Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe
Analysis ID:1500505
MD5:f4d6d6ea62cb666b6fee9d00bdb77350
SHA1:7e02b9be8a9ab7f3c6f371d2ff930a7de43fa272
SHA256:f1afd0fa63ba265a10d59a7407b0341f7d93ca6a903ad861efb02cfbc6c0d67e
Tags:exe
Infos:

Detection

LummaC
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Sample uses string decryption to hide its real strings
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the clipboard data
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Program does not show much activity (idle)
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["miracledzmnqwui.shop", "millyscroqwp.shop", "evoliutwoqm.shop", "caffegclasiqwp.shop", "traineiwnqo.shop", "locatedblsoqp.shop", "stagedchheiqwo.shop", "stamppreewntnq.shop", "condedqpwqm.shop"], "Build id": "WpM2Co--SUSELL"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.binstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeAvira: detected
    Antivirus detection for URL or domain
    Source: locatedblsoqp.shopAvira URL Cloud: Label: phishing
    Source: millyscroqwp.shopAvira URL Cloud: Label: malware
    Source: condedqpwqm.shopAvira URL Cloud: Label: phishing
    Source: traineiwnqo.shopAvira URL Cloud: Label: malware
    Source: caffegclasiqwp.shopAvira URL Cloud: Label: malware
    Source: miracledzmnqwui.shopAvira URL Cloud: Label: phishing
    Source: stamppreewntnq.shopAvira URL Cloud: Label: phishing
    Source: stagedchheiqwo.shopAvira URL Cloud: Label: phishing
    Found malware configuration
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeMalware Configuration Extractor: LummaC {"C2 url": ["miracledzmnqwui.shop", "millyscroqwp.shop", "evoliutwoqm.shop", "caffegclasiqwp.shop", "traineiwnqo.shop", "locatedblsoqp.shop", "stagedchheiqwo.shop", "stamppreewntnq.shop", "condedqpwqm.shop"], "Build id": "WpM2Co--SUSELL"}
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.7% probability
    Sample uses string decryption to hide its real strings
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeString decryptor: caffegclasiqwp.shop
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeString decryptor: stamppreewntnq.shop
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeString decryptor: stagedchheiqwo.shop
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeString decryptor: millyscroqwp.shop
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeString decryptor: evoliutwoqm.shop
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeString decryptor: condedqpwqm.shop
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeString decryptor: traineiwnqo.shop
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeString decryptor: locatedblsoqp.shop
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeString decryptor: miracledzmnqwui.shop
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeString decryptor: lid=%s&j=%s&ver=4.0
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeString decryptor: TeslaBrowser/5.5
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeString decryptor: - Screen Resoluton:
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeString decryptor: - Physical Installed Memory:
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeString decryptor: Workgroup: -
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeString decryptor: WpM2Co--SUSELL
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov word ptr [esi], ax0_2_006B4066
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_006B4066
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0068B000
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_006900CB
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov byte ptr [eax+02h], 00000000h0_2_006B2080
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00694160
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov byte ptr [ecx], al0_2_00694160
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then push 00000000h0_2_00694160
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_006A0120
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], 625B6034h0_2_0069C1E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_006B09A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0069FA7F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_006B6250
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then jmp edx0_2_00699A55
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov ecx, dword ptr [esp]0_2_00699A55
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_006A9A30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0069C219
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov ecx, dword ptr [esp+04h]0_2_0068A2A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]0_2_0069EB5F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov dword ptr [esi+04h], ecx0_2_006A3300
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_006A3300
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov byte ptr [eax], cl0_2_006A3300
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov byte ptr [edi], al0_2_006A3BC9
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_00692BC0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov eax, dword ptr [esi]0_2_006923AD
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov eax, ebp0_2_00686B80
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov eax, ebp0_2_00686B80
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov byte ptr [ecx], al0_2_006A3C24
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov eax, dword ptr [esp+18h]0_2_00693555
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then cmp byte ptr [edi], 00000000h0_2_0068EDDF
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00698580
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov byte ptr [ecx], al0_2_006A4D86
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov word ptr [ebx], cx0_2_00692D9D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov ecx, dword ptr [esp+08h]0_2_0069E594
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then lea eax, dword ptr [esp+20h]0_2_0069CE70
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then movzx eax, word ptr [ebx]0_2_006B6E10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov byte ptr [edi], dl0_2_006A3E16
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_0069AEBD
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_006B66B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_006A0710
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then cmp byte ptr [esi], 00000000h0_2_0068EFE0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov eax, dword ptr [esp+48h]0_2_0068EFE0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov word ptr [eax], cx0_2_006987E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov word ptr [esi], cx0_2_0069A7D8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_0069A7D8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00698F9A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then cmp byte ptr [edi], 00000000h0_2_00698F9A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then jmp edx0_2_00698F9A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 4x nop then mov ecx, dword ptr [esp]0_2_00698F9A

    Networking

    barindex
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: miracledzmnqwui.shop
    Source: Malware configuration extractorURLs: millyscroqwp.shop
    Source: Malware configuration extractorURLs: evoliutwoqm.shop
    Source: Malware configuration extractorURLs: caffegclasiqwp.shop
    Source: Malware configuration extractorURLs: traineiwnqo.shop
    Source: Malware configuration extractorURLs: locatedblsoqp.shop
    Source: Malware configuration extractorURLs: stagedchheiqwo.shop
    Source: Malware configuration extractorURLs: stamppreewntnq.shop
    Source: Malware configuration extractorURLs: condedqpwqm.shop
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006A97F0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_006A97F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006A97F0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_006A97F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006B40660_2_006B4066
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006B58300_2_006B5830
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006810000_2_00681000
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_0068181C0_2_0068181C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006941600_2_00694160
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006B51100_2_006B5110
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_0069C1E00_2_0069C1E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006A01C00_2_006A01C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_00690A4B0_2_00690A4B
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_0069CA400_2_0069CA40
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_00699A550_2_00699A55
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006912200_2_00691220
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006B2A300_2_006B2A30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_00684A100_2_00684A10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_00690B4D0_2_00690B4D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006A53420_2_006A5342
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_0069EB5F0_2_0069EB5F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006AEB210_2_006AEB21
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006A33000_2_006A3300
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006B6B000_2_006B6B00
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_00687BE00_2_00687BE0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_0069DBA20_2_0069DBA2
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006853B00_2_006853B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_00686B800_2_00686B80
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006ADB800_2_006ADB80
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006A3C240_2_006A3C24
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_00683C300_2_00683C30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006B54E00_2_006B54E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_0068CC800_2_0068CC80
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006824800_2_00682480
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006B54920_2_006B5492
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_00691D500_2_00691D50
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006935550_2_00693555
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_0068C5100_2_0068C510
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_0068B5E00_2_0068B5E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_0069CE700_2_0069CE70
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_00685E400_2_00685E40
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006B6E100_2_006B6E10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006886F00_2_006886F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_0069DF690_2_0069DF69
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_0069CF420_2_0069CF42
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006877500_2_00687750
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006A07100_2_006A0710
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_0068EFE00_2_0068EFE0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_0068BFE10_2_0068BFE1
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_0069A7D80_2_0069A7D8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006B4FB00_2_006B4FB0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_00681F980_2_00681F98
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_00698F9A0_2_00698F9A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: String function: 006899A0 appears 105 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: String function: 006891D0 appears 44 times
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: classification engineClassification label: mal88.troj.evad.winEXE@1/0@0/0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006A8918 CoCreateInstance,0_2_006A8918
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeSection loaded: apphelp.dllJump to behavior
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeAPI coverage: 7.1 %
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeAPI call chain: ExitProcess graph end nodegraph_0-11456
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exeCode function: 0_2_006B3FA0 LdrInitializeThunk,0_2_006B3FA0
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: caffegclasiqwp.shop
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: stamppreewntnq.shop
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: stagedchheiqwo.shop
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: millyscroqwp.shop
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: evoliutwoqm.shop
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: condedqpwqm.shop
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: traineiwnqo.shop
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: locatedblsoqp.shop
    Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: miracledzmnqwui.shop

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.binstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.binstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    PowerShell    		1
    DLL Side-Loading    		1
    DLL Side-Loading    		11
    Deobfuscate/Decode Files or Information    		OS Credential Dumping2
    System Information Discovery    		Remote Services1
    Archive Collected Data    		1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    DLL Side-Loading    		LSASS MemoryApplication Window DiscoveryRemote Desktop Protocol2
    Clipboard Data    		1
    Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
    Obfuscated Files or Information    		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe100%AviraTR/Crypt.XPACK.Gen

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    locatedblsoqp.shop100%Avira URL Cloudphishing
    millyscroqwp.shop100%Avira URL Cloudmalware
    condedqpwqm.shop100%Avira URL Cloudphishing
    traineiwnqo.shop100%Avira URL Cloudmalware
    caffegclasiqwp.shop100%Avira URL Cloudmalware
    evoliutwoqm.shop0%Avira URL Cloudsafe
    miracledzmnqwui.shop100%Avira URL Cloudphishing
    stamppreewntnq.shop100%Avira URL Cloudphishing
    stagedchheiqwo.shop100%Avira URL Cloudphishing

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    miracledzmnqwui.shoptrue
    • Avira URL Cloud: phishing
    		unknown
    locatedblsoqp.shoptrue
    • Avira URL Cloud: phishing
    		unknown
    caffegclasiqwp.shoptrue
    • Avira URL Cloud: malware
    		unknown
    millyscroqwp.shoptrue
    • Avira URL Cloud: malware
    		unknown
    stamppreewntnq.shoptrue
    • Avira URL Cloud: phishing
    		unknown
    condedqpwqm.shoptrue
    • Avira URL Cloud: phishing
    		unknown
    evoliutwoqm.shoptrue
    • Avira URL Cloud: safe
    		unknown
    stagedchheiqwo.shoptrue
    • Avira URL Cloud: phishing
    		unknown
    traineiwnqo.shoptrue
    • Avira URL Cloud: malware
    		unknown

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1500505
    Start date and time:2024-08-28 15:28:05 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 3m 51s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:5
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe
    Detection:MAL
    Classification:mal88.troj.evad.winEXE@1/0@0/0
    EGA Information:
    • Successful, ratio: 100%
    HCA Information:
    • Successful, ratio: 93%
    • Number of executed functions: 5
    • Number of non-executed functions: 82
    Cookbook Comments:
    • Found application associated with file extension: .exe

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
    • Not all processes where analyzed, report is missing behavior information
    • VT rate limit hit for: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:PE32 executable (GUI) Intel 80386, for MS Windows
    Entropy (8bit):6.689734292138719
    TrID:
    • Win32 Executable (generic) a (10002005/4) 99.96%
    • Generic Win/DOS Executable (2004/3) 0.02%
    • DOS Executable Generic (2002/1) 0.02%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe
    File size:274'432 bytes
    MD5:f4d6d6ea62cb666b6fee9d00bdb77350
    SHA1:7e02b9be8a9ab7f3c6f371d2ff930a7de43fa272
    SHA256:f1afd0fa63ba265a10d59a7407b0341f7d93ca6a903ad861efb02cfbc6c0d67e
    SHA512:a0a0c08d3c3f66abf51143246e22362b6572338fd66f5b4a1534df42644177f32ab147458219fd81c49155e059c41e1e032b38283fd29afde487ed70efa79d21
    SSDEEP:6144:jiYdiGs/ROvwXbkynLIyqoQ8+64GnWb4bYtdhrKNRO7Eyyym:eygROD22O3ZGdZD7Eyyym
    TLSH:2A447C0AEBA381B1EC06447921EAF77B4A3562174338CDD3DBD0CF94E956BE250B9607
    File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......f.................f..........0.............@.......................................@.................................)...x..

