Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Screenpresso.exe

Overview

General Information

Sample name:Screenpresso.exe
Analysis ID:1531355
MD5:ad33cd210ddb830eaf9913e281fe73f0
SHA1:b0caaee7cab32e1e52fc674e573060dd0ca014fb
SHA256:e742f7b9e12768c99ca087b072330f2e158cc0c45fbeb45964e1e3fec70085cd
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Screenpresso.exe (PID: 6772 cmdline: "C:\Users\user\Desktop\Screenpresso.exe" MD5: AD33CD210DDB830EAF9913E281FE73F0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\Desktop\Screenpresso.exeWindow detected: I &accept the licenseSoftware License AgreementVERY IMPORTANT READ CAREFULLY:This Screenpresso Software License Agreement (hereinafter this LICENSE ) is a legal agreement between you (either an individual or a single entity) and Learnpulse SAS. ( Screenpresso ) for the software containing this LICENSE or products identified on the Screenpresso.com web site on the disk or CD-ROM enclosed with the package which contain computer software and associated media and printed materials and may include on-line or electronic documentation (the SOFTWARE ) and for which the activation-Key(s) are either provided on the back of the enclosed CD case or obtained through Learnpulse or its authorized distributor.IT IS NECESSARY FOR YOU TO AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE BEFORE YOU ARE PERMITTED TO CONTINUE TO INSTALL THE SOFTWARE. BY CLICKING THE I ACCEPT BUTTON OR BY INSTALLING COPYING OR OTHERWISE USING THE SOFTWARE YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE INCLUDING THE WARRANTY DISCLAIMERS LIMITATIONS ON LIABILITY AND TERMINATION PROVISIONS.If you do not agree to the terms of this LICENSE close this window to EXIT NOW.I. OWNERSHIP; LICENSE GRANT.This is a license agreement and NOT an agreement for sale. Learnpulse continues to own the copy of the SOFTWARE contained on the web site disk or CD-ROM and all copies thereof. Your rights to the SOFTWARE are specified in this LICENSE and Learnpulse retains all rights not expressly granted to you in this LICENSE. Learnpulse hereby grants to you and you accept a non-exclusive non-transferable license to use copy and modify the SOFTWARE only as authorized below.II. PERMITTED USES.This LICENSE grants you the following rights:A. The SOFTWARE can be used for personal usage (at home) as well as for commercial usage (at work) with and without license key. The following restriction apply for unregistered users (if no license key is found) : Screenpresso is updated each time a new version of Screenpresso is released. This requires that Internet network must be operational: firewall and other HTTP traffic management must not be used to block updates of Screenpresso.III. PRIVACY POLICYRefer to Privacy Policy.IV. PROHIBITED USES.You may not without the prior written permission of Learnpulse:A. Disassemble decompile or unlock decode or otherwise reverse translate or engineer or attempt in any manner to reconstruct or discover any source code or underlying algorithms of SOFTWARE provided in object code form only.B. Use copy modify or merge copies of the SOFTWARE and any accompanying documents except as permitted in this LICENSE.C. Transfer rent lease or sublicense the SOFTWARE.D. Distribute the SOFTWARE in a run-time.E. Distribute the SOFTWARE via a public Internet access.V. COPYRIGHT.All title and copyrights in and to the SOFTWARE (including but not limited to any images photographs animation video audio music text and applets incorporated into the SOFTWARE) and the accompanying prin
Source: Screenpresso.exeStatic PE information: certificate valid
Source: Screenpresso.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\git\screenpresso\ScreenpressoAdmin\src\obj\Release\net48\ScreenpressoAdmin.pdbSHA256wY source: Screenpresso.exe
Source: Binary string: C:\git\screenpresso\Screenpresso\src\obj\Release\net48\Screenpresso.pdb source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F7A53B000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\git\screenpresso\Screenpresso\src\obj\Release\net48\Screenpresso.pdb~ source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F7A53B000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\git\screenpresso\ScreenpressoAdmin\src\obj\Release\net48\ScreenpressoAdmin.pdb source: Screenpresso.exe
Source: Screenpresso.exeString found in binary or memory: :Whttps://www.youtube.com/watch?v=pssN7gWXfVs equals www.youtube.com (Youtube)
Source: Screenpresso.exeString found in binary or memory: BtnScript_Click9SettingsForm.BtnScript_Click1BtnAmazonS3Account_ClickKSettingsForm.BtnAmazonS3Account_Click5BtnCloudinaryAccount_ClickOSettingsForm.BtnCloudinaryAccount_Click/BtnDropboxAccount_ClickISettingsForm.BtnDropboxAccount_Click+BtnImgurAccount_ClickESettingsForm.BtnImgurAccount_Click+BtnDriveAccount_ClickESettingsForm.BtnDriveAccount_Click1BtnFileCopyAccount_ClickKSettingsForm.BtnFileCopyAccount_Click/BtnOneNoteAccount_ClickISettingsForm.BtnOneNoteAccount_Click1BtnOneDriveAccount_ClickKSettingsForm.BtnOneDriveAccount_Click-BtnLinearAccount_ClickGSettingsForm.BtnLinearAccount_Click;BtnSharingAccountRemove_ClickUSettingsForm.BtnSharingAccountRemove_Click7LnkSharingDemos_LinkClickedshttps://www.youtube.com/results?search_query=screenpressoQSettingsForm.LnkSharingDemos_LinkClicked+LvSharing_DoubleClickESettingsForm.LvSharing_DoubleClickEChkSharingAutoClose_CheckedChanged_SettingsForm.ChkSharingAutoClose_CheckedChangedABtnConfigureSoundRecording_Click equals www.youtube.com (Youtube)
Source: Screenpresso.exeString found in binary or memory: YouTube5YouTubeAccountForm.OnShownAYouTubeAccountForm.OnFormClosingQYouTubeAccountForm.BtnRequestToken_Click/https://www.youtube.comEYouTubeAccountForm.FillFromAccountAYouTubeAccountForm_StatusChangedUSend your images to YouTube in one click !-&Permit YouTube access%YouTubeAccountForm equals www.youtube.com (Youtube)
Source: Screenpresso.exeString found in binary or memory: videoFilepath3YouTubeSharingForm.OnSend7YouTubeSharingForm.OnCancelOYouTubeSharingForm.TxtTitle_TextChanged;YouTubeHelper_ProgressChangedaYouTubeSharingForm.YouTubeHelper_ProgressChangedOYouTubeSharingForm.Helper_StatusChangedAhttps://www.youtube.com/watch?v=Chttps://studio.youtube.com/video/)chkGeneratePublicUrl equals www.youtube.com (Youtube)
Source: Screenpresso.exeString found in binary or memory: http://DirectShowNet.SourceForge.net
Source: Screenpresso.exeString found in binary or memory: http://DirectShowNet.SourceForge.netD
Source: Screenpresso.exeString found in binary or memory: http://api.bitly.com/v3/shorten?login=
Source: Screenpresso.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Screenpresso.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Screenpresso.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Screenpresso.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Screenpresso.exeString found in binary or memory: http://camendesign.com/code/video_for_everybody
Source: Screenpresso.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Screenpresso.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Screenpresso.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Screenpresso.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Screenpresso.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Screenpresso.exeString found in binary or memory: http://flowplayer.org
Source: Screenpresso.exeString found in binary or memory: http://flowplayer.org/download/license_gpl.htm
Source: Screenpresso.exeString found in binary or memory: http://maps.google.com/?ll=
Source: Screenpresso.exeString found in binary or memory: http://ocsp.digicert.com0
Source: Screenpresso.exeString found in binary or memory: http://ocsp.digicert.com0A
Source: Screenpresso.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: Screenpresso.exeString found in binary or memory: http://ocsp.digicert.com0X
Source: Screenpresso.exe, 00000000.00000002.3337557460.0000018F000F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: Screenpresso.exe, 00000000.00000002.3337557460.0000018F000DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Screenpresso.exeString found in binary or memory: http://twitter.com/
Source: Screenpresso.exeString found in binary or memory: http://videojs.com/
Source: Screenpresso.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: Screenpresso.exeString found in binary or memory: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html
Source: Screenpresso.exeString found in binary or memory: http://www.screenpresso.com/?utm_source=Video%2BPlayer&utm_medium=Link&utm_campaign=Video%2BPlayer
Source: Screenpresso.exeString found in binary or memory: http://xml.evernote.com/pub/enml.dtd
Source: Screenpresso.exeString found in binary or memory: http://zxingnet.codeplex.com/)
Source: Screenpresso.exeString found in binary or memory: https://api.cloudinary.com
Source: Screenpresso.exeString found in binary or memory: https://api.dropboxapi.com/2/files/delete9DropboxSharingForm.OnClosing3DropboxSharingForm.OnSend7Dro
Source: Screenpresso.exeString found in binary or memory: https://api.dropboxapi.com/2/files/list_folderohttps://api.dropboxapi.com/2/files/list_folder/contin
Source: Screenpresso.exeString found in binary or memory: https://api.dropboxapi.com/2/sharing/create_shared_link_with_settings
Source: Screenpresso.exeString found in binary or memory: https://api.dropboxapi.com/2/users/get_current_account
Source: Screenpresso.exeString found in binary or memory: https://api.dropboxapi.com/2/users/get_space_usage
Source: Screenpresso.exeString found in binary or memory: https://api.dropboxapi.com/oauth2/tokenCapplication/x-www-form-urlencoded
Source: Screenpresso.exeString found in binary or memory: https://api.imgur.com/3/Dhttps://api.imgur.com/3/account/meRhttps://api.imgur.com/3/account/me/album
Source: Screenpresso.exeString found in binary or memory: https://api.imgur.com/3/album/
Source: Screenpresso.exeString found in binary or memory: https://api.imgur.com/oauth2/Lhttps://api.imgur.com/oauth2/authorizeDhttps://api.imgur.com/oauth2/to
Source: Screenpresso.exeString found in binary or memory: https://api.imgur.com/oauth2/authorize
Source: Screenpresso.exeString found in binary or memory: https://api.imgur.com/oauth2/tokenShttps://api.imgur.com/3/account/me/albums;https://api.imgur.com/3
Source: Screenpresso.exeString found in binary or memory: https://api.linear.app/graphql
Source: Screenpresso.exeString found in binary or memory: https://api.linear.app/oauth/token
Source: Screenpresso.exeString found in binary or memory: https://api.onedrive.com/v1.0/drive/items/
Source: Screenpresso.exeString found in binary or memory: https://api.onedrive.com/v1.0/drive/root
Source: Screenpresso.exeString found in binary or memory: https://api.onedrive.com/v1.0/drive/root:/
Source: Screenpresso.exeString found in binary or memory: https://api.onedrive.com/v1.0/drive/root:Qhttps://api.onedrive.com/v1.0/drive/rootUhttps://api.onedr
Source: Screenpresso.exeString found in binary or memory: https://api.onedrive.com/v1.0/driveihttps://api.onedrive.com/v1.0/drive/root
Source: Screenpresso.exeString found in binary or memory: https://api.onedrive.com/v1.0Fhttps://api.onedrive.com/v1.0/drivePhttps://api.onedrive.com/v1.0/driv
Source: Screenpresso.exeString found in binary or memory: https://api.screenpresso.com/1/Jhttps://api.screenpresso.com/1/upload
Source: Screenpresso.exeString found in binary or memory: https://api.screenpresso.com/1/upload
Source: Screenpresso.exeString found in binary or memory: https://api.screenpresso.com/2/Fhttps://api.screenpresso.com/2/listJhttps://api.screenpresso.com/2/d
Source: Screenpresso.exeString found in binary or memory: https://api.screenpresso.com/2/delete
Source: Screenpresso.exeString found in binary or memory: https://api.screenpresso.com/2/list
Source: Screenpresso.exeString found in binary or memory: https://api.twitter.com/
Source: Screenpresso.exeString found in binary or memory: https://api.twitter.com/1.1/statuses/update_with_media.json
Source: Screenpresso.exeString found in binary or memory: https://api.twitter.com/oauth/Vhttps://api.twitter.com/oauth/request_tokenhhttps://api.twitter.com/o
Source: Screenpresso.exeString found in binary or memory: https://api.twitter.com/oauth/access_tokenwhttps://api.twitter.com/1.1/account/verify_credentials.js
Source: Screenpresso.exeString found in binary or memory: https://api.twitter.com/oauth/authorize?oauth_token=YrequestToken
Source: Screenpresso.exeString found in binary or memory: https://api.twitter.com/oauth/request_token
Source: Screenpresso.exeString found in binary or memory: https://apis.live.net/v5.0
Source: Screenpresso.exeString found in binary or memory: https://apis.live.net/v5.0/suppress_response_codes%suppress_redirects
Source: Screenpresso.exeString found in binary or memory: https://aws.amazon.com
Source: Screenpresso.exeString found in binary or memory: https://cdn.screenpresso.com/binaries/ffmpeg32_20160531.zip
Source: Screenpresso.exeString found in binary or memory: https://cdn.screenpresso.com/binaries/ffmpeg64_20240213.zip
Source: Screenpresso.exeString found in binary or memory: https://cdn.screenpresso.com/binaries/imagepack_20231211.zip
Source: Screenpresso.exeString found in binary or memory: https://cdn.screenpresso.com/binaries/tesseract64_20231203.zipmhttps://cdn.screenpresso.com/binaries
Source: Screenpresso.exeString found in binary or memory: https://cdn.screenpresso.com/binaries/tesseract64_20231203.zipvhttps://cdn.screenpresso.com/binaries
Source: Screenpresso.exeString found in binary or memory: https://cloudinary.com/
Source: Screenpresso.exeString found in binary or memory: https://console.aws.amazon.com/s3/home?region=
Source: Screenpresso.exeString found in binary or memory: https://content.dropboxapi.com/2/files/upload1application/octet-stream
Source: Screenpresso.exeString found in binary or memory: https://drive.google.comADriveAccountForm.FillFromAccount=DriveAccountForm_StatusChanged
Source: Screenpresso.exeString found in binary or memory: https://imgur.com/(https://imgur.com/a/2https://imgur.com/delete/
Source: Screenpresso.exeString found in binary or memory: https://imgur.com/a/
Source: Screenpresso.exeString found in binary or memory: https://imgur.com/delete/
Source: Screenpresso.exeString found in binary or memory: https://imgur.com/registerOSend
Source: Screenpresso.exeString found in binary or memory: https://linear.app/oauth/authorizeA3ad1f10b0506bc179fdbd36023a76dd7
Source: Screenpresso.exeString found in binary or memory: https://linear.app/oauth/authorizeDhttps://api.linear.app/oauth/token
Source: Screenpresso.exeString found in binary or memory: https://linear.app/signupCLinearAccountForm.FillFromAccountQSend
Source: Screenpresso.exeString found in binary or memory: https://login.live.com
Source: Screenpresso.exeString found in binary or memory: https://login.live.com/oauth20_desktop.srfIOneNoteHelper.DoAuthorizationProcess
Source: Screenpresso.exeString found in binary or memory: https://onedrive.live.com
Source: Screenpresso.exeString found in binary or memory: https://stats.screenpresso.com
Source: Screenpresso.exeString found in binary or memory: https://stats.screenpresso.com/?ver=1.0
Source: Screenpresso.exeString found in binary or memory: https://twitter.com/signup;lblTwitterAccountExplanation2
Source: Screenpresso.exeString found in binary or memory: https://webapi.screenpresso.com/v1/2checkout?quantity=1&product=697641F92F)GetOnlinePrices
Source: Screenpresso.exeString found in binary or memory: https://webapi.screenpresso.com/v1/2checkout?quantity=1&product=697641F92FP3hhoG2C8SZ906286EiEmfCMAk
Source: Screenpresso.exeString found in binary or memory: https://webapi.screenpresso.com/v1/2checkout?quantity=1&product=DEFAB97691
Source: Screenpresso.exeString found in binary or memory: https://webapi.screenpresso.com/v1/2checkoutKBackgroundWorkerRetrievePrices_DoWorkcBackgroundWorkerR
Source: Screenpresso.exeString found in binary or memory: https://www.dropbox.com/home
Source: Screenpresso.exeString found in binary or memory: https://www.dropbox.com/oauth2/authorize?client_id=
Source: Screenpresso.exeString found in binary or memory: https://www.dropbox.com/registerEDropboxAccountForm.FillFromAccountSSend
Source: Screenpresso.exeString found in binary or memory: https://www.evernote.com
Source: Screenpresso.exeString found in binary or memory: https://www.evernote.com/Home.action#v=t&n=
Source: Screenpresso.exeString found in binary or memory: https://www.evernote.com/Login.action?targetUrl=/Home.action
Source: Screenpresso.exeString found in binary or memory: https://www.evernote.com/OAuth.action?oauth_token=
Source: Screenpresso.exeString found in binary or memory: https://www.evernote.com/Registration.action?code=screenpresso
Source: Screenpresso.exeString found in binary or memory: https://www.evernote.com/edam/user
Source: Screenpresso.exeString found in binary or memory: https://www.evernote.com/oauth?oauth_callback=Khttps://www.screenpresso.com/evernote#screenpresso-08
Source: Screenpresso.exeString found in binary or memory: https://www.evernote.com/oauth?oauth_verifier=M
Source: Screenpresso.exeString found in binary or memory: https://www.evernote.com/oauthJhttps://www.evernote.com/OAuth.actionDhttps://www.evernote.com/edam/u
Source: Screenpresso.exeString found in binary or memory: https://www.evernote.com/shard/
Source: Screenpresso.exeString found in binary or memory: https://www.google-analytics.com/__utm.gif?utmwv=4.5.7
Source: Screenpresso.exeString found in binary or memory: https://www.onenote.com/api/v1.0/pages
Source: Screenpresso.exeString found in binary or memory: https://www.onenote.comEOneNoteAccountForm.FillFromAccountUSend
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/api/v1/license
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/api/v1/license-validation
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/api/v1/ping/application/json
Source: Screenpresso.exe, 00000000.00000002.3337557460.0000018F00001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.screenpresso.com/binaries/version4.xml
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/binaries/version4.xmlASafeApplyPermissionsFromSettings
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/binaries/versionbeta4.xml
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/chrome-extension/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/cloud-terms-of-use/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/de/chrome-extension/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/de/cloud-terms-of-use/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/de/installation-subersicht/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/de/nach-dem-kauf-umfrage/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/de/support/update-included/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/de/uninstall-umfrage/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/docs/mhttps://www.screenpresso.com/docs/ScreenpressoHelp.pdfkhttps://ww
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/fr/Ahttps://www.screenpresso.com/de/Ahttps://www.screenpresso.com/ja/Qh
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/fr/cloud-terms-of-use/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/fr/sondage-apres-achat/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/fr/sondage-desinstallation/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/install-survey/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/ja/%E3%82%B5%E3%83%9D%E3%83%BC%E3%83%88/Khttps://www.screenpresso.com/s
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/ja/%E3%82%B5%E3%83%9D%E3%83%BC%E3%83%88/update-included/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/ja/%E3%83%80%E3%82%A6%E3%83%B3%E3%83%AD%E3%83%BC%E3%83%89/Mhttps://www.
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/ja/%E4%BE%A1%E6%A0%BC%E8%A8%AD%E5%AE%9A/Khttps://www.screenpresso.com/p
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/ja/chrome-extension/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/ja/cloud-terms-of-use/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/lost-key/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/mobility
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/oauth_callback1LinearSharingForm.OnSend5LinearSharingForm.OnCancelQLine
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/purchase-survey/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/releases/9LnkActivationKey_LinkClicked
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/support/recording-error/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/support/update-included/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/uninstall-survey/
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.com/upgrade/?key=
Source: Screenpresso.exeString found in binary or memory: https://www.screenpresso.comVhttps://www.screenpresso.com/api/v1/licenselhttps://www.screenpresso.co
Source: Screenpresso.exeString found in binary or memory: https://www.youtube.com/results?search_query=screenpressoQSettingsForm.LnkSharingDemos_LinkClicked
Source: Screenpresso.exeString found in binary or memory: https://www.youtube.com/watch?v=Chttps://studio.youtube.com/video/)chkGeneratePublicUrl
Source: Screenpresso.exeString found in binary or memory: https://www.youtube.com/watch?v=pssN7gWXfVs
Source: Screenpresso.exeString found in binary or memory: https://www.youtube.comEYouTubeAccountForm.FillFromAccountAYouTubeAccountForm_StatusChangedUSend
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF848DC7BE50_2_00007FF848DC7BE5
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF848DCA5720_2_00007FF848DCA572
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8490875A90_2_00007FF8490875A9
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849086FFA0_2_00007FF849086FFA
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84907642C0_2_00007FF84907642C
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849075B100_2_00007FF849075B10
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849087B700_2_00007FF849087B70
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8490753D80_2_00007FF8490753D8
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84907F1190_2_00007FF84907F119
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849087C760_2_00007FF849087C76
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8490753D00_2_00007FF8490753D0
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849182AD50_2_00007FF849182AD5
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8491929340_2_00007FF849192934
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84917A18D0_2_00007FF84917A18D
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8491800D30_2_00007FF8491800D3
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84918FF230_2_00007FF84918FF23
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84918FB070_2_00007FF84918FB07
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849176BE70_2_00007FF849176BE7
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84917EE550_2_00007FF84917EE55
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8491802B20_2_00007FF8491802B2
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8491901020_2_00007FF849190102
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84917FD000_2_00007FF84917FD00
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84917F5D80_2_00007FF84917F5D8
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8492669040_2_00007FF849266904
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8492654550_2_00007FF849265455
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8493902700_2_00007FF849390270
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8493866070_2_00007FF849386607
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8493849710_2_00007FF849384971
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84938EFF80_2_00007FF84938EFF8
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84938FBFB0_2_00007FF84938FBFB
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84937FB520_2_00007FF84937FB52
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84938FC180_2_00007FF84938FC18
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849356BE70_2_00007FF849356BE7
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849354DB70_2_00007FF849354DB7
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8493601DB0_2_00007FF8493601DB
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84936FF230_2_00007FF84936FF23
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84935EE550_2_00007FF84935EE55
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8493601F90_2_00007FF8493601F9
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8493701020_2_00007FF849370102
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84935FD000_2_00007FF84935FD00
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84935F5D80_2_00007FF84935F5D8
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84945BBEA0_2_00007FF84945BBEA
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8494540990_2_00007FF849454099
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84945A8FA0_2_00007FF84945A8FA
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849463AEA0_2_00007FF849463AEA
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8494732A00_2_00007FF8494732A0
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8494689C50_2_00007FF8494689C5
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84946C5AC0_2_00007FF84946C5AC
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849473C4B0_2_00007FF849473C4B
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84946A65C0_2_00007FF84946A65C
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84946AEDC0_2_00007FF84946AEDC
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84946B6AC0_2_00007FF84946B6AC
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849472D1C0_2_00007FF849472D1C
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8494730500_2_00007FF849473050
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849473C680_2_00007FF849473C68
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84946307C0_2_00007FF84946307C
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84946BFEC0_2_00007FF84946BFEC
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849458F2C0_2_00007FF849458F2C
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849394AF50_2_00007FF849394AF5
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849184D6D0_2_00007FF849184D6D
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849184D8F0_2_00007FF849184D8F
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849174C0F0_2_00007FF849174C0F
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849174BBC0_2_00007FF849174BBC
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849194BBD0_2_00007FF849194BBD
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849374D480_2_00007FF849374D48
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849362DC50_2_00007FF849362DC5
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8493650D60_2_00007FF8493650D6
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8490700780_2_00007FF849070078
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84907AF380_2_00007FF84907AF38
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84908C3B10_2_00007FF84908C3B1
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849478B450_2_00007FF849478B45
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849478B400_2_00007FF849478B40
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84926B3610_2_00007FF84926B361
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: IsUseOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UseOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: get_DiscardOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: set_DiscardOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: get_OriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: set_OriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: useOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: DiscardOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F7A4B6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameScreenpressoRpc.exe: vs Screenpresso.exe
Source: Screenpresso.exeBinary or memory string: IsUseOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exeBinary or memory string: UseOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exeBinary or memory string: get_DiscardOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exeBinary or memory string: set_DiscardOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exeBinary or memory string: get_OriginalFilename vs Screenpresso.exe
Source: Screenpresso.exeBinary or memory string: set_OriginalFilename vs Screenpresso.exe
Source: Screenpresso.exeBinary or memory string: useOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exeBinary or memory string: DiscardOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exeBinary or memory string: OriginalFilename vs Screenpresso.exe
Source: Screenpresso.exeBinary or memory string: OriginalFilenameScreenpressoAdmin.exe: vs Screenpresso.exe
Source: classification engineClassification label: clean2.winEXE@1/3@0/0
Source: C:\Users\user\Desktop\Screenpresso.exeFile created: C:\Users\user\Desktop\ScreenpressoTest.exeJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeMutant created: NULL
Source: C:\Users\user\Desktop\Screenpresso.exeMutant created: \Sessions\1\BaseNamedObjects\Screenpresso
Source: C:\Users\user\Desktop\Screenpresso.exeMutant created: \Sessions\1\BaseNamedObjects\LearnPulse.XLogger
Source: C:\Users\user\Desktop\Screenpresso.exeFile created: C:\Users\user\AppData\Local\Temp\Screenpresso.logJump to behavior
Source: Screenpresso.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Screenpresso.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\Screenpresso.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Screenpresso.exeString found in binary or memory: 35-StopVideoRecordingVfw2
Source: Screenpresso.exeString found in binary or memory: 46-StopVideoRecordingVfw1IF447B69E-1884-4A7E-8055-346F74D6EDB3
Source: Screenpresso.exeString found in binary or memory: install-Installer.SetAutoStart
Source: Screenpresso.exeString found in binary or memory: cscript.exe)Installer.AutoDelete-InstallScreenpressoRpc'ScreenpressoRpc.exeAInstallScreenpressoBrowserNative
Source: Screenpresso.exeString found in binary or memory: InstallCodec-Installer.InstallCodec#InstallSoundFiles#InstallReferences
Source: Screenpresso.exeString found in binary or memory: ffmpeg/InstallVideoPackPrivatewhttps://cdn.screenpresso.com/binaries/ffmpeg32_20160531.zip
Source: Screenpresso.exeString found in binary or memory: djxl.exe/InstallImagePackPrivate
Source: Screenpresso.exeString found in binary or memory: /installContextMenuStrip)tsInstallForAllUsers?Install to Program Files folder
