936c25bafe9c3df51b
              • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
              • Instruction Fuzzy Hash: 6EE08633511A1487C72CEE18D515B7277B4EF45720F09463EA61347780C634E544C795
              Function 0117E59C Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
              • Instruction ID: 9b75043549adc30a844b2ccec51c638fbe19d67a3c7c519deb14f45ef0b70adc
              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
              • Instruction Fuzzy Hash: 4FD02233614620AFDB76AA1CFC00FC333E8BB88764F06049AF128C7150C3A0EC82CA84
              Function 011BE908 Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
              • Instruction ID: 5a4e0fc743dd232a446fb10de5424d9cf6572cc1ae6acf2d951de2f03d7810f4
              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
              • Instruction Fuzzy Hash: FDE0EC359516849BDF5ADF59C680F9ABBB5FB94B40F150054E5185B660C724A901CB40
              Function 0113A0E3 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
              • Instruction ID: efe35b5bb724974d1ce2f69b8914a0b4c7114b26e58cc0109fd6f72837ea160a
              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
              • Instruction Fuzzy Hash: 78D0223232203093CB2C96557800F63AA09AFC0AD4F0A002D381AD3804C2048C43C2E0
              Function 0117A830 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
              • Instruction ID: 51e3c08f3da442705afde6c9bd245d8c3925e87ec72da169c62dae0e7fb2fb77
              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
              • Instruction Fuzzy Hash: EBD022370E010CFBCB119F62CC01F903BA8E760BA0F004020B914870A0C63AE850C580
              Function 0117CA24 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f0235248c90c2e691226bb83edef35311cc9c3986ac3171a99ce05d7932ad793
              • Instruction ID: d31eb231f455f2845dbac087c50f977c110227ba96f188e7d576388adf41cc7e
              • Opcode Fuzzy Hash: f0235248c90c2e691226bb83edef35311cc9c3986ac3171a99ce05d7932ad793
              • Instruction Fuzzy Hash: A1D09E34655502DBDF1EEB59C554BAA7E78EB14A81B400068E61152520E369DD019A50
              Function 011502A0 Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
              • Instruction ID: e0f2aeb1723b366c1e216c922e1f74140d7b754a7641d598f42fbdd10b777592
              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
              • Instruction Fuzzy Hash: 51D0C939212E80CFD76FCB4CC5A4B1573A4BB48B84FC50490F801CBB22D7ACE980CA00
              Function 0117C700 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
              • Instruction ID: 2d413a822a135f6e528a49668e7cc92221f7930e409ff582c9bb85487012a869
              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
              • Instruction Fuzzy Hash: 3FC01232150644AFC7159A95CD01F0177A9E798B40F000021F61447570C671E811D644
              Function 01160310 Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
              • Instruction ID: a7f24bb556cf55ec217ac3f89ab4b6b11bf121d469d8907085ad6506e52992c8
              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
              • Instruction Fuzzy Hash: 6ED01236100288EFCB05DF41C890D9A772AFBD8710F108019FD19077108A32ED62DA50
              Function 01140750 Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
              • Instruction ID: f433abd490de2097aada17e30a7205f0dbff20f91af169121b4ed74ef096becd
              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
              • Instruction Fuzzy Hash: F3C04C75711541CFCF19DB19D294F4977F4F744754F150890E855CB721E724E801CA10
