Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup.exe

Overview

General Information

Sample name:Setup.exe
Analysis ID:1546129
MD5:65c7267dc7781fd73cf0d2853b644c06
SHA1:268066fdf53016bb5597e7546d5ba6eac8ac5bc0
SHA256:fefbaac187ade4ae3876145add937e6df6e1874496c4fe8c2d7dd923b694f92e
Tags:exeuser-aachum
Infos:

Detection

LummaC
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Program does not show much activity (idle)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • Setup.exe (PID: 7284 cmdline: "C:\Users\user\Desktop\Setup.exe" MD5: 65C7267DC7781FD73CF0D2853B644C06)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["servicedny.site", "faulteyotk.site", "drinkyresule.cyou", "authorisev.site", "contemteny.site", "goalyfeastz.site", "opposezmny.site", "seallysl.site", "dilemmadu.site"], "Build id": "c2CoW0--2source"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.binstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-31T14:35:17.914040+010020229301A Network Trojan was detected4.175.87.197443192.168.2.449730TCP
    2024-10-31T14:35:56.783684+010020229301A Network Trojan was detected4.175.87.197443192.168.2.449736TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Found malware configuration
    Source: Setup.exeMalware Configuration Extractor: LummaC {"C2 url": ["servicedny.site", "faulteyotk.site", "drinkyresule.cyou", "authorisev.site", "contemteny.site", "goalyfeastz.site", "opposezmny.site", "seallysl.site", "dilemmadu.site"], "Build id": "c2CoW0--2source"}
    Multi AV Scanner detection for submitted file
    Source: Setup.exeReversingLabs: Detection: 57%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 82.0% probability
    Machine Learning detection for sample
    Source: Setup.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: Setup.exeString decryptor: servicedny.site
    Source: Setup.exeString decryptor: authorisev.site
    Source: Setup.exeString decryptor: faulteyotk.site
    Source: Setup.exeString decryptor: dilemmadu.site
    Source: Setup.exeString decryptor: contemteny.site
    Source: Setup.exeString decryptor: goalyfeastz.site
    Source: Setup.exeString decryptor: opposezmny.site
    Source: Setup.exeString decryptor: seallysl.site
    Source: Setup.exeString decryptor: drinkyresule.cyou
    Source: Setup.exeString decryptor: lid=%s&j=%s&ver=4.0
    Source: Setup.exeString decryptor: TeslaBrowser/5.5
    Source: Setup.exeString decryptor: - Screen Resoluton:
    Source: Setup.exeString decryptor: - Physical Installed Memory:
    Source: Setup.exeString decryptor: Workgroup: -
    Source: Setup.exeString decryptor: c2CoW0--2source
    Source: Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx esi, byte ptr [eax]0_2_005741F0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov edx, ecx0_2_0057137E
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov edx, ecx0_2_005713D5
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_0055E870
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx ecx, byte ptr [edi+ebx]0_2_00535820
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov ecx, eax0_2_0053E8D6
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0054C8CE
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B62B8D10h0_2_0056B170
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov edx, eax0_2_0056A97E
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp dword ptr [eax+ebx*8], 7CDE1E50h0_2_0056A97E
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B62B8D10h0_2_0056A97E
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx ebx, byte ptr [edx+esi]0_2_0053C960
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+5A603547h]0_2_00540118
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov byte ptr [ebx], dl0_2_00540118
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx ecx, byte ptr [ecx+eax-24F86745h]0_2_00540118
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov edx, ecx0_2_00540118
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov edx, ecx0_2_00540118
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+5A603547h]0_2_00540130
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov byte ptr [ebx], dl0_2_00540130
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx ecx, byte ptr [ecx+eax-24F86745h]0_2_00540130
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov edx, ecx0_2_00540130
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov edx, ecx0_2_00540130
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then jmp edx0_2_005731D0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then xor byte ptr [ecx+ebx], bl0_2_005731D0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-7DC9E524h]0_2_005541E0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov ecx, eax0_2_0053E996
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then jmp edx0_2_00572EB0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then xor byte ptr [ecx+ebx], bl0_2_00572EB0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then jmp eax0_2_0055AA40
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0055CA72
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0055CA72
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+1817620Ch]0_2_0055AA60
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+2BB126CDh]0_2_0056FAD0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov byte ptr [eax+ebx], 00000030h0_2_005312D5
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then jmp edx0_2_005732C0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then xor byte ptr [ecx+ebx], bl0_2_005732C0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov edi, edx0_2_00551B40
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov byte ptr [ebx], cl0_2_0055EB60
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov ecx, eax0_2_0055EB60
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then lea edx, dword ptr [eax-80h]0_2_0055EB60
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx ebx, byte ptr [esi+ecx+0000009Ch]0_2_0055EB60
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+068F7B6Bh]0_2_0055EB60
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov dword ptr [esi+04h], eax0_2_0055EB60
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0055EB60
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov ecx, ebx0_2_00551333
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx esi, byte ptr [eax]0_2_00574380
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then jmp edx0_2_005733B0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then xor byte ptr [ecx+ebx], bl0_2_005733B0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp al, 2Eh0_2_0055AC04
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_0055E400
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov edi, esi0_2_0054ECDE
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00567CA0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov word ptr [ebx], ax0_2_0054F510
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0054F510
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov ebx, eax0_2_0053D500
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then jmp eax0_2_0054D5AF
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-67BC38F0h]0_2_00571648
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0055DE70
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov dword ptr [esp+3Ch], 595A5B84h0_2_00570E3A
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_0056C6D0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov edi, dword ptr [esp+54h]0_2_0055CEDA
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0054C6E0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then jmp edx0_2_00572EB0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then xor byte ptr [ecx+ebx], bl0_2_00572EB0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00555F00
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx edi, word ptr [edx]0_2_00558F00
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then xor byte ptr [ecx+ebx], bl0_2_00573720
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx+52B71DE2h]0_2_00571720
    Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx eax, byte ptr [esp+ebx-09A22FB6h]0_2_0056F7E0

    Networking

    barindex
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: servicedny.site
    Source: Malware configuration extractorURLs: faulteyotk.site
    Source: Malware configuration extractorURLs: drinkyresule.cyou
    Source: Malware configuration extractorURLs: authorisev.site
    Source: Malware configuration extractorURLs: contemteny.site
    Source: Malware configuration extractorURLs: goalyfeastz.site
    Source: Malware configuration extractorURLs: opposezmny.site
    Source: Malware configuration extractorURLs: seallysl.site
    Source: Malware configuration extractorURLs: dilemmadu.site
    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.4:49736
    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.4:49730
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00565210 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_00565210
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00565210 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_00565210
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005659B7 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,0_2_005659B7
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005686FE0_2_005686FE
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005728500_2_00572850
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005310000_2_00531000
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005568000_2_00556800
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0054482A0_2_0054482A
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005400C50_2_005400C5
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005338E00_2_005338E0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0055509D0_2_0055509D
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005699400_2_00569940
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0053F9700_2_0053F970
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0056A97E0_2_0056A97E
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005379600_2_00537960
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005401180_2_00540118
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005401300_2_00540130
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005749200_2_00574920
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005731D00_2_005731D0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005631DE0_2_005631DE
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005541E00_2_005541E0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005591E00_2_005591E0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005619800_2_00561980
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00572EB00_2_00572EB0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0053F2500_2_0053F250
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0055AA400_2_0055AA40
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0053A2700_2_0053A270
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0055CA720_2_0055CA72
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0053B2600_2_0053B260
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0056E2300_2_0056E230
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00550A240_2_00550A24
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005312D50_2_005312D5
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005732C00_2_005732C0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0056A2E00_2_0056A2E0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0054E2980_2_0054E298
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00551B400_2_00551B40
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0055EB600_2_0055EB60
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0053DB200_2_0053DB20
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0053132D0_2_0053132D
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00545BD80_2_00545BD8
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0055C3E00_2_0055C3E0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005723800_2_00572380
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005733B00_2_005733B0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00544BBF0_2_00544BBF
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00569BA00_2_00569BA0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00574C500_2_00574C50
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00564C600_2_00564C60
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0055AC040_2_0055AC04
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0056EC200_2_0056EC20
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00557CD20_2_00557CD2
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0054ECDE0_2_0054ECDE
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0053ECC00_2_0053ECC0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005594940_2_00559494
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005394BF0_2_005394BF
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0053BD700_2_0053BD70
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0054F5100_2_0054F510
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00559D000_2_00559D00
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0053ADD00_2_0053ADD0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00562D800_2_00562D80
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005635B00_2_005635B0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005555A40_2_005555A4
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00538DA00_2_00538DA0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0054D5AF0_2_0054D5AF
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00552E500_2_00552E50
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0055D6420_2_0055D642
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00546E100_2_00546E10
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0055BE100_2_0055BE10
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005746200_2_00574620
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0055762D0_2_0055762D
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0055A6D00_2_0055A6D0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00572EB00_2_00572EB0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005526A00_2_005526A0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0055762D0_2_0055762D
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00536F600_2_00536F60
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0053D7600_2_0053D760
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00558F000_2_00558F00
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005594940_2_00559494
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005737200_2_00573720
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_005717200_2_00571720
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0055B7D90_2_0055B7D9
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00538DA00_2_00538DA0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0055B7FE0_2_0055B7FE
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00539F9C0_2_00539F9C
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00564F800_2_00564F80
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00571F800_2_00571F80
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00556F820_2_00556F82
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00534FA00_2_00534FA0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00539FA80_2_00539FA8
    Source: C:\Users\user\Desktop\Setup.exeCode function: String function: 0053C8C0 appears 71 times
    Source: C:\Users\user\Desktop\Setup.exeCode function: String function: 0054C2A0 appears 176 times
    Source: Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: classification engineClassification label: mal84.troj.evad.winEXE@1/0@0/0
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00562088 CoCreateInstance,0_2_00562088
    Source: Setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: Setup.exeReversingLabs: Detection: 57%
    Source: C:\Users\user\Desktop\Setup.exeFile read: C:\Users\user\Desktop\Setup.exeJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: acgenral.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: msacm32.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Users\user\Desktop\Setup.exeSection loaded: sfc_os.dllJump to behavior
    Source: Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: C:\Users\user\Desktop\Setup.exeAPI coverage: 4.9 %
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
    Source: C:\Users\user\Desktop\Setup.exeAPI call chain: ExitProcess graph end nodegraph_0-15678
    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00570D90 LdrInitializeThunk,0_2_00570D90
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: Setup.exe, 00000000.00000002.2917865843.000000000147A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: servicedny.site
    Source: Setup.exe, 00000000.00000002.2917865843.000000000147A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: authorisev.site
    Source: Setup.exe, 00000000.00000002.2917865843.000000000147A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: faulteyotk.site
    Source: Setup.exe, 00000000.00000002.2917865843.000000000147A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: dilemmadu.site
    Source: Setup.exe, 00000000.00000002.2917865843.000000000147A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: contemteny.site
    Source: Setup.exe, 00000000.00000002.2917865843.000000000147A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: goalyfeastz.site
    Source: Setup.exe, 00000000.00000002.2917865843.000000000147A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: opposezmny.site
    Source: Setup.exe, 00000000.00000002.2917865843.000000000147A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: seallysl.site
    Source: Setup.exe, 00000000.00000002.2917865843.000000000147A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: drinkyresule.cyou

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.binstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.binstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    PowerShell    		1
    DLL Side-Loading    		1
    DLL Side-Loading    		11
    Deobfuscate/Decode Files or Information    		OS Credential Dumping2
    System Information Discovery    		Remote Services1
    Screen Capture    		1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    DLL Side-Loading    		LSASS MemoryApplication Window DiscoveryRemote Desktop Protocol1
    Archive Collected Data    		1
    Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
    Obfuscated Files or Information    		Security Account ManagerQuery RegistrySMB/Windows Admin Shares2
    Clipboard Data    		SteganographyAutomated ExfiltrationData Encrypted for Impact

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Setup.exe58%ReversingLabsWin32.Trojan.MintZard
    Setup.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    servicedny.sitetrue
      		unknown
      goalyfeastz.sitetrue
        		unknown
        contemteny.sitetrue
          		unknown
          faulteyotk.sitetrue
            		unknown
            drinkyresule.cyoutrue
              		unknown
              opposezmny.sitetrue
                		unknown
                seallysl.sitetrue
                  		unknown
                  dilemmadu.sitetrue
                    		unknown
                    authorisev.sitetrue
                      		unknown

                      World Map of Contacted IPs

                      No contacted IP infos

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1546129
                      Start date and time:2024-10-31 14:34:06 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 3m 56s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:6
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:Setup.exe
                      Detection:MAL
                      Classification:mal84.troj.evad.winEXE@1/0@0/0
                      EGA Information:
                      • Successful, ratio: 100%
                      HCA Information:
                      • Successful, ratio: 92%
                      • Number of executed functions: 9
                      • Number of non-executed functions: 110
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • VT rate limit hit for: Setup.exe

                      Simulations

                      Behavior and APIs

                      No simulations

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      No context

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      No created / dropped files found

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Entropy (8bit):6.761805285505053
                      TrID:
                      • Win32 Executable (generic) a (10002005/4) 99.96%
                      • Generic Win/DOS Executable (2004/3) 0.02%
                      • DOS Executable Generic (2002/1) 0.02%
                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                      File name:Setup.exe
                      File size:334'848 bytes
                      MD5:65c7267dc7781fd73cf0d2853b644c06
                      SHA1:268066fdf53016bb5597e7546d5ba6eac8ac5bc0
                      SHA256:fefbaac187ade4ae3876145add937e6df6e1874496c4fe8c2d7dd923b694f92e
                      SHA512:1c24fde94f7ae37d8b30b56dc44c3f41b578d90ecf24d0760fa4dc8d879699b6f2003eca7e0be5f04ab720a30482276a825613b8b933d88771d39c32db79575a
                      SSDEEP:6144:+tWC7xvtddofKKrybbuMY88Jc/oZ3ipoOvYcOCL7E6tt7tYlp4:+RZtddofKKrzHPJ3ii0bL7E6t7M2
                      TLSH:55648D09EB7381F0CC46847871DEB37F8A386A1547389FD7DB90DF8469636D2583AA06
                      File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.................D........................@.......................................@.................................R......