Source: Screenpresso.exeString found in binary or memory: Linux!GA Tracker 4.36 /LoadAllTrackersFromFile
Source: Screenpresso.exeString found in binary or memory: -startup
Source: Screenpresso.exeString found in binary or memory: /Installazione richiesta+
Source: Screenpresso.exeString found in binary or memory: 'Instalacja wymagana/Installation n
Source: Screenpresso.exeString found in binary or memory: mKlawisz [{0}] do uruchomienia i zatrzymania nagrywaniaUTast [{0}] for at starte/stoppe optagelseno[{0}] gomb a felv
Source: Screenpresso.exeString found in binary or memory: mKlawisz [{0}] do uruchomienia i zatrzymania nagrywaniaUTast [{0}] for at starte/stoppe optagelseno[{0}] gomb a felv
Source: Screenpresso.exeString found in binary or memory: -Start opptaket p
Source: Screenpresso.exeString found in binary or memory: -installer le Framework .NET.
Source: Screenpresso.exeString found in binary or memory: www.dropbox.com3dl.dropboxusercontent.comShttps://api.dropboxapi.com/2/files/delete9DropboxSharingForm.OnClosing3DropboxSharingForm.OnSend7DropboxSharingForm.OnCancel-Helper_ProgressChanged;DropboxHelper_ProgressChangedSDropboxSharingForm.Helper_ProgressChangedODropboxSharingForm.Helper_StatusChanged%DropboxSharingFormYDropboxSharingUc.TreeViewFolder_BeforeExpandYDropboxSharingUc.TreeViewFolder_BeforeSelectWDropboxSharingUc.TreeViewFolder_AfterSelect7DropboxHelper_StatusChangedYDropboxSharingUc.DropboxHelper_StatusChanged+chkGeneratePublicLink!DropboxSharingUc
Source: Screenpresso.exeString found in binary or memory: ,ids=Khttps://api.imgur.com/3/album/{0}/add5album:https://imgur.com/a/
Source: Screenpresso.exeString found in binary or memory: Ehttps://www.screenpresso.com/docs/mhttps://www.screenpresso.com/docs/ScreenpressoHelp.pdfkhttps://www.screenpresso.com/fr/sondage-installation/
Source: Screenpresso.exeString found in binary or memory: qhttps://www.screenpresso.com/de/installation-subersicht/
Source: Screenpresso.exeString found in binary or memory: Yhttps://www.screenpresso.com/install-survey/
Source: Screenpresso.exeString found in binary or memory: --help
Source: Screenpresso.exeString found in binary or memory: --help
Source: Screenpresso.exeString found in binary or memory: IF294ACFC-3146-4483-A7BF-ADDCA7C260E2
Source: Screenpresso.exeString found in binary or memory: /data!/data/local/bin/07553{0}/busybox --install {0}
Source: Screenpresso.exeString found in binary or memory: shareNote_args(!shareNote_result#shareNote_result()stopSharingNote_args+stopSharingNote_args(-stopSharingNote_result/stopSharingNote_result(;authenticateToSharedNote_args
Source: Screenpresso.exeString found in binary or memory: shareNote_args(!shareNote_result#shareNote_result()stopSharingNote_args+stopSharingNote_args(-stopSharingNote_result/stopSharingNote_result(;authenticateToSharedNote_args
Source: Screenpresso.exeString found in binary or memory: shareNote_args(!shareNote_result#shareNote_result()stopSharingNote_args+stopSharingNote_args(-stopSharingNote_result/stopSharingNote_result(;authenticateToSharedNote_args
Source: Screenpresso.exeString found in binary or memory: $F294ACFC-3146-4483-A7BF-ADDCA7C260E2
Source: Screenpresso.exeString found in binary or memory: $F294ACFC-3146-4483-A7BF-ADDCA7C260E2)
Source: Screenpresso.exeString found in binary or memory: $a0a7a57b-59b2-4919-a694-add0a526c373
Source: Screenpresso.exeString found in binary or memory: 30https://api.imgur.com/3/Dhttps://api.imgur.com/3/account/meRhttps://api.imgur.com/3/account/me/albums:https://api.imgur.com/3/imageJhttps://api.imgur.com/3/album/{0}/add$https://imgur.com/(https://imgur.com/a/2https://imgur.com/delete/
Source: Screenpresso.exeString found in binary or memory: /ADD#
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: msvcp140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: mfplat.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: rtworkq.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exeAutomated click: I accept the license
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\Screenpresso.exeWindow detected: I &accept the licenseSoftware License AgreementVERY IMPORTANT READ CAREFULLY:This Screenpresso Software License Agreement (hereinafter this LICENSE ) is a legal agreement between you (either an individual or a single entity) and Learnpulse SAS. ( Screenpresso ) for the software containing this LICENSE or products identified on the Screenpresso.com web site on the disk or CD-ROM enclosed with the package which contain computer software and associated media and printed materials and may include on-line or electronic documentation (the SOFTWARE ) and for which the activation-Key(s) are either provided on the back of the enclosed CD case or obtained through Learnpulse or its authorized distributor.IT IS NECESSARY FOR YOU TO AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE BEFORE YOU ARE PERMITTED TO CONTINUE TO INSTALL THE SOFTWARE. BY CLICKING THE I ACCEPT BUTTON OR BY INSTALLING COPYING OR OTHERWISE USING THE SOFTWARE YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE INCLUDING THE WARRANTY DISCLAIMERS LIMITATIONS ON LIABILITY AND TERMINATION PROVISIONS.If you do not agree to the terms of this LICENSE close this window to EXIT NOW.I. OWNERSHIP; LICENSE GRANT.This is a license agreement and NOT an agreement for sale. Learnpulse continues to own the copy of the SOFTWARE contained on the web site disk or CD-ROM and all copies thereof. Your rights to the SOFTWARE are specified in this LICENSE and Learnpulse retains all rights not expressly granted to you in this LICENSE. Learnpulse hereby grants to you and you accept a non-exclusive non-transferable license to use copy and modify the SOFTWARE only as authorized below.II. PERMITTED USES.This LICENSE grants you the following rights:A. The SOFTWARE can be used for personal usage (at home) as well as for commercial usage (at work) with and without license key. The following restriction apply for unregistered users (if no license key is found) : Screenpresso is updated each time a new version of Screenpresso is released. This requires that Internet network must be operational: firewall and other HTTP traffic management must not be used to block updates of Screenpresso.III. PRIVACY POLICYRefer to Privacy Policy.IV. PROHIBITED USES.You may not without the prior written permission of Learnpulse:A. Disassemble decompile or unlock decode or otherwise reverse translate or engineer or attempt in any manner to reconstruct or discover any source code or underlying algorithms of SOFTWARE provided in object code form only.B. Use copy modify or merge copies of the SOFTWARE and any accompanying documents except as permitted in this LICENSE.C. Transfer rent lease or sublicense the SOFTWARE.D. Distribute the SOFTWARE in a run-time.E. Distribute the SOFTWARE via a public Internet access.V. COPYRIGHT.All title and copyrights in and to the SOFTWARE (including but not limited to any images photographs animation video audio music text and applets incorporated into the SOFTWARE) and the accompanying prin
Source: C:\Users\user\Desktop\Screenpresso.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: Screenpresso.exeStatic PE information: certificate valid
Source: Screenpresso.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: Screenpresso.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: Screenpresso.exeStatic file information: File size 20370440 > 1048576
Source: Screenpresso.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1345800
Source: Screenpresso.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Screenpresso.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\git\screenpresso\ScreenpressoAdmin\src\obj\Release\net48\ScreenpressoAdmin.pdbSHA256wY source: Screenpresso.exe
Source: Binary string: C:\git\screenpresso\Screenpresso\src\obj\Release\net48\Screenpresso.pdb source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F7A53B000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\git\screenpresso\Screenpresso\src\obj\Release\net48\Screenpresso.pdb~ source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F7A53B000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\git\screenpresso\ScreenpressoAdmin\src\obj\Release\net48\ScreenpressoAdmin.pdb source: Screenpresso.exe
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF848DBAE8C push eax; retf 0_2_00007FF848DBB40D
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF848DB7923 push ebx; retf 0_2_00007FF848DB796A
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF848DBB376 push eax; retf 0_2_00007FF848DBB40D
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF848DCBCFB push FFFFFFE8h; retf 0_2_00007FF848DCBDF1
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF848DB00BD pushad ; iretd 0_2_00007FF848DB00C1
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84918BA7D push cs; retf 0_2_00007FF84918BA7E
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84918BAED push cs; retf 0_2_00007FF84918BAEE
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849195F18 pushad ; ret 0_2_00007FF849195F19
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849390260 push ss; retf 0_2_00007FF849390261
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84938B31C push ss; retf 0_2_00007FF84938B31E
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84938B38C push ss; retf 0_2_00007FF84938B38E
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84935B418 push esp; ret 0_2_00007FF84935B419
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84935AC1B push ecx; retf 0_2_00007FF84935AC1C
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF8493601F9 push esp; ret 0_2_00007FF849366139
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF849362CE2 push E8000003h; ret 0_2_00007FF849362CE9
Source: C:\Users\user\Desktop\Screenpresso.exeCode function: 0_2_00007FF84947AC5E push cs; retf 0_2_00007FF84947AC5F
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeMemory allocated: 18F7A8A0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeMemory allocated: 18F7C2C0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeWindow / User API: threadDelayed 1989Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeWindow / User API: threadDelayed 6484Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe TID: 6128Thread sleep time: -29514790517935264s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe TID: 6128Thread sleep time: -35000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Screenpresso.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeQueries volume information: C:\Users\user\Desktop\Screenpresso.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
DLL Side-Loading		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Disable or Modify Tools		LSASS Memory32
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)32
Virtualization/Sandbox Evasion		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS12
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Screenpresso.exe0%ReversingLabs
Screenpresso.exe0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
http://schemas.xmlsoap.org/soap/encoding/0%URL Reputationsafe
http://videojs.com/0%URL Reputationsafe
https://api.onedrive.com/v1.0Fhttps://api.onedrive.com/v1.0/drivePhttps://api.onedrive.com/v1.0/driv0%VirustotalBrowse
https://www.screenpresso.com/api/v1/ping/application/json0%VirustotalBrowse
https://www.screenpresso.com/ja/chrome-extension/0%VirustotalBrowse
https://linear.app/oauth/authorizeA3ad1f10b0506bc179fdbd36023a76dd70%VirustotalBrowse
https://www.evernote.com/shard/0%VirustotalBrowse
https://stats.screenpresso.com/?ver=1.00%VirustotalBrowse
https://api.linear.app/graphql0%VirustotalBrowse
https://api.dropboxapi.com/2/users/get_space_usage0%VirustotalBrowse
https://api.twitter.com/oauth/access_tokenwhttps://api.twitter.com/1.1/account/verify_credentials.js0%VirustotalBrowse
https://webapi.screenpresso.com/v1/2checkout?quantity=1&product=697641F92FP3hhoG2C8SZ906286EiEmfCMAk0%VirustotalBrowse
https://www.screenpresso.com/de/nach-dem-kauf-umfrage/0%VirustotalBrowse
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html0%VirustotalBrowse
https://api.screenpresso.com/2/delete0%VirustotalBrowse
https://www.screenpresso.com/upgrade/?key=0%VirustotalBrowse
https://www.evernote.com/Registration.action?code=screenpresso0%VirustotalBrowse
https://www.evernote.com0%VirustotalBrowse
https://www.screenpresso.com/fr/sondage-apres-achat/0%VirustotalBrowse
http://DirectShowNet.SourceForge.net0%VirustotalBrowse
https://www.screenpresso.com/ja/%E4%BE%A1%E6%A0%BC%E8%A8%AD%E5%AE%9A/Khttps://www.screenpresso.com/p0%VirustotalBrowse
https://api.imgur.com/oauth2/authorize0%VirustotalBrowse
https://linear.app/signupCLinearAccountForm.FillFromAccountQSend0%VirustotalBrowse
https://www.screenpresso.com/ja/%E3%82%B5%E3%83%9D%E3%83%BC%E3%83%88/update-included/0%VirustotalBrowse
https://www.screenpresso.com/docs/mhttps://www.screenpresso.com/docs/ScreenpressoHelp.pdfkhttps://ww0%VirustotalBrowse
https://api.twitter.com/0%VirustotalBrowse
https://www.screenpresso.com/binaries/versionbeta4.xml0%VirustotalBrowse
https://www.screenpresso.com0%VirustotalBrowse
https://www.screenpresso.com/purchase-survey/0%VirustotalBrowse
https://api.linear.app/oauth/token0%VirustotalBrowse
https://imgur.com/(https://imgur.com/a/2https://imgur.com/delete/0%VirustotalBrowse
https://www.screenpresso.com/binaries/version4.xmlASafeApplyPermissionsFromSettings0%VirustotalBrowse
https://www.screenpresso.com/releases/9LnkActivationKey_LinkClicked0%VirustotalBrowse
https://aws.amazon.com0%VirustotalBrowse
https://api.imgur.com/oauth2/Lhttps://api.imgur.com/oauth2/authorizeDhttps://api.imgur.com/oauth2/to0%VirustotalBrowse
https://cloudinary.com/0%VirustotalBrowse
https://www.screenpresso.com/support/recording-error/0%VirustotalBrowse
https://www.screenpresso.com/fr/Ahttps://www.screenpresso.com/de/Ahttps://www.screenpresso.com/ja/Qh0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://www.evernote.com/shard/Screenpresso.exefalseunknown
https://www.screenpresso.com/ja/chrome-extension/Screenpresso.exefalseunknown
https://api.twitter.com/oauth/access_tokenwhttps://api.twitter.com/1.1/account/verify_credentials.jsScreenpresso.exefalseunknown
https://www.screenpresso.com/api/v1/ping/application/jsonScreenpresso.exefalseunknown
https://api.onedrive.com/v1.0Fhttps://api.onedrive.com/v1.0/drivePhttps://api.onedrive.com/v1.0/drivScreenpresso.exefalseunknown
https://linear.app/oauth/authorizeA3ad1f10b0506bc179fdbd36023a76dd7Screenpresso.exefalseunknown
https://stats.screenpresso.com/?ver=1.0Screenpresso.exefalseunknown
https://api.linear.app/graphqlScreenpresso.exefalseunknown
https://api.dropboxapi.com/2/users/get_space_usageScreenpresso.exefalseunknown
https://webapi.screenpresso.com/v1/2checkout?quantity=1&product=697641F92FP3hhoG2C8SZ906286EiEmfCMAkScreenpresso.exefalseunknown
https://www.screenpresso.com/de/nach-dem-kauf-umfrage/Screenpresso.exefalseunknown
https://www.onenote.comEOneNoteAccountForm.FillFromAccountUSendScreenpresso.exefalse
    		unknown
    http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.htmlScreenpresso.exefalseunknown
    https://api.screenpresso.com/2/deleteScreenpresso.exefalseunknown
    https://www.screenpresso.com/ja/%E4%BE%A1%E6%A0%BC%E8%A8%AD%E5%AE%9A/Khttps://www.screenpresso.com/pScreenpresso.exefalseunknown
    https://www.screenpresso.com/upgrade/?key=Screenpresso.exefalseunknown
    https://www.evernote.com/Registration.action?code=screenpressoScreenpresso.exefalseunknown
    https://www.evernote.comScreenpresso.exefalseunknown
    https://www.screenpresso.com/fr/sondage-apres-achat/Screenpresso.exefalseunknown
    https://linear.app/signupCLinearAccountForm.FillFromAccountQSendScreenpresso.exefalseunknown
    https://api.imgur.com/oauth2/authorizeScreenpresso.exefalseunknown
    https://www.screenpresso.com/ja/%E3%82%B5%E3%83%9D%E3%83%BC%E3%83%88/update-included/Screenpresso.exefalseunknown
    http://DirectShowNet.SourceForge.netScreenpresso.exefalseunknown
    https://www.screenpresso.com/binaries/version4.xmlASafeApplyPermissionsFromSettingsScreenpresso.exefalseunknown
    https://www.screenpresso.com/docs/mhttps://www.screenpresso.com/docs/ScreenpressoHelp.pdfkhttps://wwScreenpresso.exefalseunknown
    https://drive.google.comADriveAccountForm.FillFromAccount=DriveAccountForm_StatusChangedScreenpresso.exefalse
      		unknown
      http://DirectShowNet.SourceForge.netDScreenpresso.exefalse
        		unknown
        https://www.screenpresso.com/binaries/versionbeta4.xmlScreenpresso.exefalseunknown
        https://api.twitter.com/Screenpresso.exefalseunknown
        https://api.linear.app/oauth/tokenScreenpresso.exefalseunknown
        https://www.youtube.com/results?search_query=screenpressoQSettingsForm.LnkSharingDemos_LinkClickedScreenpresso.exefalse
          		unknown
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameScreenpresso.exe, 00000000.00000002.3337557460.0000018F000DF000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://api.imgur.com/oauth2/Lhttps://api.imgur.com/oauth2/authorizeDhttps://api.imgur.com/oauth2/toScreenpresso.exefalseunknown
          https://cloudinary.com/Screenpresso.exefalseunknown
          https://www.screenpresso.comScreenpresso.exefalseunknown
          https://imgur.com/(https://imgur.com/a/2https://imgur.com/delete/Screenpresso.exefalseunknown
          https://www.screenpresso.com/purchase-survey/Screenpresso.exefalseunknown
          http://schemas.xmlsoap.org/soap/encoding/Screenpresso.exe, 00000000.00000002.3337557460.0000018F000F8000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://www.screenpresso.com/releases/9LnkActivationKey_LinkClickedScreenpresso.exefalseunknown
          https://aws.amazon.comScreenpresso.exefalseunknown
          https://www.screenpresso.com/fr/Ahttps://www.screenpresso.com/de/Ahttps://www.screenpresso.com/ja/QhScreenpresso.exefalseunknown
          https://www.screenpresso.com/support/recording-error/Screenpresso.exefalseunknown
          https://www.screenpresso.com/cloud-terms-of-use/Screenpresso.exefalse
            		unknown
            https://www.screenpresso.com/lost-key/Screenpresso.exefalse
              		unknown
              http://xml.evernote.com/pub/enml.dtdScreenpresso.exefalse
                		unknown
                https://www.screenpresso.com/api/v1/license-validationScreenpresso.exefalse
                  		unknown
                  https://webapi.screenpresso.com/v1/2checkout?quantity=1&product=DEFAB97691Screenpresso.exefalse
                    		unknown
                    https://imgur.com/registerOSendScreenpresso.exefalse
                      		unknown
                      https://www.screenpresso.com/ja/cloud-terms-of-use/Screenpresso.exefalse
                        		unknown
                        https://cdn.screenpresso.com/binaries/tesseract64_20231203.zipvhttps://cdn.screenpresso.com/binariesScreenpresso.exefalse
                          		unknown
                          https://www.youtube.com/watch?v=Chttps://studio.youtube.com/video/)chkGeneratePublicUrlScreenpresso.exefalse
                            		unknown
                            https://www.youtube.com/watch?v=pssN7gWXfVsScreenpresso.exefalse
                              		unknown
                              https://api.dropboxapi.com/2/files/list_folderohttps://api.dropboxapi.com/2/files/list_folder/continScreenpresso.exefalse
                                		unknown
                                http://videojs.com/Screenpresso.exefalse
                                • URL Reputation: safe
                                		unknown
                                https://api.screenpresso.com/1/Jhttps://api.screenpresso.com/1/uploadScreenpresso.exefalse
                                  		unknown
                                  https://api.dropboxapi.com/2/sharing/create_shared_link_with_settingsScreenpresso.exefalse
                                    		unknown
                                    https://www.screenpresso.com/de/uninstall-umfrage/Screenpresso.exefalse
                                      		unknown
                                      https://api.twitter.com/oauth/Vhttps://api.twitter.com/oauth/request_tokenhhttps://api.twitter.com/oScreenpresso.exefalse
                                        		unknown
                                        http://flowplayer.orgScreenpresso.exefalse
                                          		unknown
                                          https://www.screenpresso.com/fr/cloud-terms-of-use/Screenpresso.exefalse
                                            		unknown
                                            http://api.bitly.com/v3/shorten?login=Screenpresso.exefalse
                                              		unknown
                                              https://console.aws.amazon.com/s3/home?region=Screenpresso.exefalse
                                                		unknown
                                                https://www.screenpresso.com/de/installation-subersicht/Screenpresso.exefalse
                                                  		unknown
                                                  https://www.screenpresso.com/chrome-extension/Screenpresso.exefalse
                                                    		unknown
                                                    https://linear.app/oauth/authorizeDhttps://api.linear.app/oauth/tokenScreenpresso.exefalse
                                                      		unknown
                                                      http://maps.google.com/?ll=Screenpresso.exefalse
                                                        		unknown
                                                        https://stats.screenpresso.comScreenpresso.exefalse
                                                          		unknown
                                                          https://www.youtube.comEYouTubeAccountForm.FillFromAccountAYouTubeAccountForm_StatusChangedUSendScreenpresso.exefalse
                                                            		unknown
                                                            https://api.dropboxapi.com/oauth2/tokenCapplication/x-www-form-urlencodedScreenpresso.exefalse
                                                              		unknown
                                                              https://imgur.com/delete/Screenpresso.exefalse
                                                                		unknown
                                                                https://api.imgur.com/3/Dhttps://api.imgur.com/3/account/meRhttps://api.imgur.com/3/account/me/albumScreenpresso.exefalse
                                                                  		unknown
                                                                  https://content.dropboxapi.com/2/files/upload1application/octet-streamScreenpresso.exefalse
                                                                    		unknown
                                                                    https://www.screenpresso.com/api/v1/licenseScreenpresso.exefalse
                                                                      		unknown
                                                                      https://www.evernote.com/oauth?oauth_verifier=MScreenpresso.exefalse
                                                                        		unknown
                                                                        https://api.onedrive.com/v1.0/drive/root:/Screenpresso.exefalse
                                                                          		unknown
                                                                          https://www.screenpresso.com/mobilityScreenpresso.exefalse
                                                                            		unknown
                                                                            https://cdn.screenpresso.com/binaries/imagepack_20231211.zipScreenpresso.exefalse
                                                                              		unknown
                                                                              https://api.onedrive.com/v1.0/drive/items/Screenpresso.exefalse
                                                                                		unknown
                                                                                https://webapi.screenpresso.com/v1/2checkout?quantity=1&product=697641F92F)GetOnlinePricesScreenpresso.exefalse
                                                                                  		unknown
                                                                                  https://api.twitter.com/1.1/statuses/update_with_media.jsonScreenpresso.exefalse
                                                                                    		unknown
                                                                                    https://apis.live.net/v5.0Screenpresso.exefalse
                                                                                      		unknown
                                                                                      https://www.screenpresso.com/uninstall-survey/Screenpresso.exefalse
                                                                                        		unknown
                                                                                        https://www.screenpresso.comVhttps://www.screenpresso.com/api/v1/licenselhttps://www.screenpresso.coScreenpresso.exefalse
                                                                                          		unknown
                                                                                          http://zxingnet.codeplex.com/)Screenpresso.exefalse
                                                                                            		unknown
                                                                                            https://api.onedrive.com/v1.0/driveihttps://api.onedrive.com/v1.0/drive/rootScreenpresso.exefalse
                                                                                              		unknown
                                                                                              https://api.imgur.com/oauth2/tokenShttps://api.imgur.com/3/account/me/albums;https://api.imgur.com/3Screenpresso.exefalse
                                                                                                		unknown
                                                                                                https://www.screenpresso.com/fr/sondage-desinstallation/Screenpresso.exefalse
                                                                                                  		unknown
                                                                                                  https://webapi.screenpresso.com/v1/2checkoutKBackgroundWorkerRetrievePrices_DoWorkcBackgroundWorkerRScreenpresso.exefalse
                                                                                                    		unknown
                                                                                                    https://api.cloudinary.comScreenpresso.exefalse
                                                                                                      		unknown
                                                                                                      https://www.screenpresso.com/support/update-included/Screenpresso.exefalse
                                                                                                        		unknown
                                                                                                        https://www.evernote.com/OAuth.action?oauth_token=Screenpresso.exefalse
                                                                                                          		unknown
                                                                                                          http://www.screenpresso.com/?utm_source=Video%2BPlayer&utm_medium=Link&utm_campaign=Video%2BPlayerScreenpresso.exefalse
                                                                                                            		unknown
                                                                                                            https://api.imgur.com/3/album/Screenpresso.exefalse
                                                                                                              		unknown
                                                                                                              https://onedrive.live.comScreenpresso.exefalse
                                                                                                                		unknown
                                                                                                                http://flowplayer.org/download/license_gpl.htmScreenpresso.exefalse
                                                                                                                  		unknown
                                                                                                                  https://api.twitter.com/oauth/authorize?oauth_token=YrequestTokenScreenpresso.exefalse
                                                                                                                    		unknown
                                                                                                                    https://imgur.com/a/Screenpresso.exefalse
                                                                                                                      		unknown
                                                                                                                      https://www.dropbox.com/oauth2/authorize?client_id=Screenpresso.exefalse
                                                                                                                        		unknown
                                                                                                                        https://api.screenpresso.com/1/uploadScreenpresso.exefalse
                                                                                                                          		unknown
                                                                                                                          https://www.screenpresso.com/de/cloud-terms-of-use/Screenpresso.exefalse
                                                                                                                            		unknown