    File Icon

    Icon Hash:90cececece8e8eb0

    Static PE Info

    General

    Entrypoint:0x409930
    Entrypoint Section:.text
    Digitally signed:false
    Imagebase:0x400000
    Subsystem:windows gui
    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Time Stamp:0x66CCECB3 [Mon Aug 26 20:59:31 2024 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:6
    OS Version Minor:0
    File Version Major:6
    File Version Minor:0
    Subsystem Version Major:6
    Subsystem Version Minor:0
    Import Hash:9fd5b8944ce9c3acaedc650793d4996e

    Entrypoint Preview

    Instruction
    push ebp
    mov ebp, esp
    push esi
    call 00007FD294E08C8Ch
    sub esp, 3Ch
    mov esi, esp
    call 00007FD294E326F2h
    test al, 01h
    jne 00007FD294E08C24h
    jmp 00007FD294E08C65h
    call dword ptr [0043A554h]
    call 00007FD294E28F81h
    test al, 01h
    jne 00007FD294E08C24h
    jmp 00007FD294E08C4Dh
    xor eax, eax
    sub esp, 08h
    mov dword ptr [esp], 00000000h
    mov dword ptr [esp+04h], esi
    call dword ptr [0043A584h]
    call 00007FD294E09AC0h
    test al, 01h
    jne 00007FD294E08C24h
    jmp 00007FD294E08C2Ch
    call 00007FD294E0C0A5h
    call 00007FD294E0AF90h
    call 00007FD294E3315Bh
    jmp 00007FD294E08C22h
    xor eax, eax
    sub esp, 04h
    mov dword ptr [esp], 00000000h
    call dword ptr [0043A550h]
    int3
    int3
    ret
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    push ebx
    push edi
    push esi
    mov esi, ecx
    movzx edx, byte ptr [esp+10h]
    lea edi, dword ptr [ecx+04h]
    lea ebx, dword ptr [ecx+10h]
    xor eax, eax
    mov ecx, 00000018h
    rep stosd
    mov byte ptr [esi], dl
    mov dword ptr [esi+08h], 00000009h
    push 00000400h
    push 00000000h
    push ebx
    call 00007FD294E04DC6h
    add esp, 0Ch
    mov eax, esi
    pop esi
    pop edi
    pop ebx
    retn 0004h
    int3
    int3
    int3
    int3
    int3
    int3
    add ecx, 10h
    push ecx
    call 00007FD295E0665Ch

    Data Directories

    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IMPORT0x3a4290x78.rdata
    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
    IMAGE_DIRECTORY_ENTRY_BASERELOC0x4a0000x4240.reloc
    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0x3a54c0xa8.rdata
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

    Sections

    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000x3649c0x36600485d4006146f902fcb94783089aedf7dFalse0.5153915229885058data6.511944645510047IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .rdata0x380000x28550x2a0017e03abb253bf128114b66695796d82dFalse0.49758184523809523data6.665451820114705IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .data0x3b0000xed5c0x580090ec344ebd98e07306be596fe06c6fe9False0.4140625data5.706481064277128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .reloc0x4a0000x42400x4400e21fe24b8bc0da84929db99f35b840ffFalse0.38631663602941174data6.34879881472066IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

    Imports

    DLLImport
    KERNEL32.dllCopyFileW, ExitProcess, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetLogicalDrives, GetSystemDirectoryW, GlobalLock, GlobalUnlock
    USER32.dllCloseClipboard, GetClipboardData, GetDC, GetSystemMetrics, GetWindowInfo, GetWindowLongW, OpenClipboard, ReleaseDC
    ole32.dllCoCreateInstance, CoInitializeEx, CoInitializeSecurity, CoSetProxyBlanket, CoUninitialize
    GDI32.dllBitBlt, CreateCompatibleBitmap, CreateCompatibleDC, DeleteDC, DeleteObject, GetCurrentObject, GetDIBits, GetObjectW, SelectObject, StretchBlt
    OLEAUT32.dllSysAllocString, SysFreeString, SysStringLen, VariantClear, VariantInit

    Network Behavior

    No network behavior found

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:09:28:56
    Start date:28/08/2024
    Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe
    Wow64 process (32bit):true
    Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe"
    Imagebase:0x680000
    File size:274'432 bytes
    MD5 hash:F4D6D6EA62CB666B6FEE9D00BDB77350
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:false

    Disassembly

    Reset < >

      Execution Graph

      Execution Coverage:1.3%
      Dynamic/Decrypted Code Coverage:0%
      Signature Coverage:26.9%
      Total number of Nodes:52
      Total number of Limit Nodes:7
      execution_graph 11449 6b3de3 11450 6b3e5a LoadLibraryExW 11449->11450 11451 6b3e21 11449->11451 11452 6b3e69 11450->11452 11451->11450 11453 689930 11454 689939 11453->11454 11455 689949 GetCurrentProcess 11454->11455 11456 689947 ExitProcess 11454->11456 11458 689954 11455->11458 11459 689958 11458->11459 11460 68995a GetWindowInfo 11458->11460 11477 6b3ec0 11459->11477 11468 68a810 11460->11468 11463 689975 11463->11459 11464 68997b 11463->11464 11473 68ce00 11464->11473 11472 68a865 11468->11472 11469 68ad48 CoInitializeEx 11470 68ad5a CoInitializeSecurity 11469->11470 11471 68ad7a 11469->11471 11470->11471 11471->11463 11472->11469 11472->11471 11476 68ce41 11473->11476 11474 68d30c 11475 68d274 GetSystemDirectoryW 11475->11476 11476->11474 11476->11475 11480 6b4f90 11477->11480 11479 6b3ec5 FreeLibrary 11479->11456 11481 6b4f99 11480->11481 11481->11479 11482 6b2111 11483 6b2117 RtlAllocateHeap 11482->11483 11484 6ada21 11486 6ada66 11484->11486 11485 6adaa8 11486->11485 11488 6b3fa0 LdrInitializeThunk 11486->11488 11488->11486 11489 6b6340 11490 6b6365 11489->11490 11493 6b63df 11490->11493 11495 6b3fa0 LdrInitializeThunk 11490->11495 11492 6b64ae 11493->11492 11496 6b3fa0 LdrInitializeThunk 11493->11496 11495->11493 11496->11492 11497 6b5ef0 11499 6b5f10 11497->11499 11498 6b605e 11499->11498 11501 6b3fa0 LdrInitializeThunk 11499->11501 11501->11498 11502 6b4066 11503 6b43ae 11502->11503 11510 6b4079 11502->11510 11504 6b447e 11503->11504 11509 6b44be 11503->11509 11513 6b3fa0 LdrInitializeThunk 11503->11513 11504->11509 11514 6b3fa0 LdrInitializeThunk 11504->11514 11506 6b47cd 11509->11506 11515 6b3fa0 LdrInitializeThunk 11509->11515 11510->11503 11510->11504 11510->11509 11512 6b3fa0 LdrInitializeThunk 11510->11512 11512->11503 11513->11504 11514->11509 11515->11509