                      File Icon

                      Icon Hash:90cececece8e8eb0

                      Static PE Info

                      General

                      Entrypoint:0x40d0b0
                      Entrypoint Section:.text
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Time Stamp:0x6715CDA7 [Mon Oct 21 03:42:31 2024 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:6
                      OS Version Minor:0
                      File Version Major:6
                      File Version Minor:0
                      Subsystem Version Major:6
                      Subsystem Version Minor:0
                      Import Hash:f5ad7569262698fb9eae9f54a4af280c

                      Entrypoint Preview

                      Instruction
                      push edi
                      push esi
                      sub esp, 2Ch
                      mov dword ptr [esp], 710E3123h
                      xor eax, eax
                      nop
                      nop
                      mov ecx, eax
                      add cl, 0000003Dh
                      xor cl, byte ptr [esp+eax]
                      add cl, FFFFFFCFh
                      mov byte ptr [esp+eax], cl
                      inc eax
                      cmp eax, 04h
                      jne 00007F153910DBAEh
                      mov esi, dword ptr [esp]
                      call 00007F15391405B9h
                      test al, al
                      je 00007F153910DD59h
                      call 00007F153913880Ch
                      test al, al
                      je 00007F153910DD47h
                      mov ecx, esi
                      and ecx, 34A7AD07h
                      mov edx, esi
                      mov eax, esi
                      or esi, 34A7AD07h
                      imul esi, ecx
                      xor ecx, 34A7AD07h
                      and edx, CB5852F8h
                      lea edi, dword ptr [00000002h+edx*2]
                      sub edi, edx
                      add edi, FFFFFFFEh
                      or eax, CB5852F8h
                      mov edx, edi
                      and edx, eax
                      or eax, edi
                      not eax
                      imul eax, edx
                      mov edx, edi
                      and edx, ecx
                      or edi, ecx
                      imul edi, edx
                      add esi, edi
                      add esi, eax
                      mov edi, esi
                      shr edi, 07h
                      xor edi, esi
                      mov eax, edi
                      and eax, F5AE3701h
                      mov ecx, edi
                      and ecx, 0A51C8FEh
                      or edi, 0A51C8FEh
                      imul edi, ecx
                      xor ecx, 0A51C8FEh
                      imul ecx, eax
                      add edi, ecx
                      call dword ptr [004481ACh]
                      mov dword ptr [esp], F9814689h
                      mov word ptr [esp+04h], 0000h

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x480520x8c.rdata
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x590000x4b80.reloc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x4819c0xbc.rdata
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x10000x442b80x4440044608c6e2848810b5efa0e9a7b922cd9False0.5487315418956044data6.601624760368542IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .rdata0x460000x25270x26001d7cad41c72dc758f51b983241f580d3False0.43976151315789475data6.480989167928738IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .data0x490000xf5180x6200b0266cc045a35151394b57109c20c9e2False0.49960140306122447data6.15803565276463IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .reloc0x590000x4b800x4c001a6e4bcb7a19a779e696996fffb94813False0.43770559210526316data6.457467952497308IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                      Imports

                      DLLImport
                      KERNEL32.dllCopyFileW, ExitProcess, GetCommandLineW, GetCurrentProcessId, GetCurrentThreadId, GetLogicalDrives, GetSystemDirectoryW, GlobalLock, GlobalUnlock
                      SHELL32.dllShellExecuteW
                      USER32.dllCloseClipboard, FindWindowExW, GetClipboardData, GetDC, GetForegroundWindow, GetSystemMetrics, GetWindowLongW, GetWindowThreadProcessId, IsWindowEnabled, IsWindowVisible, OpenClipboard, ReleaseDC
                      ole32.dllCoCreateInstance, CoInitialize, CoInitializeSecurity, CoSetProxyBlanket, CoUninitialize
                      OLEAUT32.dllSysAllocString, SysFreeString, VariantClear, VariantInit
                      GDI32.dllBitBlt, CreateCompatibleBitmap, CreateCompatibleDC, DeleteDC, DeleteObject, GetCurrentObject, GetDIBits, GetObjectW, SelectObject, StretchBlt

                      Network Behavior

                      No network behavior found

                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:09:34:57
                      Start date:31/10/2024
                      Path:C:\Users\user\Desktop\Setup.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\Setup.exe"
                      Imagebase:0x530000
                      File size:334'848 bytes
                      MD5 hash:65C7267DC7781FD73CF0D2853B644C06
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      Disassembly

                      Reset < >

                        Execution Graph

                        Execution Coverage:1.1%
                        Dynamic/Decrypted Code Coverage:0%
                        Signature Coverage:37.8%
                        Total number of Nodes:45
                        Total number of Limit Nodes:3
                        execution_graph 15664 5713d5 15665 5713e6 15664->15665 15667 57143e 15665->15667 15671 570d90 LdrInitializeThunk 15665->15671 15670 570d90 LdrInitializeThunk 15667->15670 15669 57156f 15670->15669 15671->15667 15677 53d0b0 15679 53d0c0 15677->15679 15678 53d277 ExitProcess 15679->15678 15680 53d272 15679->15680 15681 53d0f1 GetCurrentThreadId 15679->15681 15696 570ca0 15680->15696 15682 53d180 15681->15682 15682->15682 15684 53d24f GetForegroundWindow 15682->15684 15688 53d236 ShellExecuteW 15682->15688 15685 53d259 GetCurrentProcessId 15684->15685 15686 53d25f 15684->15686 15685->15686 15691 53e1c0 15686->15691 15688->15684 15689 53d264 15689->15680 15695 53f960 FreeLibrary 15689->15695 15692 53e200 15691->15692 15692->15692 15693 53e27e LoadLibraryExW 15692->15693 15694 53e293 15693->15694 15694->15689 15695->15680 15699 571d40 15696->15699 15698 570ca5 FreeLibrary 15698->15678 15700 571d49 15699->15700 15700->15698 15701 5710f1 15702 571140 15701->15702 15704 57126e 15702->15704 15705 570d90 LdrInitializeThunk 15702->15705 15705->15704 15711 5741f0 15712 574210 15711->15712 15715 57426e 15712->15715 15717 570d90 LdrInitializeThunk 15712->15717 15713 57432e 15715->15713 15718 570d90 LdrInitializeThunk 15715->15718 15717->15715 15718->15713 15724 5686fe 15727 568a43 15724->15727 15725 568cef 15727->15725 15728 570d90 LdrInitializeThunk 15727->15728 15728->15727 15729 56dc18 15730 56dc1e RtlAllocateHeap 15729->15730 15731 570f68 15732 570f71 GetForegroundWindow 15731->15732 15733 570f84 15732->15733

                        Executed Functions

                        Function 005686FE Relevance: 66.6, Strings: 53, Instructions: 390COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 0 5686fe-568a3e 1 568a43-568a53 0->1 1->1 2 568a55 1->2 3 568a57-568a5d 2->3 4 568ac5-568afe 3->4 5 568a5f-568ac3 3->5 6 568b00-568b03 4->6 5->3 7 568b05-568b1a 6->7 8 568b1c-568b86 6->8 7->6 9 568b88-568b8b 8->9 10 568bbc-568bea 9->10 11 568b8d-568bba 9->11 12 568bec-568bef 10->12 11->9 13 568bf1-568c06 12->13 14 568c08-568c64 12->14 13->12 15 568c66-568c69 14->15 16 568ce2-568ce5 15->16 17 568c6b-568ce0 15->17 18 568ce7-568ced 16->18 17->15 19 568cf4-568d06 18->19 20 568cef 18->20 22 568d0a-568d10 19->22 23 568d08 19->23 21 568d7f-568db2 20->21 25 568d14-568d65 call 570d90 22->25 26 568d12 22->26 24 568d70-568d73 23->24 27 568d77-568d7a 24->27 28 568d75 24->28 30 568d6a-568d6d 25->30 26->24 27->18 28->21 30->24
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: InitializeThunk
                        • String ID: !$!$#$#$%$%$'$'$)$*$+$+$-$/$/$1$3$4$5$7$9$9$;$;:54$=$=$?$?$@$@$E$F$K$K$M$N$P$Q$Q$U$U$V$V$_$`$e$h$i$j$k$r$t$v
                        • API String ID: 2994545307-164515761
                        • Opcode ID: b111cbe0beac1c464adfd9c385328e9acbfa8f2e7eb42d30aaefbad5d66de432
                        • Instruction ID: 9e82943cbe733d5a0fff7b1877a29e314e9daab33e4657e9d40bf3c8b41892e4
                        • Opcode Fuzzy Hash: b111cbe0beac1c464adfd9c385328e9acbfa8f2e7eb42d30aaefbad5d66de432
                        • Instruction Fuzzy Hash: 77223E219087E98DDB32C67C8C4879DBFA11B63324F1843D9D4E96B3D2C7750A86CB66
                        Function 00570D90 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 69 570d90-570dc2 LdrInitializeThunk
                        APIs
                        • LdrInitializeThunk.NTDLL(005740E0,005C003F,00000002,00000018,?), ref: 00570DBE
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                        • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                        • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                        • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                        Function 005741F0 Relevance: .2, Instructions: 157COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 114 5741f0-57420f 115 574210-574242 114->115 115->115 116 574244-57424f 115->116 117 5742a4-5742a9 116->117 118 574251-574259 116->118 120 5742af-5742c4 117->120 121 574359-57435f 117->121 119 574260-574267 118->119 122 574270-574276 119->122 123 574269-57426c 119->123 126 5742d0-574302 120->126 124 574361-574368 121->124 125 574370-574377 121->125 122->117 128 574278-57429c call 570d90 122->128 123->119 127 57426e 123->127 129 57436e 124->129 130 57436a 124->130 126->126 131 574304-57430f 126->131 127->117 137 5742a1 128->137 129->125 130->129 132 574351-574353 131->132 133 574311-574319 131->133 132->121 136 574355 132->136 135 574320-574327 133->135 138 574330-574336 135->138 139 574329-57432c 135->139 136->121 137->117 138->132 141 574338-57434e call 570d90 138->141 139->135 140 57432e 139->140 140->132 141->132
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 3010c26d1e5335bb893c47b3a52f4c8136bd4aab5ab8ce4c46ef8689d5267762
                        • Instruction ID: 29575a8fae32030ec660578eb23cc8779ff074ebab65936fdefd46ea0b101617
                        • Opcode Fuzzy Hash: 3010c26d1e5335bb893c47b3a52f4c8136bd4aab5ab8ce4c46ef8689d5267762
                        • Instruction Fuzzy Hash: CF41AF35344300AFDB144B69ACC1B3ABBA5FF94704F18942CFA895B3A1D771AC54EB81
                        Function 005713D5 Relevance: .1, Instructions: 102COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 144 5713d5-5713f3 146 571400-571412 144->146 146->146 147 571414-57141c 146->147 148 57141e-571429 147->148 149 57144c 147->149 150 571430-571437 148->150 151 57144f-57145f 149->151 152 571440-571446 150->152 153 571439-57143c 150->153 154 571460-571472 151->154 152->149 156 5715ba-5715c3 call 570d90 152->156 153->150 155 57143e 153->155 154->154 157 571474-57147c 154->157 155->149 161 5715c8-5715d0 156->161 159 57147e-571489 157->159 160 5714ac-5714c0 157->160 162 571490-571497 159->162 163 571560-57156a call 570d90 160->163 161->151 164 5714a0-5714a6 162->164 165 571499-57149c 162->165 168 57156f-571586 163->168 164->160 164->163 165->162 167 57149e 165->167 167->160
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 37f2a6cd7edfe81ad58ee5002f3c82948148ccdf00460390fd4e6d6926bd6a40
                        • Instruction ID: 83a84ecc629a5a5f74f1e364eae32741c303b04d72bdb6042ea2cf6dbf3ae7b6
                        • Opcode Fuzzy Hash: 37f2a6cd7edfe81ad58ee5002f3c82948148ccdf00460390fd4e6d6926bd6a40
                        • Instruction Fuzzy Hash: A2214D342187104FCB549F1CA4D45367792FB9A324F15AA2CD9DA633A1C3306C09FB59
                        Function 0057137E Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 194 57137e-57145f 196 571460-571472 194->196 196->196 197 571474-57147c 196->197 198 57147e-571489 197->198 199 5714ac-5714c0 197->199 200 571490-571497 198->200 201 571560-57156a call 570d90 199->201 202 5714a0-5714a6 200->202 203 571499-57149c 200->203 206 57156f-571586 201->206 202->199 202->201 203->200 205 57149e 203->205 205->199
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 40defcffaceba1a125c25b6a619bb524d3345726baaf223415a3e39bf4e607e5
                        • Instruction ID: 0d2ea3518c00025684c583faa0cc39cc40e29707def800f4c9e6040521983fe6
                        • Opcode Fuzzy Hash: 40defcffaceba1a125c25b6a619bb524d3345726baaf223415a3e39bf4e607e5
                        • Instruction Fuzzy Hash: 0701C4306547008BDF589F28A8958367B53FBAA324F24692CD59B972A1D330A849FB05
                        Function 0053D0B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142threadCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        • GetCurrentThreadId.KERNEL32 ref: 0053D165
                        • ShellExecuteW.SHELL32(00000000,81368735,00578050,?,00000000,00000005), ref: 0053D249
                        • GetForegroundWindow.USER32(?,00000000,00000005), ref: 0053D24F
                        • GetCurrentProcessId.KERNEL32(?,00000000,00000005), ref: 0053D259
                        • ExitProcess.KERNEL32 ref: 0053D279
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: CurrentProcess$ExecuteExitForegroundShellThreadWindow
                        • String ID: ps
                        • API String ID: 1013327911-2817149839
                        • Opcode ID: ffc46673eb80979bd60790c3529e1b4932bc9077b2db09f5a8d1951a373ba4fd
                        • Instruction ID: 15b463fbdb43e3aad47f58fb58912c1d2cbe742dd57654ce5fad7b800f823cb2
                        • Opcode Fuzzy Hash: ffc46673eb80979bd60790c3529e1b4932bc9077b2db09f5a8d1951a373ba4fd
                        • Instruction Fuzzy Hash: 354103312483414BE704AB75A81A36FBFE6AFD6324F158D2CE4C5DB282DE748806CB52
                        Function 00570F20 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 59 570f20-570f3a 60 570f40-570f5b 59->60 60->60 61 570f5d-570fa7 GetForegroundWindow call 573bb0 60->61
                        APIs
                        • GetForegroundWindow.USER32 ref: 00570F76
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: ForegroundWindow
                        • String ID: 2123
                        • API String ID: 2020703349-208623094
                        • Opcode ID: fc95469ba3430f8b05423bba177169037c07098eace59919304d41ed4dc29090
                        • Instruction ID: 9bebe1b0d8413b5bea71d277f6712bdb6e0969f4655b22e7421939c45af35049
                        • Opcode Fuzzy Hash: fc95469ba3430f8b05423bba177169037c07098eace59919304d41ed4dc29090
                        • Instruction Fuzzy Hash: 00F028355083508FE3509B28F8456267BE1F795328F04992DF4D5C73E1C734C845EB42
                        Function 00570F68 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 65 570f68-570f7f GetForegroundWindow call 573bb0 68 570f84-570fa7 65->68
                        APIs
                        • GetForegroundWindow.USER32 ref: 00570F76
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: ForegroundWindow
                        • String ID:
                        • API String ID: 2020703349-0
                        • Opcode ID: 6212c95f933f8a13778bcd11d08fb404d78c908148ea53f5a6d0deadf092b6a3
                        • Instruction ID: 44917fbe55bfe700e6ccf585454390d27586793349aeb87d679d98fe3ab3c6f5
                        • Opcode Fuzzy Hash: 6212c95f933f8a13778bcd11d08fb404d78c908148ea53f5a6d0deadf092b6a3
                        • Instruction Fuzzy Hash: 83E08C7A6502008FDB04DB24FC9A83537A5F7292197000829E987D3362CB319588FB42
                        Function 0056DC18 Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 70 56dc18-56dc24 RtlAllocateHeap
                        APIs
                        • RtlAllocateHeap.NTDLL(?,00000000,?,?,00000000), ref: 0056DC24
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: AllocateHeap
                        • String ID:
                        • API String ID: 1279760036-0
                        • Opcode ID: 06b744afcd61ef64701c6e8ebbdfda14d3c423d408e4d974d4f265b383cdaeff
                        • Instruction ID: ea3eef99c7757a009ae7f8138dd73a100d08738e3b1026dd6399e8b801fa55bf
                        • Opcode Fuzzy Hash: 06b744afcd61ef64701c6e8ebbdfda14d3c423d408e4d974d4f265b383cdaeff
                        • Instruction Fuzzy Hash: 22B01230146210B8D03117111CCAFFF6C7DAF57F5DF102044B208240C00754A001F07D