                                                                                                                            World Map of Contacted IPs

                                                                                                                            No contacted IP infos

                                                                                                                            General Information

                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                            Analysis ID:1531355
                                                                                                                            Start date and time:2024-10-11 05:02:43 +02:00
                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                            Overall analysis duration:0h 7m 10s
                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                            Report type:full
                                                                                                                            Cookbook file name:default.jbs
                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                            Number of analysed new started processes analysed:5
                                                                                                                            Number of new started drivers analysed:0
                                                                                                                            Number of existing processes analysed:0
                                                                                                                            Number of existing drivers analysed:0
                                                                                                                            Number of injected processes analysed:0
                                                                                                                            Technologies:
                                                                                                                            • HCA enabled
                                                                                                                            • EGA enabled
                                                                                                                            • AMSI enabled
                                                                                                                            Analysis Mode:default
                                                                                                                            Analysis stop reason:Timeout
                                                                                                                            Sample name:Screenpresso.exe
                                                                                                                            Detection:CLEAN
                                                                                                                            Classification:clean2.winEXE@1/3@0/0
                                                                                                                            EGA Information:Failed
                                                                                                                            HCA Information:Failed
                                                                                                                            Cookbook Comments:
                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                            Warnings

                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                            • Execution Graph export aborted for target Screenpresso.exe, PID 6772 because it is empty
                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                            Simulations