              Function 01184340 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6600acb80c8db212c336adf98dd6e0edbbe1f96e9ba1352b21325d41aa56077e
              • Instruction ID: 2e5d6cf6f3a9c3c70fdb56af09f60718391b73a8b05ba2d5ecd6435060ad250e
              • Opcode Fuzzy Hash: 6600acb80c8db212c336adf98dd6e0edbbe1f96e9ba1352b21325d41aa56077e
              • Instruction Fuzzy Hash: 88900231A05804129644715849845464005A7E1301B55C011E0529554CCB188A565365
              Function 01184650 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dd5c2863f5a4e42dd540f216d8a1c270233b0d3f964697712e4739c7b6abaae1
              • Instruction ID: f485a2cc6ab4c04b3fc7a3a7be46ff5aed69c869646334dbac693c55ef67dd6a
              • Opcode Fuzzy Hash: dd5c2863f5a4e42dd540f216d8a1c270233b0d3f964697712e4739c7b6abaae1
              • Instruction Fuzzy Hash: 2A900261A01504424644715849044066005A7E2301395C115A0659560CC71C8955936D
              Function 01182B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8a2e7e64036b59a2465e4c7ee0ea99f8fecabc2bee7d13a3fa11560797e9bfb7
              • Instruction ID: 01dda8826b5a7a105dd8d46dcc220c820ef534b7643bc5fcae3cb943bea3f17b
              • Opcode Fuzzy Hash: 8a2e7e64036b59a2465e4c7ee0ea99f8fecabc2bee7d13a3fa11560797e9bfb7
              • Instruction Fuzzy Hash: CE90026160240403460971584514616400A97E1201B55C021E1119590DC62989916229
              Function 01182B80 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a8e01c1856d564770d700b1282a877075fb131ad962a63672b94df5aeef76ad3
              • Instruction ID: d631c6cd211f95dcdb2cd3cc07da6cf003d3ce6adb7a3f464ee3bd6331a6f4d2
              • Opcode Fuzzy Hash: a8e01c1856d564770d700b1282a877075fb131ad962a63672b94df5aeef76ad3
              • Instruction Fuzzy Hash: DE90023160140C02D60871584904686000597D1301F55C011A6129655ED76989917235
              Function 01182BA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 146b77c3abc2336b8aa508db11fed403a1ac9d2cc670f3c95c051b323c1399a3
              • Instruction ID: 4fb196aafbd7cdcde687f0a78cde87be3d641a94c62e3604678c984251e28df8
              • Opcode Fuzzy Hash: 146b77c3abc2336b8aa508db11fed403a1ac9d2cc670f3c95c051b323c1399a3
              • Instruction Fuzzy Hash: FB900231A0540C02D65471584514746000597D1301F55C011A0129654DC7598B5577A5
              Function 01182BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f676adcd1fe981212841d48a1039df75942bd298f3fab61067c64a18f7fd18bd
              • Instruction ID: bc8b1d31415c270d062fecd43da47f3ceaba6493430fe8c5a9cf4da25841cea9
              • Opcode Fuzzy Hash: f676adcd1fe981212841d48a1039df75942bd298f3fab61067c64a18f7fd18bd
              • Instruction Fuzzy Hash: 9C90023160140C02D6847158450464A000597D2301F95C015A012A654DCB198B5977A5
              Function 01182BE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fe3949cf1fafa6988f28e7a9f67b72529e5d573feca98893075e5bdc1e77f09c
              • Instruction ID: 407f892a39e34516c5b5805b39eabd21189b018460b8341285edd15cec6e5067
              • Opcode Fuzzy Hash: fe3949cf1fafa6988f28e7a9f67b72529e5d573feca98893075e5bdc1e77f09c
              • Instruction Fuzzy Hash: 7790023160544C42D64471584504A46001597D1305F55C011A0169694DD7298E55B765
              Function 01182AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6789c6f663f114cee821f9c8bb52c3e5a13f58c0c3dc75218aa485cde9147799
              • Instruction ID: 7b5b6e54d3c3d2d59d4301260de845eeefea64636064ce94773ac678fb99c832