                        Non-executed Functions

                        Function 00540130 Relevance: 40.4, APIs: 4, Strings: 18, Instructions: 1884COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: #Tw$;:54$;:54$=i<o$F]$J!G'$K=C#$Noni$T1S7$U`3$V[$_]$`1d7$d5h;$f[zU$xr${){/${-S
                        • API String ID: 0-2033873944
                        • Opcode ID: 318b59a902780fadc984f06fd0706018890b3f57d0d8dee93b114b3d66639c6b
                        • Instruction ID: 884a1d7bb010136712a448b394b8c4ddbb36e212027198d28cdc2ded8e87b809
                        • Opcode Fuzzy Hash: 318b59a902780fadc984f06fd0706018890b3f57d0d8dee93b114b3d66639c6b
                        • Instruction Fuzzy Hash: FBD221B16047408FD3248F25D89576BBFF1FF96304F18896CE49A8B392D735A846CB92
                        Function 00565210 Relevance: 31.6, APIs: 6, Strings: 12, Instructions: 120clipboardCOMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: Clipboard$CloseDataLongOpenWindow
                        • String ID: I$K$L$N$V$V$X$Y$Y$]$_$q
                        • API String ID: 1647500905-2073889574
                        • Opcode ID: 0e9c011d3fc0715641810347ff0f335c2293fbe2503656d1a9d1f5d26dce78c0
                        • Instruction ID: 453fe5fda9fcf94c206f970e384faf87746210c708343d73af94ef834ffdbe52
                        • Opcode Fuzzy Hash: 0e9c011d3fc0715641810347ff0f335c2293fbe2503656d1a9d1f5d26dce78c0
                        • Instruction Fuzzy Hash: BE417FB154C7818FE300AF78D54936FBFE0AB91354F054C2DE5C987382E6B985889763
                        Function 00557CD2 Relevance: 30.7, Strings: 24, Instructions: 728COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: 'UvW$'s7u$)A-C$/]-_$2w0i$53$9)$;:54$<&$B1W3$DK$Eq$HyJ{$N=M?$TeVg$XY$Y-\/$Z5B7$j%r'$n9_;$pq$t)i+$u$}z
                        • API String ID: 0-458764563
                        • Opcode ID: 200fc5a76e61ab86ae12a9c899ec6865a696017479db336ed06e013997f637bb
                        • Instruction ID: 0256592bba2429b03a5eab6095ca52d1efe8f34608683466fa6838f4fe9ea7a7
                        • Opcode Fuzzy Hash: 200fc5a76e61ab86ae12a9c899ec6865a696017479db336ed06e013997f637bb
                        • Instruction Fuzzy Hash: 80723EB45093818AE734CF15D880BAFBBE1FBD2344F10892DD5D99B261DB70844ADF92
                        Function 00540118 Relevance: 26.3, APIs: 4, Strings: 10, Instructions: 1780COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: #Tw$;:54$;:54$F]$Noni$T1S7$V[$_]$f[zU$xr
                        • API String ID: 0-3009026325
                        • Opcode ID: f69a10996bbb41becee681bfba43560babe485162373e0e168c8b9ac2a2ee25b
                        • Instruction ID: 5d86b682e265c878417df152929cd8288abb8f97d888d31c9398837e96fdce4e
                        • Opcode Fuzzy Hash: f69a10996bbb41becee681bfba43560babe485162373e0e168c8b9ac2a2ee25b
                        • Instruction Fuzzy Hash: 74C243B56047408FD3248F25D89572ABFF1FF96308F18856CE4868B7A2D736E846CB91
                        Function 0054F510 Relevance: 24.0, Strings: 18, Instructions: 1543COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: $!by*$$$)*+$$123X$1X74$45$5670$;:54$=n=c$H$PQRS$Xqrs$\]^_$`abc$eyv$sDK}$vv@
                        • API String ID: 0-744883782
                        • Opcode ID: f20148fa40ee4ddbd4e7d1d5240be339a63e41c9c47b7fe80f70d6e1435b3d18
                        • Instruction ID: b7c40622bae3cf7979264a24807dd09e9b8925dd14f4557b78759ff1bcb247ff
                        • Opcode Fuzzy Hash: f20148fa40ee4ddbd4e7d1d5240be339a63e41c9c47b7fe80f70d6e1435b3d18
                        • Instruction Fuzzy Hash: E2B2C0715083818BD725CF29C8947ABBFE1BFD6304F18996DE8C98B292D7748909CB52
                        Function 0055EB60 Relevance: 23.8, APIs: 2, Strings: 10, Instructions: 2801COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: "JZ$'Rx/$*JZ$34t$ODIF$Y?^i$fjnr$kk$syrh$vNHF
                        • API String ID: 0-2617420629
                        • Opcode ID: 493ae79a33e3af5f930b5d322d91eeff229f62f0873f4449984a13dc5e02ea07
                        • Instruction ID: fd31abeb902b2d4e09120986edcbf903bfea344dfc8464d8de3cb1239663c706
                        • Opcode Fuzzy Hash: 493ae79a33e3af5f930b5d322d91eeff229f62f0873f4449984a13dc5e02ea07
                        • Instruction Fuzzy Hash: 4313F674504B818BE7358F35C4A17A3BFE1AF57305F0889ADC5EB4B286D779A40ACB21
                        Function 0056A97E Relevance: 19.8, APIs: 9, Strings: 2, Instructions: 587memoryCOMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: AllocString
                        • String ID: ;:54$;:54
                        • API String ID: 2525500382-2193779323
                        • Opcode ID: 435683db4decf9cc0c9b546bf541ca5997968b34359bad384040c864aa326e55
                        • Instruction ID: 2b2f7fc774051aa29107d7e4dcb04345793945b39ef7a9aabb5bde947615454f
                        • Opcode Fuzzy Hash: 435683db4decf9cc0c9b546bf541ca5997968b34359bad384040c864aa326e55
                        • Instruction Fuzzy Hash: 13124476A00701CFD714CF24E885B2ABBB2FF99310F14896CD44A9B7A1D735E846EB90
                        Function 00569BA0 Relevance: 17.8, Strings: 14, Instructions: 304COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: '$($2$6$<$<$>$>$?$?$D$I$}$~
                        • API String ID: 0-1549446310
                        • Opcode ID: 367a348c16854c040ed8a8e1c50337844c82badbceb661a6883815d7b6a28ffd
                        • Instruction ID: b2db918c07e8ea5974b2b9f9fdb1d0aa1494f0830bfb285d062dee97976dd716
                        • Opcode Fuzzy Hash: 367a348c16854c040ed8a8e1c50337844c82badbceb661a6883815d7b6a28ffd
                        • Instruction Fuzzy Hash: 2FB1277390D7D14AD311857D888425BEEC61BE6228F2E8BADE9E4C73C6C579CC068392
                        Function 005312D5 Relevance: 16.0, Strings: 12, Instructions: 987COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: 0$0$0$0000$0000$0000$0000$0000$0000$0000$@$i
                        • API String ID: 0-3385986306
                        • Opcode ID: 1ae244b3b9f4418207f867b0aff54a0a7f6227f2aeb6a92a9d73a81ef61b04d9
                        • Instruction ID: 35f6336aab451215564f98afd3d5ca8ae9eb470243df1b22978d94dadf31c991
                        • Opcode Fuzzy Hash: 1ae244b3b9f4418207f867b0aff54a0a7f6227f2aeb6a92a9d73a81ef61b04d9
                        • Instruction Fuzzy Hash: A682CF75A09B818FC719CE28C59432AFFE1BB85304F188A6DE8DA87391D374DD45CB82
                        Function 0053F970 Relevance: 15.3, Strings: 12, Instructions: 280COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: ,q's$?u>w$@=E?$Q!R#$S)J+$Z-^/$x%F'$A"C$EG$IK$U?W$Y[
                        • API String ID: 0-4103194446
                        • Opcode ID: f3c5d63a678d28a9c675d46789437006d659c81c1f1f6b7084cf2c752810bce3
                        • Instruction ID: c8145eef5157414c49d6e494fd2b98e55f857e64ec0821352dc4db0cd16faf24
                        • Opcode Fuzzy Hash: f3c5d63a678d28a9c675d46789437006d659c81c1f1f6b7084cf2c752810bce3
                        • Instruction Fuzzy Hash: A1B188B064C3809FE3348F61E89179FBBA1ABD6304F548A2DE1D91B391C7B48845DF96
                        Function 00531000 Relevance: 14.5, Strings: 11, Instructions: 702COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: $ $ $+$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff$gfff$gfff$C
                        • API String ID: 0-504980401
                        • Opcode ID: a9a5ab92cc9ad1377eae040e72e8374c6b341a96c2f6a8b9662ca314ac21711f
                        • Instruction ID: a47231b94f72ed0b85b95b854665f5bdcb3e68a985d749708c6fb33e23515565
                        • Opcode Fuzzy Hash: a9a5ab92cc9ad1377eae040e72e8374c6b341a96c2f6a8b9662ca314ac21711f
                        • Instruction Fuzzy Hash: E142F471608B918FD718CE29C49036ABFE2BBD9314F188A2DE4D58B391D335DD46CB86
                        Function 00556800 Relevance: 13.4, APIs: 1, Strings: 6, Instructions: 1152COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: ;:54$InA>$InA>$P$SV$bqU
                        • API String ID: 0-1526841119
                        • Opcode ID: 63233fca0e6204e43509c5e712d5dcc9a8c969c3f2194dbc4c7024ae3f8c5892
                        • Instruction ID: 400f74fa43f4e017a7722d1dc1f16d48aa9bf8833628edbb380127be4d0654b7
                        • Opcode Fuzzy Hash: 63233fca0e6204e43509c5e712d5dcc9a8c969c3f2194dbc4c7024ae3f8c5892
                        • Instruction Fuzzy Hash: EB824375A00216CFDB14CF68DC90BAEBBB2FF49311F198168D905AB3A1D734AC46DB90
                        Function 0056A2E0 Relevance: 11.6, Strings: 9, Instructions: 302COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: InitializeThunk
                        • String ID: 4$4$5$5$:$:$;$;$;45:;
                        • API String ID: 2994545307-652432164
                        • Opcode ID: 1a9d4cb5119a92eaa3df1559da55a8aca45fd075bc48d2aa35f59687c2d3f83a
                        • Instruction ID: f89b30cbabcc793dea06fd4487523c86cea0cd5b8b270c26c50342e0913c826e
                        • Opcode Fuzzy Hash: 1a9d4cb5119a92eaa3df1559da55a8aca45fd075bc48d2aa35f59687c2d3f83a
                        • Instruction Fuzzy Hash: BFB1487220D3808FDB05CA38889436ABFD2ABE6354F1D492DE5D6973D2DA75C845CB13
                        Function 0055AA40 Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 523COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: 3L,S$;:54$D4'2$gw$t|
                        • API String ID: 0-148604455
                        • Opcode ID: c07a2ac248b6d66223606bb9378901685a1bddd060a27be0a08487e2a4530022
                        • Instruction ID: 0ac5d50b5dd75519c2517e00e3978ff7e9db328517dfa8fff12a400ab6286202
                        • Opcode Fuzzy Hash: c07a2ac248b6d66223606bb9378901685a1bddd060a27be0a08487e2a4530022
                        • Instruction Fuzzy Hash: E2F144B65083408FE7209F24D85566BBFE2FFC5315F048A2DE9C99B391E7748909CB82
                        Function 0054ECDE Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 521COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: InitializeThunk
                        • String ID: ;:54$;:54$;:54$;:54$;:54
                        • API String ID: 2994545307-1306776023
                        • Opcode ID: 2a8836a166ab957e5fb9c7c88e851adb02f0e927c17685220975b29b57cce10b
                        • Instruction ID: bf4cae19e41a05a5718ad12846fe4218f769c70c55fd13025d35baf93221ac0c
                        • Opcode Fuzzy Hash: 2a8836a166ab957e5fb9c7c88e851adb02f0e927c17685220975b29b57cce10b
                        • Instruction Fuzzy Hash: B2F12B32A48340CBD774CB18D8817BBBBA6FF96304F18992CD9C667262D375DC458B42
                        Function 0053D760 Relevance: 10.3, Strings: 8, Instructions: 302COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: 9tWU$<194$ALC:$JHz~$UQGq$UW$^$^\V^
                        • API String ID: 0-3233791986
                        • Opcode ID: 1b76c00ea30690e806b229d34a8721d4fbe8444d2ee39c48be022f5bad116e41
                        • Instruction ID: c597efcfcd14410bbfd7fdbda546215d5ed0ae62145d92c611d893f865154f0a
                        • Opcode Fuzzy Hash: 1b76c00ea30690e806b229d34a8721d4fbe8444d2ee39c48be022f5bad116e41
                        • Instruction Fuzzy Hash: CD918C7250D3918FD321CF29945035ABFF0AF96704F08899CE5E99B352D735C90ACBA6
                        Function 0053D500 Relevance: 10.2, Strings: 8, Instructions: 218COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: &%9b$)vBW$*#1/$9&!:$s$>%$sp$.$x$x|."