                                                                                                                            Behavior and APIs

                                                                                                                            No simulations

                                                                                                                            Joe Sandbox View / Context

                                                                                                                            IPs

                                                                                                                            No context

                                                                                                                            Domains

                                                                                                                            No context

                                                                                                                            ASNs

                                                                                                                            No context

                                                                                                                            JA3 Fingerprints

                                                                                                                            No context

                                                                                                                            Dropped Files

                                                                                                                            No context

                                                                                                                            Created / dropped Files

                                                                                                                            C:\Users\user\AppData\Local\Temp\Screenpresso.log

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\Screenpresso.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:modified
                                                                                                                            Size (bytes):17652
                                                                                                                            Entropy (8bit):5.297404743449575
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:BQheL3gZXaKP9BwrZ/1OTYvslRaFtfyGTzWejvpe+AVziWVi2DDf8TD4WRgCzBhL:BQMUlBFBpfwgVcID9zo13
                                                                                                                            MD5:B6D21E3775476BD65CF26486A49712BF
                                                                                                                            SHA1:A20C15AC39C84CF338AA0C2E7E1674E6008B8683
                                                                                                                            SHA-256:64272E35AFDDEE9AE6195CCD5A9FB53933D24753F4751BCE0574FD5B0D727B1D
                                                                                                                            SHA-512:6C0328E7EDE4AFF66AE8027F5042BA20C4FBBCAC8E81A6012D0A879D5B9C9DBD4E7C3009E109387FDA6A0A39FEFA50A86583E10B3269722032C74703DC58565D
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview:2024-10-10T23:03:37.5661640-04:00|6772|INF|1|XLogger|Init|-1|=******************** Screenpresso v2.1.29.0 ********************..2024-10-10T23:03:37.5817831-04:00|6772|INF|1|XLogger|Init|0|AppVersion=2.1.29.0|GlobalLogLevel=Info|SessionId=1..2024-10-10T23:03:37.5974165-04:00|6772|INF|1|App2|ctor|0|..2024-10-10T23:03:37.6130418-04:00|6772|INF|1|XDpiAware|Activate|0|caller=App2.ctor..2024-10-10T23:03:37.6130418-04:00|6772|INF|1|XDpiAware|Activate|1|actualAwarness=SystemAware|changed=True..2024-10-10T23:03:37.8005209-04:00|6772|INF|1|App2|OnInitialize|0|exePath=C:\Users\user\Desktop\Screenpresso.exe|args=|dpiAwarness=SystemAware|OSName=Microsoft Windows 10 Pro|IsManagedByAppStore=False..2024-10-10T23:03:37.8317783-04:00|6772|INF|1|CustomSettings|Load|0|..2024-10-10T23:03:37.8317783-04:00|6772|INF|1|CustomSettings|Load|1|..2024-10-10T23:03:37.8474031-04:00|6772|INF|1|XLicenseHardDriveUtils|IsDriveLetterAnUsbKey|0|driveLetter=C:..2024-10-10T23:03:38.3005486-04:00|6772|INF|1|CustomSettings|

                                                                                                                            C:\Users\user\AppData\Roaming\Learnpulse\Screenpresso\settings.6772.xml

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\Screenpresso.exe
                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2091
                                                                                                                            Entropy (8bit):5.1513251087856045
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:Fcg48xzjohbwHjwPr8fU4CO4ged2F00B4gn:FBjos0j8fU4l4iF/
                                                                                                                            MD5:96E33DC23D4B9B56E2F2D88534A90795
                                                                                                                            SHA1:28314813EFAF2A24C23C23D28BA862FFA08D4DE4
                                                                                                                            SHA-256:AC991BE18E5FA047EEC792E82D6C1027A3E323C1503CAE9C98F1EF3D1E3BB56F
                                                                                                                            SHA-512:35AA73ACBF961EDE9A24CC7F4D24B9575D12D2B07396496E076DFC387EA6A8701FCA5962E596D6758AEED6A48B43E0CEED48C9DBA15AB594C5F0431920DA8FBC
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview:.<ScreenpressoSettings xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <Version>15</Version>.. <SeqNum>37</SeqNum>.. <CheckForUpdate>true</CheckForUpdate>.. <Fum>false</Fum>.. <ActivationKey />.. <LicenseKey />.. <AndroidBitRate xsi:nil="true" />.. <EffectsSettings />.. <ResizeSettings />.. <DefaultEffects />.. <DefaultResize />.. <CurrentWorkspaceSettings />.. <LastScreenshotRegion xsi:nil="true" />.. <LastVideoRegion xsi:nil="true" />.. <ExportEffects />.. <ExportResize />.. <SharingAccounts>.. <SharingAccount xsi:type="ScreenpressoCloudAnonymousAccount">.. <Guid>c3d382a68b0c45a1acf1bdb7ba5cacd3</Guid>.. <Identifier>ScreenpressoCloud</Identifier>.. <AutoRun>false</AutoRun>.. <SyncLicenseAgreed>false</SyncLicenseAgreed>.. <NOU>nDRton68+OgnHwbe5XM3IQ==</NOU>.. </SharingAccount>.. <SharingAccount xsi:type="EMailAccount">.. <Guid>1a274daf1b9c4a7d90e1bbd5a9c6e85d</Guid>.. <

                                                                                                                            C:\Users\user\AppData\Roaming\Learnpulse\Screenpresso\settings.xml

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\Screenpresso.exe
                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2091
                                                                                                                            Entropy (8bit):5.1513251087856045
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:Fcg48xzjohbwHjwPr8fU4CO4ged2F00B4gn:FBjos0j8fU4l4iF/
                                                                                                                            MD5:96E33DC23D4B9B56E2F2D88534A90795
                                                                                                                            SHA1:28314813EFAF2A24C23C23D28BA862FFA08D4DE4
                                                                                                                            SHA-256:AC991BE18E5FA047EEC792E82D6C1027A3E323C1503CAE9C98F1EF3D1E3BB56F
                                                                                                                            SHA-512:35AA73ACBF961EDE9A24CC7F4D24B9575D12D2B07396496E076DFC387EA6A8701FCA5962E596D6758AEED6A48B43E0CEED48C9DBA15AB594C5F0431920DA8FBC
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview:.<ScreenpressoSettings xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <Version>15</Version>.. <SeqNum>37</SeqNum>.. <CheckForUpdate>true</CheckForUpdate>.. <Fum>false</Fum>.. <ActivationKey />.. <LicenseKey />.. <AndroidBitRate xsi:nil="true" />.. <EffectsSettings />.. <ResizeSettings />.. <DefaultEffects />.. <DefaultResize />.. <CurrentWorkspaceSettings />.. <LastScreenshotRegion xsi:nil="true" />.. <LastVideoRegion xsi:nil="true" />.. <ExportEffects />.. <ExportResize />.. <SharingAccounts>.. <SharingAccount xsi:type="ScreenpressoCloudAnonymousAccount">.. <Guid>c3d382a68b0c45a1acf1bdb7ba5cacd3</Guid>.. <Identifier>ScreenpressoCloud</Identifier>.. <AutoRun>false</AutoRun>.. <SyncLicenseAgreed>false</SyncLicenseAgreed>.. <NOU>nDRton68+OgnHwbe5XM3IQ==</NOU>.. </SharingAccount>.. <SharingAccount xsi:type="EMailAccount">.. <Guid>1a274daf1b9c4a7d90e1bbd5a9c6e85d</Guid>.. <

                                                                                                                            Static File Info

                                                                                                                            General

                                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Entropy (8bit):7.174195744392207
                                                                                                                            TrID:
                                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                            • DOS Executable Generic (2002/1) 0.01%
                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                            File name:Screenpresso.exe
                                                                                                                            File size:20'370'440 bytes
                                                                                                                            MD5:ad33cd210ddb830eaf9913e281fe73f0
                                                                                                                            SHA1:b0caaee7cab32e1e52fc674e573060dd0ca014fb
                                                                                                                            SHA256:e742f7b9e12768c99ca087b072330f2e158cc0c45fbeb45964e1e3fec70085cd
                                                                                                                            SHA512:f1cb4b1b16f45b9a4fb3a01a3075f6409e0b844873e884fde24ca3a91958d0cd9d1a9c6bda9363479ec6ec8001b2799adec7c7c4de35e87e46b4f46d63258e4a
                                                                                                                            SSDEEP:196608:6LJVfvRvk5HBcC1iY5/QSUyEwMtR5gU1+oTvT8R2I0F9PSIM9Gtcx7tHD6UWFi0t:2lvREx/lE5xAsTmuQcc+k+f7MSJ
                                                                                                                            TLSH:BC275A4267F84926E1AE6F769B7C121402F7FCD76A769E0E4358F66D08F2B409903393
                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........."...0..X4...6.....zu4.. ....6...@.. ........................7.......7...`................................

                                                                                                                            File Icon

                                                                                                                            Icon Hash:0c3369dccc6c3444

                                                                                                                            Static PE Info

                                                                                                                            General

                                                                                                                            Entrypoint:0x174757a
                                                                                                                            Entrypoint Section:.text
                                                                                                                            Digitally signed:true
                                                                                                                            Imagebase:0x400000
                                                                                                                            Subsystem:windows gui
                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                            Time Stamp:0x66F6ABB4 [Fri Sep 27 12:57:24 2024 UTC]
                                                                                                                            TLS Callbacks:
                                                                                                                            CLR (.Net) Version:v4.0.30319
                                                                                                                            OS Version Major:4
                                                                                                                            OS Version Minor:0
                                                                                                                            File Version Major:4
                                                                                                                            File Version Minor:0
                                                                                                                            Subsystem Version Major:4
                                                                                                                            Subsystem Version Minor:0
                                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                            Authenticode Signature

                                                                                                                            Signature Valid:true
                                                                                                                            Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                            Signature Validation Error:The operation completed successfully
                                                                                                                            Error Number:0
                                                                                                                            Not Before, Not After
                                                                                                                            • 17/06/2024 02:00:00 19/06/2027 01:59:59
                                                                                                                            Subject Chain
                                                                                                                            • CN=Learnpulse SAS, O=Learnpulse SAS, L=Toulouse, C=FR
                                                                                                                            Version:3
                                                                                                                            Thumbprint MD5:0BD3128423D1BCA304CC0C73053F9938
                                                                                                                            Thumbprint SHA-1:9F8093644D1536B4DA863F18C7F541532CCF1560
                                                                                                                            Thumbprint SHA-256:C77D8FE71FD6053E04A59A7EB9AD8C281AEE6CF7B2EA7A79C9BC5B00C766DA02
                                                                                                                            Serial:01CF867D2B1147FCDA4C9B562A191602

                                                                                                                            Entrypoint Preview

                                                                                                                            Instruction
                                                                                                                            jmp dword ptr [00402000h]
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            out D2h, eax
                                                                                                                            cmp ch, byte ptr [esi+504D0100h]
                                                                                                                            add al, byte ptr [eax]
                                                                                                                            add byte ptr [eax], al
                                                                                                                            pushad
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [ebp+esi*2+57BC0134h], bh
                                                                                                                            xor al, 01h
                                                                                                                            push edx
                                                                                                                            push ebx
                                                                                                                            inc esp
                                                                                                                            push ebx
                                                                                                                            xor al, 4Dh
                                                                                                                            sbb byte ptr [edx+4277E2DBh], cl
                                                                                                                            mov esp, D9268D79h
                                                                                                                            adc eax, 0001A928h
                                                                                                                            add byte ptr [eax], al
                                                                                                                            inc ebx
                                                                                                                            cmp bl, byte ptr [edi+69h]
                                                                                                                            je 00007F4FA14B0B5Eh
                                                                                                                            jnc 00007F4FA14B0B65h
                                                                                                                            jc 00007F4FA14B0B67h
                                                                                                                            outsb
                                                                                                                            jo 00007F4FA14B0B74h
                                                                                                                            jnc 00007F4FA14B0B76h
                                                                                                                            outsd
                                                                                                                            pop esp
                                                                                                                            push ebx
                                                                                                                            arpl word ptr [edx+65h], si
                                                                                                                            outsb
                                                                                                                            jo 00007F4FA14B0B74h
                                                                                                                            jnc 00007F4FA14B0B76h
                                                                                                                            outsd
                                                                                                                            pop esp
                                                                                                                            jnc 00007F4FA14B0B74h
                                                                                                                            arpl word ptr [edi+ebp*2+62h], bx
                                                                                                                            push 0000005Ch
                                                                                                                            push edx
                                                                                                                            insb
                                                                                                                            popad
                                                                                                                            jnc 00007F4FA14B0B67h
                                                                                                                            pop esp
                                                                                                                            outsb
                                                                                                                            je 00007F4FA14B0B37h
                                                                                                                            cmp byte ptr [ebx+edx*2+63h], bl
                                                                                                                            jc 00007F4FA14B0B67h
                                                                                                                            outsb
                                                                                                                            jo 00007F4FA14B0B74h
                                                                                                                            jnc 00007F4FA14B0B76h
                                                                                                                            outsd
                                                                                                                            jo 00007F4FA14B0B67h
                                                                                                                            bound eax, dword ptr [eax]
                                                                                                                            jle 00007F4FA14B0AF4h
                                                                                                                            xchg ah, ah
                                                                                                                            cmp ah, al
                                                                                                                            sub ebx, dword ptr [eax-30h]
                                                                                                                            mov eax, dword ptr [9F8484ADh]
                                                                                                                            aaa
                                                                                                                            sti
                                                                                                                            out EBh, al
                                                                                                                            mov eax, dword ptr [FEF6AE4Fh]
                                                                                                                            fisubr dword ptr [esi]
                                                                                                                            not dword ptr [eax-10h]
                                                                                                                            mov al, byte ptr [2CEDDA5Bh]
                                                                                                                            outsd
                                                                                                                            and eax, 003EE0D3h

                                                                                                                            Data Directories

                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x13475200x57.text
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x13480000x24e64.rsrc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x136ac000x2808
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x136e0000xc.reloc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x13475a00x1c.text
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                            Sections

                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                            .text0x20000x134569c0x1345800a0f93779da0e56bcbb65281a1f177ee2unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                            .rsrc0x13480000x24e640x25000e9f8250cbaebe285d5fc62d719a5e688False0.11000184755067567data3.6802163904026766IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .reloc0x136e0000xc0x2002c6fe000cf95bcc5f568a0174055347cFalse0.044921875data0.12227588125913882IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                            Resources

                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                            RT_ICON0x13482800x1c63PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9214256226778588
                                                                                                                            RT_ICON0x1349ee40x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.034972790725186324
                                                                                                                            RT_ICON0x135a70c0x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.04721988648307757
                                                                                                                            RT_ICON0x1363bb40x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.0716225791213982
                                                                                                                            RT_ICON0x1367ddc0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.14139004149377593
                                                                                                                            RT_ICON0x136a3840x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.14892120075046905
                                                                                                                            RT_ICON0x136b42c0x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.20040983606557378
                                                                                                                            RT_ICON0x136bdb40x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.3067375886524823
                                                                                                                            RT_GROUP_ICON0x136c21c0x76data0.7457627118644068
                                                                                                                            RT_VERSION0x136c2940x3e2data0.4255533199195171
                                                                                                                            RT_MANIFEST0x136c6780x7ecXML 1.0 document, ASCII text, with CRLF line terminators0.4265285996055227

                                                                                                                            Imports

                                                                                                                            DLLImport
                                                                                                                            mscoree.dll_CorExeMain

                                                                                                                            Network Behavior

                                                                                                                            No network behavior found

                                                                                                                            Statistics

                                                                                                                            CPU Usage

                                                                                                                            Click to jump to process

                                                                                                                            Memory Usage

                                                                                                                            Click to jump to process

                                                                                                                            High Level Behavior Distribution

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            System Behavior

                                                                                                                            General

                                                                                                                            Target ID:0
                                                                                                                            Start time:23:03:34
                                                                                                                            Start date:10/10/2024
                                                                                                                            Path:C:\Users\user\Desktop\Screenpresso.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"C:\Users\user\Desktop\Screenpresso.exe"
                                                                                                                            Imagebase:0x18f79200000
                                                                                                                            File size:20'370'440 bytes
                                                                                                                            MD5 hash:AD33CD210DDB830EAF9913E281FE73F0
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:low
                                                                                                                            Has exited:false