              • Opcode Fuzzy Hash: 6789c6f663f114cee821f9c8bb52c3e5a13f58c0c3dc75218aa485cde9147799
              • Instruction Fuzzy Hash: DC9002A1601544924A04B2588504B0A450597E1201B55C016E1159560CC62989519239
              Function 01182AD0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c60316cfdb0dba16e5e356d65ada04ce5ab40c31d6975e939bcbe5f61f27c14e
              • Instruction ID: e158bec955d9ffeb5cde8fba6b17e085d8bd2b05d00d5ae4d47a31d98527bc9e
              • Opcode Fuzzy Hash: c60316cfdb0dba16e5e356d65ada04ce5ab40c31d6975e939bcbe5f61f27c14e
              • Instruction Fuzzy Hash: 4290043571140403070DF55C07045070047D7D7351355C031F111F550CD735CD715335
              Function 01182AF0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de28d6821e86917d7367a2f07ea26452526c99efc74dd78c96d7039dd1466e7e
              • Instruction ID: c85038e9d6c54db59b54205f9a01a81134952f3d6d80ccea4bc2134b22b2cd41
              • Opcode Fuzzy Hash: de28d6821e86917d7367a2f07ea26452526c99efc74dd78c96d7039dd1466e7e
              • Instruction Fuzzy Hash: CC900225621404020649B558070450B0445A7D7351395C015F151B590CC72589655325
              Function 01182D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bb2ec34d173cf1ca56ac8c63b0e408801b040a45466e8dbd854b0dc241e82cb5
              • Instruction ID: 370906c9048ad11ccbe7420747490d2bea18d30c22147759ccfa6b7d72e45815
              • Opcode Fuzzy Hash: bb2ec34d173cf1ca56ac8c63b0e408801b040a45466e8dbd854b0dc241e82cb5
              • Instruction Fuzzy Hash: 0A90022961340402D6847158550860A000597D2202F95D415A011A558CCA1989695325
              Function 01182D00 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5b786e14abdaf86fbf1de0dfd516863130207c01698e30ee72e320cb7e30e8d7
              • Instruction ID: 3c48e052ab5b18b2401e9dfad7c68d26e592d43625a1b4f55cfaddfc5c2e8646
              • Opcode Fuzzy Hash: 5b786e14abdaf86fbf1de0dfd516863130207c01698e30ee72e320cb7e30e8d7
              • Instruction Fuzzy Hash: 0A90022160544842D60475585508A06000597D1205F55D011A1169595DC7398951A235
              Function 01182D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9732fc6dd5f36e578f73cef31012c52a55cf542686bfd5d9a5215b53a49d158f
              • Instruction ID: c75c481db7fe565689b7cac14c99a51aaa6dbd3ec15640884cbd66436cfb0ffb
              • Opcode Fuzzy Hash: 9732fc6dd5f36e578f73cef31012c52a55cf542686bfd5d9a5215b53a49d158f
              • Instruction Fuzzy Hash: F790022170140403D644715855186064005E7E2301F55D011E0519554CDA1989565326
              Function 01182DB0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f20acb2d0d4920bd98a1e061915169be6cfb9771a91593f0e25f8e1a73b869ef
              • Instruction ID: 85466e82cd0716d3c6f5520227329c3ebf895b9a2d99aba626d06b4ef6694db1
              • Opcode Fuzzy Hash: f20acb2d0d4920bd98a1e061915169be6cfb9771a91593f0e25f8e1a73b869ef
              • Instruction Fuzzy Hash: AA90023164140802D645715845046060009A7D1241F95C012A0529554EC7598B56AB65
              Function 01182DD0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ce7deca891ca6605d058b048600df5f141254dd76af93c85f40a4adca1720021
              • Instruction ID: 94f769341c5831d9a3811a80abb5c2a9601c4d6a61f1eaef06bf416dee4396f4
              • Opcode Fuzzy Hash: ce7deca891ca6605d058b048600df5f141254dd76af93c85f40a4adca1720021
              • Instruction Fuzzy Hash: A8900221642445525A49B15845045074006A7E1241795C012A1519950CC62A9956D725
              Function 01182C60 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cac40c11144f2c89d81ef6927035f9956b24432c419cc5f81b5b2a7bf961ca85