                        • API String ID: 0-2964809603
                        • Opcode ID: e15111653fabfa8ae9ca1ff26d6d509ab9527342194df1257f5b8c1e77c5e471
                        • Instruction ID: 9cbf330652ffd1fd0f3f62ad6d7c02b364d4696463f211e483d5db6c97094376
                        • Opcode Fuzzy Hash: e15111653fabfa8ae9ca1ff26d6d509ab9527342194df1257f5b8c1e77c5e471
                        • Instruction Fuzzy Hash: 1E51C27410D3C08BD316CF2995A176BBFF1EF93305F1859ACE4E54B291D27A880ACB62
                        Function 0053F250 Relevance: 9.2, Strings: 7, Instructions: 471COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: DuVw$EqLs$N=G?$^9[;$vIyK$w%G'$zMNO
                        • API String ID: 0-2443247208
                        • Opcode ID: 842e88b52668ce784351702a549eb930e5c8d194c10a489e71b11d9234f8b9bb
                        • Instruction ID: a4dc8c6957b4ef32c3d18619e6aca144b74ad2797b23cbf0776f3676b06f6578
                        • Opcode Fuzzy Hash: 842e88b52668ce784351702a549eb930e5c8d194c10a489e71b11d9234f8b9bb
                        • Instruction Fuzzy Hash: B91233B1604B01DFE3248F25E895B93BBF5FB44314F148A2CD4AA8BBA0D774B449DB90
                        Function 00550A24 Relevance: 8.0, Strings: 6, Instructions: 505COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: OI$RR$_W$_W$us$}z{
                        • API String ID: 0-2933034762
                        • Opcode ID: c041b1661ff514ea57691ab982a31cbeb210389339b87e6e62c11c6686169a7f
                        • Instruction ID: b00c2c5fc146080e23c3d538ce8a887a497826cb3b462c521a2d35465ed4ba93
                        • Opcode Fuzzy Hash: c041b1661ff514ea57691ab982a31cbeb210389339b87e6e62c11c6686169a7f
                        • Instruction Fuzzy Hash: 33F135B2A113058FCB14CFA9DC8169EBFB2FF84314F18866DD854AB381D7789946CB90
                        Function 0053DB20 Relevance: 7.9, Strings: 6, Instructions: 361COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: Lk$U\$Zb$\_$`$hVkg
                        • API String ID: 0-3858985552
                        • Opcode ID: 55bbfba9476a167ac4f5a63b6ef5190cd8a904bd4e79cd03f273a01d512d6bba
                        • Instruction ID: 73d5d12aea2e9adcc9afb5279a758d37a3beb87f770e40aebb32138568fb850b
                        • Opcode Fuzzy Hash: 55bbfba9476a167ac4f5a63b6ef5190cd8a904bd4e79cd03f273a01d512d6bba
                        • Instruction Fuzzy Hash: B8C1D0B160C3418FE320DF25D88575BBFE6EBD5314F14892DE1D58B292DA78C5098BA3
                        Function 0056EC20 Relevance: 7.0, Strings: 5, Instructions: 723COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: InitializeThunk
                        • String ID: ;:54$;:54$InA>$InA>$f
                        • API String ID: 2994545307-3857589079
                        • Opcode ID: 8579ee73964f907ecab1e5adc6fa05618d76a0e1d785c1c17e56061329923d43
                        • Instruction ID: f110387dd2129e4a47fca3555de111ede72f7d00a75d35f087e1b98bd393f61a
                        • Opcode Fuzzy Hash: 8579ee73964f907ecab1e5adc6fa05618d76a0e1d785c1c17e56061329923d43
                        • Instruction Fuzzy Hash: 9832C176A093419FD714CF29C880A2BBBE2BBC8314F18CA2DE8959B395D774D845CB52
                        Function 005541E0 Relevance: 6.7, Strings: 5, Instructions: 461COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: ){zy$)6$)B$|~$sq
                        • API String ID: 0-2449703377
                        • Opcode ID: 585e544efcb8837bd1ac9a9a5c2e960579788b801abe9d2a09697e073bf72f3f
                        • Instruction ID: 7292b3f40e6279c283bf49937efcd00a6bce26c8bc573c850743bacba557d193
                        • Opcode Fuzzy Hash: 585e544efcb8837bd1ac9a9a5c2e960579788b801abe9d2a09697e073bf72f3f
                        • Instruction Fuzzy Hash: 62C1F4B15083108BD724CF25D86276BBBF1FF92359F148A1DE8D58B390E7399849CB92
                        Function 0053ECC0 Relevance: 6.7, Strings: 5, Instructions: 426COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: 52$\XTR$`a$f\nf$ngfa
                        • API String ID: 0-1621357096
                        • Opcode ID: 270c39d5b847e6838faa32bee21b8244490db2f19265653524bf3c41c0fa88c8
                        • Instruction ID: 23106be2a1638007961c389115b22e11c85063d3380ffbc1e5545f68dda3506b
                        • Opcode Fuzzy Hash: 270c39d5b847e6838faa32bee21b8244490db2f19265653524bf3c41c0fa88c8
                        • Instruction Fuzzy Hash: 0FD1F171A0C3918BD314CF29D85136BFFE1ABC1714F28892DE4E59B382D77989069B92
                        Function 00559D00 Relevance: 6.7, Strings: 5, Instructions: 405COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: ;:54$;:54$EG$IJK$uw
                        • API String ID: 0-855178105
                        • Opcode ID: ce52150a529c0caea18523de58a3d05e0b887f1ff6ba20c9216fb25c71599cbe
                        • Instruction ID: 2a13ea7319c0f28871b50ffd337835641b4e8a81036de6425b38989a773ca625
                        • Opcode Fuzzy Hash: ce52150a529c0caea18523de58a3d05e0b887f1ff6ba20c9216fb25c71599cbe
                        • Instruction Fuzzy Hash: 03E104B5608340DFE7248F24E89276FBBA1FBD5304F14892DE9C99B251DB319849DB82
                        Function 0055509D Relevance: 6.4, Strings: 5, Instructions: 163COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4$5$:$;$e
                        • API String ID: 0-2923545159
                        • Opcode ID: 9e321c7bcde9e3f26d6c91be45fb7791774b1b4034906ff20e0fb4f5ac4172ba
                        • Instruction ID: 4f9179dfa5b521b3c6892a2330d00257d903825a94498c331439b30cec5669ad
                        • Opcode Fuzzy Hash: 9e321c7bcde9e3f26d6c91be45fb7791774b1b4034906ff20e0fb4f5ac4172ba
                        • Instruction Fuzzy Hash: E561B13550CBC08FD320CA6888A439BBFD1ABD6314F194A2ED9D5873D2D7799849CB53
                        Function 005555A4 Relevance: 6.4, Strings: 5, Instructions: 157COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4$5$:$;$e
                        • API String ID: 0-2923545159
                        • Opcode ID: 77895d151402f5ccbd0c3723c4b8736e49f0c1d6716bb224fc547c80681b822d
                        • Instruction ID: 0553dcb8b89bfc4d50802bf0c5f226d341225cef966637345aaf272dd5aa630a
                        • Opcode Fuzzy Hash: 77895d151402f5ccbd0c3723c4b8736e49f0c1d6716bb224fc547c80681b822d
                        • Instruction Fuzzy Hash: 8751D47650CBC08BD320CA68C46475BBFD1AB96324F194A6ED8E5C73D2E279C84AC752
                        Function 0054E298 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                        Download Yara Rule
                        APIs
                        • FindWindowExW.USER32(00000000,?,A3D19DEA,00000000), ref: 0054E410
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: FindWindow
                        • String ID:
                        • API String ID: 134000473-0
                        • Opcode ID: ade912548b2ae0905cf2e6c0cddbb5e83a7d2db559aca364b4a366080170f2ab
                        • Instruction ID: ba33128cf94ce00447d4a54cf3490411b97ad0764d4bb058f319688c95f4085e
                        • Opcode Fuzzy Hash: ade912548b2ae0905cf2e6c0cddbb5e83a7d2db559aca364b4a366080170f2ab
                        • Instruction Fuzzy Hash: CAD1D0756083518FC725CF28D8417AEBBE2BFD9308F09896DE4899B391DB70D905DB82
                        Function 00556F82 Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 524COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: ;:54$bqU
                        • API String ID: 0-4171639021
                        • Opcode ID: 713fef6a3df33a25e9f4c1d3c46e5e64dd93bb109a44fec2cdb091e8ec904895
                        • Instruction ID: 859f472c88040105c60ec806ba2622dcca2e253128dbd05cd2a625c130daa335
                        • Opcode Fuzzy Hash: 713fef6a3df33a25e9f4c1d3c46e5e64dd93bb109a44fec2cdb091e8ec904895
                        • Instruction Fuzzy Hash: 8FF155B1E00209CFDB04CF68D8917AEBBB2FF89311F298168D905AB391D7759946DF90
                        Function 00558F00 Relevance: 5.5, Strings: 4, Instructions: 489COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: ;:54$HyJ{$TeVg$pq
                        • API String ID: 0-3800776496
                        • Opcode ID: c184bb75e4535276c8e87b4f23980e4465e44aa26e7592a0b02bcfa18ee26a1b
                        • Instruction ID: 12d2d6d3188f832830ac7e58246ea43c25422345cbcb989f1b89a19214826ee2
                        • Opcode Fuzzy Hash: c184bb75e4535276c8e87b4f23980e4465e44aa26e7592a0b02bcfa18ee26a1b
                        • Instruction Fuzzy Hash: 45F11572908352CBC720CF24C8906ABB7F2FFD5745F59886DD8C56B264DB30994ADB81
                        Function 0053132D Relevance: 5.4, Strings: 4, Instructions: 388COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: -$0123456789abcdefxp$gfff$gfff
                        • API String ID: 0-3657095489
                        • Opcode ID: 334ef9104273820c5e8ffe50b79871dc438a729a2c69036e75f6ed0e97027056
                        • Instruction ID: 3ee41a9e4a0a43d1ca714c7ff45b0b6be8fb2f1bee23e78ba950981680b5385d
                        • Opcode Fuzzy Hash: 334ef9104273820c5e8ffe50b79871dc438a729a2c69036e75f6ed0e97027056
                        • Instruction Fuzzy Hash: 57E16D7160C7928FC715CE29C48026AFFE1BFD9314F088A6DE8D987352D235D945CB92
                        Function 005659B7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: MetricsSystem
                        • String ID:
                        • API String ID: 4116985748-3916222277
                        • Opcode ID: f01f0e9a19d4753462d6aef5184cfa50ca233e121bca1a45bb1cb27322647e8f
                        • Instruction ID: 54381148cfb0553dd2a04b817a1389230d9c65d3c5ae94f07cc62f8589f20ade
                        • Opcode Fuzzy Hash: f01f0e9a19d4753462d6aef5184cfa50ca233e121bca1a45bb1cb27322647e8f
                        • Instruction Fuzzy Hash: F45171B4E152048FCB40EFACE98569DBBF0BB48310F118569E898E7350D734AD49DF92
                        Function 0055D642 Relevance: 5.3, Strings: 4, Instructions: 333COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: @z.$;:54$Fx~F$zD{B
                        • API String ID: 0-1365873924
                        • Opcode ID: 0d53dbe36b11c36736a6efa42b7649a2c6d6d7dfddd6e3f0a71cc8f5af1158ef
                        • Instruction ID: af7fa76d49f281266f6ba633cad8f9d24f6ffa9f3e19c558dbfd37bd1c83dd46
                        • Opcode Fuzzy Hash: 0d53dbe36b11c36736a6efa42b7649a2c6d6d7dfddd6e3f0a71cc8f5af1158ef
                        • Instruction Fuzzy Hash: 8FB1477220C340CFD7149F28A89166ABFF2FBD5315F484A2DF8D84B291D7358A49DB52
                        Function 00572EB0 Relevance: 4.8, Strings: 3, Instructions: 1010COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: "5W$@3W$G3W
                        • API String ID: 0-1200988031
                        • Opcode ID: c9c20fed5cde48c86d3258c159d953630cc83c9bebdada22107fd1d30ba44b71
                        • Instruction ID: 9b3a42c053a6d29eb0fce61d8d615d7669ecef0598637e0ed5556dcab51a5914
                        • Opcode Fuzzy Hash: c9c20fed5cde48c86d3258c159d953630cc83c9bebdada22107fd1d30ba44b71
                        • Instruction Fuzzy Hash: BC620335B05211CFCB08CF68E8916AEB7F2FB99324F1980BDD84A97351D734A945EB80
                        Function 005731D0 Relevance: 4.4, Strings: 3, Instructions: 680COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: "5W$@3W$G3W
                        • API String ID: 0-1200988031