      Executed Functions

      Function 006B4066 Relevance: 5.6, Strings: 4, Instructions: 573COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 0 6b4066-6b4072 1 6b40fa 0->1 2 6b4079-6b4092 0->2 3 6b43e9-6b4417 0->3 4 6b421e-6b4264 0->4 5 6b43de-6b43e0 0->5 6 6b40d1-6b40d7 0->6 7 6b4100-6b4129 0->7 8 6b4140-6b4199 0->8 9 6b41a6-6b41b3 0->9 1->7 12 6b40ca-6b40cf 2->12 13 6b4094 2->13 14 6b4419 3->14 15 6b444c-6b4457 3->15 17 6b429a-6b42a8 4->17 18 6b4266 4->18 5->3 16 6b40da-6b40f3 call 6b5cf0 6->16 7->8 8->9 10 6b41ea-6b41f5 9->10 11 6b41b5 9->11 20 6b4211-6b4219 10->20 21 6b41f7-6b41ff 10->21 19 6b41c0-6b41e8 11->19 12->16 28 6b40a0-6b40c8 13->28 22 6b4420-6b444a 14->22 23 6b4459-6b4461 15->23 24 6b44b2-6b44b7 15->24 16->1 16->3 16->4 16->5 16->7 16->8 16->9 38 6b44be-6b44c0 16->38 43 6b44c5 16->43 26 6b42aa-6b42af 17->26 27 6b42c1 17->27 25 6b4270-6b4298 18->25 19->10 19->19 31 6b42c6-6b42d6 call 6b33f0 20->31 30 6b4200-6b420f 21->30 22->15 22->22 32 6b4470-6b4477 23->32 35 6b44cb-6b44df call 6b4800 24->35 36 6b44fa-6b4508 24->36 37 6b450f-6b452f 24->37 24->38 39 6b457c-6b458b 24->39 40 6b44e0-6b44f1 call 6b4800 24->40 41 6b4590-6b4599 24->41 42 6b4576 24->42 24->43 44 6b45a5-6b45c1 24->44 25->17 25->25 34 6b42b0-6b42bf 26->34 27->31 28->12 28->28 30->20 30->30 67 6b42d8-6b42db 31->67 68 6b42f1-6b434a 31->68 47 6b4479-6b447c 32->47 48 6b4483-6b448c 32->48 34->27 34->34 35->40 36->37 36->39 36->41 36->42 36->44 53 6b456a-6b4574 37->53 54 6b4531 37->54 50 6b464c-6b466b 38->50 39->41 40->36 41->44 42->39 43->35 45 6b45fe-6b4606 44->45 46 6b45c3 44->46 45->50 56 6b4608-6b4613 45->56 55 6b45d0-6b45fc 46->55 47->32 57 6b447e-6b4481 47->57 48->24 58 6b448e-6b44aa call 6b3fa0 48->58 60 6b469e-6b46a9 50->60 61 6b466d-6b466f 50->61 53->44 64 6b4540-6b4568 54->64 55->45 55->55 65 6b4620-6b4627 56->65 57->24 74 6b44af 58->74 70 6b46ab-6b46b6 60->70 71 6b46dc-6b46de 60->71 69 6b4670-6b469c 61->69 64->53 64->64 72 6b4629-6b462c 65->72 73 6b4630-6b4636 65->73 75 6b42e0-6b42ef 67->75 76 6b437c-6b4387 68->76 77 6b434c-6b434f 68->77 69->60 69->69 78 6b46c0-6b46c7 70->78 79 6b4899 71->79 80 6b4929 71->80 81 6b47cd 71->81 82 6b4703 71->82 83 6b47f2 71->83 84 6b4812 71->84 85 6b47e0 71->85 86 6b47f0 71->86 87 6b4917 71->87 88 6b46e5 71->88 89 6b47e4 71->89 72->65 90 6b462e 72->90 73->50 91 6b4638-6b4644 call 6b3fa0 73->91 74->24 75->68 75->75 95 6b4389-6b4391 76->95 96 6b43cf-6b43d7 76->96 92 6b4350-6b437a 77->92 93 6b46c9-6b46cc 78->93 94 6b46d0-6b46d6 78->94 79->87 81->85 97 6b4790-6b479a call 6b3fa0 82->97 83->84 84->79 85->89 86->83 87->80 88->82 89->86 90->50 102 6b4649 91->102 92->76 92->92 93->78 99 6b46ce 93->99 94->71 94->97 100 6b43a0-6b43a7 95->100 96->3 96->5 96->35 96->36 96->37 96->38 96->39 96->40 96->41 96->42 96->43 96->44 105 6b479f-6b47a4 97->105 99->71 103 6b43a9-6b43ac 100->103 104 6b43b0-6b43b6 100->104 102->50 103->100 106 6b43ae 103->106 104->96 107 6b43b8-6b43c7 call 6b3fa0 104->107 105->79 105->80 105->81 105->82 105->83 105->84 105->85 105->86 105->87 105->88 105->89 106->96 109 6b43cc 107->109 109->96
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: %sgh$0mrs$4`[b$Gk
      • API String ID: 0-267697516
      • Opcode ID: a789c746330a5248e324c7b3d943026d4de3a41176b798f2495fa865d80d91c9
      • Instruction ID: 11fe97a88edd3424f3e799cc8be9bcc5347e722171c5bd7126b7d92c05a32414
      • Opcode Fuzzy Hash: a789c746330a5248e324c7b3d943026d4de3a41176b798f2495fa865d80d91c9
      • Instruction Fuzzy Hash: 66127FB4A01216DFDB14CF88D890BBEB7B2FF46300F645558D452AB392D734AD92CBA4
      Function 006B3FA0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 160 6b3fa0-6b3fd2 LdrInitializeThunk
      APIs
      • LdrInitializeThunk.NTDLL(006B47CA,00000000,00000004,000000FF,00000028,?,0000000C), ref: 006B3FCE
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: InitializeThunk
      • String ID:
      • API String ID: 2994545307-0
      • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
      • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
      • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
      • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
      Function 00689930 Relevance: 4.5, APIs: 3, Instructions: 32COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 110 689930-689945 call 6899a0 call 6b3410 115 689949-68994f GetCurrentProcess call 6a9cb0 110->115 116 689947 110->116 119 689954-689956 115->119 117 68998c-689998 ExitProcess 116->117 120 689958 119->120 121 68995a-689977 GetWindowInfo call 68a810 119->121 122 689985-68998a call 6b3ec0 120->122 127 689979 121->127 128 68997b-689980 call 68ce00 call 68bcf0 121->128 122->117 127->122 128->122
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: Process$CurrentExit
      • String ID:
      • API String ID: 2333725396-0
      • Opcode ID: 6c561a221609a3914da5d8a3540eb722fc9202f7db62ad8fb0df53ab0364d311
      • Instruction ID: cdc98d483bc63aac3ff551b28f701a6b9ac05a45afe34f6aa8c0821a3e10a9a6
      • Opcode Fuzzy Hash: 6c561a221609a3914da5d8a3540eb722fc9202f7db62ad8fb0df53ab0364d311
      • Instruction Fuzzy Hash: 55F0A7B14082108ACFA03BB08A0737DBBA75F02311F0C072DFD4261211EB384A4647BB
      Function 006B3DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 132 6b3de3-6b3e1f 133 6b3e5a-6b3e67 LoadLibraryExW 132->133 134 6b3e21 132->134 136 6b3e69-6b3e80 133->136 137 6b3e94-6b3e99 133->137 135 6b3e30-6b3e58 134->135 135->133 135->135 136->137
      APIs
      • LoadLibraryExW.KERNELBASE(?,00000000,00000800), ref: 006B3E62
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: LibraryLoad
      • String ID: s
      • API String ID: 1029625771-453955339
      • Opcode ID: 16667065ff2d037f1108b0f19f84e6d9e842fb31c395b8187ee3a3dbd6642671
      • Instruction ID: ba5ccfa515d38e7642ff8c8a4cce8a3ca4e8265387d62a73172dd7afa63fd06a
      • Opcode Fuzzy Hash: 16667065ff2d037f1108b0f19f84e6d9e842fb31c395b8187ee3a3dbd6642671
      • Instruction Fuzzy Hash: DA11C6B4A002658BDB01CF68C8847EEBBB2BF06701F14081AD596A7391C378A9479F64
      Function 006B2111 Relevance: 1.5, APIs: 1, Instructions: 18memoryCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 158 6b2111-6b2124 RtlAllocateHeap
      APIs
      • RtlAllocateHeap.NTDLL(?,00000000,?,?,00000000), ref: 006B2124
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: AllocateHeap
      • String ID:
      • API String ID: 1279760036-0
      • Opcode ID: 46aa0237317a3159d58b1a2fcd10e2a8ad6b7026c22b7cebfd98aa0584e0ab57
      • Instruction ID: a5fb22cc207dc6d61b7302ee8ec8b31c4d897b59ca398e14e8117ba3eec12ca0
      • Opcode Fuzzy Hash: 46aa0237317a3159d58b1a2fcd10e2a8ad6b7026c22b7cebfd98aa0584e0ab57
      • Instruction Fuzzy Hash: DEB01270146110BCD13113114CD5FFF2C6D9F43F55F102014B204140E00B549001D07D