                                                                                                                            Disassembly

                                                                                                                            Reset < >

                                                                                                                              Executed Functions

                                                                                                                              Function 00007FF849390270 Relevance: 6.3, Strings: 1, Instructions: 5011COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: SPV1
                                                                                                                              • API String ID: 0-696232712
                                                                                                                              • Opcode ID: 29945b7ab5f42411487768c4be96fd60f0173f1b8e2b42d518adb3105d481af5
                                                                                                                              • Instruction ID: 080124ae29bd3d757d27378374be43b5723c80625ab42174608c0e3188c67118
                                                                                                                              • Opcode Fuzzy Hash: 29945b7ab5f42411487768c4be96fd60f0173f1b8e2b42d518adb3105d481af5
                                                                                                                              • Instruction Fuzzy Hash: 1E73D33071DB888FE759EB3C84556397BE1EF4A388B5445BED089CB2A2CE35BC818745
                                                                                                                              Function 00007FF849454099 Relevance: 5.7, Strings: 1, Instructions: 4454COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: SPV1
                                                                                                                              • API String ID: 0-696232712
                                                                                                                              • Opcode ID: 6b54d464c990ca48653498d1645f61bd3a38d32a8858cfc7b217cfd08319d490
                                                                                                                              • Instruction ID: 18145f2a5ab8095667f589b6eec8fd37844917eb7e79a0c810ce6303728ff9aa
                                                                                                                              • Opcode Fuzzy Hash: 6b54d464c990ca48653498d1645f61bd3a38d32a8858cfc7b217cfd08319d490
                                                                                                                              • Instruction Fuzzy Hash: DF63A43061DB888FE759EB3C8455539BBE1EF5A384F5445BAD089CB2A2CF35B881CB05
                                                                                                                              Function 00007FF849192934 Relevance: 5.2, Instructions: 5226COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3433316659.00007FF849170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849170000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849170000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b486e304de4e89513558a5ebfd7f5570f11706bacdb240dffa419af25177f3bf
                                                                                                                              • Instruction ID: 3e55283e938a5a6de2e8f1db8e8531fee0a1814ddd0ebc2c6ed9ca29ddfe2d0a
                                                                                                                              • Opcode Fuzzy Hash: b486e304de4e89513558a5ebfd7f5570f11706bacdb240dffa419af25177f3bf
                                                                                                                              • Instruction Fuzzy Hash: FE83B63061DB848FE756EB3C84556797BE1EF4A384F5445AED089CB2A2CF39B881CB05
                                                                                                                              Function 00007FF849182AD5 Relevance: 5.1, Instructions: 5145COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3433316659.00007FF849170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849170000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849170000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2ce90ee19469c10fc527843c8b83f83a423c3daa4a4f6d800a234f512162d688
                                                                                                                              • Instruction ID: ef79108e819eee75209ed03876a820e6f1eb071966b0816efa6701b3c6158009
                                                                                                                              • Opcode Fuzzy Hash: 2ce90ee19469c10fc527843c8b83f83a423c3daa4a4f6d800a234f512162d688
                                                                                                                              • Instruction Fuzzy Hash: 9183E43061DB848FE756EB3C84552797BE1EF4A384F5545AED089CB2A2CF39B881DB01
                                                                                                                              Function 00007FF849386607 Relevance: 5.0, Instructions: 5003COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d8ca32aefb4f99fe1cc57f8a25849877dacf325b08ef134a0cd0b922146d5604
                                                                                                                              • Instruction ID: 1d27ceca448fcf6ac8c84bcc9eafa270815997085ae45eb885cf4a1518074137
                                                                                                                              • Opcode Fuzzy Hash: d8ca32aefb4f99fe1cc57f8a25849877dacf325b08ef134a0cd0b922146d5604
                                                                                                                              • Instruction Fuzzy Hash: 4D634830B1DA898FE759FB3C84155397BE2EF8A38475505FAD089CB2A2DE29EC418741
                                                                                                                              Function 00007FF84938FC18 Relevance: 4.9, Strings: 1, Instructions: 3619COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: SPV1
                                                                                                                              • API String ID: 0-696232712
                                                                                                                              • Opcode ID: 8b7879149e444eda185355511690a16404b8b7c19f896ff6be20899a00ba1530
                                                                                                                              • Instruction ID: 6ed14da35846f59b37b61fa13d981469c78f8d4b75ab0d6fd018c59bdcf3af7e
                                                                                                                              • Opcode Fuzzy Hash: 8b7879149e444eda185355511690a16404b8b7c19f896ff6be20899a00ba1530
                                                                                                                              • Instruction Fuzzy Hash: 5B43B33061DB888FE755EF3C8455639BBE1EF4A384F5545BAD089CB2A2CF35B8818B05
                                                                                                                              Function 00007FF84937FB52 Relevance: 4.8, Strings: 1, Instructions: 3578COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: SPV1
                                                                                                                              • API String ID: 0-696232712
                                                                                                                              • Opcode ID: fda1f1f08c9f43e985a8139b958abc2c67971c29b047728471e2250b2d77c2eb
                                                                                                                              • Instruction ID: 9a3d0dddecf827cd4680bcc00088e7e60cca84acfb0590a28faa5ef8edadc741
                                                                                                                              • Opcode Fuzzy Hash: fda1f1f08c9f43e985a8139b958abc2c67971c29b047728471e2250b2d77c2eb
                                                                                                                              • Instruction Fuzzy Hash: 4143A23061DB888FE755EF3C8455639BBE1EF4A384F5545BAD089CB2A2CF35B8818B05
                                                                                                                              Function 00007FF8491802B2 Relevance: 4.6, Strings: 1, Instructions: 3394COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3433316659.00007FF849170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849170000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849170000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: SPV1
                                                                                                                              • API String ID: 0-696232712
                                                                                                                              • Opcode ID: 74a3bf61d47d1a91f2d9a36d188bbd4a10cb6d3367d930a6857a4729fbd5996d
                                                                                                                              • Instruction ID: 8e493b3710e9930e91d2ba339e002f87987ad585021b4bcd774faab014dcf9df
                                                                                                                              • Opcode Fuzzy Hash: 74a3bf61d47d1a91f2d9a36d188bbd4a10cb6d3367d930a6857a4729fbd5996d
                                                                                                                              • Instruction Fuzzy Hash: 6833E43061DB888FE755EF3C8415639BBE1EF4A384F5545ADD089CB2A2CF39B8819B05
                                                                                                                              Function 00007FF84945BBEA Relevance: 3.5, Instructions: 3504COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e6b527f8b5ff38fbd85e896685a7e42fb8ad4ee546a2091f197ff12f933b8429
                                                                                                                              • Instruction ID: 173d6c393600d24cfe2b08f03960a6340d2ed069c57346ded46527786d15933c
                                                                                                                              • Opcode Fuzzy Hash: e6b527f8b5ff38fbd85e896685a7e42fb8ad4ee546a2091f197ff12f933b8429
                                                                                                                              • Instruction Fuzzy Hash: A7233930B1DA898FE759FB3C8455179BBD1EF9A784B5401BED08DCB2A2CE28AC41C745
                                                                                                                              Function 00007FF84938FBFB Relevance: 2.2, Strings: 1, Instructions: 983COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: SPV1
                                                                                                                              • API String ID: 0-696232712
                                                                                                                              • Opcode ID: bf277c9330d1b7b284796d6757c880e3ec253e7a70f5f3b4d8423850d52e4f66
                                                                                                                              • Instruction ID: 7a5fba99fd631291d605a8a05ec6d80412e477c09af41b30d8e8b22ad5e563e6
                                                                                                                              • Opcode Fuzzy Hash: bf277c9330d1b7b284796d6757c880e3ec253e7a70f5f3b4d8423850d52e4f66
                                                                                                                              • Instruction Fuzzy Hash: E572703050CB858FE76AEF2880547767BE1EF4B388F5956AED099CB2A1CB357881C741
                                                                                                                              Function 00007FF849458F2C Relevance: 1.6, Instructions: 1646COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e764c3fdc77abcc43de8c479c2f78d972242999967cdd7d545c23640845809a5
                                                                                                                              • Instruction ID: fdfdc3e1aa4811b1f2bd33749404cc34c1b36f96dc1f630fe648e4cc6e928c16
                                                                                                                              • Opcode Fuzzy Hash: e764c3fdc77abcc43de8c479c2f78d972242999967cdd7d545c23640845809a5
                                                                                                                              • Instruction Fuzzy Hash: 50C2A53061DB888FE756EB3CC455679BBE1EF4A384F5445AAD089CB2A2CF35B881D701
                                                                                                                              Function 00007FF849394AF5 Relevance: 1.6, Instructions: 1618COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a5341b4a429dbd306554d2a66d7610f525fda16f4005074a61da2bd595c60828
                                                                                                                              • Instruction ID: 36a96947a80b32e7e1547b1045aaf09fee88823f590eb7d7e4093c643447aa4f
                                                                                                                              • Opcode Fuzzy Hash: a5341b4a429dbd306554d2a66d7610f525fda16f4005074a61da2bd595c60828
                                                                                                                              • Instruction Fuzzy Hash: 18C2D53061DB888FE756EB3C84556797BE1EF4A384F5445AED489CB2A2CF35B881CB01
                                                                                                                              Function 00007FF849384971 Relevance: 1.6, Instructions: 1617COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 537c99b1456b4877cf448fb109ca47a14877e12a2b4478bae439b17ff8c8056f
                                                                                                                              • Instruction ID: 5686720bef4a9086582ccdbb1dc9d97e4db49bfb43b1f9bfaa613a9ea632ebab
                                                                                                                              • Opcode Fuzzy Hash: 537c99b1456b4877cf448fb109ca47a14877e12a2b4478bae439b17ff8c8056f
                                                                                                                              • Instruction Fuzzy Hash: 1AC2D53061DB888FE756EB3C84556757BE1EF4A384F5545EAD089CB2A2CF39B881CB01
                                                                                                                              Function 00007FF84938EFF8 Relevance: 1.5, Instructions: 1545COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: af38fc8a7aa8a95753849c7fb41396758246cad3b1b159d390284256343152b6
                                                                                                                              • Instruction ID: 6aa491f854f612e364f373860da26077c7fc3b6ed1246e913ba7b836b66779ca
                                                                                                                              • Opcode Fuzzy Hash: af38fc8a7aa8a95753849c7fb41396758246cad3b1b159d390284256343152b6
                                                                                                                              • Instruction Fuzzy Hash: 20A20B30B1DA898FE759FB3C84555397BE2EF9A38474445B9D08DCB2A2CE29FC418B41
                                                                                                                              Function 00007FF848DC7BE5 Relevance: .7, Instructions: 673COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8a4d5865aa6972aa01d9fa286d0d6b60c99774f60c32e5d7635ef1b0bc4ac332
                                                                                                                              • Instruction ID: 5e9bbf529005823463521b84a48795d80b94e0423204bee7a3bedd3cd077b726
                                                                                                                              • Opcode Fuzzy Hash: 8a4d5865aa6972aa01d9fa286d0d6b60c99774f60c32e5d7635ef1b0bc4ac332
                                                                                                                              • Instruction Fuzzy Hash: 2C22C030E0DA498FE758EB2C94457B9B7E2FF89380F50457AD00EC7296CF38A8858B55
                                                                                                                              Function 00007FF848DC09DC Relevance: 2.8, Strings: 2, Instructions: 321COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 3$l[H
                                                                                                                              • API String ID: 0-704608229
                                                                                                                              • Opcode ID: 28171740a1bcf62ac1c6f52f6e2070640fee03506240798e9765cac973512447
                                                                                                                              • Instruction ID: 9841b7e70fd39db5ff1137e27f053a6066e344b1d691f241c29743530bb2e3a6
                                                                                                                              • Opcode Fuzzy Hash: 28171740a1bcf62ac1c6f52f6e2070640fee03506240798e9765cac973512447
                                                                                                                              • Instruction Fuzzy Hash: 58A1D431A1DA8A8FEB98FE2884547B577E2FF58384F1441B9C40DC728ADE35EC468B44
                                                                                                                              Function 00007FF848DC2B82 Relevance: 1.9, Strings: 1, Instructions: 627COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: H
                                                                                                                              • API String ID: 0-2852464175
                                                                                                                              • Opcode ID: 8fe01aa88504d4efa71020569c1919335c7e67eb4545c63d1a442773d7dbedfa
                                                                                                                              • Instruction ID: 83ce77e3b3341c8a79dbd4a4507e15c5e292c3ef297ff54f51fbd2bef93391b7
                                                                                                                              • Opcode Fuzzy Hash: 8fe01aa88504d4efa71020569c1919335c7e67eb4545c63d1a442773d7dbedfa
                                                                                                                              • Instruction Fuzzy Hash: 7B022A22E0EAC74FE35AA73D58152743BD1EF967D0B1841FAC048CB1DBDE296C4A8356
                                                                                                                              Function 00007FF848DC13FF Relevance: 1.6, Strings: 1, Instructions: 322COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: D
                                                                                                                              • API String ID: 0-2746444292
                                                                                                                              • Opcode ID: a682a98317ee7534e68a29d00e80bfbddc63c44cabf102caace2b6509886d882
                                                                                                                              • Instruction ID: 9c015040a2e16f747e93166777e5958912251589c085759c433ec67c7c33c080
                                                                                                                              • Opcode Fuzzy Hash: a682a98317ee7534e68a29d00e80bfbddc63c44cabf102caace2b6509886d882
                                                                                                                              • Instruction Fuzzy Hash: B7A1F330A1EA8A5FEB98EB28945567977E1FF98380F5005BAD04DC31D7DF28EC058785
                                                                                                                              Function 00007FF848DC378C Relevance: 1.6, Strings: 1, Instructions: 309COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: H
                                                                                                                              • API String ID: 0-2852464175
                                                                                                                              • Opcode ID: 10c0268236de045530e51c59a09b53569bdd9e54eaae2ffed746a89527363793
                                                                                                                              • Instruction ID: 94cfe4f5e15c5343d28f2ff43a45de1f93e7a2635737a40974ba73581cfc1c6d
                                                                                                                              • Opcode Fuzzy Hash: 10c0268236de045530e51c59a09b53569bdd9e54eaae2ffed746a89527363793
                                                                                                                              • Instruction Fuzzy Hash: 03812C21E0EA8B4FF3AAA63D58552703BD1EF567D0F1440FAC049CB1DBDE29AC4A8355
                                                                                                                              Function 00007FF848DB63B0 Relevance: 1.5, Strings: 1, Instructions: 287COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: H
                                                                                                                              • API String ID: 0-2852464175
                                                                                                                              • Opcode ID: 0eec0619f95251b86bdec1b27fb986c1cdd3beb60dd845592d7562a761c20dab
                                                                                                                              • Instruction ID: 02ff59be218851e1b8d1730f6c3871d24de38404367b7ab3beefbbda535d7949
                                                                                                                              • Opcode Fuzzy Hash: 0eec0619f95251b86bdec1b27fb986c1cdd3beb60dd845592d7562a761c20dab
                                                                                                                              • Instruction Fuzzy Hash: 69910531E0EA8E8FE745EB6CA8552B87BE1FF65790F4401BAC009CB19BCF3868458755
                                                                                                                              Function 00007FF848DC08D3 Relevance: 1.5, Instructions: 1496COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8873f037751a930174294c87bead1e66d9e7fb7756c5350840d307345316d884
                                                                                                                              • Instruction ID: 3dbe337397af4a774d709a42817019c0032c9d0df3e5240760977e95ec234df8
                                                                                                                              • Opcode Fuzzy Hash: 8873f037751a930174294c87bead1e66d9e7fb7756c5350840d307345316d884
                                                                                                                              • Instruction Fuzzy Hash: 8192FA21A0EE8B4FE359A62C68552743BE1FF9A7D0F1441FEC009CB1DBDE29AC498355
                                                                                                                              Function 00007FF848DB6EBF Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: H
                                                                                                                              • API String ID: 0-2852464175
                                                                                                                              • Opcode ID: 34aaa627f3581b30ee4f07896280e82eb07786c8376521999acf4d366705e55d
                                                                                                                              • Instruction ID: ff0a246a87aec555e50208e6fbde6025f280d65c30d8ff0b62e24d470e3a4795
                                                                                                                              • Opcode Fuzzy Hash: 34aaa627f3581b30ee4f07896280e82eb07786c8376521999acf4d366705e55d
                                                                                                                              • Instruction Fuzzy Hash: 9871A370A1DB894FDB98EF28C445A69BBE1FFA8340F1045AED049C32A6DF34E845C746
                                                                                                                              Function 00007FF848DB7C9B Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: H
                                                                                                                              • API String ID: 0-2852464175
                                                                                                                              • Opcode ID: e66cdac21a0287d62614ecff11f2b233f3feee2b16d4d827af43bf6eaa6e09c0
                                                                                                                              • Instruction ID: d163a0928ac22e8d3b87d3d2a782a45c24a7ec673ee9e8642583cf5b6591b4cd
                                                                                                                              • Opcode Fuzzy Hash: e66cdac21a0287d62614ecff11f2b233f3feee2b16d4d827af43bf6eaa6e09c0
                                                                                                                              • Instruction Fuzzy Hash: D861F432E0E98B8FE795EA2C98557B97BD1EF697D0F1400BAC049C7296DF28AC058345
                                                                                                                              Function 00007FF848DB0705 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: _