                        • Opcode ID: 4c6693e8106e3b85ed369b3ee597f82e484dfe5c9fc7df7ec1adcf148cf1b3c9
                        • Instruction ID: 1584d205a6a3d13e9d804d2912d5e2369c5a320dc74f71fdac786164dbb7524b
                        • Opcode Fuzzy Hash: 4c6693e8106e3b85ed369b3ee597f82e484dfe5c9fc7df7ec1adcf148cf1b3c9
                        • Instruction Fuzzy Hash: D312E135A05211CFCB08CF68E8906AEB7F2FB9D324F19847DC94AA7751D331A945EB90
                        Function 00551B40 Relevance: 4.4, Strings: 3, Instructions: 657COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: InitializeThunk
                        • String ID: ;:54$;:54$s}
                        • API String ID: 2994545307-2837035532
                        • Opcode ID: e4b569ef61dad46cee17df1f310043e97d334f0dfc5bb2442a584ff12e657b49
                        • Instruction ID: 6b315fbfba5bf06ff3a844e9a72cb1b33a3c379ad0dcc8de5802e82a8e9e61cf
                        • Opcode Fuzzy Hash: e4b569ef61dad46cee17df1f310043e97d334f0dfc5bb2442a584ff12e657b49
                        • Instruction Fuzzy Hash: F922FF716083418BDB24CF14C8A1B6FBFE6FBC6741F14882DE9859B291E774D849CB52
                        Function 005732C0 Relevance: 4.4, Strings: 3, Instructions: 637COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: "5W$@3W$G3W
                        • API String ID: 0-1200988031
                        • Opcode ID: f834363a51c01d20efd5ddd9dc9bdb313e9225c733f9c014fc6361b39194f1e0
                        • Instruction ID: 2983502a034463b0f6900ba57d73bc2d15bad3fc3802f71bb0ad82ff2bd83e77
                        • Opcode Fuzzy Hash: f834363a51c01d20efd5ddd9dc9bdb313e9225c733f9c014fc6361b39194f1e0
                        • Instruction Fuzzy Hash: 55020135A05215CFCB08CF68E8906AEBBF2FF99324F19847DD84AA7351D331A945EB50
                        Function 0055AC04 Relevance: 4.3, Strings: 3, Instructions: 578COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: SRP\$TU$YB]G
                        • API String ID: 0-3716301176
                        • Opcode ID: 5af9364306a24a6fbbe3d6ed8797afec13a751a336c9ce1f8a5d6b50c1547a06
                        • Instruction ID: 20c884bf417dedac2be7a2ff64f3d57da2441b94f9e9bf6d7c1e74dff4e05534
                        • Opcode Fuzzy Hash: 5af9364306a24a6fbbe3d6ed8797afec13a751a336c9ce1f8a5d6b50c1547a06
                        • Instruction Fuzzy Hash: 470204B16083418FD7049F24D8A126BBFE2FFD6305F18492EE8C597251E379D94ACB92
                        Function 00572850 Relevance: 4.2, Strings: 3, Instructions: 475COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: InA>$P$3
                        • API String ID: 0-4254740818
                        • Opcode ID: 391f25cc2eea4ff238117e483e63ae03c8feadc91f4f016ac0a3da82d18425e7
                        • Instruction ID: fc2234533bfe68abd6532b67c60803f3b42af60239ea8368fbf8dc4086618cab
                        • Opcode Fuzzy Hash: 391f25cc2eea4ff238117e483e63ae03c8feadc91f4f016ac0a3da82d18425e7
                        • Instruction Fuzzy Hash: 31F118726483618FD725CE28985036FBBE1FBC4714F15CA2CE9A99B3D1CB7488469BC1
                        Function 0054D5AF Relevance: 4.2, Strings: 3, Instructions: 404COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: ;:54$J$r
                        • API String ID: 0-2889753551
                        • Opcode ID: 6494cc36992c52f5a2429c0a3df55c7d5489ed494ae7fc5865e5057aeab9c925
                        • Instruction ID: 7b27a7981e1435bfac742f034fd4a4316285bd9a7f093322d2b131493e8376bc
                        • Opcode Fuzzy Hash: 6494cc36992c52f5a2429c0a3df55c7d5489ed494ae7fc5865e5057aeab9c925
                        • Instruction Fuzzy Hash: F8D1F4B19083418FD7248F24D8917ABBBF2FFD6308F04892DE4DA8B252D7749945DB92
                        Function 0055C3E0 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: Ea#c$Uqrs$cba
                        • API String ID: 0-809142158
                        • Opcode ID: ea59e5ad732662c14f6e6d43bfce576e27607affdfe6effcd1f867ad1252f280
                        • Instruction ID: 4d8dac200d70f35ee136d5a2786d3c75005dc41e2e911aacaffeaea4bf0085af
                        • Opcode Fuzzy Hash: ea59e5ad732662c14f6e6d43bfce576e27607affdfe6effcd1f867ad1252f280
                        • Instruction Fuzzy Hash: 8E71BC721083658FD720CF25985475FFBE4FBC5714F01892DE8E9AB281D7B8960A8BD2
                        Function 0053E8D6 Relevance: 3.8, Strings: 3, Instructions: 52COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: %!-0$:g;1$j
                        • API String ID: 0-565037024
                        • Opcode ID: 01af44bfd6589664093adb997222e4c7c6405bf2e1ba5c7cb1ef745cd3bd8c66
                        • Instruction ID: 00255591dbdfbef88a395f00a9b6ccdd607b38b790987f1c8e18eee6059cb7a1
                        • Opcode Fuzzy Hash: 01af44bfd6589664093adb997222e4c7c6405bf2e1ba5c7cb1ef745cd3bd8c66
                        • Instruction Fuzzy Hash: 7F11BC71209380CBC3528F29985136BFFE0FB92718F585E6CE0D6AB291D371C94A9B42
                        Function 0053E996 Relevance: 3.8, Strings: 3, Instructions: 25COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: %!-0$:g;1$j
                        • API String ID: 0-565037024
                        • Opcode ID: fa23b5c8106c8b6eb18a1e5e27922acec8cb3fb0240a5a66eefb843f2f12593b
                        • Instruction ID: 077bf2bff9901603807f2e79e2325a9b45f9704f83fba26ba17a17f31e19ef5a
                        • Opcode Fuzzy Hash: fa23b5c8106c8b6eb18a1e5e27922acec8cb3fb0240a5a66eefb843f2f12593b
                        • Instruction Fuzzy Hash: 91F017B00193408BD7519F29955151FFFE0FBD6218F906F5CE0E66B291D3B1C60A8B5B
                        Function 0055B7D9 Relevance: 3.2, Strings: 2, Instructions: 674COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: E!~#$lm
                        • API String ID: 0-1992677951
                        • Opcode ID: 2393e345b643461006b51930afb903b7ce8efaad9cd31533bffc37453c5948a0
                        • Instruction ID: 9e8e670e76129ddaff0b56bd8530b1bbbb6b48fd962606aa7072eb895dbb1fde
                        • Opcode Fuzzy Hash: 2393e345b643461006b51930afb903b7ce8efaad9cd31533bffc37453c5948a0
                        • Instruction Fuzzy Hash: AC320271908341CFE3208F24E85072BBFE2FFD9311F158A6DE99997291D731A949DB82
                        Function 0055B7FE Relevance: 3.1, Strings: 2, Instructions: 613COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: E!~#$lm
                        • API String ID: 0-1992677951
                        • Opcode ID: 6d031b788ea9c0a9064b739a38662bcac4f9419af7206e777161750881a79735
                        • Instruction ID: ee3796df8dc2e4e72a8e780a8077de6aa2aa073a20104cc44737133fdcb34092
                        • Opcode Fuzzy Hash: 6d031b788ea9c0a9064b739a38662bcac4f9419af7206e777161750881a79735
                        • Instruction Fuzzy Hash: 1022E171908341CFE3208F24E85471BBFE2FFD9310F198A6DE99997291D731A949DB82
                        Function 005526A0 Relevance: 3.0, Strings: 2, Instructions: 480COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: WV%'$%U
                        • API String ID: 0-1331361702
                        • Opcode ID: 4cd629bfa35b357c2183a7e03bffbb6138099c49bf31991c5e05be8ad07f076a
                        • Instruction ID: b2e733cf2a728e737a1dd0139c5188b8c478c302c296fe311d058fb8285b6309
                        • Opcode Fuzzy Hash: 4cd629bfa35b357c2183a7e03bffbb6138099c49bf31991c5e05be8ad07f076a
                        • Instruction Fuzzy Hash: E6E103B6A083519BE3119F24DC9176BBFE5FBC6300F08892DF8C19B242E6759D099793
                        Function 005338E0 Relevance: 2.9, Strings: 2, Instructions: 404COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: Inf$NaN
                        • API String ID: 0-3500518849
                        • Opcode ID: 7bc1cf635b38cea54d55e3749d74fcae0a61a99669b1fc3263e36b7f8479430b
                        • Instruction ID: 5f4e17c1c94c185c0f2a3a63d7257fd627615adad6e19182395997f9ef8afe8d
                        • Opcode Fuzzy Hash: 7bc1cf635b38cea54d55e3749d74fcae0a61a99669b1fc3263e36b7f8479430b
                        • Instruction Fuzzy Hash: ABD1B272A083129BC704CF28C88565AFBE5FFC4750F258E6DE8999B391E771DD448B82
                        Function 0055A6D0 Relevance: 2.8, Strings: 2, Instructions: 324COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: InitializeThunk
                        • String ID: ;:54$SJK^
                        • API String ID: 2994545307-880411129
                        • Opcode ID: b4ddab3fae796f808859a0f29cedb3750f21d4ba9d58b7854d63719c073015fa
                        • Instruction ID: 7a3ec6d5c37b2de9292c8a298bba626ca0d7e29d2c8af9328271ec4f6257abff
                        • Opcode Fuzzy Hash: b4ddab3fae796f808859a0f29cedb3750f21d4ba9d58b7854d63719c073015fa
                        • Instruction Fuzzy Hash: A08159B2A083014BD7209E64DCA573BBFE2FBD5715F19862DEC8187242E6749C0E9753
                        Function 005394BF Relevance: 2.8, Strings: 2, Instructions: 305COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: 0$8
                        • API String ID: 0-46163386
                        • Opcode ID: adfe6582a953df74b7b78a0b0535a59fb472a70705659ed982bab20c80df5665
                        • Instruction ID: f944b31f6ece3f9da1404ae9218838355e41f7c713032dd7e07d9f4c034569c7
                        • Opcode Fuzzy Hash: adfe6582a953df74b7b78a0b0535a59fb472a70705659ed982bab20c80df5665
                        • Instruction Fuzzy Hash: 61E12075608380DFC710CF28E844A8ABBE1BF99314F44896CF88997351D375EA58EF92
                        Function 005400C5 Relevance: 2.7, Strings: 2, Instructions: 198COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: is$s
                        • API String ID: 0-4051906996
                        • Opcode ID: 6a6ba11ba163f1aa7f420eb1e0594b949028b754f7362f5e411709774eb01b79
                        • Instruction ID: e2a3db6aab135eece0fbd08a28a6d0597811170b4ae7daca0ec691e4ef4b66cf
                        • Opcode Fuzzy Hash: 6a6ba11ba163f1aa7f420eb1e0594b949028b754f7362f5e411709774eb01b79
                        • Instruction Fuzzy Hash: D6610071608312DFD3148F60ECA062BB7B6FF95315F04892CE989872A0E7358848EB92
                        Function 005733B0 Relevance: 1.8, Strings: 1, Instructions: 572COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: "5W
                        • API String ID: 0-2478198141
                        • Opcode ID: 898e53e7ef7c008a376e989231f8bc00cc1caa29c20796fac328f97ef07f1d14
                        • Instruction ID: 981ecf5c61dfdf7e0daaa80050f938e32297fd6ee38e3e09368132dbc3c358da
                        • Opcode Fuzzy Hash: 898e53e7ef7c008a376e989231f8bc00cc1caa29c20796fac328f97ef07f1d14
                        • Instruction Fuzzy Hash: E302F035A05215CFCB08CF68E8906AEBBF2FF99314F19807DD84AA7341D735A945EB90
                        Function 00534FA0 Relevance: 1.8, Strings: 1, Instructions: 514COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: %1.17g
                        • API String ID: 0-1551345525
                        • Opcode ID: 3c6d1ba11642b8b576fa3a57968f82825c14267fd0f7d23f16d9795a3640f11c
                        • Instruction ID: 42f06a441b5cd8011cb1e56022395570ef95ab1f073450fd37174372bc0408f5
                        • Opcode Fuzzy Hash: 3c6d1ba11642b8b576fa3a57968f82825c14267fd0f7d23f16d9795a3640f11c
                        • Instruction Fuzzy Hash: D002F775609B428BE7158E68C48032BBFE2BFA1304F1CA96DE9958B351F771DC49C742