      Non-executed Functions

      Function 00681000 Relevance: 51.6, Strings: 41, Instructions: 311COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 248 681000-681054 249 68105b-681066 248->249 250 68106d-6815e8 248->250 249->249 249->250 251 6815ea 250->251 252 681635-681657 call 6891f0 250->252 253 6815f0-681633 251->253 256 6817ea 252->256 257 6817ab-6817b8 252->257 258 68166c-681679 252->258 259 6816ae-6816b5 252->259 260 68176e-681774 252->260 261 6816a0-6816a7 252->261 262 681760-681767 252->262 263 68177b-681782 252->263 264 6816bc-6816c2 252->264 265 68173e-681744 252->265 266 6816fe-681705 252->266 267 6817bf-6817cc 252->267 268 6816f0-6816f7 252->268 269 681730-681737 252->269 270 6817f3 252->270 271 6816c9-6816e2 252->271 272 681789-681796 252->272 273 68174b-681758 252->273 274 68170c-681713 252->274 275 681680-68168b 252->275 276 68171a-681721 252->276 277 68179d-6817a4 252->277 278 68165e-681665 252->278 279 681692-681699 252->279 280 6817d3-6817e3 252->280 253->252 253->253 256->270 257->256 257->257 257->258 257->259 257->260 257->261 257->262 257->263 257->264 257->265 257->266 257->267 257->268 257->269 257->270 257->271 257->272 257->273 257->274 257->275 257->276 257->277 257->278 257->279 257->280 258->256 258->257 258->258 258->259 258->260 258->261 258->262 258->263 258->264 258->265 258->266 258->267 258->268 258->269 258->270 258->271 258->272 258->273 258->274 258->275 258->276 258->277 258->278 258->279 258->280 259->256 259->257 259->258 259->260 259->262 259->264 259->265 259->266 259->267 259->270 259->271 259->272 259->273 259->274 259->276 259->277 259->278 259->280 260->256 260->258 260->263 260->270 260->280 261->256 261->257 261->258 261->259 261->260 261->262 261->263 261->264 261->265 261->266 261->267 261->270 261->271 261->272 261->273 261->274 261->276 261->277 261->278 261->280 262->256 262->258 262->260 262->270 262->278 262->280 263->256 263->257 263->258 263->260 263->262 263->265 263->266 263->270 263->272 263->273 263->274 263->276 263->277 263->278 263->280 264->256 264->257 264->258 264->260 264->262 264->265 264->266 264->270 264->271 264->272 264->273 264->274 264->276 264->277 264->278 264->280 265->256 265->258 265->260 265->262 265->266 265->270 265->273 265->274 265->276 265->277 265->278 265->280 266->256 266->258 266->260 266->270 266->274 266->276 266->277 266->278 266->280 267->256 267->257 267->258 267->259 267->260 267->261 267->262 267->263 267->264 267->265 267->266 267->267 267->268 267->269 267->270 267->271 267->272 267->273 267->274 267->275 267->276 267->277 267->278 267->279 267->280 268->256 268->258 268->260 268->262 268->266 268->270 268->274 268->276 268->277 268->278 268->280 269->256 269->257 269->258 269->260 269->262 269->265 269->266 269->270 269->273 269->274 269->276 269->277 269->278 269->280 271->256 271->257 271->258 271->259 271->260 271->261 271->262 271->263 271->264 271->265 271->266 271->267 271->268 271->269 271->270 271->271 271->272 271->273 271->274 271->275 271->276 271->277 271->278 271->279 271->280 272->256 272->257 272->258 272->259 272->260 272->261 272->262 272->263 272->264 272->265 272->266 272->267 272->268 272->269 272->270 272->271 272->272 272->273 272->274 272->275 272->276 272->277 272->278 272->279 272->280 273->256 273->257 273->258 273->259 273->260 273->261 273->262 273->263 273->264 273->265 273->266 273->267 273->268 273->269 273->270 273->271 273->272 273->273 273->274 273->275 273->276 273->277 273->278 273->279 273->280 274->256 274->258 274->260 274->270 274->276 274->278 274->280 275->256 275->257 275->258 275->259 275->260 275->261 275->262 275->263 275->264 275->265 275->266 275->267 275->268 275->269 275->270 275->271 275->272 275->273 275->274 275->276 275->277 275->278 275->279 275->280 276->256 276->258 276->260 276->269 276->270 276->278 276->280 277->256 277->257 277->258 277->260 277->270 277->278 277->280 278->256 278->258 278->270 278->280 279->256 279->257 279->258 279->259 279->260 279->261 279->262 279->263 279->264 279->265 279->266 279->267 279->269 279->270 279->271 279->272 279->273 279->274 279->276 279->277 279->278 279->280 280->256 280->270
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: !$ "%$$'%*+$(m-/$+g/.$4d:l$7567$7698$8g&`$8sv9$:/.)$:;$#$<}"b$AGxy$BC<=$CMC$C{|}$FG@A$FG@A$GIAO$HINI$HO>>$Ixbm$QPW,$[UEK$_QYW$b`om$fg`a$iodV$k}"#$nink$njmm$noc^$o%o3$rytu$tupq$vwpq$zCvw$zwbm$z{tu$.;
      • API String ID: 0-4010080797
      • Opcode ID: e4bebe07603dbde612c883b606a47465da60d17a7272405fab4e2d5b09ed5ce7
      • Instruction ID: 20cccd734ef0d4054cfa9fa0610cb1e6412f93fef4dba6085fba668542d020fe
      • Opcode Fuzzy Hash: e4bebe07603dbde612c883b606a47465da60d17a7272405fab4e2d5b09ed5ce7
      • Instruction Fuzzy Hash: 35F11EB44493C1CFD3348F26E99579BBBA2FB86300F58AE1CD2C90A215D7B55186CF82
      Function 0069AEBD Relevance: 33.0, Strings: 26, Instructions: 488COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 298 69aebd-69aec2 299 69aec9-69aecc 298->299 300 69af2e-69b08a 298->300 301 69ae10 298->301 302 69aef0-69af03 call 6b66b0 298->302 303 69aee0 298->303 304 69af22-69af27 298->304 305 69af06-69af19 call 6b66b0 298->305 299->303 307 69b0c8-69b2ed 300->307 308 69b08c-69b08f 300->308 301->298 302->305 303->302 304->300 304->303 305->304 312 69b329-69b4a6 307->312 313 69b2ef 307->313 311 69b090-69b0c6 308->311 311->307 311->311 316 69b4a8 312->316 317 69b4e7-69b667 312->317 315 69b2f0-69b327 313->315 315->312 315->315 318 69b4b0-69b4e5 316->318 319 69b669 317->319 320 69b69c-69b81f 317->320 318->317 318->318 323 69b670-69b69a 319->323 321 69b869-69b8bc 320->321 322 69b821 320->322 324 69b830-69b867 322->324 323->320 323->323 324->321 324->324
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: $K;M$%ki$'s7u$*/$+($2w0i$4:$8k>m$=?$?o;a$P?m1$T_$];]=$]_$cSam$d7Z)$e3l5$f#k!$o/d-$75$75$SQ$SQ$WU$WU$_]
      • API String ID: 0-3459135169
      • Opcode ID: e7cbffe550842bee9dd3def5399637e951cdd3498273923030d401c9ec5a2ffb
      • Instruction ID: ff47cfcb2c862412e3fe140783cfe16c8cd83818d753e8d7c8acde813e723bfc
      • Opcode Fuzzy Hash: e7cbffe550842bee9dd3def5399637e951cdd3498273923030d401c9ec5a2ffb
      • Instruction Fuzzy Hash: EF420DB8900B56CFD764CF25D58069AFBB1FB05300F549A9CD4AAAFB52C770A482CF91
      Function 006AEB21 Relevance: 19.9, APIs: 7, Strings: 4, Instructions: 627memoryCOMMON
      Download Yara Rule
      APIs
      • SysAllocString.OLEAUT32(?), ref: 006AEB9D
      • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 006AEBE2
      • SysAllocString.OLEAUT32(29DD2BDD), ref: 006AEC5D
      • SysAllocString.OLEAUT32(29DD2BDD), ref: 006AED0D
      • SysFreeString.OLEAUT32(?), ref: 006AED49
      • SysFreeString.OLEAUT32(?), ref: 006AED51
      • SysFreeString.OLEAUT32(?), ref: 006AED62
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: String$AllocFree$BlanketProxy
      • String ID: 4`[b$7654$/.-$j
      • API String ID: 3215672481-2816319521
      • Opcode ID: 04864d780b48802d2644dc43676e6936c224b57cdd2dc894d2256bb50299b325
      • Instruction ID: a7591d1ef9228624713286e6dbad73401d6bb8dd079f77b47cb5f48b65ad2244
      • Opcode Fuzzy Hash: 04864d780b48802d2644dc43676e6936c224b57cdd2dc894d2256bb50299b325
      • Instruction Fuzzy Hash: 6812CDB0600701DFE724DF68D891BAAB7F2FF4A304F108A6CE5969B7A1D775A841CB50
      Function 00694160 Relevance: 14.9, Strings: 11, Instructions: 1151COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: $l$8$IC$OI$RR$VA$_W$`c$s$wu$|w
      • API String ID: 0-2136148622
      • Opcode ID: 416f59ad609f979ab383171c9e243034ecd6d34af4eb24aa2889907636bd4189
      • Instruction ID: ff644658c6988bc954c470a060aaab5948c362fa180eec61777065b8691f30b1
      • Opcode Fuzzy Hash: 416f59ad609f979ab383171c9e243034ecd6d34af4eb24aa2889907636bd4189
      • Instruction Fuzzy Hash: C172A9B010C3808FDB14DF28D491A6BBBE6EF96318F148A5CE0D58B752D739D906CB96
      Function 006A3300 Relevance: 14.0, APIs: 2, Strings: 5, Instructions: 1719COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: ?026$VVOT$WXM,$nLv.$zHPR
      • API String ID: 0-868052677
      • Opcode ID: 2e682e21b1e85c8915dc233b19886bca4f98dca79b6339855fef6ac82dfc7f59
      • Instruction ID: 0bd83099fe828cbfea20a07d7149337048a1105fde27867cdabdc51dada99a61
      • Opcode Fuzzy Hash: 2e682e21b1e85c8915dc233b19886bca4f98dca79b6339855fef6ac82dfc7f59
      • Instruction Fuzzy Hash: 7BE29B70144B828AD325CB39C8907F7BBE2AF52305F18896DD4EB4B782D779A945CF90
      Function 00698F9A Relevance: 13.1, APIs: 1, Strings: 6, Instructions: 866COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: $l$7654$7654$76547654$ZgUY$c_^X
      • API String ID: 0-284707678
      • Opcode ID: 9ada735e2cdacb09a1fbf8cb94455f5fd1c101b4bf0638e6be6d81832ca7c878
      • Instruction ID: 22634cad2b86d77f486c5fbee6bb0888df3eeb3acc3255143c9c1adf86ee5c23
      • Opcode Fuzzy Hash: 9ada735e2cdacb09a1fbf8cb94455f5fd1c101b4bf0638e6be6d81832ca7c878
      • Instruction Fuzzy Hash: FC52E074609342DFDB14CF28D890A6AB7E7FF89314F188A2CE5858B391D734E951CB52
      Function 00682480 Relevance: 10.6, Strings: 8, Instructions: 617COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: .$.$0$[$false$null$true${
      • API String ID: 0-1639024219
      • Opcode ID: 015241651b52ec09145e5ba6f0960e5d7b1283743081280c3226c915096028b5
      • Instruction ID: a3e09bef0d7425c15faf493157e0ccc96babbc74fa6a34ed3477a722e3e3a4fa
      • Opcode Fuzzy Hash: 015241651b52ec09145e5ba6f0960e5d7b1283743081280c3226c915096028b5
      • Instruction Fuzzy Hash: 1D1243B06003079BEB107F25DCA57667BE6AF50308F18873CE98A87392E775D944CB66
      Function 0068B000 Relevance: 10.4, Strings: 8, Instructions: 414COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: *!"#$89$U1\3$W5Y7$X=3?$\9_;$uv<!$wDI{
      • API String ID: 0-4178067683
      • Opcode ID: f8de58398ae1fa26211228f158acc6a09d1c47ea5c8e86684497f29f548c5084