              • Instruction ID: 4f9104e15158d931f6dfb225c00ee6986bcff24af9195da7602ea381d7edae9d
              • Opcode Fuzzy Hash: cac40c11144f2c89d81ef6927035f9956b24432c419cc5f81b5b2a7bf961ca85
              • Instruction Fuzzy Hash: 4D90023160140C42D60471584504B46000597E1301F55C016A0229654DC719C9517625
              Function 01182CA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fb240bde9ed90e96c9dc7c012e9d834eedda635790144a2134d35ba761e3bee7
              • Instruction ID: 518b6a0ee20492b08b29681ac14940f96db0b4d9d48e427d934c02ae50a52979
              • Opcode Fuzzy Hash: fb240bde9ed90e96c9dc7c012e9d834eedda635790144a2134d35ba761e3bee7
              • Instruction Fuzzy Hash: 0890023160140802D60475985508646000597E1301F55D011A5129555EC76989916235
              Function 01182CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 674dfd3653c868597b75d958891650ca6acc499957e2dfb7fb482c9328b813d2
              • Instruction ID: eb1632c5ecca65c7390a49714d8a7bd4c267c93781530100fb189fa1450e7963
              • Opcode Fuzzy Hash: 674dfd3653c868597b75d958891650ca6acc499957e2dfb7fb482c9328b813d2
              • Instruction Fuzzy Hash: CA900221A0540802D64471585518706001597D1201F55D011A0129554DC75D8B5567A5
              Function 01182CF0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 035dcafaf36e38f550e8edb957800db54e096a255650fdc8ab8f63831a6d1f5d
              • Instruction ID: 6b910e5e7b22a61f9829f952392c8feca36154478e16c1012e5e632268763436
              • Opcode Fuzzy Hash: 035dcafaf36e38f550e8edb957800db54e096a255650fdc8ab8f63831a6d1f5d
              • Instruction Fuzzy Hash: 7C90023160140803D60471585608707000597D1201F55D411A0529558DD75A89516225
              Function 01182F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6ee4f93be9e47da0dc2491d946e756ac87a346bad430156dc8552c464ab61896
              • Instruction ID: e1216458d1a49d6a927dcee3e75171f97e8e3b3de3ed3e025c820326db46f133
              • Opcode Fuzzy Hash: 6ee4f93be9e47da0dc2491d946e756ac87a346bad430156dc8552c464ab61896
              • Instruction Fuzzy Hash: AA90026174140842D60471584514B060005D7E2301F55C015E1169554DC71DCD52622A
              Function 01182F60 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 88edafaab907f73522e5bcfb451a07af3067cc91f778770d39422dccc9c9e8fc
              • Instruction ID: 889b18005658c252d34282b1f044931eab52c92ade28d659ab90fbae6e294a2c
              • Opcode Fuzzy Hash: 88edafaab907f73522e5bcfb451a07af3067cc91f778770d39422dccc9c9e8fc
              • Instruction Fuzzy Hash: B890026161140442D60871584504706004597E2201F55C012A2259554CC62D8D615229
              Function 01182F90 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e6286749a96113080ab40f3d8fccbecd4412f40ad2075fd48cf0b34c5848c49c
              • Instruction ID: dd4a540615650f48a55dc8989d45d27bb0b6881ee37e244c25f19aa10c90a4cf
              • Opcode Fuzzy Hash: e6286749a96113080ab40f3d8fccbecd4412f40ad2075fd48cf0b34c5848c49c
              • Instruction Fuzzy Hash: 4F90023160180802D6047158491470B000597D1302F55C011A1269555DC72989516675
              Function 01182FB0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 17b067ebfc1ff0c82ee1f2fd4a96d59f5421bd96f715f8de755b2750e1ee5856
              • Instruction ID: 69d8a2ffdeaa1bcb67944dc896138187a1fd1b0737d862991da3817e3b0f479e
              • Opcode Fuzzy Hash: 17b067ebfc1ff0c82ee1f2fd4a96d59f5421bd96f715f8de755b2750e1ee5856
              • Instruction Fuzzy Hash: 15900221A01404424644716889449064005BBE2211755C121A0A9D550DC65D89655769