                        Function 00555F00 Relevance: 1.8, APIs: 1, Instructions: 251comCOMMON
                        Download Yara Rule
                        APIs
                        • CoCreateInstance.OLE32(005779D8,00000000,00000001,005779C8), ref: 00555F29
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: CreateInstance
                        • String ID:
                        • API String ID: 542301482-0
                        • Opcode ID: b5b5f2463ea0bdb1c543b0f2c318bc94f45178f7c2ac87665b5f9c4063c61975
                        • Instruction ID: b19a334fd7e530cbc3e5b1a02ef79f9d90529054a8bdc6fc7b2db0230b8b0fdf
                        • Opcode Fuzzy Hash: b5b5f2463ea0bdb1c543b0f2c318bc94f45178f7c2ac87665b5f9c4063c61975
                        • Instruction Fuzzy Hash: CD61EFB12002049BDB209F24CCA6B777BB4FF8575AF048519FA46CB2A1F775E808C762
                        Function 0055E400 Relevance: 1.6, Strings: 1, Instructions: 382COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: "
                        • API String ID: 0-123907689
                        • Opcode ID: 93ecab8819888c1490301e4ea4446f15b79a23bacf294943aa3e848e668045df
                        • Instruction ID: a3b919b2a663d3d62c56395a2cfb62a70d2032d38675311acca0bd561bc120f7
                        • Opcode Fuzzy Hash: 93ecab8819888c1490301e4ea4446f15b79a23bacf294943aa3e848e668045df
                        • Instruction Fuzzy Hash: F1C1F6B2A043019BD7298E24C4A676BBFE5BB84351F18892FEC9587381E734DE4DC791
                        Function 00572380 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: <?=1
                        • API String ID: 0-2411229740
                        • Opcode ID: 58e00eb0e7df579be7cc88c1a0fd41f3bad20a6f7bdd0e37a075dcdba7cd32ef
                        • Instruction ID: 144e1ec54be0e2b5f67ace7d6ab25a178bf90ed71d138ebac86eb7735c685a50
                        • Opcode Fuzzy Hash: 58e00eb0e7df579be7cc88c1a0fd41f3bad20a6f7bdd0e37a075dcdba7cd32ef
                        • Instruction Fuzzy Hash: 01B114B2B043115BE7249E28EC9176BBBD6EBD0314F08C93DE99997381EA34EC059791
                        Function 005635B0 Relevance: 1.6, Strings: 1, Instructions: 320COMMON
                        Download Yara Rule
                        Strings
                        • 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ, xrefs: 005636B7
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ
                        • API String ID: 0-442858466
                        • Opcode ID: a001cd3193aeaafdd693c8b82eb064cd9d7844a1147821d62497722df5e0e73b
                        • Instruction ID: 70041fbc3eae76e26b1a0c4ee6f99c00601535f8033da50b6e6ce3f4d49d4a07
                        • Opcode Fuzzy Hash: a001cd3193aeaafdd693c8b82eb064cd9d7844a1147821d62497722df5e0e73b
                        • Instruction Fuzzy Hash: 8BA14B33F1A5A14BCB18CE7C8C522EDAE93AB96330F2D8379D8B1DB3D5C56889059350
                        Function 00551333 Relevance: 1.5, Strings: 1, Instructions: 288COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: US
                        • API String ID: 0-1549774597
                        • Opcode ID: 021e8b06f8fd78b7be9ba0ba96a8236697893879ea99836ae31f109fb69b689e
                        • Instruction ID: 6127ed2c275fc48db57a31d32ec81ad85de47d0799213f57790cb03c7a25baf8
                        • Opcode Fuzzy Hash: 021e8b06f8fd78b7be9ba0ba96a8236697893879ea99836ae31f109fb69b689e
                        • Instruction Fuzzy Hash: 57815AB1900A05CBCB10CF65C8A27BABFB0FF45365F248149D8569F791E331D94ACB95
                        Function 0056F7E0 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: InitializeThunk
                        • String ID: InA>
                        • API String ID: 2994545307-2903657838
                        • Opcode ID: 591ababdc0180f01f0d7d56593acf8e22782ce9930a76ab77e61cd1e45c9c613
                        • Instruction ID: da1a14bda88d5b3b5a3cd6e83d461c1582aaeb82c64db01ca2ff0f25305a267c
                        • Opcode Fuzzy Hash: 591ababdc0180f01f0d7d56593acf8e22782ce9930a76ab77e61cd1e45c9c613
                        • Instruction Fuzzy Hash: B971E632A08301AFD724CF28D894B3ABFE2BBC4314F24993CE99697395D6719C45D791
                        Function 0055E870 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: "
                        • API String ID: 0-123907689
                        • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                        • Instruction ID: 5acd4ddc94a61ca209daf594ad0863bcaa82cedea7864e7e56ab422a2e57b075
                        • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                        • Instruction Fuzzy Hash: D971F932A083154BD718CE28C49531EBFE2BBC5722F19896FEC959B391D235DE4D8782
                        Function 0056E230 Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: InitializeThunk
                        • String ID: ;:54
                        • API String ID: 2994545307-2887251705
                        • Opcode ID: 7e36d3fba7f25658dc6c6f1c65ad5a5407659fb1ee3ff356dbe5496d41094f33
                        • Instruction ID: b4401d8e67779b502409dbd54a47821c1afcb27a16f2c74510b06d5cfde022a3
                        • Opcode Fuzzy Hash: 7e36d3fba7f25658dc6c6f1c65ad5a5407659fb1ee3ff356dbe5496d41094f33
                        • Instruction Fuzzy Hash: 75512477B153508BDB18CA29CC92B3ABA93BBD4310F19C92DDD95DB391EA349C418781
                        Function 0054482A Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: InitializeThunk
                        • String ID: +
                        • API String ID: 2994545307-2126386893
                        • Opcode ID: 93d47db21f3c6d7e8d8b11d9db80c6379a6c9f58157a1db37a6a4ada1f23723a
                        • Instruction ID: 154ba1fb2ca4976417ccd10100fbfa7b8d592070fc9aa9b5cb1ff495a4e1ccc0
                        • Opcode Fuzzy Hash: 93d47db21f3c6d7e8d8b11d9db80c6379a6c9f58157a1db37a6a4ada1f23723a
                        • Instruction Fuzzy Hash: 9F51DF31248B808FD329CA38C8943A77FE2BB95318F198A1DD5EB877C2C635A845DB41
                        Function 0055CEDA Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID: ;:54
                        • API String ID: 0-2887251705
                        • Opcode ID: cf7af1f672914dc08d03567a318fb358080b4535d4c02034a62bd6570c3973ad
                        • Instruction ID: 899be9df5150f2bac7b27aeac439ff10a6a8b49d399ef1b1b19ab40dead6c28b
                        • Opcode Fuzzy Hash: cf7af1f672914dc08d03567a318fb358080b4535d4c02034a62bd6570c3973ad
                        • Instruction Fuzzy Hash: F7019E312083008FDB598F10A8D153BBB63FFA5315F28A85ED98927156C274984E9B11
                        Function 0053BD70 Relevance: .8, Instructions: 830COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3165bc55115523de59345c5195674b73c5ddc2ef69068c5c63219a4f04796b64
                        • Instruction ID: aea35c17cb572b9933dc3f2a9a6eb513ca9e1f11c17594d3b847f2a17175d5d3
                        • Opcode Fuzzy Hash: 3165bc55115523de59345c5195674b73c5ddc2ef69068c5c63219a4f04796b64
                        • Instruction Fuzzy Hash: AC52D2315083118BC725DF58E8842BEBBE2FFD4315F25892DD9D6A7285E738E851CB82
                        Function 0053B260 Relevance: .7, Instructions: 670COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8918c273b7b8688b622dbf7b256bd169b41e076eb0875a142991bae142161d18
                        • Instruction ID: e98d2bc6834039b32db4a4d9af4e611d5fae108db637f3c59bf29d41a671317b
                        • Opcode Fuzzy Hash: 8918c273b7b8688b622dbf7b256bd169b41e076eb0875a142991bae142161d18
                        • Instruction Fuzzy Hash: 3052C370908B888FFB31CB24C4953A7BFE1FB91314F14482EC6EA46A83C379A985C755
                        Function 00536F60 Relevance: .7, Instructions: 657COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f11c564bc45b171ea915cfc4bcd2d962d5b592af73afddf6795b23fdcfbbcc0e
                        • Instruction ID: a026b415c329df30b0b35cae5a0b9f883bc2629dfc77fa36daebc6e26a57b9c1
                        • Opcode Fuzzy Hash: f11c564bc45b171ea915cfc4bcd2d962d5b592af73afddf6795b23fdcfbbcc0e
                        • Instruction Fuzzy Hash: 8052A27190C3498FCB25CF29C0906AABFE1FF88314F198A6DE89957352D774E949CB81
                        Function 00552E50 Relevance: .7, Instructions: 655COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: baec8ab33650e33f19c5d2590874ac5674ea2bf36096d01f9a9574e24dd15b09
                        • Instruction ID: 7589cf57da93cc60b6867c10eb212d0978ced919f0ec44ae2115c74103530e39
                        • Opcode Fuzzy Hash: baec8ab33650e33f19c5d2590874ac5674ea2bf36096d01f9a9574e24dd15b09
                        • Instruction Fuzzy Hash: 6A625AB0508B808ED376CB3C8849797BFE5AB5A314F084A9DD0EE8B3D2D7B56505C762
                        Function 00537960 Relevance: .6, Instructions: 611COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4cb5a78d60e51fe666010a417b8db8191f581801f5a0537d48e4ccc3af98a487
                        • Instruction ID: ef213d24983ee6140daedd306fbb80de35cb72add0ce9323329db09f658a60c1
                        • Opcode Fuzzy Hash: 4cb5a78d60e51fe666010a417b8db8191f581801f5a0537d48e4ccc3af98a487
                        • Instruction Fuzzy Hash: 284205B1919B198FC378CF29C590526BBF1BF89710B644A2ED69787B90D736F844CB10
                        Function 00571720 Relevance: .5, Instructions: 497COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c3e830e700bd17efbb5d4585a09a515ce7986e1b8e2bdf04b46fa8d2fc7db73e
                        • Instruction ID: 6a1bdc3c5e2e75b8c3acfe0cf5b85fead5a30e7e85e132b0d03137e7fa62da30
                        • Opcode Fuzzy Hash: c3e830e700bd17efbb5d4585a09a515ce7986e1b8e2bdf04b46fa8d2fc7db73e
                        • Instruction Fuzzy Hash: 3FF14832A08351CFC714CF38E89112ABBE2BB99310F19867DD99987392E735D949DB81
                        Function 0053A270 Relevance: .4, Instructions: 399COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d8e88b7cbd39bbd3665fdfcbb4fcb2809eb00c2d7e36ac19dd5f7b175e2c8b1d
                        • Instruction ID: 02d7b01830e556e65c0179ab27eb7cfe99e8d31b2c4a014d79c0dae06df0d8d8
                        • Opcode Fuzzy Hash: d8e88b7cbd39bbd3665fdfcbb4fcb2809eb00c2d7e36ac19dd5f7b175e2c8b1d
                        • Instruction Fuzzy Hash: ACE156756083818FC725DF29C880A6BBFE1FF99300F44882DE5D587752E675E948CBA2
                        Function 00559494 Relevance: .4, Instructions: 390COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4adcbc2d86b2e747d4ec0977435fd81f8b21c8996de69ee1ffcf813eb5514b04
                        • Instruction ID: 971c29642d8382a0f5e5b89e83f26c3e5ca7dea9b827130db2d961fb7f7f254b
                        • Opcode Fuzzy Hash: 4adcbc2d86b2e747d4ec0977435fd81f8b21c8996de69ee1ffcf813eb5514b04
                        • Instruction Fuzzy Hash: B4D1F431958341CBD7248E68C4613AABBE1FB96351F18892ED8DA87241E73C994DE782
                        Function 00573720 Relevance: .3, Instructions: 334COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 27dd80bcd8d4eb7ef400dd7164828427814bf634fa04776a999d0fa91249a6e3
                        • Instruction ID: a18e455e764246b4c8a40fff23c94570a1fa8691ad073f07bb90cae969e8b19e
                        • Opcode Fuzzy Hash: 27dd80bcd8d4eb7ef400dd7164828427814bf634fa04776a999d0fa91249a6e3
                        • Instruction Fuzzy Hash: 93A10335A05215CFCB08CF68E8502AEBBF2FF9A314F19847DC54AA7741D331AA45EB90