      • Instruction ID: 66563b9fdec067675c5b5344dbe103f329838ccb67cd6a461b1f7083ba9ffae7
      • Opcode Fuzzy Hash: f8de58398ae1fa26211228f158acc6a09d1c47ea5c8e86684497f29f548c5084
      • Instruction Fuzzy Hash: A5E1487010C3809BD311EF18C090A6FBBE2AF8A758F589A5CE4D99B362D335D946CB57
      Function 006A5342 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 676COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: 9NAC$>PF|$EEKL$d
      • API String ID: 0-3477065235
      • Opcode ID: edd62144b7c2abf1df098de0019fbc7b465965ee565795a35bc23509ae734ab6
      • Instruction ID: ca13a75c504cae3467e740b692fec4d9ac373b585b2e49296effa111a4a9cd62
      • Opcode Fuzzy Hash: edd62144b7c2abf1df098de0019fbc7b465965ee565795a35bc23509ae734ab6
      • Instruction Fuzzy Hash: 8C32AE70104B818BD328CF29C490BA7FBE2EF56314F58895DD4EB8BB92D734A945CB54
      Function 0068181C Relevance: 9.4, Strings: 7, Instructions: 654COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: JJJJKRJJJJOLJJJJJJJJUE@JJJEYMFJ]JJJJJJJJJJJJJJacgNJJkmJJEmJJDEJJ$Ql$il$il$il$il${l
      • API String ID: 0-3139052886
      • Opcode ID: 4dee0075b124bfb657ef9ffb6d92ebe1eef4dbf9d7ac63068316d9dd764641ed
      • Instruction ID: d3645c06df313b584bd0b67ced49dc566c237f513cfe329614dc6f075a192467
      • Opcode Fuzzy Hash: 4dee0075b124bfb657ef9ffb6d92ebe1eef4dbf9d7ac63068316d9dd764641ed
      • Instruction Fuzzy Hash: 8D32C3B560C391CFD3148F25E8A136ABBE3FBD6301F08A66DD1C5027A2D7B89589DB41
      Function 0068A2A0 Relevance: 9.1, Strings: 7, Instructions: 371COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: ($0$89$NDFB$dk$sghe$xG}E
      • API String ID: 0-2953008102
      • Opcode ID: 6ac59379aaef3f0e6ecaead6686e7e538c5d20ca28de328d000dc4cf65dd5f99
      • Instruction ID: a7c2a18b459c19c901abafbb5109bb857d3ce55712169dc76d166b086798480b
      • Opcode Fuzzy Hash: 6ac59379aaef3f0e6ecaead6686e7e538c5d20ca28de328d000dc4cf65dd5f99
      • Instruction Fuzzy Hash: 79E114B01083809BE324EF18C490A2FBBF2EF95748F148A1DE5D98B3A1C7759955CB57
      Function 006A97F0 Relevance: 9.1, APIs: 6, Instructions: 116clipboardCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: Clipboard$CloseDataLongOpenWindow
      • String ID:
      • API String ID: 1647500905-0
      • Opcode ID: afe7080fe3e00f79e7b6c6469d7bc5e363a0d19407e97cb60e00f8aaa7cfbf2d
      • Instruction ID: 5ad162c7567b3e219ee7644fa7f0b595d02e2f7a28ceac9a7d8c352f872e7836
      • Opcode Fuzzy Hash: afe7080fe3e00f79e7b6c6469d7bc5e363a0d19407e97cb60e00f8aaa7cfbf2d
      • Instruction Fuzzy Hash: DF41A4B19087928FD721AB7C94443AFBFE19B13320F148E6DD0E697681D2349945CB63
      Function 0068C510 Relevance: 8.0, Strings: 6, Instructions: 471COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: :eJk$kWcU$m[hY$m_d]$|cJa$}c
      • API String ID: 0-328190571
      • Opcode ID: fee34732c7326d5049738897e1501f95c77bcf09e9867796b4b2a566c4d0b80b
      • Instruction ID: 33aec528c4f67438a2d1b920d811bcd48ee95114cffb00e5b97d6deacd8439f8
      • Opcode Fuzzy Hash: fee34732c7326d5049738897e1501f95c77bcf09e9867796b4b2a566c4d0b80b
      • Instruction Fuzzy Hash: 48022FB0109381CBD328DF19D994B6BBBF2EF89700F109A1CE5CA9B251D7719841CBA6
      Function 0068B5E0 Relevance: 8.0, Strings: 6, Instructions: 462COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: AiNo$^e^k$h]]c$oQvW$yI~O$~MbS
      • API String ID: 0-2844769225
      • Opcode ID: 2fd6b70588f86fdaae1101e6722f05f43ca4e1eb74d42d75365443f068317d8e
      • Instruction ID: d92887c92738ec352fbece0c1c27486d75ffb6a0fd6d7d4c5961cab54f1afc13
      • Opcode Fuzzy Hash: 2fd6b70588f86fdaae1101e6722f05f43ca4e1eb74d42d75365443f068317d8e
      • Instruction Fuzzy Hash: 0E1222B1200B41CFE3348F25D895B67BBE6FB45314F109A1CD5EB8BAA4DB74A845CB90
      Function 0069C1E0 Relevance: 6.7, Strings: 5, Instructions: 436COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: 2/$4`[b$4`[b$7654$;'
      • API String ID: 0-2626404024
      • Opcode ID: aaf7b9eca5142bfa0d4a3d2ed6d72fc975d28954643ecade4638b8e11e90ab8e
      • Instruction ID: e9793d3eb00e9b3599a671861ac7ec705fe55d7b8ec5efb4e71fd216b9f5f441
      • Opcode Fuzzy Hash: aaf7b9eca5142bfa0d4a3d2ed6d72fc975d28954643ecade4638b8e11e90ab8e
      • Instruction Fuzzy Hash: 1DE186B420C341DFE724DF18D890A6FBBE6FB86344F54892DE5C58B2A1E7709845CB52
      Function 0069CE70 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 462COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: 4`[b$DD
      • API String ID: 0-2328339180
      • Opcode ID: 84f95faa56faf7852d9dc469f1be9e930f3acd7bd153961035645db8d512343e
      • Instruction ID: 58177935171d4353cc405a14c3137b7260a52405e92118fece02df6c83489d5f
      • Opcode Fuzzy Hash: 84f95faa56faf7852d9dc469f1be9e930f3acd7bd153961035645db8d512343e
      • Instruction Fuzzy Hash: BCF1AAB410C340DFD7149F18E891A2ABBF6EF86348F445A2CE1C68B362E775C891CB56
      Function 00691D50 Relevance: 5.3, Strings: 4, Instructions: 349COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: 4`[b$4`[b$4`[b$7654
      • API String ID: 0-549518701
      • Opcode ID: 97a76490eab5cd3e8ad88b42af0bec9a5b27c047fb2231fd0403e145dab14c31
      • Instruction ID: 3270a3d393cdb5c8cc8eedd6b1be25d0ba6026a760776d4257d6e13edfa87c7e
      • Opcode Fuzzy Hash: 97a76490eab5cd3e8ad88b42af0bec9a5b27c047fb2231fd0403e145dab14c31
      • Instruction Fuzzy Hash: 0DB17D74205702EBDB288F24D8A0B76B7B7FF4A315F24591CD1974BBA1C731A951CB80
      Function 00693555 Relevance: 4.5, Strings: 3, Instructions: 736COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: 4`[b$u s$}z{
      • API String ID: 0-2227352053
      • Opcode ID: 5f13fc245d6654e117924990790fef9581c3457c7cc5542f1440dc58aeda4efc
      • Instruction ID: ec2dd975afdd0971ca98b7882cf4216af284bbad4d68f742c0a1e212a5a8ebb4
      • Opcode Fuzzy Hash: 5f13fc245d6654e117924990790fef9581c3457c7cc5542f1440dc58aeda4efc
      • Instruction Fuzzy Hash: 60329AB19083519FCB10DF28C881A6BB7E6FF89314F044A2DE8DA97752E334DA45CB56
      Function 0069EB5F Relevance: 4.3, Strings: 3, Instructions: 505COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: <($@:$SP
      • API String ID: 0-2558513
      • Opcode ID: f8ef28b01c19ee8a5a2c1181784e8d1dc9ade362ebd5ec16c0b20020788518b8
      • Instruction ID: 5ac87aa48fd122b2d8b1876c28776043eaeec440cb130822731562fa1b42cdb0
      • Opcode Fuzzy Hash: f8ef28b01c19ee8a5a2c1181784e8d1dc9ade362ebd5ec16c0b20020788518b8
      • Instruction Fuzzy Hash: DE027CB4D0021ACFDB04CF98D891AAEBBB2FF45300F148659E815AF796D734A941CFA1
      Function 0069CA40 Relevance: 4.1, Strings: 3, Instructions: 378COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: InitializeThunk
      • String ID: 7654$9$[
      • API String ID: 2994545307-1827332808
      • Opcode ID: 84023760abe39c6fa8c31ec7e7d38bdfa3801d4aba0e484013f0c754cd637f7f
      • Instruction ID: 5b305833eb7df4850ac7acf8fc17a93989e516cba218fc378a6f1d6c66580db7
      • Opcode Fuzzy Hash: 84023760abe39c6fa8c31ec7e7d38bdfa3801d4aba0e484013f0c754cd637f7f
      • Instruction Fuzzy Hash: E0B100706083019BDB14DF18C891A6BBBEBEF95324F58892CE5CA87791D331EC05CB96
      Function 00691220 Relevance: 3.4, Strings: 2, Instructions: 884COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: 4`[b$7654
      • API String ID: 0-3675246634
      • Opcode ID: 170ab6178cfccffb6eb572c9af70b7860916929da67ca49f86c7512c9d34aab6
      • Instruction ID: b9eea78ad8a672000d87ed38365131307176f0067723a4a290c32eee6d3299a6
      • Opcode Fuzzy Hash: 170ab6178cfccffb6eb572c9af70b7860916929da67ca49f86c7512c9d34aab6
      • Instruction Fuzzy Hash: 9E624274200A418BE764CF28C890B62B7F6FF0A304F64896DD4DA8BB92E735F855CB54
      Function 00685E40 Relevance: 3.3, Strings: 2, Instructions: 812COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: 0$8
      • API String ID: 0-46163386
      • Opcode ID: 2f37c482dd6e1bfee606e3ac011442570b5086cbe3e30c14358b6c56b86d532e
      • Instruction ID: d4f08649f473e669eb7054a8d7d541a392139b92cafa7d077c9e58a924f48bdb
      • Opcode Fuzzy Hash: 2f37c482dd6e1bfee606e3ac011442570b5086cbe3e30c14358b6c56b86d532e
      • Instruction Fuzzy Hash: F87259716083409FDB10DF18C984B9FBBE2AF98354F048A2DF9899B391D375D949CB92
      Function 0068BFE1 Relevance: 3.3, Strings: 2, Instructions: 759COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: :eJk$}c
      • API String ID: 0-3437383874
      • Opcode ID: 2e085ca6e5f3751217d7e9fc898c09857932181db7467d6f95a06f7a8475cd64
      • Instruction ID: aaeabf278727c7ce30d994e99605608ff855bceae7770f8807d6e14c1bc671c2
      • Opcode Fuzzy Hash: 2e085ca6e5f3751217d7e9fc898c09857932181db7467d6f95a06f7a8475cd64
      • Instruction Fuzzy Hash: E34279B020C341DBD314DF28E894B2BBBF6EF89714F046A5CE5C5972A1DB759940CBA2
      Function 0069A7D8 Relevance: 3.0, Strings: 2, Instructions: 527COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: 4`[b$7654
      • API String ID: 0-3675246634
      • Opcode ID: 7ae7ca4302550722d897dab9ca793d2a44718935cdbb7676fe2c10ddd5dd538b
      • Instruction ID: cbdd27dc06ff719c040c8af989d1b5e836625c7a59fb8c6fb5d3b15fa84170c4
      • Opcode Fuzzy Hash: 7ae7ca4302550722d897dab9ca793d2a44718935cdbb7676fe2c10ddd5dd538b
      • Instruction Fuzzy Hash: 1C028D75D0022ACBCF14CFA8C890ABEB7B2FF49304F298599D842AB755D7359D42CB91
      Function 006853B0 Relevance: 2.9, Strings: 2, Instructions: 433COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: )$IEND
      • API String ID: 0-707183367
      • Opcode ID: db7ba58a04ca6f65572c6b35e8c7d993fae73e3fc174c5f95b652578cd0874de
      • Instruction ID: 1157c13b13231fd89d955d9348a750d0adfb3edb1503fd913f8c6db9ed7932e5
      • Opcode Fuzzy Hash: db7ba58a04ca6f65572c6b35e8c7d993fae73e3fc174c5f95b652578cd0874de
      • Instruction Fuzzy Hash: 06F101B1A08B019FD714EF28C85576ABBE2FF84314F08462DF99A97381D774E914CB82
      Function 00692D9D Relevance: 2.8, Strings: 2, Instructions: 308COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: 4`[b$7654
      • API String ID: 0-3675246634