              Function 01182FA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e006bcb3b33859f9cc816a343d67de00955008bb87a86001585e4dfd24f80bf5
              • Instruction ID: b0acb2bac9d1ec43847d5cfba919e21b3871a904e6a0d335b30ebf301061e6e9
              • Opcode Fuzzy Hash: e006bcb3b33859f9cc816a343d67de00955008bb87a86001585e4dfd24f80bf5
              • Instruction Fuzzy Hash: 9490023160180802D60471584908747000597D1302F55C011A5269555EC769C9916635
              Function 01182FE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9ccf6820bc791eb4c19c81bf9358e0676ad81e70115f80128b5a85eb4300ad61
              • Instruction ID: e867fbb3a4a5184c96a89b2cdc994db672448cc562f692af3603871d06bbc21e
              • Opcode Fuzzy Hash: 9ccf6820bc791eb4c19c81bf9358e0676ad81e70115f80128b5a85eb4300ad61
              • Instruction Fuzzy Hash: 3C900221611C0442D70475684D14B07000597D1303F55C115A0259554CCA1989615625
              Function 01182E30 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c023c9aa22db75295525b50477b1aa385b53cee29d096b0e7afa30a67a388df4
              • Instruction ID: d9851a85df3b318350d58a98d6c267f44791816021daae1c6043a17baa037b3e
              • Opcode Fuzzy Hash: c023c9aa22db75295525b50477b1aa385b53cee29d096b0e7afa30a67a388df4
              • Instruction Fuzzy Hash: 3B90022170140802D606715845146060009D7D2345F95C012E1529555DC7298A53A236
              Function 01182E80 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b4a041419d6dce3baec6977bb455e7038ea9f85dabc5c6c71c7d32e66c83b21b
              • Instruction ID: cb651da98e07eedd0241bfcb490bcdbe35d84f9f85b864cf347515f5da31ca76
              • Opcode Fuzzy Hash: b4a041419d6dce3baec6977bb455e7038ea9f85dabc5c6c71c7d32e66c83b21b
              • Instruction Fuzzy Hash: AB900221A0140902D60571584504616000A97D1241F95C022A1129555ECB298A92A235
              Function 01182EA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 73713b93f95b1d5f9e70dfe3d2a43096999e9499caadf2496a8663356c6d257f
              • Instruction ID: 47f17c1ae86bb56e47403ad48151dfc03b7700efff5da5f23c8d3d21bfc1b801
              • Opcode Fuzzy Hash: 73713b93f95b1d5f9e70dfe3d2a43096999e9499caadf2496a8663356c6d257f
              • Instruction Fuzzy Hash: 6290027160140802D64471584504746000597D1301F55C011A5169554EC75D8ED56769
              Function 01182EE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 776e9e8a0714faf0d3f63563c778e4c2d738628cb04352997c14f9612ce5419f
              • Instruction ID: 3ec936a56750f80bca4f77ceb99008f9acc82191a06ce1aa36c264b0eb0cbdde
              • Opcode Fuzzy Hash: 776e9e8a0714faf0d3f63563c778e4c2d738628cb04352997c14f9612ce5419f
              • Instruction Fuzzy Hash: A790026160180803D64475584904607000597D1302F55C011A2169555ECB2D8D516239
              Function 01183010 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c15f2c3159a6390166eee9e77feedf9cecd9e3483171c4df49858a180dff1b1f
              • Instruction ID: 600b37099330be1b0c83f0931be31060b0a272803b8a9e48d4e8541aea0725eb
              • Opcode Fuzzy Hash: c15f2c3159a6390166eee9e77feedf9cecd9e3483171c4df49858a180dff1b1f
              • Instruction Fuzzy Hash: B490022160184842D64472584904B0F410597E2202F95C019A425B554CCA1989555725
              Function 01183090 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7c05b62aa096bf6e60a817ab1107dc6fc4c50d8d5c81a4cadca4a28426368d00
              • Instruction ID: c5a59619c55f27e4808ac809120ecf237e2709073a495f7d00657f72810e6375
              • Opcode Fuzzy Hash: 7c05b62aa096bf6e60a817ab1107dc6fc4c50d8d5c81a4cadca4a28426368d00