                        Function 00571F80 Relevance: .3, Instructions: 334COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 6975eaf6f92f470dac3c73c3ae07ca52c15a10d5b87b93af43056e91af60f941
                        • Instruction ID: 047410c7a2bbf05baa8f66be5686b62c1af171eea4f180ef930dd759613fc6d4
                        • Opcode Fuzzy Hash: 6975eaf6f92f470dac3c73c3ae07ca52c15a10d5b87b93af43056e91af60f941
                        • Instruction Fuzzy Hash: 67A12932B183119FD734CA39DC41B6BBBD2FBC8314F14C92CE999D7291E6349845A751
                        Function 00544BBF Relevance: .3, Instructions: 319COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6230d02a3eb76e37aa307ecb344f9d05e0b8ee1bd657b0b787ee8db6970dfa7c
                        • Instruction ID: af2860f3405575e71eea1682f0cf2a5e2108774a039a1726feaeaf0b1397a5e2
                        • Opcode Fuzzy Hash: 6230d02a3eb76e37aa307ecb344f9d05e0b8ee1bd657b0b787ee8db6970dfa7c
                        • Instruction Fuzzy Hash: 12C1F875604B408FC325DF38C8953A6BFE2BB9A314F198A6DD4EB87392D675E801CB11
                        Function 0055CA72 Relevance: .3, Instructions: 318COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c3ba01bc10bb79e76181a935e724bfb032f8ca0877a63f8efe411946ffbed380
                        • Instruction ID: 2156148ec7312d141d98902cd381939551a9854e6f6a196af12c9cae59d79de7
                        • Opcode Fuzzy Hash: c3ba01bc10bb79e76181a935e724bfb032f8ca0877a63f8efe411946ffbed380
                        • Instruction Fuzzy Hash: 6E910F719483058FD320DF54D8A162BBBB1FFE5315F08892EE9C94B390E7749A09DB92
                        Function 00574C50 Relevance: .3, Instructions: 311COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 9778524d8a1ce96d86a0ae5681f34a248f801fb053b8bb12cf2ddb56e1b21fc5
                        • Instruction ID: 42a711895e11e34a8e67d456266b247a91c930e030e543e613fb46c301ece9b1
                        • Opcode Fuzzy Hash: 9778524d8a1ce96d86a0ae5681f34a248f801fb053b8bb12cf2ddb56e1b21fc5
                        • Instruction Fuzzy Hash: E091D3356083219FC725CF18E88066ABBE6FF99710F19C52CE98597360D731AC45EB82
                        Function 0053ADD0 Relevance: .3, Instructions: 303COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5bb38836aa2fc0c02311f2ee4b3c29a57ce834601b3de9f78f5398ad176a45f4
                        • Instruction ID: 2e85e60a48f0d87e866413028a426c1003de043274d1a000b6cbb5da8f5470e4
                        • Opcode Fuzzy Hash: 5bb38836aa2fc0c02311f2ee4b3c29a57ce834601b3de9f78f5398ad176a45f4
                        • Instruction Fuzzy Hash: 68C16EB29087418FD370CF68DC967ABBBE1BF85318F08492DD2D9C6242E778A155CB46
                        Function 00574920 Relevance: .3, Instructions: 301COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 1d4b23e0fda5a35bfe9ec8800af2132cf0a3b35481d64a14692a6a45316d39d2
                        • Instruction ID: 8427b6ae8413bce8c579712a8b2b9668e68366996d80e554959622eafc19b76c
                        • Opcode Fuzzy Hash: 1d4b23e0fda5a35bfe9ec8800af2132cf0a3b35481d64a14692a6a45316d39d2
                        • Instruction Fuzzy Hash: F8A1D2352093118FC715DF18D490A2ABBF2FF99710F05896CE9898B361EB71EC15DB92
                        Function 00546E10 Relevance: .3, Instructions: 298COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e56a010667c484b5362d6bdc9eede265b2c276aaeee31a6f76e1b7ccf287a672
                        • Instruction ID: 1a2e8aec021599f2759e111a7dd30f9d7914acf7c5d200ed6600ad3ee8289808
                        • Opcode Fuzzy Hash: e56a010667c484b5362d6bdc9eede265b2c276aaeee31a6f76e1b7ccf287a672
                        • Instruction Fuzzy Hash: 86B10772608B404FC3159E38C895366BFE2BBDA214F198A6DD4EBCB793D635D806CB11
                        Function 00574620 Relevance: .3, Instructions: 298COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: be0246431863ba43386710082113521110394386f1dce848bb2ad6049ae20eba
                        • Instruction ID: a4a588d57f291504bdd020cccf00504f418dbee14239e52a5a708be29b93fbda
                        • Opcode Fuzzy Hash: be0246431863ba43386710082113521110394386f1dce848bb2ad6049ae20eba
                        • Instruction Fuzzy Hash: 408126356083518BC714DF18E89093ABBE2FFD9760F09C42DE9899B361EB309C45EB52
                        Function 00564C60 Relevance: .3, Instructions: 283COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ce2777356106a75a223046495ddbda5205580deaedd40cfc29be50a60c834ee6
                        • Instruction ID: df02cf82e109813d4d52dab347540bc4429269042a40acf65864ad1cafc8ac8f
                        • Opcode Fuzzy Hash: ce2777356106a75a223046495ddbda5205580deaedd40cfc29be50a60c834ee6
                        • Instruction Fuzzy Hash: 23911833A2ADA14BD718893C5C112BA6D536FD7330B3EC729B9B6CB3E5D6248D125350
                        Function 00561980 Relevance: .3, Instructions: 277COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3ef889015e91f7a3a7656171532d6b63e5eff0524738f0c9b0c8242826e87780
                        • Instruction ID: 436d252c1ba910d65c20c1c2c23558a6fc5f8cf8d04dc8d5e146464f6e394702
                        • Opcode Fuzzy Hash: 3ef889015e91f7a3a7656171532d6b63e5eff0524738f0c9b0c8242826e87780
                        • Instruction Fuzzy Hash: 09B1D376604F818FD3158A38C8903A6BFE2BFDA314F1DC96DC5E64B396DA34A846C741
                        Function 00562D80 Relevance: .3, Instructions: 259COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a3f91020c104d948fd6ca35f7c7b0217213e65d5d40ba504073df545314a35f7
                        • Instruction ID: bf7ae9de052728b5232ed2d521c4a4f1cb1b3e8d0ae131fb8cfec6917aa51e47
                        • Opcode Fuzzy Hash: a3f91020c104d948fd6ca35f7c7b0217213e65d5d40ba504073df545314a35f7
                        • Instruction Fuzzy Hash: F1A10575A08B808FD3118F3CC8913A6BFE2BFDA314F18896CD5DA8B756D635A845C742
                        Function 005631DE Relevance: .3, Instructions: 258COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1972d064372f1a8ddea7434840d6bcfa4e9ee46c1fa76510e1d4b6482ac3fa97
                        • Instruction ID: 6f8bc68fd23a082b2661c2e7a68748ead281b891da498d73c60ded50cf337fa7
                        • Opcode Fuzzy Hash: 1972d064372f1a8ddea7434840d6bcfa4e9ee46c1fa76510e1d4b6482ac3fa97
                        • Instruction Fuzzy Hash: 22A1F575A09B808FD3118F3CC890356BFE2BFDA314F18896CC5DA8B756DA35A845C742
                        Function 00545BD8 Relevance: .2, Instructions: 234COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a937ee92466d7dfa1112005b1784a932bfb3850b298df0879e3e338d1ce7049e
                        • Instruction ID: 1293c144bd66df496c7503bea4fb5eed93d5c352e7f7c6361be6035df5e61fc2
                        • Opcode Fuzzy Hash: a937ee92466d7dfa1112005b1784a932bfb3850b298df0879e3e338d1ce7049e
                        • Instruction Fuzzy Hash: 8B91D975604B808FC325CF3CC8513A6BFE2AF9A314F198A5DD4EACB396D635A906C711
                        Function 00564F80 Relevance: .2, Instructions: 230COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f35f2af8ee6abf43272e1ef9a0f603f38e60ecf10b962b00722f38aa7ff1c9f4
                        • Instruction ID: 329fb148f1ad094c5af7f203edc55c8f8298ece37d911a1c9d4445f27964a125
                        • Opcode Fuzzy Hash: f35f2af8ee6abf43272e1ef9a0f603f38e60ecf10b962b00722f38aa7ff1c9f4
                        • Instruction Fuzzy Hash: F0712333B59A9147C7248D3C9C813A9AE936BE7334F3D8379E4B58B3D5D536880A9380
                        Function 00538DA0 Relevance: .2, Instructions: 223COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5e01ff8be125693bb2350c3765ba7070b980dca024a206316fb978de5cc7f46b
                        • Instruction ID: e28c1439bed927f8bf282614a2a1e0e1abc605ca5847e991b5eee9d50732fa68
                        • Opcode Fuzzy Hash: 5e01ff8be125693bb2350c3765ba7070b980dca024a206316fb978de5cc7f46b
                        • Instruction Fuzzy Hash: B8718875609301CFD708CF15E8902AABBE2FBC9316F18C96DE84847294C775D989EF91
                        Function 0055BE10 Relevance: .2, Instructions: 208COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 155d1bcc165c574813ead1c2a6ef199dfd3bbe9d4e67031495f7da46cd3e2367
                        • Instruction ID: 9e26881da989da1c963fc3593d78a1d38f083f7ac241748cff9a7534af2469c6
                        • Opcode Fuzzy Hash: 155d1bcc165c574813ead1c2a6ef199dfd3bbe9d4e67031495f7da46cd3e2367
                        • Instruction Fuzzy Hash: BB51E271714A054BD715CE2CD99962AFBD2BFC4210F2D8A39E985C7391DB70EC06CB91
                        Function 00569940 Relevance: .2, Instructions: 189COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f367f8f5ecc45097846795fd34e8c8963d6acf5eabfc43f7f435ff06ce4ba9ef
                        • Instruction ID: ee4e637f5c89213c2f64b1efd07df7b2475a5ca1f85b32d9c635e8afc64edaed
                        • Opcode Fuzzy Hash: f367f8f5ecc45097846795fd34e8c8963d6acf5eabfc43f7f435ff06ce4ba9ef
                        • Instruction Fuzzy Hash: C1515CB16087548FE314DF69D89435BBBE1BBC4318F144A2DE4E987351E379DA088F82
                        Function 0055762D Relevance: .2, Instructions: 170COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d7bdefd22a649798a8e559d5055c49320ac1c838950ccc9913e40d0fc32023b4
                        • Instruction ID: e76192194ee99ecb0968dbde473c76963cf80cf9abdca05663f339cea4f99145
                        • Opcode Fuzzy Hash: d7bdefd22a649798a8e559d5055c49320ac1c838950ccc9913e40d0fc32023b4
                        • Instruction Fuzzy Hash: 2D510FB55046108FEB108F66D8D16AA7FB2EF96310F1496ACDD565F28EC774C842CF88
                        Function 00535820 Relevance: .2, Instructions: 163COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8a11daa47a7d69353c99c821e78e3b9b53ee1c107891741aefd9b64e43f88a31
                        • Instruction ID: 61a64d24f9ad8c78b7776e67ca3602f27e87a06a2bc446e41714b6fcdd937958
                        • Opcode Fuzzy Hash: 8a11daa47a7d69353c99c821e78e3b9b53ee1c107891741aefd9b64e43f88a31
                        • Instruction Fuzzy Hash: 2651AFB5A047019FC714DF28C880A26FBE5FF89328F19566CE8999B352E731EC45CB91
                        Function 005591E0 Relevance: .2, Instructions: 159COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bf8f8fac3a3c9785bee5d6854f7dc3084c0e2ce5e5813d35097e19fa30a1d290
                        • Instruction ID: 30e741ed11b867885f14668e0e4b8454e000915ccb869e5092e0b6c7e3e7720f
                        • Opcode Fuzzy Hash: bf8f8fac3a3c9785bee5d6854f7dc3084c0e2ce5e5813d35097e19fa30a1d290
                        • Instruction Fuzzy Hash: 5B41FE32419B23CBC320DF68C4901ABB7B2FF99781B5A896CC9805B374DB756C96D781
                        Function 00574380 Relevance: .2, Instructions: 154COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 51f2ca3cca8d6e684fafaf8759e642a221ab5aec0be8d7de7d913c71f4cfffec
                        • Instruction ID: 86d5e5dba0999a2a0250addc615fd595351d2ea86ee231155d1d35abc68e4e2b
                        • Opcode Fuzzy Hash: 51f2ca3cca8d6e684fafaf8759e642a221ab5aec0be8d7de7d913c71f4cfffec
                        • Instruction Fuzzy Hash: F8413935344310ABDB248A58ECC1B367BA6FB94704F19D42CEA896B6A1D771AC04FB81
                        Function 0056B170 Relevance: .1, Instructions: 142COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 50200bad845c8a4f85aee75a3a1319e16584ed67037148c2eaea5f780d08dc2f
                        • Instruction ID: f981882a7027e328b775dd7aae1871d1db91f71a29a2760ca237216f531fe817