      • Opcode ID: 58838555d10cc1afcd787dde308d2bac2b845dc417b40cc61d0a6096fae053fa
      • Instruction ID: 30b613254a1eb8186f6470c91a5b026aac7af883bf6455678a16c3c932a9438b
      • Opcode Fuzzy Hash: 58838555d10cc1afcd787dde308d2bac2b845dc417b40cc61d0a6096fae053fa
      • Instruction Fuzzy Hash: 698111B1900216DBDF10DF58DCA2BFA73B6FF49314F184168E9425B791E7319A41CBA1
      Function 006B5110 Relevance: 2.7, Strings: 2, Instructions: 208COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: 0$bc$T+*)
      • API String ID: 0-1319269532
      • Opcode ID: 55b739be2f8aadee6e677ecea394a0cf665be819608ea83b4d92d0776abdc28f
      • Instruction ID: fa171d75f17464584d0cbf338e17552a21925ec1723f70a951fbfa06ab16da05
      • Opcode Fuzzy Hash: 55b739be2f8aadee6e677ecea394a0cf665be819608ea83b4d92d0776abdc28f
      • Instruction Fuzzy Hash: 0761A73520A240CFE344DF29D990A6AB3E6FBC9315F5A99ADD58943721C334E861CB82
      Function 006B54E0 Relevance: 1.9, Strings: 1, Instructions: 601COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: "Xk
      • API String ID: 0-1820992528
      • Opcode ID: 47ef90502bf4498581518eeaa509aab15f97fa0db378b93c21c55ec7b9efcc2a
      • Instruction ID: 3a07f4281c49529db6b1e0fe87bb62c3481d0cced40a9e31bfe957f05d5213f7
      • Opcode Fuzzy Hash: 47ef90502bf4498581518eeaa509aab15f97fa0db378b93c21c55ec7b9efcc2a
      • Instruction Fuzzy Hash: B112D971618305CFDB08DF28D8A16AEB7E2FF89314F09996DE98693390D730E950CB85
      Function 006A3C24 Relevance: 1.8, Strings: 1, Instructions: 550COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: vT^8
      • API String ID: 0-144666228
      • Opcode ID: d33d5abac63bca810f7e95066403182e2d6a5bdb06da96e9cb3c3989f0274ab9
      • Instruction ID: 3fc1df7eaeb9fe5a9455fde4057439fcab38a66a6d27c3ee20acd39ae0dafacc
      • Opcode Fuzzy Hash: d33d5abac63bca810f7e95066403182e2d6a5bdb06da96e9cb3c3989f0274ab9
      • Instruction Fuzzy Hash: 18026970104B818FD725CF29C4907A6FBE2AF56304F5889AED4EB8BB52C775E906CB50
      Function 006B5492 Relevance: 1.8, Strings: 1, Instructions: 550COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: "Xk
      • API String ID: 0-1820992528
      • Opcode ID: 8ad7f9445a43a2dce9e59188422ff33ec69b262b5d2a9b76430b080f599fabde
      • Instruction ID: 3be3d51e9e94b6d4bb98e6b0560fda83d06f47c89ebd9941af354157b957ee1c
      • Opcode Fuzzy Hash: 8ad7f9445a43a2dce9e59188422ff33ec69b262b5d2a9b76430b080f599fabde
      • Instruction Fuzzy Hash: B002DD75618305CFDB08DF28E8A16AEB7E2FF89314F09596DE88693391D731E950CB81
      Function 0068EFE0 Relevance: 1.8, Strings: 1, Instructions: 503COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: z
      • API String ID: 0-1657960367
      • Opcode ID: cfbc03c29537ad98f5bccb9b065f8ebbe58f38c276583e8cf67cfd4c34786ae5
      • Instruction ID: 98497045f819adabe315964f292976cb89da5cff52695849517698fc63429891
      • Opcode Fuzzy Hash: cfbc03c29537ad98f5bccb9b065f8ebbe58f38c276583e8cf67cfd4c34786ae5
      • Instruction Fuzzy Hash: CB02F1B15083418FD725EF28D89076BB7F2EF96314F180A6CE48987352E735E949CB92
      Function 00698580 Relevance: 1.7, APIs: 1, Instructions: 242comCOMMON
      Download Yara Rule
      APIs
      • CoCreateInstance.OLE32(006B9538,00000000,00000001,006B9528), ref: 006985A9
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: CreateInstance
      • String ID:
      • API String ID: 542301482-0
      • Opcode ID: e060f65343ca0f6d187046044ba11f0686d9cec44bff8fd97c976ea93b786044
      • Instruction ID: 28b1816fc01f95978ad308da57ddb2871fac2b4e4980b03fe0410689b0b6ad41
      • Opcode Fuzzy Hash: e060f65343ca0f6d187046044ba11f0686d9cec44bff8fd97c976ea93b786044
      • Instruction Fuzzy Hash: 5951B0B16042009FDB209F64CC86BBB33AAEF86754F184558F985CF791EB75D801C762
      Function 006A4D86 Relevance: 1.7, Strings: 1, Instructions: 446COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: vT^8
      • API String ID: 0-144666228
      • Opcode ID: bc4826622dd7574dd1612be5280b7c8dc1b8c1de9eae6ed1fd847cbb8e8ec995
      • Instruction ID: f59f31414715b433d5f6999ba88d82a9c173a7abe6bcf0d341469a2ac54c244e
      • Opcode Fuzzy Hash: bc4826622dd7574dd1612be5280b7c8dc1b8c1de9eae6ed1fd847cbb8e8ec995
      • Instruction Fuzzy Hash: 86E18D70105B818FD766CF29C4507A6FBE2AF57304F5888AEC4E78B792C775A906CB50
      Function 006987E0 Relevance: 1.7, Strings: 1, Instructions: 436COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: 4`[b
      • API String ID: 0-3962175265
      • Opcode ID: 4ecd55693e05513f04832a9ddd6746f0075ed57a810fec91a4b3e8128cc0e693
      • Instruction ID: f69ffc4c9f2b82f86ede171a9c08a185881c97d2d53c7a370ff8537d0fada01e
      • Opcode Fuzzy Hash: 4ecd55693e05513f04832a9ddd6746f0075ed57a810fec91a4b3e8128cc0e693
      • Instruction Fuzzy Hash: 79D1BDB16082009FDB15EF28C891A6BB7F6EF92714F08491CE8C587791E735ED01CBA6
      Function 006A0710 Relevance: 1.7, Strings: 1, Instructions: 402COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: "
      • API String ID: 0-123907689
      • Opcode ID: 939dc505111095dae399a0b3139c9c85ded5718a9b0a5185b11e47deb40da2d0
      • Instruction ID: 63a04871b4ebae28de84a1c2e5e92c56104279f8ceabadcc5efc834be7c8cbf7
      • Opcode Fuzzy Hash: 939dc505111095dae399a0b3139c9c85ded5718a9b0a5185b11e47deb40da2d0
      • Instruction Fuzzy Hash: 10C117B2A083115BE714EE24C480BABB7DBAF86314F19852DE88987382D734DD44CFD6
      Function 006B5830 Relevance: 1.6, Strings: 1, Instructions: 355COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: wu*)
      • API String ID: 0-2823797190
      • Opcode ID: 14b93721c406e975fe9131f4067c1605e978fddce7c439cd6b8f5790a26f124b
      • Instruction ID: f0bc735bfcdc2b7b0bcc85a58c666c7603d5b5c5d140964c072af0f5a90465c9
      • Opcode Fuzzy Hash: 14b93721c406e975fe9131f4067c1605e978fddce7c439cd6b8f5790a26f124b
      • Instruction Fuzzy Hash: 19C1FB71618245CFDB0CDF28D8A06AEB7F2FF89314F09896DD886A3390D730A950CB91
      Function 00699A55 Relevance: 1.5, Strings: 1, Instructions: 282COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: 7654
      • API String ID: 0-4024152101
      • Opcode ID: 06c2a77109064d1474e346677f6861e7970c20b46b00183c7331adab3441182a
      • Instruction ID: ab93f345b578779d511e126d0a13f1af8262f23cdb23fb7337ad673846754e30
      • Opcode Fuzzy Hash: 06c2a77109064d1474e346677f6861e7970c20b46b00183c7331adab3441182a
      • Instruction Fuzzy Hash: 52A1AE75619202CFD708CF28D89076AB3A3FF89315F09867CEA858B3A5E734D991CB41
      Function 006B4FB0 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: 0$bc
      • API String ID: 0-1834741830
      • Opcode ID: 07f3fc65867b5f0115938eb12a63bca887dbf3284f5ef4d3dc781817680d6fe9
      • Instruction ID: 34c76b943c1c07d4331b0a894eccde29eca1aa8410c6c61ad0d9d8897db39546
      • Opcode Fuzzy Hash: 07f3fc65867b5f0115938eb12a63bca887dbf3284f5ef4d3dc781817680d6fe9
      • Instruction Fuzzy Hash: 6291DE35619241CFD340EF28D980A6AB3F2FBC9315F4A98ADD58583365D335E8A1CF82
      Function 006A01C0 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: "
      • API String ID: 0-123907689
      • Opcode ID: 205ec2996f3149694446cd3e9eef9ded4391c56edbebfebd2d2d8c8b7e3a1f1e
      • Instruction ID: 0b3a2fb1104b3991c29e5536ad1ea58020c829aec0b044d73f1bb33685d4642e
      • Opcode Fuzzy Hash: 205ec2996f3149694446cd3e9eef9ded4391c56edbebfebd2d2d8c8b7e3a1f1e
      • Instruction Fuzzy Hash: 0D712832A087514BF724AD7C8C8435AB7D3ABC7330F298768E9B59B3E5D6748D064B81
      Function 00690B4D Relevance: 1.5, Strings: 1, Instructions: 246COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: 7654
      • API String ID: 0-4024152101
      • Opcode ID: f3bcccd73c4c42fb3893b12355ebedff6bf0f2182f144aaabbaa6dfa5a9f2d1f
      • Instruction ID: 67d17516d0e8e5d9f965fa23f65801f35706f75413231b0ac000db3811249b1c
      • Opcode Fuzzy Hash: f3bcccd73c4c42fb3893b12355ebedff6bf0f2182f144aaabbaa6dfa5a9f2d1f
      • Instruction Fuzzy Hash: 58A1E1755083528FDB20DF28C48066AB3E7FF89314F194A2DE4DA97762E731AD51CB82
      Function 00690A4B Relevance: 1.5, Strings: 1, Instructions: 240COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: 7654
      • API String ID: 0-4024152101
      • Opcode ID: 681fe0dac56d7ea0104382ce85b4b06adda029851e1899ebc051b9422778b037
      • Instruction ID: 23ce47c0c8a1e6f3deb909992981e34bfd583446d5dff8e90449a66d54f55d65
      • Opcode Fuzzy Hash: 681fe0dac56d7ea0104382ce85b4b06adda029851e1899ebc051b9422778b037
      • Instruction Fuzzy Hash: 0991E1755083528FDB20DF28C48096AB3E7FF88314F194A2DE4D997752E731AC41CB82
      Function 006923AD Relevance: 1.4, Strings: 1, Instructions: 161COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: }{
      • API String ID: 0-2556126010
      • Opcode ID: 3bd926ef2640fcfb1eb9e0b97ad681408d87328be928d64bfe4478c9d9d386d1
      • Instruction ID: 35ae9083471b450b79c5c926b8e2b14ec6a29ec7417836a528e34b26afdff538
      • Opcode Fuzzy Hash: 3bd926ef2640fcfb1eb9e0b97ad681408d87328be928d64bfe4478c9d9d386d1
      • Instruction Fuzzy Hash: 7151AEB4201602DFD724CF29C4A1A62F7F2FF4A750B289A4DD4D68BB54E335E891CB94
      Function 006900CB Relevance: 1.4, Strings: 1, Instructions: 133COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: B
      • API String ID: 0-1255198513
      • Opcode ID: 790adc885acb8046f50a31a252cddb0598a14519a5779a5118c3ab96b409c4c8
      • Instruction ID: a85b72c37bf5a70c02270a76f54583bc5511f7dbc21025cc59dd09b82b217c26
      • Opcode Fuzzy Hash: 790adc885acb8046f50a31a252cddb0598a14519a5779a5118c3ab96b409c4c8
      • Instruction Fuzzy Hash: 8A4165746083808FD354EB28D891B6EBBF6AF96304F044C2CE1C9C7362D7369899CB56
      Function 006B66B0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: InitializeThunk
      • String ID: @
      • API String ID: 2994545307-2766056989
      • Opcode ID: 99c066adb0d9f33a1f5cbe4cb83de530782e745963e00426b17417d03a9d099a
      • Instruction ID: 65823439bfdf130ee380d52bdb1e4a319dad2e81372cc964fdb3ab37f8c97821
      • Opcode Fuzzy Hash: 99c066adb0d9f33a1f5cbe4cb83de530782e745963e00426b17417d03a9d099a