              • Instruction Fuzzy Hash: 3990022164140C02D644715885147070006D7D1601F55C011A0129554DC71A8A6567B5
              Function 011839B0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fbf70f123e9269724f0526a7a45b451a5778b5452c361665d3bc8d798e201df4
              • Instruction ID: f1312ad86998376537bfefb9ed775953282df45adb6965f87807943ef8526bd7
              • Opcode Fuzzy Hash: fbf70f123e9269724f0526a7a45b451a5778b5452c361665d3bc8d798e201df4
              • Instruction Fuzzy Hash: B490022164545502D654715C45046164005B7E1201F55C021A0919594DC65989556325
              Function 01183D10 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 933cd6584adbf17dc7c23e926d53eb28c99ab3b2bba17f2324ca04ed723b2bff
              • Instruction ID: da17f8620cf5c627ab2d50de54acbed0263c0aef1acacf6a69e0a0736d723b5b
              • Opcode Fuzzy Hash: 933cd6584adbf17dc7c23e926d53eb28c99ab3b2bba17f2324ca04ed723b2bff
              • Instruction Fuzzy Hash: 67900231602405429A4472585904A4E410597E2302B95D415A011A554CCA1889615325
              Function 01183D70 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8aae81b8fee63832df4140ce2c6249bf0c770f994d647528a91224aaa4ed4339
              • Instruction ID: 1b727cb4021aa1562d745d7d74c6e0ea986f35873c178209b7ba02a95b05feca
              • Opcode Fuzzy Hash: 8aae81b8fee63832df4140ce2c6249bf0c770f994d647528a91224aaa4ed4339
              • Instruction Fuzzy Hash: FA90023560140802DA1471585904646004697D1301F55D411A0529558DC75889A1A225
              Function 01182C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
              • Instruction ID: 0075205a8685af95dc3ad3e065614918109edc0fff6d869f7f2599a636ebb662
              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
              • Instruction Fuzzy Hash:
              Function 01182890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
              • API String ID: 48624451-2108815105
              • Opcode ID: 94eb677ab28fdeb630383a9885a77332ae0fa56281b3413367c57c9b29f26e41
              • Instruction ID: 69707687f69e99cd1cb41684c8419a7aa1c1aa1f2a8deb61de72fea51323fc01
              • Opcode Fuzzy Hash: 94eb677ab28fdeb630383a9885a77332ae0fa56281b3413367c57c9b29f26e41
              • Instruction Fuzzy Hash: FF51D6B5E00116BFCF1AEB9D889097EFBF8BB49240714C169E465D7645E334DE50CBA0
              Function 011F2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
              • API String ID: 48624451-2108815105
              • Opcode ID: 8ea2b0c3605b3a27e7399c1b8011248b1d234d543d5e95d6c25feeeca204d8d1
              • Instruction ID: b48932e4e2b2988d452666c421728d361617968f38b1710bd57b9250fc561fc5
              • Opcode Fuzzy Hash: 8ea2b0c3605b3a27e7399c1b8011248b1d234d543d5e95d6c25feeeca204d8d1
              • Instruction Fuzzy Hash: 94510675A04646AFDB38DF9CC8909BFBBF9EB48200B04845DE6A6D7641E7B4DA40C760
              Function 01177630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
              Download Yara Rule
              Strings
              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 011B4742
              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 011B4725
              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 011B4655
              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 011B46FC
              • Execute=1, xrefs: 011B4713
              • ExecuteOptions, xrefs: 011B46A0
              • CLIENT(ntdll): Processing section info %ws..., xrefs: 011B4787