                        • Opcode Fuzzy Hash: 50200bad845c8a4f85aee75a3a1319e16584ed67037148c2eaea5f780d08dc2f
                        • Instruction Fuzzy Hash: 1E31667AB443056BE710A924AC96E3BBBDABBD4714F044428FD48D3252F731EC4493A2
                        Function 0054C6E0 Relevance: .1, Instructions: 128COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 702b0289c04bf60292fb1f68883ab8d9d1b8a6ba4153d6696403256870ee27b6
                        • Instruction ID: fb07205b67f090706a8fb6b41e208fa28e7090f012edac7dcb30c4b9698a9a0a
                        • Opcode Fuzzy Hash: 702b0289c04bf60292fb1f68883ab8d9d1b8a6ba4153d6696403256870ee27b6
                        • Instruction Fuzzy Hash: D4410F745063009BE3249F14C846BEBBBE4FFCA724F004A1CF9959B2D1E3B49941DBA2
                        Function 0053C960 Relevance: .1, Instructions: 106COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2e39b47d5e8a9fdadff90607e363d12ddf690496f365585e828c43316a0f8579
                        • Instruction ID: cd5a4c126536c26962d315343d6d801476d16b64237a4a42053493e54de381ae
                        • Opcode Fuzzy Hash: 2e39b47d5e8a9fdadff90607e363d12ddf690496f365585e828c43316a0f8579
                        • Instruction Fuzzy Hash: 2631082A8496F546D332C93D84A046DBF907D97264BD942EED8F11F783C542898693E1
                        Function 0054C8CE Relevance: .1, Instructions: 94COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: eee72609a4609997e9bff5ffebf209aa822586a0bea3241aa44c8291abc3d935
                        • Instruction ID: dc6b680c4ebfa5df5a01f33434436de91211fb7159c7ea0e45552f0cf2940c68
                        • Opcode Fuzzy Hash: eee72609a4609997e9bff5ffebf209aa822586a0bea3241aa44c8291abc3d935
                        • Instruction Fuzzy Hash: CD319FB15093418BC7348F24C4523EBBBB0FFE6368F14991DE4C99B291E7749981CB96
                        Function 00539F9C Relevance: .1, Instructions: 66COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c4a31cd2c765f438286ec87ebb029bf27023c46ce5a05e09c2d7eec7aee2c8a4
                        • Instruction ID: b28bda7a8e8369d5d581a670cc438705ae6c946f281de6b7a4c9fd2263a5ee4d
                        • Opcode Fuzzy Hash: c4a31cd2c765f438286ec87ebb029bf27023c46ce5a05e09c2d7eec7aee2c8a4
                        • Instruction Fuzzy Hash: 4021BB32B10A604BE7488F66DCD82167752FFD9224F198224EAD6973E6C670EC11E641
                        Function 00567CA0 Relevance: .1, Instructions: 64COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                        • Instruction ID: 57e3d75a660b894d7765a5a0f2aa869dece5cc91b2e213f6db2984caae7e09bc
                        • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                        • Instruction Fuzzy Hash: 5E11E933A491D80ED3168D3C8400579BFA32F97638B194399F4B49B2D2D6228D8B8354
                        Function 00570E3A Relevance: .1, Instructions: 64COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0b919f65ac9b890f3b8fbbbfe3b67087b1cfc9857295b27677cb622f38d134e5
                        • Instruction ID: a4216e3d79eb9f6767056f33a6a12da8296d05163b9e50f08625be802f45bfbd
                        • Opcode Fuzzy Hash: 0b919f65ac9b890f3b8fbbbfe3b67087b1cfc9857295b27677cb622f38d134e5
                        • Instruction Fuzzy Hash: BE11C4346052408FC74CDB28D471A2EBBB3F795205F84A86EE4D3D7B64C7389406EB45
                        Function 00539FA8 Relevance: .1, Instructions: 64COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b97a02c6880d7c322ad270e9174870a63f889e1f264c87aa16298b0a6465acab
                        • Instruction ID: 02774b3cf358c6c5ef034a17bf06d38b89becbf52234c3845cef53433d16fd9f
                        • Opcode Fuzzy Hash: b97a02c6880d7c322ad270e9174870a63f889e1f264c87aa16298b0a6465acab
                        • Instruction Fuzzy Hash: 0411E932B10A604BE7488F66DC981267752FBD9220F1E8224EEDA9B3E6C570FC11E640
                        Function 0055DE70 Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f84c3b131bcf499d63e6b80aa2f1beace20ffa960dffd1ad22babe7e1f8cb60c
                        • Instruction ID: a709c5703cfc3c989f05c4e3a51b77a15694ddb76cc932483e85542feac48943
                        • Opcode Fuzzy Hash: f84c3b131bcf499d63e6b80aa2f1beace20ffa960dffd1ad22babe7e1f8cb60c
                        • Instruction Fuzzy Hash: B5014CF360020257D631AE6494D672BFBBD7BA1705F18442DE8045B202EB65ED4987A1
                        Function 0056FAD0 Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1fe71cd4966500acc2fdd25c161f62d07605346262592898ae795c104513656a
                        • Instruction ID: d68bbfe664534172ceb0ec3d3eb48305e03e06e95b910ed7e80a112eb97afee3
                        • Opcode Fuzzy Hash: 1fe71cd4966500acc2fdd25c161f62d07605346262592898ae795c104513656a
                        • Instruction Fuzzy Hash: E21127B09153804FC744DF24E89052BBAB5EB95348F889C2CE496E7350D734C501CF02
                        Function 00562088 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ae046bc01ad51b7d2297424f866760727cfade99e43d2eba7de9acdc0f4498e1
                        • Instruction ID: a60069f91b4fb38fe75530c8856c5c64ce3e8c8842d3c2350b9004403a16b93d
                        • Opcode Fuzzy Hash: ae046bc01ad51b7d2297424f866760727cfade99e43d2eba7de9acdc0f4498e1
                        • Instruction Fuzzy Hash: D611E0B45487408FD750DF28D48878ABBE0FB48304F1488ADE89DCB346D77AE589DB91
                        Function 0055AA60 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 674a2c8c57045f5865a45df1d03ec2eb3823fb7e5e74011830a8270f42a10e79
                        • Instruction ID: d2153f41015c2df0ff1c535531a8e9eaaf4f357dcd74be017565df5f255f8cc3
                        • Opcode Fuzzy Hash: 674a2c8c57045f5865a45df1d03ec2eb3823fb7e5e74011830a8270f42a10e79
                        • Instruction Fuzzy Hash: D6019AB09093849AD2449F65C8A561BFFE4AB92314F505D2CF1E68B290CBB98409CF52
                        Function 00571648 Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cf1fcfe414830280fcd0a819e510521dc50950380f53a0fb09864be9074c08c6
                        • Instruction ID: 790651d7fc289012330649ae05f83b3d5cbf73b488f20b94c3d9c841d4adb4b2
                        • Opcode Fuzzy Hash: cf1fcfe414830280fcd0a819e510521dc50950380f53a0fb09864be9074c08c6
                        • Instruction Fuzzy Hash: 52F0A7B2C066508EC304DF25D455466BAA3A7E9610F55D92CC5D5ABA50CB319404DBC7
                        Function 0056C6D0 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                        • Instruction ID: 34c9decc45d663d3796e9f41492446986ab8f97e95468acfc0978673a84301ea
                        • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                        • Instruction Fuzzy Hash: 37D05E2160826146AB648E1DE400977FBE0FA87B51B49A55EF5C2E3248D630DC41D2AD
                        Function 005644AC Relevance: 52.7, APIs: 1, Strings: 29, Instructions: 163memoryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 207 5644ac-5644fa 208 5644ff-56450d 207->208 208->208 209 56450f-564516 208->209 210 564518-56451b 209->210 211 564572-564785 SysAllocString 210->211 212 56451d-564570 210->212 213 56478a-564798 211->213 212->210 213->213 214 56479a 213->214 215 56479c-56479f 214->215 216 5647d2-564836 215->216 217 5647a1-5647d0 215->217 217->215
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: AllocString
                        • String ID: 0$A$C$E$E$E$G$I$L$M$O$V$X$a$c$d$e$g$i$k$m$o$q$s$u$w$y${$}
                        • API String ID: 2525500382-1585318030
                        • Opcode ID: ce92517493f49c43e22cf9e28b1ad0d635b64c657965b9cfbba11e4b2090db17
                        • Instruction ID: 017bef5d3d126050078d62f478a442a3c0682bfa403b30651bad728f742623cc
                        • Opcode Fuzzy Hash: ce92517493f49c43e22cf9e28b1ad0d635b64c657965b9cfbba11e4b2090db17
                        • Instruction Fuzzy Hash: A691092150D7C189E332C73C880879BBED16BA3224F088B9DD5ED9B2D2C7B90449D767
                        Function 005640F6 Relevance: 26.4, APIs: 1, Strings: 14, Instructions: 104COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: InitVariant
                        • String ID: @$A$C$E$G$I$K$M$O$q$s$u$w$y
                        • API String ID: 1927566239-3739842773
                        • Opcode ID: b8132e04b82f1f5a96f492b4655946a41693e3cdf8f46c9d48cfa0b519984709
                        • Instruction ID: d10f2cb432f39694cc3188e879f3185e3c7a7443efe869d21b0eb2632b064c57
                        • Opcode Fuzzy Hash: b8132e04b82f1f5a96f492b4655946a41693e3cdf8f46c9d48cfa0b519984709
                        • Instruction Fuzzy Hash: 3651457150C7C08AE325CB38845879EBFD16BE6324F184A9DE4E94B3E2C7B88845CB53
                        Function 005642D4 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 94COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: Variant$ClearInit
                        • String ID: !$($-$-$2$3$7$8$=$?
                        • API String ID: 2610073882-1101923984
                        • Opcode ID: f101b73bafdcadad2ebd09975bd689096d1b6fad47d96125deb3c9fde639bc13
                        • Instruction ID: a1b4b3deb4da8e18cfb4ea2e1fc38bf30f2ac9e5b2c3878b5e148e766d8c6c52
                        • Opcode Fuzzy Hash: f101b73bafdcadad2ebd09975bd689096d1b6fad47d96125deb3c9fde639bc13
                        • Instruction Fuzzy Hash: DA41467150C7C18FD3219B38884869EBFE16BA6324F094E9DE5E4873D2CBB5844ACB53
                        Function 0054CBE6 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 273threadCOMMON
                        Download Yara Rule
                        APIs
                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 0054CCA3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: ProcessThreadWindow
                        • String ID: ;:54$TU
                        • API String ID: 1653199695-2129887498
                        • Opcode ID: 6953b1dd805173db48b251643a496aa4b027984a20de2a02e7eaf248a55eb394
                        • Instruction ID: 001ffd99b3ddd9b35363be2c4c054144cb8f06f1e0e400fd9e963618dbe3be62
                        • Opcode Fuzzy Hash: 6953b1dd805173db48b251643a496aa4b027984a20de2a02e7eaf248a55eb394
                        • Instruction Fuzzy Hash: 4F910771608301CFE710CF24E88576BBBB6FFD5714F198828E58897261E334E989EB52
                        Function 005656A7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2917609551.0000000000531000.00000020.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                        • Associated: 00000000.00000002.2917549443.0000000000530000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917660057.0000000000576000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917680204.0000000000579000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917700727.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2917724998.0000000000589000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_530000_Setup.jbxd
                        Similarity
                        • API ID: MetricsSystem
                        • String ID:
                        • API String ID: 4116985748-3916222277
                        • Opcode ID: 226edaec051b865d6b63e7a9ebbf2bd61312a9e35e26d42ddd7252df864b796b
                        • Instruction ID: d5dd66dd0178092992e5d9322667d808dd5b0193107d3b4571cf935306053427
                        • Opcode Fuzzy Hash: 226edaec051b865d6b63e7a9ebbf2bd61312a9e35e26d42ddd7252df864b796b
                        • Instruction Fuzzy Hash: 153182B49147048FDB40EF6DE98961EBBF4BB88304F11852DE488DB361DB749D88DB92