                                                                                                                              • API String ID: 0-701932520
                                                                                                                              • Opcode ID: e150272b6d9ae0aff1d38ca9f0b8355984ae8d9b23129d0d405fc50324b93987
                                                                                                                              • Instruction ID: 5f3e127713114b9f043bd0e557e9da6a2121835d8ba52ca8e03f0c3d30575b6d
                                                                                                                              • Opcode Fuzzy Hash: e150272b6d9ae0aff1d38ca9f0b8355984ae8d9b23129d0d405fc50324b93987
                                                                                                                              • Instruction Fuzzy Hash: 6951BA6290F6C25FD306B77C68A51E97FA0EF631A4B0940FBC0C48B0A3EE18184BC795
                                                                                                                              Function 00007FF848DBD84D Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: LK_H
                                                                                                                              • API String ID: 0-3379417729
                                                                                                                              • Opcode ID: ec5649da19f50a86ed48a70355a71f1e66a2713b677b3d6000171de960d6ca41
                                                                                                                              • Instruction ID: 8f52a51f7dd3ee4f97a60420a61f27dd2f84555c6c0139b7960d942d4f6c5124
                                                                                                                              • Opcode Fuzzy Hash: ec5649da19f50a86ed48a70355a71f1e66a2713b677b3d6000171de960d6ca41
                                                                                                                              • Instruction Fuzzy Hash: 11412B2190EACA4FE756AB3858543753BA1EF662E0B1901FBC00DCB1E7DE295C488356
                                                                                                                              Function 00007FF848DC14B3 Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: D
                                                                                                                              • API String ID: 0-2746444292
                                                                                                                              • Opcode ID: 8d011675481d5d87ae894e393f97a661a5bc63c39c18efbabbc11ccd03da76fe
                                                                                                                              • Instruction ID: d7cf0159a3dd6c6b577c1d610b7e57fdcd4d198cd2dc49050add75d55508299e
                                                                                                                              • Opcode Fuzzy Hash: 8d011675481d5d87ae894e393f97a661a5bc63c39c18efbabbc11ccd03da76fe
                                                                                                                              • Instruction Fuzzy Hash: C1418231B2DD4A5FEE98EB1C945567973D1FF98790F5001BAE00EC3296DE28E8058785
                                                                                                                              Function 00007FF848DB44AC Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: zL_H
                                                                                                                              • API String ID: 0-425878393
                                                                                                                              • Opcode ID: 9bcadf200e26c66b3293df2b78c8efeae7d109574987e34c0f755bd21eb03cc2
                                                                                                                              • Instruction ID: 610e8cd9ba533fe67538b8ab6541f1bd9828164f56cb128b9f5e0f3bc3883082
                                                                                                                              • Opcode Fuzzy Hash: 9bcadf200e26c66b3293df2b78c8efeae7d109574987e34c0f755bd21eb03cc2
                                                                                                                              • Instruction Fuzzy Hash: 16315921A0EE8A1FD796E76C98547B23FE2EBE9260F0501BBD04DC7197CE189C4AC341
                                                                                                                              Function 00007FF848DB3538 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: zL_H
                                                                                                                              • API String ID: 0-425878393
                                                                                                                              • Opcode ID: aab428fc40e9d4d6229e55b917d603a7ba6c8854ea9912c045eb466bf71c7dd3
                                                                                                                              • Instruction ID: 325e7e827e3a62a6a92d2908ff385725f2bb9dff48b49eebb2d797eeaedb7f99
                                                                                                                              • Opcode Fuzzy Hash: aab428fc40e9d4d6229e55b917d603a7ba6c8854ea9912c045eb466bf71c7dd3
                                                                                                                              • Instruction Fuzzy Hash: 16213D21A0DD4A0FD795E63C94547F53BE2EFA5260B0542BBD04DC7196DE189C4B8385
                                                                                                                              Function 00007FF848DC3DF0 Relevance: 1.2, Instructions: 1174COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b58fd36a4d7a00ef52c90e6e6a9613d7f0e39b22947f232b3fc5010f8ea2ea9c
                                                                                                                              • Instruction ID: 2838a81f6330f705eb75d817b5ebef256d473760fd3d31cc8695d77d309ebf70
                                                                                                                              • Opcode Fuzzy Hash: b58fd36a4d7a00ef52c90e6e6a9613d7f0e39b22947f232b3fc5010f8ea2ea9c
                                                                                                                              • Instruction Fuzzy Hash: B4620821E0EA8A4FE359AA3C68592743BD2EF967D0B1441FAC00DCB1DFDE296C498355
                                                                                                                              Function 00007FF848DC55D5 Relevance: .8, Instructions: 828COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4a208fdf12578030140c9394fcfda27ab509fb0c7d76854be53f630b8c3a1bee
                                                                                                                              • Instruction ID: 47aeeb1589683cfdc0ee0aeff888301ece4ae40b7f7fd993849dd23ceef50941
                                                                                                                              • Opcode Fuzzy Hash: 4a208fdf12578030140c9394fcfda27ab509fb0c7d76854be53f630b8c3a1bee
                                                                                                                              • Instruction Fuzzy Hash: DD321C21A0EE8A4FE359A73C68152743BA1EF9A7D0F1541FEC00DCB1DBDE296C498356
                                                                                                                              Function 00007FF849182ABB Relevance: .8, Instructions: 811COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3433316659.00007FF849170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849170000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849170000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: deef9c1d344dc764e6767508864830050d85ca5d6bbe60af4d588f066aed9b83
                                                                                                                              • Instruction ID: 7e5dfc4700853679104aeff2c23e25946c2b690e97daa82747c89ed76f03737c
                                                                                                                              • Opcode Fuzzy Hash: deef9c1d344dc764e6767508864830050d85ca5d6bbe60af4d588f066aed9b83
                                                                                                                              • Instruction Fuzzy Hash: ED62413050CB858FE776EB2880587667BE0EF46384F5945AED09DCB1E1CF39A985DB01
                                                                                                                              Function 00007FF848DC2CDF Relevance: .8, Instructions: 803COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 55ae6c38fb2fda3135ce503159db3a74c927c1cf9f0d62f3949c6d2a696715d2
                                                                                                                              • Instruction ID: dd43e41a99ba7306eba0a432cce68bc9b05f9908af3ffefa245417abbecb8319
                                                                                                                              • Opcode Fuzzy Hash: 55ae6c38fb2fda3135ce503159db3a74c927c1cf9f0d62f3949c6d2a696715d2
                                                                                                                              • Instruction Fuzzy Hash: 12320922E0EACB4FE35A9B3D68152743BD1EF567D0B1841FAC048CB1DBDE296C4A8355
                                                                                                                              Function 00007FF848DBAE8C Relevance: .8, Instructions: 755COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 799d68ec854035fcb1cb0097c7f94985ccc317fc6ae1e321da32f02294d87829
                                                                                                                              • Instruction ID: 5d5e6a55cec7c14f629d80a81c4f8e3c35fd3bce5f3b8f8aa0229dfbe1f0cd74
                                                                                                                              • Opcode Fuzzy Hash: 799d68ec854035fcb1cb0097c7f94985ccc317fc6ae1e321da32f02294d87829
                                                                                                                              • Instruction Fuzzy Hash: BE32B231A1DE4A4FE7A8EA2C9449B7977E1FFA8780F40417AD04DC32A6DF24EC458746
                                                                                                                              Function 00007FF848DC3F2F Relevance: .7, Instructions: 689COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 87e77e6398828b4cfd2008604b38d6873e60dd1f81b537c26a9db26cdfadabb4
                                                                                                                              • Instruction ID: 01e6fea1de4f2ea1f3fd4531cf070386edb6bbe7a027849b9999eca8335869bc
                                                                                                                              • Opcode Fuzzy Hash: 87e77e6398828b4cfd2008604b38d6873e60dd1f81b537c26a9db26cdfadabb4
                                                                                                                              • Instruction Fuzzy Hash: 5E12F921E0EA8A4FE359AB3C68152743BD2EF967C0F1544BAC40DCB1DFDE296C498356
                                                                                                                              Function 00007FF848DC1FD3 Relevance: .5, Instructions: 527COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 42a5b2ce9dc428acc73ba82aeb025d3d8a0531fd3c00474689ffffbb401e0c7b
                                                                                                                              • Instruction ID: 8cbe1a3d78ea4c8d797de6a70cf0e1d03a043b32b2a200ba6e2fda486e00e63a
                                                                                                                              • Opcode Fuzzy Hash: 42a5b2ce9dc428acc73ba82aeb025d3d8a0531fd3c00474689ffffbb401e0c7b
                                                                                                                              • Instruction Fuzzy Hash: 21E12B22E0EA8B4FE369A73D58152747BD1EF967D0B1841FAC00CCB1DBDE296C4A8355
                                                                                                                              Function 00007FF84938F040 Relevance: .5, Instructions: 479COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1533f178421ef9c20d30c937d163d090ef0e41b89708b252f0c142b57dc287ba
                                                                                                                              • Instruction ID: 28185da49c70f39ca208721a3bf75ed8f5dd0f34daefa5bd3948d271924971f9
                                                                                                                              • Opcode Fuzzy Hash: 1533f178421ef9c20d30c937d163d090ef0e41b89708b252f0c142b57dc287ba
                                                                                                                              • Instruction Fuzzy Hash: B0D1A331F2CE965FE6B8AE1C149137936C6EB99B9CF68157EE04EC32C6DD1C5C024286
                                                                                                                              Function 00007FF84938F5C7 Relevance: .4, Instructions: 408COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 515841614dae5da0ce3826344097f1aa3ac41d28d54a6919a6510e37b46ea961
                                                                                                                              • Instruction ID: a09c54edcd5ec5445f51efa6d40d6afe8100fc351bf057ce72fef26ac73d2270
                                                                                                                              • Opcode Fuzzy Hash: 515841614dae5da0ce3826344097f1aa3ac41d28d54a6919a6510e37b46ea961
                                                                                                                              • Instruction Fuzzy Hash: C6B18E3160DA958FE315FB6CA8551FA7BD1EF563A4B0401BFD08DCB193CE29AC818395
                                                                                                                              Function 00007FF848DC71D5 Relevance: .4, Instructions: 398COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0c9b75bb97d0222cd1f3d6f8a565022ea48be28f3d4816a0180a5cc9b4aaf857
                                                                                                                              • Instruction ID: c26447c521b26823a56248738a6211781bd05af06136a2b9f8868fb6c0469d51
                                                                                                                              • Opcode Fuzzy Hash: 0c9b75bb97d0222cd1f3d6f8a565022ea48be28f3d4816a0180a5cc9b4aaf857
                                                                                                                              • Instruction Fuzzy Hash: 06C11631A0DA498FE748EB6C94547A97BE2FF5A380F5401BAD00DCB292CF38AC49C755
                                                                                                                              Function 00007FF84938F820 Relevance: .3, Instructions: 345COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2a98bb36602650ca434c01a74d2b0e8d384eb7469663dd8cf8534ed72cb1d771
                                                                                                                              • Instruction ID: 6172fa145b863db3979fa3d172742eacf14df6829ec8e2462d25dbc19bf227aa
                                                                                                                              • Opcode Fuzzy Hash: 2a98bb36602650ca434c01a74d2b0e8d384eb7469663dd8cf8534ed72cb1d771
                                                                                                                              • Instruction Fuzzy Hash: 33911630B1CA894FE7A8EA6C585527977D2EF9A764F5401BED04EC32D2DD28AC428385
                                                                                                                              Function 00007FF848DBD3B2 Relevance: .3, Instructions: 338COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8cd5a2bcb6dd8b93fda5b1c3f42f0c40ae9e938c190e6dd86b4ca6d7905b93f2
                                                                                                                              • Instruction ID: d01cc74350bb2615ffd3848f8bee67e30513e368a822caf586e9dc7aa155133c
                                                                                                                              • Opcode Fuzzy Hash: 8cd5a2bcb6dd8b93fda5b1c3f42f0c40ae9e938c190e6dd86b4ca6d7905b93f2
                                                                                                                              • Instruction Fuzzy Hash: 9191E722E0FD8B4FE399A63C68593B43BD1EF65690B1801FBC00EC719BDE196C4A8355
                                                                                                                              Function 00007FF848DC17E7 Relevance: .3, Instructions: 297COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a445a5a8a198de4958100ef6dc4de1b266b6fb927c88789f3a576bf50c6fe19b
                                                                                                                              • Instruction ID: 01d2dd6536946e60809f9fa8f53eef09a646fbe5232a367443a139a78a0eeb09
                                                                                                                              • Opcode Fuzzy Hash: a445a5a8a198de4958100ef6dc4de1b266b6fb927c88789f3a576bf50c6fe19b
                                                                                                                              • Instruction Fuzzy Hash: A091DF20E1EE9B5FEF98AB2854156787791FF597D0F4401B9D40DC32CBDE28AC09878A
                                                                                                                              Function 00007FF848DC3389 Relevance: .3, Instructions: 255COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d0e2bd52b43de4497b6c7dffef79b0ea5a600e0062e4c0eadae6a0089b1b096c
                                                                                                                              • Instruction ID: 35a21ba4db8e8dcd1ca5625832cbce6bde3307e6f2abf17c560fbeb61021c1c5
                                                                                                                              • Opcode Fuzzy Hash: d0e2bd52b43de4497b6c7dffef79b0ea5a600e0062e4c0eadae6a0089b1b096c
                                                                                                                              • Instruction Fuzzy Hash: BF611C21A1DACB4FF35EA63C68152B03BD1EF562D0B5441FBC048CB1D7DE19AC4A8356
                                                                                                                              Function 00007FF848DB36F2 Relevance: .2, Instructions: 239COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9bb26af067c36a0eb17b4b061590c1e3ea96ef0e34fb457d12f056b7b8aa941b
                                                                                                                              • Instruction ID: b76ac4b38369ab48576363753494940db5bd79e729d10106a5a9cb5c7e5dca99
                                                                                                                              • Opcode Fuzzy Hash: 9bb26af067c36a0eb17b4b061590c1e3ea96ef0e34fb457d12f056b7b8aa941b
                                                                                                                              • Instruction Fuzzy Hash: 1F61F531E0E9994FE35DEB2C94113B87BE1EFA9390F5402BAD049C72D7CE28AC099345
                                                                                                                              Function 00007FF848DB309D Relevance: .2, Instructions: 214COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3d62d2ec7e42a8800f43b3b0d4dc1618800e99e9f4d0f6276b1002c649852832
                                                                                                                              • Instruction ID: b7980c7f22f87fa61ee2e2a41e29df767b0e7d2b286104c2d78cd03375d23824
                                                                                                                              • Opcode Fuzzy Hash: 3d62d2ec7e42a8800f43b3b0d4dc1618800e99e9f4d0f6276b1002c649852832
                                                                                                                              • Instruction Fuzzy Hash: FB514C2690F5929BD301B7BDB86A2F93B91EF413B5F084177D08C8A097CF18654AD3B9
                                                                                                                              Function 00007FF848DC6CA9 Relevance: .2, Instructions: 208COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 42aa16854898b2e84edd1e516bd87333a8a5ac8016dc554d477b21318bb66a11
                                                                                                                              • Instruction ID: e478da7d5278ae780d7b3cc0ff0c32102c1311cfcef89bde66e92f1e6ee8ff90
                                                                                                                              • Opcode Fuzzy Hash: 42aa16854898b2e84edd1e516bd87333a8a5ac8016dc554d477b21318bb66a11
                                                                                                                              • Instruction Fuzzy Hash: 1361D531E0EA8D8FEB45EB38E8552A87BB1FF4A380F4445BAD009DB197CF3968458715
                                                                                                                              Function 00007FF848DB565D Relevance: .2, Instructions: 203COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 35e63d4a54008ced8638157e03cd912842eff15ee5471677378632e0ec0e2ca2
                                                                                                                              • Instruction ID: 756df6f8ac361a8f742012a04338ba1cd4eb977a2e2bedc437f3f9da61107774
                                                                                                                              • Opcode Fuzzy Hash: 35e63d4a54008ced8638157e03cd912842eff15ee5471677378632e0ec0e2ca2
                                                                                                                              • Instruction Fuzzy Hash: 58512921F0EA8A8FE395E73C54592747BF1EF696D0F5801FAC009CB1ABDE299C498341
                                                                                                                              Function 00007FF848DBB197 Relevance: .2, Instructions: 195COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ff24cdc3fe9fc7e2627b9d46099172e1ece9574c001bc43622f3240810537921
                                                                                                                              • Instruction ID: 376dd54c0c14a0b6f6d53c67c03b580d85b06a0eb8f29061d5cca5a07c337d1a
                                                                                                                              • Opcode Fuzzy Hash: ff24cdc3fe9fc7e2627b9d46099172e1ece9574c001bc43622f3240810537921
                                                                                                                              • Instruction Fuzzy Hash: 4851E471E1DE864FE7A8AA1C944977A73D1FFA4780F40417ED04EC32A6DF28E9458346
                                                                                                                              Function 00007FF848DBD593 Relevance: .2, Instructions: 195COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ecae031ef183099300c38d6b557ef1a150e12df98841f354b77bda9fe9cc9a8f
                                                                                                                              • Instruction ID: 150c0e267e41c96e5bde0f17de10c7dde76973b75af017dc70bd97d93e4d757d
                                                                                                                              • Opcode Fuzzy Hash: ecae031ef183099300c38d6b557ef1a150e12df98841f354b77bda9fe9cc9a8f
                                                                                                                              • Instruction Fuzzy Hash: 5951E962E0ED8A4FE355A63C68553B477D1EF652A4F0442FBC00EC719BDE19584A8385
                                                                                                                              Function 00007FF848DB6C77 Relevance: .2, Instructions: 191COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a9a952ff5a42ab6e3d258a653b763a7c75abaf17c74131a5b512666ce24d2d3a
                                                                                                                              • Instruction ID: c1545c61a56e4a234121a6edf1241d9ae943fb180b30269ceb70f463a51064d2
                                                                                                                              • Opcode Fuzzy Hash: a9a952ff5a42ab6e3d258a653b763a7c75abaf17c74131a5b512666ce24d2d3a
                                                                                                                              • Instruction Fuzzy Hash: 30511922D0F6CA4FE351B73C68692F57FA0EF52694F0841FBC088CB0E7DA08180A8765
                                                                                                                              Function 00007FF848DB2FF2 Relevance: .2, Instructions: 188COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0fc2a700bbd1c0aa7150a4e292ddba1787d5be00b38b843348c40c512f6ad38f
                                                                                                                              • Instruction ID: 93482e408293e391826d128205a53fcef7079eff2095041ac92fdfd5a57922d1
                                                                                                                              • Opcode Fuzzy Hash: 0fc2a700bbd1c0aa7150a4e292ddba1787d5be00b38b843348c40c512f6ad38f
                                                                                                                              • Instruction Fuzzy Hash: CC51E532A095598EE744FB6CE4516FE77A1EF863A1F40457BC008CB196CF359889CB94