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
              • API String ID: 0-484625025
              • Opcode ID: 1a665e051f5ffc97a20899f42fe36af8a1123e31480bdcc17ab3c6c45dfd7dbf
              • Instruction ID: 5a064d150f2aa202352219ff063d68271cdff5cbeda218f01088ee5c1b9e6775
              • Opcode Fuzzy Hash: 1a665e051f5ffc97a20899f42fe36af8a1123e31480bdcc17ab3c6c45dfd7dbf
              • Instruction Fuzzy Hash: 8B51FB31A0021A7AEF1DEBA8EC9DFED77B9AF14704F0400A9E605A72C1E7719A45CF51
              Function 01216940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
              • Instruction ID: ded3193f2a2ec4cdc7d652b06f851fdaf699481dc3d56b362485a0cead06039b
              • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
              • Instruction Fuzzy Hash: 74022571518342AFD305DF18C490A6FBBE5FFD8704F148A2DBA898B258DB71E905CB52
              Function 0118B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID: __aulldvrm
              • String ID: +$-$0$0
              • API String ID: 1302938615-699404926
              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
              • Instruction ID: fe45715b8f8d229e94fc45f6a92100cda8e7df24535097717a438fc5954938b5
              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
              • Instruction Fuzzy Hash: 9681D170E196498EEF2DBE6CC8507FEBBB1AF46324F28C119D861A72D1C73498408F59
              Function 011F20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: %%%u$[$]:%u
              • API String ID: 48624451-2819853543
              • Opcode ID: 6f1c41d52d4601b9be3ce053fa0e97d503a9fe5ccf1d5f168e599a915f5c2b97
              • Instruction ID: d4c53aeaa99499daddf9d6f500d89c21c6b3213981457bf18748543585adddbd
              • Opcode Fuzzy Hash: 6f1c41d52d4601b9be3ce053fa0e97d503a9fe5ccf1d5f168e599a915f5c2b97
              • Instruction Fuzzy Hash: 5621657AA00119ABDB19DF79DC40AEFBBF8EF54644F44011AEA15D3200E730D9018BA5
              Function 0116F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
              Download Yara Rule
              Strings
              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 011B02E7
              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 011B02BD
              • RTL: Re-Waiting, xrefs: 011B031E
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
              • API String ID: 0-2474120054
              • Opcode ID: c4d6f54ff0c17dd07d38def4caa4dc94f6e6fda24ff43ec6736ecf5c42084a81
              • Instruction ID: e1650a682ee27013a11818285e0f8c5e74d617494d06113a53f383a19b2fcd1a
              • Opcode Fuzzy Hash: c4d6f54ff0c17dd07d38def4caa4dc94f6e6fda24ff43ec6736ecf5c42084a81
              • Instruction Fuzzy Hash: CCE10E302087429FD72DCF28D894B6ABBE4BB88314F144A5DF5A58B2E1D735D856CB42
              Function 0117BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
              Download Yara Rule
              Strings
              • RTL: Re-Waiting, xrefs: 011B7BAC
              • RTL: Resource at %p, xrefs: 011B7B8E
              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 011B7B7F
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
              • API String ID: 0-871070163
              • Opcode ID: 04b415ef343ee9c3ce4d7f015fc038373db29f8901535b5abe2938a99e983715
              • Instruction ID: a91fb0a753d1051d5ea198f9884b8ee185fc1198a308fa2d9ccc9c6a5a31793a
              • Opcode Fuzzy Hash: 04b415ef343ee9c3ce4d7f015fc038373db29f8901535b5abe2938a99e983715
              • Instruction Fuzzy Hash: F041E2313097029FD728DE29C940B6AB7E5EF99B10F100A1DF95AD7780DB31E5058F96