      • Instruction Fuzzy Hash: A131CDB15083048BD310DF18C881AAAFBF6EF85318F14892CE99987351D739E9498B96
      Function 0069E594 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: 4`[b
      • API String ID: 0-3962175265
      • Opcode ID: e25b356554c5e8e89baf2a7d1caf96d9070f8363759a9306fae318f723334363
      • Instruction ID: c87642bf8e46b6f07c54c1ce7283f5fae05af551c619e3dda09f2e96035aed77
      • Opcode Fuzzy Hash: e25b356554c5e8e89baf2a7d1caf96d9070f8363759a9306fae318f723334363
      • Instruction Fuzzy Hash: 71010934608351DBD719CF04D4A092EB7E2AF9A355F549A1CD4CA57761C331E842CB46
      Function 006886F0 Relevance: .8, Instructions: 839COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 7e9bec85f0c542959f9c6584a01d7ceafcf6497d0db1dffef3158a76b3739c94
      • Instruction ID: b8df46431beb186b5eddce617c33d075482f847b000bdaa4e2cf66bceb639715
      • Opcode Fuzzy Hash: 7e9bec85f0c542959f9c6584a01d7ceafcf6497d0db1dffef3158a76b3739c94
      • Instruction Fuzzy Hash: C552F5315083158FC724EF18E8806BAB3E3FFD4314F698A2DD99697385DB34A951CB92
      Function 00687BE0 Relevance: .7, Instructions: 670COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: bd7d60460fbcb07b2d04cf31dd294eea7268d6fd178d9d9a660adc34c9b24f59
      • Instruction ID: 51c7e7690e0143bcf74db2aa99644b396fab9f1e13961b7c2c2616a287853af0
      • Opcode Fuzzy Hash: bd7d60460fbcb07b2d04cf31dd294eea7268d6fd178d9d9a660adc34c9b24f59
      • Instruction Fuzzy Hash: 405207709087848FEB31EB24C4843E7BBE2EF51314F544A6DD5E607B82DBB9A885C752
      Function 006B2A30 Relevance: .6, Instructions: 593COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 2aa561a8283a354b0274c09db792a3d5fa4d75eb178ff69e59d96615761a68c9
      • Instruction ID: a344ee6c7901f74f6cd3c833258a3ea3ce72b30740da16b285d9bd3566e5c6bc
      • Opcode Fuzzy Hash: 2aa561a8283a354b0274c09db792a3d5fa4d75eb178ff69e59d96615761a68c9
      • Instruction Fuzzy Hash: 7112A0B06083429FC315DF18C8A0AAAB7E2FF95314F548A2DF5D587392D731E992CB52
      Function 00684A10 Relevance: .6, Instructions: 592COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 4b31c76f7cbc6d5838a02b5b338d1a06a15a65affc008184237fa5bb8a5f6d91
      • Instruction ID: 05aa2c75312c28913458d40800bc12b72e17a5b75dabe74aab98c9bc21402cf1
      • Opcode Fuzzy Hash: 4b31c76f7cbc6d5838a02b5b338d1a06a15a65affc008184237fa5bb8a5f6d91
      • Instruction Fuzzy Hash: C9320270515B128FC368DF29C590666BBF2BF85710B604A2ED6A787F90DB36F845CB10
      Function 00686B80 Relevance: .4, Instructions: 424COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: db54d59c192d6b6fd14885a93f852d71f41e26016e9a19521493280c03582cbb
      • Instruction ID: fa350afce83a31f3c2d84ec85cf6f936fdc11e4627a78fc901389d4c82857412
      • Opcode Fuzzy Hash: db54d59c192d6b6fd14885a93f852d71f41e26016e9a19521493280c03582cbb
      • Instruction Fuzzy Hash: 96F19B7120C7418FC728DF29C885A6BBBE2EF94304F148A1DF5DA47791E271E944CB96
      Function 0069CF42 Relevance: .4, Instructions: 368COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: fb8e19c7762884796884ed60d9ef8f8e066de863273928500db8d4b399596852
      • Instruction ID: 8561f7847bf375a0d69f31b345c343ccd816128046af73ef8c3ad41663198192
      • Opcode Fuzzy Hash: fb8e19c7762884796884ed60d9ef8f8e066de863273928500db8d4b399596852
      • Instruction Fuzzy Hash: AAC135B450C382CBCB14DF24D89166BBBE6AF85304F08496DE9C68B342E335D946CB92
      Function 006B6E10 Relevance: .3, Instructions: 317COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: c1a76490d621aae0abea4a84334c3f25a2564a499231652ac293f9d8b1a28ff7
      • Instruction ID: 0bac5d9d3442fba92ad41b13521646de415e6711c560b8a0c33c2b4c6ca9fdca
      • Opcode Fuzzy Hash: c1a76490d621aae0abea4a84334c3f25a2564a499231652ac293f9d8b1a28ff7
      • Instruction Fuzzy Hash: 29A1ADB46083128BC714DF18D890AAAB7F2EF85744F18892DE9958B351E735EC91CB92
      Function 006B6B00 Relevance: .3, Instructions: 309COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 216dcca417770d3ee0448163e524515f12e14629e99973dc254dd2291ea0c0cb
      • Instruction ID: 56713a216665dc36e23088244f2361a441a3fec0a40eacd499e204d31e54aa01
      • Opcode Fuzzy Hash: 216dcca417770d3ee0448163e524515f12e14629e99973dc254dd2291ea0c0cb
      • Instruction Fuzzy Hash: 3F91D0B07083128BC718DF18D8909AAB7B3FF99710F55892CE9864B355E735AC91CB91
      Function 0069DF69 Relevance: .3, Instructions: 309COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 3b269be18ef2c1cfc51eb007e6878e847bd5a30f60e0e6122ab7196ef8617b84
      • Instruction ID: f683b5e3a8293e03e226aa21bf1e7de81ab55709c69dbaa81b16ef9aaa44c04a
      • Opcode Fuzzy Hash: 3b269be18ef2c1cfc51eb007e6878e847bd5a30f60e0e6122ab7196ef8617b84
      • Instruction Fuzzy Hash: 91B1D4B16083418FD724CF28C84076AB7E6BFC9314F198A2CE899C7391EB71D901CB91
      Function 00687750 Relevance: .3, Instructions: 303COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: b5140ca86dd5b4bcaba2cb1346e0d6ff8cb35f9844ba483e5f1b1bd21b4eb7be
      • Instruction ID: 68ed3e8efa4c063d444bc975a55e9819b345c649266a017979500ecbd2dc80d0
      • Opcode Fuzzy Hash: b5140ca86dd5b4bcaba2cb1346e0d6ff8cb35f9844ba483e5f1b1bd21b4eb7be
      • Instruction Fuzzy Hash: 01C16CB29487418FC360DF68CC96BABB7E2BF85318F184A2DD1D9C6342D778A155CB06
      Function 0069DBA2 Relevance: .3, Instructions: 296COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 35b01f5ba4d8e2e3d8c4f806ea7192c0bef8e8bfd5b55e1eda6442076e056fe0
      • Instruction ID: 6f932c27d532fb725b6bf74786359e768facf9fb965d943f0fe1f2d2e20bdfc3
      • Opcode Fuzzy Hash: 35b01f5ba4d8e2e3d8c4f806ea7192c0bef8e8bfd5b55e1eda6442076e056fe0
      • Instruction Fuzzy Hash: BEA11375608281CFDB248F38D8907AAB7E7AF9A310F1946ACE4E55B3D1E770A844CB51
      Function 0069FA7F Relevance: .2, Instructions: 243COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 83404a13c3c957f63282f6e511ac123ad5cbcdb76db1fccb295810a29c6b1e7a
      • Instruction ID: 95770ee00e5d226a620749a76f72f2e88addbd11b62e1b346bb87a34cf86fd27
      • Opcode Fuzzy Hash: 83404a13c3c957f63282f6e511ac123ad5cbcdb76db1fccb295810a29c6b1e7a
      • Instruction Fuzzy Hash: 028168B490022ACBDF14CF54C8A16BFB7B2FF56314F148A5CD8966BB95D3346901CBA4
      Function 0068EDDF Relevance: .2, Instructions: 236COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 5c9f6e6cd4033e49223585646453efb67cd07f73ce80a7e6fd63f4ac97caed79
      • Instruction ID: fbceebf083b445b82d058add6d49f80de8648b92173cc1a454402c1018ccfc47
      • Opcode Fuzzy Hash: 5c9f6e6cd4033e49223585646453efb67cd07f73ce80a7e6fd63f4ac97caed79
      • Instruction Fuzzy Hash: 4371D5B19083518BD725EF24C48076BBBE6EF86314F140A6DE48A97351E731ED88C7D6
      Function 006ADB80 Relevance: .2, Instructions: 189COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 0c74a5fcb78ba7649df40a37d0d90475295fc2b447c5cb1f91e2738a5b779dff
      • Instruction ID: 58ddec5637785c11f1a535a2b39988a870c1774cd5f10a8f73bde79c9ca85aa7
      • Opcode Fuzzy Hash: 0c74a5fcb78ba7649df40a37d0d90475295fc2b447c5cb1f91e2738a5b779dff
      • Instruction Fuzzy Hash: 94515BB15087548FE314EF29D49435BBBE1BBC9318F044A2DE4EA87751E379DA088F92
      Function 0069C219 Relevance: .1, Instructions: 133COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: cd6f29f997d3d2db6836121aba283044f4617b3f4027297d59cd9b16238a5939
      • Instruction ID: 9ede38b6afc99254321c6a5288a03905e86e1d29ea27680d6dd4a7e906f9aa6a
      • Opcode Fuzzy Hash: cd6f29f997d3d2db6836121aba283044f4617b3f4027297d59cd9b16238a5939
      • Instruction Fuzzy Hash: FD4102729083928FDB109F58C5903ABFBEAEB95360F49096DE4C587B41D374D846C7D2
      Function 0068CC80 Relevance: .1, Instructions: 133COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 17ed2f97a82ef0fccd31dfc6c14db6a0cee115a64f7ed27b3250fdf21fe9033a
      • Instruction ID: 43c75e4a173bb4ebfa244917a809c8474d2d6d5165a3733b085240238c54a1fd
      • Opcode Fuzzy Hash: 17ed2f97a82ef0fccd31dfc6c14db6a0cee115a64f7ed27b3250fdf21fe9033a
      • Instruction Fuzzy Hash: C541E07261C3950FD358EE39889026ABBD3ABC5320F098B3DF1A6C7391E6748946D761
      Function 00681F98 Relevance: .1, Instructions: 102COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 781e6f0c42c3a88eb3ce4f25480f8d0fe523ec6108a56549e86fa3b6f34cc6e0
      • Instruction ID: a67ce5bb45b2a3bc8c582786baf147ad7cda8864be59af5dad0c5fc4e40db06e
      • Opcode Fuzzy Hash: 781e6f0c42c3a88eb3ce4f25480f8d0fe523ec6108a56549e86fa3b6f34cc6e0
      • Instruction Fuzzy Hash: DE31DCB565C750CFE3184F25DCA1356BBE6BB95302F4D96BEC4C6027A2C2F89185CB41
      Function 006B6250 Relevance: .1, Instructions: 85COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 5061ae7748acbcaf2651d2b58313a3ca0514ee4fb491de921d386fc08d8188c2
      • Instruction ID: 76858c116d5ce8ed2c9febe51d32b54c69fc1ec661e131745c9a94e28217ce1b
      • Opcode Fuzzy Hash: 5061ae7748acbcaf2651d2b58313a3ca0514ee4fb491de921d386fc08d8188c2
      • Instruction Fuzzy Hash: F421ABB1608302ABE714CF14C880AABB7F2EFC6754F54991DF8944B251E334ED828B96
      Function 00683C30 Relevance: .1, Instructions: 76COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 297c36941ad6291bb5a92f2724cbea7ba0774ef8871db7f77aa5d8d79277baa5
      • Instruction ID: a3bee9bc688858da14324e2d6f4a2095feb0d6b585599f1af2cc6936b581b361
      • Opcode Fuzzy Hash: 297c36941ad6291bb5a92f2724cbea7ba0774ef8871db7f77aa5d8d79277baa5
      • Instruction Fuzzy Hash: E81123B7B252310BE350DE3AECD46567347EBC5710B4A0239EE42E7342CAA2E942D280
      Function 006A9A30 Relevance: .1, Instructions: 64COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
      • Instruction ID: 284a663096da66f90a37a4d69329ba2ca9a5656583ae03852206dce5dcf9d097
      • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
      • Instruction Fuzzy Hash: D311E533B051E40EC3169D3C84005A5BFA30AE3735B2983DAF5B99B3D6D6228D8A8764
      Function 006A0120 Relevance: .1, Instructions: 63COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 1d78475d16ca2dbc92dfad9f182ff1db781027909e5738ff1e453e2f1f223716