                                                                                                                              Function 00007FF848DB2FF0 Relevance: .2, Instructions: 187COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c78e0d5cd6b394aadd852b4821220ab6d9fba7dceb5dcde26f1b614b2ce0e985
                                                                                                                              • Instruction ID: 3b536a5054ee2bb7c747afaccbc1703f1ed1cca44b2de3b413f4e2b08e59f393
                                                                                                                              • Opcode Fuzzy Hash: c78e0d5cd6b394aadd852b4821220ab6d9fba7dceb5dcde26f1b614b2ce0e985
                                                                                                                              • Instruction Fuzzy Hash: 0751F432A095198EE744FB6CE4516FE77A1EF863A1F40457AC008CB096CF35A889CB94
                                                                                                                              Function 00007FF848DCB9FA Relevance: .2, Instructions: 176COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 58de1492fd60c4810868e1c4d3365e12cdacc0b14ac55f7afa69eb2e0d0db5dc
                                                                                                                              • Instruction ID: da98e5a828b10083facbcd4a4d4492a38cd57f49963c6a7b8a10e016e760e8ec
                                                                                                                              • Opcode Fuzzy Hash: 58de1492fd60c4810868e1c4d3365e12cdacc0b14ac55f7afa69eb2e0d0db5dc
                                                                                                                              • Instruction Fuzzy Hash: D6511522A0E46A9ED741B7BDA8256FD7B91FF05390F0801B6D0CDCB193EF24648587E9
                                                                                                                              Function 00007FF84917F620 Relevance: .2, Instructions: 171COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3433316659.00007FF849170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849170000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849170000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a471a569776b52e050dc2688419bd8d2ea36ec97dbeb1a172b284caf8b5ced6f
                                                                                                                              • Instruction ID: fc2b128b796e951fad4de93710c1fa98cb74f2a427a316e089030ca797ae0b38
                                                                                                                              • Opcode Fuzzy Hash: a471a569776b52e050dc2688419bd8d2ea36ec97dbeb1a172b284caf8b5ced6f
                                                                                                                              • Instruction Fuzzy Hash: C1414B21F1DD861FE679EE2C185927836C2FF98754F1801BED04EC3286DE1D6C069686
                                                                                                                              Function 00007FF848DB3DA0 Relevance: .2, Instructions: 165COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b74cebd69b0e0019899a8ad9abb59a7cb978d76ddbf4bfd9b8041e01a64fdb53
                                                                                                                              • Instruction ID: 95649b63809f8612a5dc6323cfe9f9f60982b7aba4085b001708049eacfea01f
                                                                                                                              • Opcode Fuzzy Hash: b74cebd69b0e0019899a8ad9abb59a7cb978d76ddbf4bfd9b8041e01a64fdb53
                                                                                                                              • Instruction Fuzzy Hash: 8B412732E0E9994FE799EB2CA4552FC7BE1EF69390F0401BBC00DD7292DF2958498344
                                                                                                                              Function 00007FF848DB3100 Relevance: .2, Instructions: 164COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 94ea5957a6872d1e5c08bdce927c058f97aafc5e9f5ce2faf41f211593ce765c
                                                                                                                              • Instruction ID: 365cc1b1375efda8d655984390b4c05866917fbec2ad92d6e58b74c4771858f1
                                                                                                                              • Opcode Fuzzy Hash: 94ea5957a6872d1e5c08bdce927c058f97aafc5e9f5ce2faf41f211593ce765c
                                                                                                                              • Instruction Fuzzy Hash: 39414B2690F5A29BD701B77DA46A2F93BA1EF413B5F084176D0CC8A097CF186549C3B9
                                                                                                                              Function 00007FF84938909E Relevance: .2, Instructions: 163COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 73021e21c1735b8ff5d3d6aaa8149dc9c7b2ad0a8cdaef10d8bf3641bafe75ee
                                                                                                                              • Instruction ID: d275c8af0916b9fd77c5b0e34a8b10bb67c0d16829568307c0ef0f98fe77f8ba
                                                                                                                              • Opcode Fuzzy Hash: 73021e21c1735b8ff5d3d6aaa8149dc9c7b2ad0a8cdaef10d8bf3641bafe75ee
                                                                                                                              • Instruction Fuzzy Hash: 9641803030CA888FD749EF2CD455529BBE1FF9E38475545EAD089CB2A2CA35EC81CB45
                                                                                                                              Function 00007FF848DB3028 Relevance: .2, Instructions: 163COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 421edd3ea9f9874867b6b81d20fcb681003848d0133a7f5eddc7118e0aa89116
                                                                                                                              • Instruction ID: 88c3d0a6394b63dc45f0cc1ceadba527864c1a2322e01516b11c590f2a0a44c2
                                                                                                                              • Opcode Fuzzy Hash: 421edd3ea9f9874867b6b81d20fcb681003848d0133a7f5eddc7118e0aa89116
                                                                                                                              • Instruction Fuzzy Hash: F4410731A0D9598FE744FB6CE451AFE77A1EF863A1F40057AC009CB096CF356889CB94
                                                                                                                              Function 00007FF848DB3EE9 Relevance: .2, Instructions: 162COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cfd22f33504b7b59d0ef0435fa86eddfe2b0a0b4bbc84b42bd7779c571077afa
                                                                                                                              • Instruction ID: f83c2a66f4d17984a171d0f5753fe2f6a95f116cc78277159c169a6f33c56c4a
                                                                                                                              • Opcode Fuzzy Hash: cfd22f33504b7b59d0ef0435fa86eddfe2b0a0b4bbc84b42bd7779c571077afa
                                                                                                                              • Instruction Fuzzy Hash: EC419531F1984A9FE79CFA6C94597B867E3FFAC680F1401BAD00DC7296CE299C468714
                                                                                                                              Function 00007FF848DCA305 Relevance: .2, Instructions: 161COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3d1dcb81f9b8179d11e8a41f816a010244d1e192d78deb646fd94eca64d69900
                                                                                                                              • Instruction ID: 21fa2e517424122df461549ff59277427f41694e8d6bc275241f307a259993d4
                                                                                                                              • Opcode Fuzzy Hash: 3d1dcb81f9b8179d11e8a41f816a010244d1e192d78deb646fd94eca64d69900
                                                                                                                              • Instruction Fuzzy Hash: 4B410071E0EA468FE799EB68542437967D2FF453C4F0404BAC00DCB293CE29A8858345
                                                                                                                              Function 00007FF848DB3110 Relevance: .2, Instructions: 157COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7e4d8d3b6f588864ef73a6025d585f3af7c5f1b5005d55b53cd39d6fd4dbd20a
                                                                                                                              • Instruction ID: fc30dccfd344372ce277ca1ee414ca3664974e3d066ff1f10ef89880df83f876
                                                                                                                              • Opcode Fuzzy Hash: 7e4d8d3b6f588864ef73a6025d585f3af7c5f1b5005d55b53cd39d6fd4dbd20a
                                                                                                                              • Instruction Fuzzy Hash: CC410B2690F5A29BD70177BDA46A2F93BA1FF413B5F084176D0CC8A087CF186549D3B9
                                                                                                                              Function 00007FF848DB3060 Relevance: .2, Instructions: 154COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bc27824c214f83bcb45dcd5b3ced0d01f48df27987d66207557ae20385dd2d8d
                                                                                                                              • Instruction ID: c495d4c50550b7864cacecc59ab7e83d9e6914e344e0d064acc386eccdd913a2
                                                                                                                              • Opcode Fuzzy Hash: bc27824c214f83bcb45dcd5b3ced0d01f48df27987d66207557ae20385dd2d8d
                                                                                                                              • Instruction Fuzzy Hash: 9A41F231A0EA598FE745FB78A4546FE7BA1FF46394F4005BAD008CB196CF356888CB94
                                                                                                                              Function 00007FF848DB705D Relevance: .1, Instructions: 142COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 64bb5432231067e47cf766cdc5355ba03dcea50279dc192f5b9132a0b72e557c
                                                                                                                              • Instruction ID: 6ec2519e0dc0eb041caff7d05ed8d3302d214a5376813376ad637fa7a0e07309
                                                                                                                              • Opcode Fuzzy Hash: 64bb5432231067e47cf766cdc5355ba03dcea50279dc192f5b9132a0b72e557c
                                                                                                                              • Instruction Fuzzy Hash: 4441E130A1DB8A4FDB59EF288854AA97BF1FF69340F1045AEE049C7297DB34E805C742
                                                                                                                              Function 00007FF848DCA0FB Relevance: .1, Instructions: 140COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 188a29cc4a3a72def50e883fee8af2cd3bb765012e60d1f74a85ee6f8716fe3a
                                                                                                                              • Instruction ID: d8b11e53719f0e9cee9e8c3b8eb009b2a0b5f4c284cf7916fe310b2ba3177cab
                                                                                                                              • Opcode Fuzzy Hash: 188a29cc4a3a72def50e883fee8af2cd3bb765012e60d1f74a85ee6f8716fe3a
                                                                                                                              • Instruction Fuzzy Hash: 4C41277290E6969FE306BB7DA4651E43BA1FF02358F0800F7D088CF193DE2818888769
                                                                                                                              Function 00007FF848DCA343 Relevance: .1, Instructions: 140COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 570579ec1df46fe5c5cf64fe798d8c83e31c0b8d08290e9c1c5a44a1469e04c0
                                                                                                                              • Instruction ID: 0023b8f4bf36abe190aafd57c7f0e7e7f854dc8cda387d70f08f5edd08b57122
                                                                                                                              • Opcode Fuzzy Hash: 570579ec1df46fe5c5cf64fe798d8c83e31c0b8d08290e9c1c5a44a1469e04c0
                                                                                                                              • Instruction Fuzzy Hash: 56411330A1E9468FE759EB6C94243797B92FF853C0F5805BAD00DCB297CE29AC898315
                                                                                                                              Function 00007FF848DB3050 Relevance: .1, Instructions: 139COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 20c3ecef8115d1f714be6d2a0ab35197abc5429ac71df5aaffc63c1ca8f0b859
                                                                                                                              • Instruction ID: 61a5a0ecfa1cab95c6fdc4f7c09b681585ac203f98ea7646aa8be389527bc8bc
                                                                                                                              • Opcode Fuzzy Hash: 20c3ecef8115d1f714be6d2a0ab35197abc5429ac71df5aaffc63c1ca8f0b859
                                                                                                                              • Instruction Fuzzy Hash: E141E431A0D95D9FE784FB78A4106FE7BA1EF4A390F4005BAD009CB196CF356885CB94
                                                                                                                              Function 00007FF848DBACF2 Relevance: .1, Instructions: 131COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bb5ee1e83b5e629f5c7e35fe61118623777e5906fd4df8d8be0fcd15110a93a1
                                                                                                                              • Instruction ID: 625be9034ccdde3318c8317b72e1cf738966c26e507573240d9a3c53b5511100
                                                                                                                              • Opcode Fuzzy Hash: bb5ee1e83b5e629f5c7e35fe61118623777e5906fd4df8d8be0fcd15110a93a1
                                                                                                                              • Instruction Fuzzy Hash: 8B31D632D0F9D66FE252F62C6CA96E53B90FF62665F0802B7D088C70D3EB05684AC355
                                                                                                                              Function 00007FF8493897B3 Relevance: .1, Instructions: 130COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b0c4d088b7bd09165febc2b2ac531ff9ddc1f078d490fc63beecdbf8dbea28da
                                                                                                                              • Instruction ID: 1b737b1ce4c94d8565f5a8a9c40f10f44c55bffac32def9a5c7795e58377e4f2
                                                                                                                              • Opcode Fuzzy Hash: b0c4d088b7bd09165febc2b2ac531ff9ddc1f078d490fc63beecdbf8dbea28da
                                                                                                                              • Instruction Fuzzy Hash: A331E731F2CA874FE678EF1C686517876D2FB99B94F54147EE04EC22CADD1D6C02428A
                                                                                                                              Function 00007FF84938FAF3 Relevance: .1, Instructions: 127COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2f623c40bae665b9f694548f780f1f4bd65a2f7e9ed977d808ddb4307465fbf5
                                                                                                                              • Instruction ID: 8fa0f0390568698bdaf59f7ca4f04f13b847ef23345140e3663dcd46fae77abe
                                                                                                                              • Opcode Fuzzy Hash: 2f623c40bae665b9f694548f780f1f4bd65a2f7e9ed977d808ddb4307465fbf5
                                                                                                                              • Instruction Fuzzy Hash: 7F410631A0DAC59FD766EB3C8864A657FE1EF56380B1901FAD049CB2E3DA28EC41C355
                                                                                                                              Function 00007FF849453F73 Relevance: .1, Instructions: 126COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9f900a1fa8afaf5cc257d624d2a0660960d356001a2cbf06a9c71f4566bfe748
                                                                                                                              • Instruction ID: c741cf9bb6dd6d57bcc8a714409b2d3732b829ce4cd2198f5e4b677bd3d512ab
                                                                                                                              • Opcode Fuzzy Hash: 9f900a1fa8afaf5cc257d624d2a0660960d356001a2cbf06a9c71f4566bfe748
                                                                                                                              • Instruction Fuzzy Hash: 35411531A0DAC58FD766EB3CC854A35BBE1EF56394B5900F9E049CB2E3DA29E841C311
                                                                                                                              Function 00007FF848DB3068 Relevance: .1, Instructions: 126COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8cfa6ae58fcc63b9427f791838b867a9f128689e851dfe598857f999a84e1cfb
                                                                                                                              • Instruction ID: 6e02e6ca96ebe59ec73d84daeaa8deefe2ff2ef5ff9c6712355f9efec51b4f01
                                                                                                                              • Opcode Fuzzy Hash: 8cfa6ae58fcc63b9427f791838b867a9f128689e851dfe598857f999a84e1cfb
                                                                                                                              • Instruction Fuzzy Hash: 4941A231A0DA5D8FE745EB689414AFE7BA1EF4A394F4005BAD009CB196CF356884CB94
                                                                                                                              Function 00007FF848DB5416 Relevance: .1, Instructions: 124COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 328e709bcc06c1d0d1622262901ba6b1ddabae9b84c3dc88e4826cae6330b916
                                                                                                                              • Instruction ID: f993a08ff9a5b98028faf8da0069640ee1295d07f03798dfe8110cdd87f80e92
                                                                                                                              • Opcode Fuzzy Hash: 328e709bcc06c1d0d1622262901ba6b1ddabae9b84c3dc88e4826cae6330b916
                                                                                                                              • Instruction Fuzzy Hash: 5331A672E0D6588FEB4CEA4CA4526FCB7F1FB95265F04007ED04AD3542DA2668068B45
                                                                                                                              Function 00007FF84937F973 Relevance: .1, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: afa869f12a0f47c6e4380c8548272ff7bc79f5fa56f8674ca23a099b1f8dafb4
                                                                                                                              • Instruction ID: f18b070a4ba61cc90df92d4de9c4241f707dc6348743c244725b5996b62726f8
                                                                                                                              • Opcode Fuzzy Hash: afa869f12a0f47c6e4380c8548272ff7bc79f5fa56f8674ca23a099b1f8dafb4
                                                                                                                              • Instruction Fuzzy Hash: 2031F231A0CA859FD765EF3C9450A347BE2FF5A388B1541FAE049CB2A2DE28EC41C745
                                                                                                                              Function 00007FF848DC70B1 Relevance: .1, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a2aeb393e8ef41be77527fbf59deb9468b066851380b9c2946cf5995a6304fb2
                                                                                                                              • Instruction ID: 928662d20cf76c848ead8eee29b53032173e893c9356bdf45a6ad76d013978e7
                                                                                                                              • Opcode Fuzzy Hash: a2aeb393e8ef41be77527fbf59deb9468b066851380b9c2946cf5995a6304fb2
                                                                                                                              • Instruction Fuzzy Hash: 3F31073180E6894FD795EB688855BA1BBE0FF16340F4901FAE058CB1A3DB28AC89C741
                                                                                                                              Function 00007FF848DB3070 Relevance: .1, Instructions: 120COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9ba476cf18f02dd8fe3dfc21581081c3ca75c67ca46c8c0f61cc3886d3d1e499
                                                                                                                              • Instruction ID: 0791dbb655820fb68e2b789ee0abbe7d4330d7b9da15746b46ce4bb3619df764
                                                                                                                              • Opcode Fuzzy Hash: 9ba476cf18f02dd8fe3dfc21581081c3ca75c67ca46c8c0f61cc3886d3d1e499
                                                                                                                              • Instruction Fuzzy Hash: 9B31B131A0D64D8FE745EB689414AFE7BB1EF4A384F4005BAD009CB196CF356884CB54
                                                                                                                              Function 00007FF848DCAA6A Relevance: .1, Instructions: 119COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c96beda277c576213f961d0eeb3be57b0b93c5c0d90737720345f7d40f44ff02
                                                                                                                              • Instruction ID: 9871339b896c11e42029e4409a6cf8b8f8b868c63e5e4f6b2fd9ff404ae29ff3
                                                                                                                              • Opcode Fuzzy Hash: c96beda277c576213f961d0eeb3be57b0b93c5c0d90737720345f7d40f44ff02
                                                                                                                              • Instruction Fuzzy Hash: D5315A7190E68C9FD719EB28D8066E97FA0EF463A0F1402EFE04DC71A2DB356946C781
                                                                                                                              Function 00007FF848DCBBC0 Relevance: .1, Instructions: 119COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 87d92d41dcd0b35d41debef82969100589f109332a165cb6ccf3f57e94117004
                                                                                                                              • Instruction ID: 6ab958655ede90ab2661c4316ee48479d0199b15ca0e99864b9d2b1a6b887753
                                                                                                                              • Opcode Fuzzy Hash: 87d92d41dcd0b35d41debef82969100589f109332a165cb6ccf3f57e94117004
                                                                                                                              • Instruction Fuzzy Hash: B331C231E0DA4D8FE759EB289448AB97BF1EF55390F6001FED009C7292CF35A8898B45
                                                                                                                              Function 00007FF848DBE8A8 Relevance: .1, Instructions: 118COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 65fff21cfc49617691cf0719bcb9b7e06bfb52ac6e7ef0f68f41639e99aedbba
                                                                                                                              • Instruction ID: fd5a93b63d5822ed1a35c3deb0b6a895f4fa256b2b530b0bac9645912c0bc15d
                                                                                                                              • Opcode Fuzzy Hash: 65fff21cfc49617691cf0719bcb9b7e06bfb52ac6e7ef0f68f41639e99aedbba
                                                                                                                              • Instruction Fuzzy Hash: 90313921D0EACA4FE786E73C98152B43B91EF5A2E0B5901FBC009CF1E7DA185C498346
                                                                                                                              Function 00007FF848DB98D9 Relevance: .1, Instructions: 115COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cbb05d25db080a1cba94d323a6c87c0f464a6acb9e9217653187ebe27efd48b6
                                                                                                                              • Instruction ID: 043922656fafbc192b1ad0eb2b21a27d683c701e38fcd6eaa1513c31fe082da0
                                                                                                                              • Opcode Fuzzy Hash: cbb05d25db080a1cba94d323a6c87c0f464a6acb9e9217653187ebe27efd48b6
                                                                                                                              • Instruction Fuzzy Hash: E531A431A2CA465FD758EB18D445AB9B3E1FFA4350F40413EE04A8359BDF35F4158786
                                                                                                                              Function 00007FF848DC8498 Relevance: .1, Instructions: 113COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: eeceda7fc8d2ff2c2d90b88c32babee88ab73f5446bc3169331c42e5a7d83483
                                                                                                                              • Instruction ID: bf7fe8ddbd4a3df5558ce4c98e2c5af8e30a647c22d8bbb507a7bf132181f315