              Function 0117B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              APIs
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011B728C
              Strings
              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 011B7294
              • RTL: Re-Waiting, xrefs: 011B72C1
              • RTL: Resource at %p, xrefs: 011B72A3
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
              • API String ID: 885266447-605551621
              • Opcode ID: 7ff8fbd07841db4e01dfefbfa1fcc2db718373be23fb6e88d43d762dd7fa7362
              • Instruction ID: 7d970548414c21649d9c471b49787a0bcf046a689a1d6e5f7c95ecce3b3f41da
              • Opcode Fuzzy Hash: 7ff8fbd07841db4e01dfefbfa1fcc2db718373be23fb6e88d43d762dd7fa7362
              • Instruction Fuzzy Hash: 7141F031604206ABC729DE29CC81BAAB7B5FFA4714F100619F956AB3C0DB31E852CBD5
              Function 011F2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: %%%u$]:%u
              • API String ID: 48624451-3050659472
              • Opcode ID: e249ef761969b8053431df36cfcced270ff9530a3233e4c20c32f3de7a100c8d
              • Instruction ID: 59df2f3e9c5005c84ae6ad619095c4f6f4bbf069506ccd63b602cf81349ba877
              • Opcode Fuzzy Hash: e249ef761969b8053431df36cfcced270ff9530a3233e4c20c32f3de7a100c8d
              • Instruction Fuzzy Hash: 01316672A006199FDB28DF2DDC40BEEB7F8FB58614F444559E949E3240EB30DA458FA0
              Function 01187D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID: __aulldvrm
              • String ID: +$-
              • API String ID: 1302938615-2137968064
              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
              • Instruction ID: 3ed77d1a1ce381180f291ae0c832fcef4bcb33fd3867a52c4e20fe6b6ce0aa6d
              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
              • Instruction Fuzzy Hash: 42919471E002169AEB2CEF6DC8816BEBBA5AF44720F64C51AE965E72C0D73099418F52
              Function 01149126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID:
              • String ID: $$@
              • API String ID: 0-1194432280
              • Opcode ID: 7d69e4be699960bf1036b2cf5b6d7220f6133c0332ff4cd333ce9662302f5806
              • Instruction ID: 43bc7339d5a2aecf149d4202c4e6b2eb593f6aca23cc6093a1b3160a2ecdd6d4
              • Opcode Fuzzy Hash: 7d69e4be699960bf1036b2cf5b6d7220f6133c0332ff4cd333ce9662302f5806
              • Instruction Fuzzy Hash: 94812C75D002699BDB39DB54CC44BEEBBB8AF08754F0041EAEA19B7280D7705E85CFA1
              Function 011CCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
              Download Yara Rule
              APIs
              • @_EH4_CallFilterFunc@8.LIBCMT ref: 011CCFBD
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1510996715.0000000001110000.00000040.00001000.00020000.00000000.sdmp, Offset: 01110000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1110000_payment details.jbxd
              Similarity
              • API ID: CallFilterFunc@8
              • String ID: @$@4Qw@4Qw
              • API String ID: 4062629308-2383119779
              • Opcode ID: 0b79d45032adfe40881bdc8cd175b7c59f8ceca6827da1c18f0d4ac18906a730
              • Instruction ID: 5797173b1fdfdf2a4b7e0a5892203ca68dfbaebf78c0534afc1badd85970d3d7
              • Opcode Fuzzy Hash: 0b79d45032adfe40881bdc8cd175b7c59f8ceca6827da1c18f0d4ac18906a730
              • Instruction Fuzzy Hash: 2741A271A00215DFDB29DFA9D840AADBBB8FF64B54F00402EEA15DB254E734D901CBA5