      • Instruction ID: 006d5d71b3ac10e6bc2b3ecf92f1f62cdd574e7f5fa457c75bc5390692739149
      • Opcode Fuzzy Hash: 1d78475d16ca2dbc92dfad9f182ff1db781027909e5738ff1e453e2f1f223716
      • Instruction Fuzzy Hash: 18015EB560030157F621BEA498C57BBA2AAAB86B14F18453CE84957302EB75EC09CBA5
      Function 006A3E16 Relevance: .0, Instructions: 43COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: d875a037972f54c9f22ca60d05a8f4951f298c798ef7dab6a172fa8c567e8ef8
      • Instruction ID: bddf9ffe8729df7b5780b337179a51cf16c7e5f628a1a54652c1a423b48aceb6
      • Opcode Fuzzy Hash: d875a037972f54c9f22ca60d05a8f4951f298c798ef7dab6a172fa8c567e8ef8
      • Instruction Fuzzy Hash: 27F01C2804C6E38AD712863950D13B1FFA35FA7780F2C5186D4D14B356D77B8E0E8A62
      Function 006A8918 Relevance: .0, Instructions: 40COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 4a3e072ef19f0de9cdd9b556d1b132ae93392072b393da6b0a1dcfd830dcb4a2
      • Instruction ID: b691bd81ad81e144a3679f02ce9a44f27b5fab94a2c6e1fb79f133b3023f64d8
      • Opcode Fuzzy Hash: 4a3e072ef19f0de9cdd9b556d1b132ae93392072b393da6b0a1dcfd830dcb4a2
      • Instruction Fuzzy Hash: 2CF0C9F05142006EE714BA3CCD1AB777AEDAB45214F404A5CFCA5D72D6E270695887E2
      Function 006A3BC9 Relevance: .0, Instructions: 38COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: f25dcf5acba1954e16ef461d2220495df16a149964ed3fcbd334e2f3d3196409
      • Instruction ID: 86e7119eb08369975cfff3dd907d2950ef743dabc9fe00db24ba5d9f1f32b847
      • Opcode Fuzzy Hash: f25dcf5acba1954e16ef461d2220495df16a149964ed3fcbd334e2f3d3196409
      • Instruction Fuzzy Hash: B3F01224408292C9E7119F1A80507B0FFA2AF63340B2860C6D4C66B352C366CD97DA75
      Function 00692BC0 Relevance: .0, Instructions: 38COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 8f82cd91b960163e0e5808135f27fbf829c94ba9cad26be72ed03aca08fe522e
      • Instruction ID: 8f2faa09882247ee4c53ee56e5e69eb023b93a4c61c73052f2c4e218a693c56e
      • Opcode Fuzzy Hash: 8f82cd91b960163e0e5808135f27fbf829c94ba9cad26be72ed03aca08fe522e
      • Instruction Fuzzy Hash: E9F055F1A08210BBDF228958ACD1F7BFB9DCB9B328F090469E88593602D1719840C3E6
      Function 006B09A0 Relevance: .0, Instructions: 21COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
      • Instruction ID: e88663cf4a704cc135128cab6a5b86fb96e0fb4fa694eeb3d6db4a339f892413
      • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
      • Instruction Fuzzy Hash: D7D0A561608361467B749D1994005F7F7F1EAC7711F45555EF5C1D3345D630DC41C3A9
      Function 006B2080 Relevance: .0, Instructions: 15COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 06bedf409a89f37729d4bace4570d89d7d883f3902a9f399d22e22d12ed3b792
      • Instruction ID: d4174dc5387e6b7f8e0b10cab4084cd60ba71a15a132bd2a46dd4471ed71b5e5
      • Opcode Fuzzy Hash: 06bedf409a89f37729d4bace4570d89d7d883f3902a9f399d22e22d12ed3b792
      • Instruction Fuzzy Hash: 4DD092608182459BD3059F54C959E27BBB9EF87318F05A98CE4882B661D234D948C7AA
      Function 006A7B1F Relevance: 38.7, APIs: 1, Strings: 21, Instructions: 157memoryCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 281 6a7b1f-6a7b6d 282 6a7b72-6a7b80 281->282 282->282 283 6a7b82 282->283 284 6a7b8a-6a7b91 283->284 285 6a7b93-6a7bc3 call 6a9ae0 284->285 286 6a7bc5-6a7e2d SysAllocString 284->286 285->284 287 6a7e32-6a7e40 286->287 287->287 289 6a7e42 287->289 291 6a7e4a-6a7e51 289->291 292 6a7e53-6a7e83 call 6a9b10 291->292 293 6a7e85-6a7ef2 291->293 292->291
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: AllocString
      • String ID: -$.$/$0$1$3$7$E$F$I$M$N$Q$X$Z$\$]$_$g$i$t
      • API String ID: 2525500382-3840792241
      • Opcode ID: ff89285dc686734062fb671ad42c5ae0cf9d1284b47e1c806925dc7f3a677e4d
      • Instruction ID: 5bcdd99b6c3600e39b6f25b8413cf6a3f4910581a6d70f4ac173ef97d0512495
      • Opcode Fuzzy Hash: ff89285dc686734062fb671ad42c5ae0cf9d1284b47e1c806925dc7f3a677e4d
      • Instruction Fuzzy Hash: 1CA1737000CBC28AD3369A3C98487DABFD15BA7324F084B9DE5E94A2E2D3754546CB67
      Function 006A7599 Relevance: 26.3, APIs: 2, Strings: 13, Instructions: 79COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: Variant$ClearInit
      • String ID: !$#$%$'$)$+$-$/$9$=$?$n$q
      • API String ID: 2610073882-1071266462
      • Opcode ID: de953e9466e99589a64b6cbdf4215a7b21f0128ae52f350ec742e1377b8cc754
      • Instruction ID: fb697dbd62750bca65314398b7eae02ddbf234961d1c9ef810b83dfff1d2f918
      • Opcode Fuzzy Hash: de953e9466e99589a64b6cbdf4215a7b21f0128ae52f350ec742e1377b8cc754
      • Instruction Fuzzy Hash: D341E37000C7C19ED362DB28D09875EBFE1ABA6314F881A9DF4D54B392C7758549CB93
      Function 006A695F Relevance: 26.3, APIs: 2, Strings: 13, Instructions: 72COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: Variant$ClearInit
      • String ID: !$#$%$'$)$+$-$/$9$=$?$n$q
      • API String ID: 2610073882-1071266462
      • Opcode ID: dcc2ec61e40db069edc631b95b5fcd5295fe5f2a3946f2bd59f816581a53429a
      • Instruction ID: e6c6575c7c6b7b344f9aeef9bdefe9c7f4f4538fdc3ef1848f2034b32753b3bd
      • Opcode Fuzzy Hash: dcc2ec61e40db069edc631b95b5fcd5295fe5f2a3946f2bd59f816581a53429a
      • Instruction Fuzzy Hash: 9B41CF7000C3C19ED361DB28908875EBFE1ABA6314F886E9DF5E44B392C7B58549CB63
      Function 006A8ECF Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 95COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: InitVariant
      • String ID: %$'$1$1$3$5$7$9$?$@$D$H
      • API String ID: 1927566239-2802390439
      • Opcode ID: 086ca100cadfd3e0237726b9dc4f99ced5f2ced4740637bda2de48de4d4f0594
      • Instruction ID: d17af491058a5287909691df64d425de2cecff6905da91f4b33d8bc5a18159d1
      • Opcode Fuzzy Hash: 086ca100cadfd3e0237726b9dc4f99ced5f2ced4740637bda2de48de4d4f0594
      • Instruction Fuzzy Hash: BB4139701087818ED726DF28D498716BFE1AB16314F088A9DD8EA4F797C374D605CBA2
      Function 006A9598 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 89COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: InitVariant
      • String ID: %$'$1$1$3$5$7$9$?$@$D$H
      • API String ID: 1927566239-2802390439
      • Opcode ID: e97582a25cf471eca280ad8e838005a37e8c2f56cadb987274e8f3f0f1cb6839
      • Instruction ID: 22e86032c1fdf17ad6421c46e59a95ead6f401d80f686225bcf91a4ab398ca77
      • Opcode Fuzzy Hash: e97582a25cf471eca280ad8e838005a37e8c2f56cadb987274e8f3f0f1cb6839
      • Instruction Fuzzy Hash: 8041D860008BC18ED726DF289498716BFE16B16314F488A8ED8E54F7D7C375D61ACB62
      Function 006A6B11 Relevance: 19.3, APIs: 1, Strings: 10, Instructions: 68COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: InitVariant
      • String ID: !$i$k$m$o$q$s$u$v$w
      • API String ID: 1927566239-2573421488
      • Opcode ID: dea11c998f54b1a27b04c7488cb292e9abff018ba1908ff0c7641148c987d5dc
      • Instruction ID: 2101ad01c2c85b3323131346bab6d3fc84aa1d3fb63e6921a09c1ea750919264
      • Opcode Fuzzy Hash: dea11c998f54b1a27b04c7488cb292e9abff018ba1908ff0c7641148c987d5dc
      • Instruction Fuzzy Hash: C031B27050C3C18AD321DB68D05879FBFE0AB96348F088C5DE4CA97392D7BA9548DB63
      Function 00699B90 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 402COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID:
      • String ID: BZ$JB$SY$VU$[M$yI$ys
      • API String ID: 0-2800861462
      • Opcode ID: a5d85394c12c8bdb3dd17e85bd5d31ee2e0548b3579ae592fa5c50a6eabfd00e
      • Instruction ID: d338b99de9d7232a2965d0715b3ca51667eb822887b03b22b8f82d97d57c41d9
      • Opcode Fuzzy Hash: a5d85394c12c8bdb3dd17e85bd5d31ee2e0548b3579ae592fa5c50a6eabfd00e
      • Instruction Fuzzy Hash: BCF11EB41083819BD714DF59D990A2BBBF6AF86788F144A0CF0D98B361D3389945CBA7
      Function 006AE876 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 231COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: String$Free$Variant$ClearInit
      • String ID: j
      • API String ID: 4205145696-3613250677
      • Opcode ID: cfac97eb453629b7fdf316ee4ed1267e881dc67ca6417b3596b6b6136212f792
      • Instruction ID: 9e899bce838cd74f58951ddf624d4a0ab237b06c160a9030545876b55dd2fc2b
      • Opcode Fuzzy Hash: cfac97eb453629b7fdf316ee4ed1267e881dc67ca6417b3596b6b6136212f792
      • Instruction Fuzzy Hash: 7F8158B5604B00CFD724DF24C885A66B7A2FF5A304F148A6DD49B8BBA2D736F845CB50
      Function 006A6CDB Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 88COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: Variant$ClearInit
      • String ID: T$V$W$X
      • API String ID: 2610073882-3009632173
      • Opcode ID: 813cb4286a92b0a677caa75ab48586622c558991fb2a77442ded82027e32cc69
      • Instruction ID: 3cff231e2a2ed1125871d07fbb7e9c543e5e06aee404810e77717155f014eb97
      • Opcode Fuzzy Hash: 813cb4286a92b0a677caa75ab48586622c558991fb2a77442ded82027e32cc69
      • Instruction Fuzzy Hash: AC51806410C7C18ED3319B3C995879BBFE1ABA7224F184B9DE4E94B2E2C7309545CB63
      Function 006A7F8E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2918180236.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
      • Associated: 00000000.00000002.2918165521.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918206455.00000000006B8000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918220738.00000000006BB000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918234738.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2918249799.00000000006CA000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_680000_SecuriteInfo.jbxd
      Similarity
      • API ID: String
      • String ID: R$U
      • API String ID: 2568140703-2056283921
      • Opcode ID: 70ea3f889d607143c48a07da1591161c97be619dc2bd7ecab30c3f8f4cc2ba2e
      • Instruction ID: a93bbcca8a8b908e654eb3943e95054fd9469a77cc4c69a9ea762ae16e6f41cc
      • Opcode Fuzzy Hash: 70ea3f889d607143c48a07da1591161c97be619dc2bd7ecab30c3f8f4cc2ba2e
      • Instruction Fuzzy Hash: F2411C7160C7818FC7749B68C4543AEFBE2ABD6310F144A6EE5E987381DA748845CB16