                                                                                                                              • Opcode Fuzzy Hash: eeceda7fc8d2ff2c2d90b88c32babee88ab73f5446bc3169331c42e5a7d83483
                                                                                                                              • Instruction Fuzzy Hash: 6341823190E6898FE746EB7888246A97FB1EF0B380F4505FBC049CB1A3CB795984C751
                                                                                                                              Function 00007FF848DCAE44 Relevance: .1, Instructions: 113COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6532de3a0900fb7aea51c9eb08edb573f36f03bdcbd03bedc2e6cec6f34afb38
                                                                                                                              • Instruction ID: f4e8572b866d72f98c11a6f8aca4b1bf88d3c015d87f348b96f709ef2f3c58dc
                                                                                                                              • Opcode Fuzzy Hash: 6532de3a0900fb7aea51c9eb08edb573f36f03bdcbd03bedc2e6cec6f34afb38
                                                                                                                              • Instruction Fuzzy Hash: 6B314D70F1D6454FE349E73C985527977D2EF866D0F04827AD449C72D6DF28AC428385
                                                                                                                              Function 00007FF848DC18D7 Relevance: .1, Instructions: 110COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f756a9c9c763dc2e93a01262723f33902d7abd75820d7a19c6f40f7d080e3204
                                                                                                                              • Instruction ID: bc651846fca4675cc496633b9fb1aa6ab51588c791442c217adc8a76ab83d41c
                                                                                                                              • Opcode Fuzzy Hash: f756a9c9c763dc2e93a01262723f33902d7abd75820d7a19c6f40f7d080e3204
                                                                                                                              • Instruction Fuzzy Hash: 9C317011F1EE6B5FEEA8A62910157397381EF586D4F4006B9D41DC71CADE28EC0942C5
                                                                                                                              Function 00007FF848DB3080 Relevance: .1, Instructions: 109COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c09fb1cb906aed920242326eb01477bdc69ae0c05ff9e7c07cb896ff629ebee7
                                                                                                                              • Instruction ID: d74e9357e0d70874fb9c4e55cc0812db1100b932b3b6c9c64d492bfc2b04c66b
                                                                                                                              • Opcode Fuzzy Hash: c09fb1cb906aed920242326eb01477bdc69ae0c05ff9e7c07cb896ff629ebee7
                                                                                                                              • Instruction Fuzzy Hash: 86318F3190E6498FEB85EB789415BBD7BB1FF0A384F4005BAD009CB192CF356984CB54
                                                                                                                              Function 00007FF848DC6E8D Relevance: .1, Instructions: 108COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4506e30c59efa13f0cede2d04441aff441b30d1639ee157fa4f3a8f80d0360c9
                                                                                                                              • Instruction ID: 9cec1fc878f1713ebc4d80a44b766fc21d5b5269b8edbe7610cdc04b38f484c6
                                                                                                                              • Opcode Fuzzy Hash: 4506e30c59efa13f0cede2d04441aff441b30d1639ee157fa4f3a8f80d0360c9
                                                                                                                              • Instruction Fuzzy Hash: D031CD30A0EA4E4FDB51FB7898186AC3BE0FF59380F0005BBE40DC7192DF28A8088711
                                                                                                                              Function 00007FF848DC7B16 Relevance: .1, Instructions: 103COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d0f1f789b1ad6ea17472bf3d53f5fd40c7e26ab439f49b3b20b0afd79975e63a
                                                                                                                              • Instruction ID: 3b54f8e02d42f7180f543a6e0e58ac265fa3d6417241de421a448b71d7c052ce
                                                                                                                              • Opcode Fuzzy Hash: d0f1f789b1ad6ea17472bf3d53f5fd40c7e26ab439f49b3b20b0afd79975e63a
                                                                                                                              • Instruction Fuzzy Hash: EA21FD21A0EAC60FE396967C58153B13FD2EF5B7A0F0801ABD048CB1D7CE595C4A8316
                                                                                                                              Function 00007FF848DD6D60 Relevance: .1, Instructions: 103COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 04345a515c839378a4ee91e5d9f82b6a4500f819668cc57a02d5ef4048b793bb
                                                                                                                              • Instruction ID: 88233605a7932f9124aeb2b64c8d474b806550ea01c2b371a4520472245a117c
                                                                                                                              • Opcode Fuzzy Hash: 04345a515c839378a4ee91e5d9f82b6a4500f819668cc57a02d5ef4048b793bb
                                                                                                                              • Instruction Fuzzy Hash: 4F310C30E5990DAFEF84FBA8D8456EDBBB1EF44380F5044B5E80DD3296DE38A9458B41
                                                                                                                              Function 00007FF848DC92A0 Relevance: .1, Instructions: 102COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2719aecef1e833f1a60ae2eb18bc8ea956662fd29ff3e62c9c9f44c42aadf5d6
                                                                                                                              • Instruction ID: 9028724f9aa033c7fe63afa2777a202511f37aa1daf41f3c65ba0e311f8a5fc7
                                                                                                                              • Opcode Fuzzy Hash: 2719aecef1e833f1a60ae2eb18bc8ea956662fd29ff3e62c9c9f44c42aadf5d6
                                                                                                                              • Instruction Fuzzy Hash: E131F13190CA4C9FDB48EB5884457F9BBF1FB65320F10412ED049D3592CB74A806CB91
                                                                                                                              Function 00007FF848DBFCED Relevance: .1, Instructions: 102COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d6537778506910803eef437580fed20eaa8d69629e448f0f6c668ed277807cb0
                                                                                                                              • Instruction ID: 3ca021975feda1189ac7e027caddb32805c0207b7184e17e4d14a8f67e7772f3
                                                                                                                              • Opcode Fuzzy Hash: d6537778506910803eef437580fed20eaa8d69629e448f0f6c668ed277807cb0
                                                                                                                              • Instruction Fuzzy Hash: 38210A72E1ED8A4FF3A9AA2C94443B063D0FF646D4F4442FAC40EC718AEE18D8098744
                                                                                                                              Function 00007FF848DB3D98 Relevance: .1, Instructions: 100COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2421f942a14523720ba250d1d61bcd394bd033d7cb1f3008d1deb9c8d3237696
                                                                                                                              • Instruction ID: a8d79849b4df98734b60c3ce451276ada8c47f5ad6d08031333977a61e074b80
                                                                                                                              • Opcode Fuzzy Hash: 2421f942a14523720ba250d1d61bcd394bd033d7cb1f3008d1deb9c8d3237696
                                                                                                                              • Instruction Fuzzy Hash: 9C21C436D0E9994FE756A72C64152F93BE1EF65361F0800B7D00CD7193DF1918099399
                                                                                                                              Function 00007FF848DC9FB8 Relevance: .1, Instructions: 97COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 621e9cd89df93e8a7461b06d914af8d273ed59113afee79e439d04d06f87c71b
                                                                                                                              • Instruction ID: d72a0d8cad6849d4ba5985b1de3c824357d87f4a7dead638bd8d17eeda26f695
                                                                                                                              • Opcode Fuzzy Hash: 621e9cd89df93e8a7461b06d914af8d273ed59113afee79e439d04d06f87c71b
                                                                                                                              • Instruction Fuzzy Hash: 72210721D0E9498FE3A5FB2C94197747BE0EF19740F4951F6D00CCB2A6DB149C89C745
                                                                                                                              Function 00007FF848DC7736 Relevance: .1, Instructions: 96COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fcf254afe81ecf98f854e8e559c23abe7e5f5395c3429038758098fcc395b858
                                                                                                                              • Instruction ID: da3e586c4fc9470f8367624ae329d43002846ba43556f65e134615aee0cda3ea
                                                                                                                              • Opcode Fuzzy Hash: fcf254afe81ecf98f854e8e559c23abe7e5f5395c3429038758098fcc395b858
                                                                                                                              • Instruction Fuzzy Hash: 0921082190EA894FEB96E77C98157E97FE1EF96360F0801F6D04DC7193DA189C498392
                                                                                                                              Function 00007FF848DBE667 Relevance: .1, Instructions: 94COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f4f3f26024ccc5ec7b5853e5d1c54c050a2a49270ce3477c9363495e5c1cdbec
                                                                                                                              • Instruction ID: 72924afe7c0d3e37ff5ad8666f2fb2801a4486ebd3c5dc54f49825c1bcc33440
                                                                                                                              • Opcode Fuzzy Hash: f4f3f26024ccc5ec7b5853e5d1c54c050a2a49270ce3477c9363495e5c1cdbec
                                                                                                                              • Instruction Fuzzy Hash: 8D210722E0FACA5FE35AA33858292713FA1EF671D0B5941EAC048CF1E7DA1D6C098355
                                                                                                                              Function 00007FF849389455 Relevance: .1, Instructions: 91COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9807668d9ac46b23096009c5899a9a98c53246da9e6b3a3adef3fdb61b3cf4bf
                                                                                                                              • Instruction ID: 015abf03bdc8c41e2190d9c845c237d278f40b970c7291937d0c167ea3371ec0
                                                                                                                              • Opcode Fuzzy Hash: 9807668d9ac46b23096009c5899a9a98c53246da9e6b3a3adef3fdb61b3cf4bf
                                                                                                                              • Instruction Fuzzy Hash: EC210531A0DAC91FE7A9B66C580A2B93AD1EB97664F1900BED48EC3193DC095C468345
                                                                                                                              Function 00007FF8493896C1 Relevance: .1, Instructions: 88COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 14e524e3f5b9ada2fcc73d99016a28e0fcbc94b5952307a7963b04edc16d978f
                                                                                                                              • Instruction ID: c02a377b47285f9ff14ac4e82f0613a06e5526e4ae8134442c750e8286cc5666
                                                                                                                              • Opcode Fuzzy Hash: 14e524e3f5b9ada2fcc73d99016a28e0fcbc94b5952307a7963b04edc16d978f
                                                                                                                              • Instruction Fuzzy Hash: F4219531F2CA860FE6B8BE1C245217977D2FB89798F55157EE14E82287DD1D6802418A
                                                                                                                              Function 00007FF848DC1EC0 Relevance: .1, Instructions: 85COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 66c17f8f3d23444b5edc870dcf9908d33bc72827ab1b6555e94abfb79d367d48
                                                                                                                              • Instruction ID: e4bfba86cbbbd1e91fb5f78f385b439242a4fac802fa389e744ecd0cbc450b91
                                                                                                                              • Opcode Fuzzy Hash: 66c17f8f3d23444b5edc870dcf9908d33bc72827ab1b6555e94abfb79d367d48
                                                                                                                              • Instruction Fuzzy Hash: 74219A20F0E9CA2FE386B37848553B95682EF992D0F5801B6E40CC32DFEE5C2846435A
                                                                                                                              Function 00007FF848DB531D Relevance: .1, Instructions: 80COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: eea15a53f7cfd86ca5ca3e7ea7e3fe9b7a746e995e31d1b6a708a2b3304dc8e5
                                                                                                                              • Instruction ID: d0d0189dfe84603fa233d331e1b4a25d17654e6cabe1cf85a1e75ec0dcf51e8f
                                                                                                                              • Opcode Fuzzy Hash: eea15a53f7cfd86ca5ca3e7ea7e3fe9b7a746e995e31d1b6a708a2b3304dc8e5
                                                                                                                              • Instruction Fuzzy Hash: E911F032E1D90A8EE75CAA2C58163FC73E2FF94760F14417AD00EC3397DE6968068645
                                                                                                                              Function 00007FF848DB9D48 Relevance: .1, Instructions: 78COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8de2f29b4730ad67464a7137c70f40672a53f82cd928f211f7d174e2d7f1d32a
                                                                                                                              • Instruction ID: 94ce9b99af18867231e61880a73c1334be64399a494c422ad2991cecfeb3dbfe
                                                                                                                              • Opcode Fuzzy Hash: 8de2f29b4730ad67464a7137c70f40672a53f82cd928f211f7d174e2d7f1d32a
                                                                                                                              • Instruction Fuzzy Hash: C2119020F1EC8A2FE295B36D48553BE41C6EF982D0F540276E40DC32DFEE5C6846034A
                                                                                                                              Function 00007FF848DB4755 Relevance: .1, Instructions: 76COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fd8d325b7a31e9bf084b98197f199f17a8802592ad0652618e742ec647843356
                                                                                                                              • Instruction ID: 190ea2d8690dc0a68852c9ddaa68fea2a30b370d96f3f70039a64b6b5825ac85
                                                                                                                              • Opcode Fuzzy Hash: fd8d325b7a31e9bf084b98197f199f17a8802592ad0652618e742ec647843356
                                                                                                                              • Instruction Fuzzy Hash: EE212E2154E6C21FD342D7748C64AE1BFE5DF9B21070941FBD089C74A3D91C9C0AC7A1
                                                                                                                              Function 00007FF848DC7B50 Relevance: .1, Instructions: 75COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7273587613999f64f03c41d0203eb9792823f5fe642dbfe5f4dbe8c7782669ee
                                                                                                                              • Instruction ID: 8d084aa26a4108f14a2bb68a85432fb37aacacca7f88c1bf596577237e0c9be7
                                                                                                                              • Opcode Fuzzy Hash: 7273587613999f64f03c41d0203eb9792823f5fe642dbfe5f4dbe8c7782669ee
                                                                                                                              • Instruction Fuzzy Hash: C3112C22B0D94A4FE358A52C68093B53BC2FB9A3A0F54057AD00DC72D5CF245C454346
                                                                                                                              Function 00007FF848DB34F2 Relevance: .1, Instructions: 75COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7feaf01280a83a3b01c3a8e3f0752b7f67078599485374fd47a79d2bf16ed25a
                                                                                                                              • Instruction ID: c64d856177e07adf2829307e294712a956a747aeb27c1699c889ee569221f514
                                                                                                                              • Opcode Fuzzy Hash: 7feaf01280a83a3b01c3a8e3f0752b7f67078599485374fd47a79d2bf16ed25a
                                                                                                                              • Instruction Fuzzy Hash: CD11CB22A0ED425FD714F67C98A92F1B7D1EF65250F08457AC04DC31C3DE08A80AC384
                                                                                                                              Function 00007FF848DB496A Relevance: .1, Instructions: 73COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e50717ef8efc40773f3a712ba4db93158cb0e8bd82db7d6b7a70978a25d5cd82
                                                                                                                              • Instruction ID: 90cddced7d02f958d74a51b56fed2242565bb2b14abdcf8a49e89345e1ea2250
                                                                                                                              • Opcode Fuzzy Hash: e50717ef8efc40773f3a712ba4db93158cb0e8bd82db7d6b7a70978a25d5cd82
                                                                                                                              • Instruction Fuzzy Hash: 7C21D270E1DB988FD748AF1C94461687BE1EF69610B1401AFE489D7363CB34EC418B89
                                                                                                                              Function 00007FF848DB94CE Relevance: .1, Instructions: 73COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0d6be3fceea60b8c3fcf91a5b6fde7ebd9e17325758c5c9d4e8cff55792edc44
                                                                                                                              • Instruction ID: 37bf0ad46f72d6d8a034e265b226c076c09317ed133e007588cb8fac5a24e0a6
                                                                                                                              • Opcode Fuzzy Hash: 0d6be3fceea60b8c3fcf91a5b6fde7ebd9e17325758c5c9d4e8cff55792edc44
                                                                                                                              • Instruction Fuzzy Hash: 6F113D31B1D8495FEB98EA6CD49877433D1EF68361F1001BAD40EC72EAEE25EC858744
                                                                                                                              Function 00007FF848DCA25C Relevance: .1, Instructions: 71COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e13885908206b08ebd816989e27aad37f7cf4f422362e409778f1dca71953a97
                                                                                                                              • Instruction ID: b60e13a1711e71451c13e23688cac0d904090097b6613a52699857046fb18185
                                                                                                                              • Opcode Fuzzy Hash: e13885908206b08ebd816989e27aad37f7cf4f422362e409778f1dca71953a97
                                                                                                                              • Instruction Fuzzy Hash: 901136A2C2EE864FE399E7344455AB5B7E2FF543C4B4444BEC04BC72DBDE2968488346
                                                                                                                              Function 00007FF848DC6EC6 Relevance: .1, Instructions: 71COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ead2c8c32054ac9e76ad083ac2882d077e8f18f5ccf7410bac97a2ebcc38ad57
                                                                                                                              • Instruction ID: 4ba2655f002943f7464bc92e68fb5326d55d56959c7384f48bc8fe5a9fb2083a
                                                                                                                              • Opcode Fuzzy Hash: ead2c8c32054ac9e76ad083ac2882d077e8f18f5ccf7410bac97a2ebcc38ad57
                                                                                                                              • Instruction Fuzzy Hash: 3011E73194E68A5FDB51A7789C286E97FE0FF56290F0401FBE44DC7092CA1C98098751
                                                                                                                              Function 00007FF848DB5A25 Relevance: .1, Instructions: 69COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3eae712cd643daabb97b404940b60677704dd6c880c1fea6d1093bc2e3f7c406
                                                                                                                              • Instruction ID: 471908086d3416004bc451f32636a6ef86cc833107b8b7e85f956f53f897327b
                                                                                                                              • Opcode Fuzzy Hash: 3eae712cd643daabb97b404940b60677704dd6c880c1fea6d1093bc2e3f7c406
                                                                                                                              • Instruction Fuzzy Hash: 4D110821A1DBD81FD755A62C68511B63FE1EB9F664B0802EFE4CAC7193D90468068395
                                                                                                                              Function 00007FF848DBD30F Relevance: .1, Instructions: 66COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 822e9fa2440851484468dbc6eb8c14619e5285577c2423e74cbef5d721f6a04e
                                                                                                                              • Instruction ID: 547bd5b171ed44a88de9879716764dded92d72b8645ada52eb74cad4754f7d4a
                                                                                                                              • Opcode Fuzzy Hash: 822e9fa2440851484468dbc6eb8c14619e5285577c2423e74cbef5d721f6a04e
                                                                                                                              • Instruction Fuzzy Hash: AA11A021F1D8465FE69CB62C54552BD3393EFA8790B5402BAE01EC32CBDE2CA9064289
                                                                                                                              Function 00007FF848DBC5EB Relevance: .1, Instructions: 66COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1de90527f4d865c0583de76d4991e0042098119d55a9e069bbe7ccbe9db0927b
                                                                                                                              • Instruction ID: 46927c394ad7b6846a888c377e68ed0396d2dac7ec3753e5c89d7bf2a4eb0336
                                                                                                                              • Opcode Fuzzy Hash: 1de90527f4d865c0583de76d4991e0042098119d55a9e069bbe7ccbe9db0927b
                                                                                                                              • Instruction Fuzzy Hash: 8401D652F0F9965FF298A52C285D6B427C0FBB96E1F1421FBC048C71BADE192C0E4349
                                                                                                                              Function 00007FF848DB8E8D Relevance: .1, Instructions: 66COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 311bce9d663d45caa17189c53aa753205198e32a6daa09ae7fcbc00f42eba62c
                                                                                                                              • Instruction ID: febef59c4fed5d5c4ac2dd652b8c65712d111db53d4c671f3d9da9afe1193fce
                                                                                                                              • Opcode Fuzzy Hash: 311bce9d663d45caa17189c53aa753205198e32a6daa09ae7fcbc00f42eba62c
                                                                                                                              • Instruction Fuzzy Hash: DD11863060EA894FD785EB2C946477877E1FF69241B0541FAD40CCB1A3DF199C458741
                                                                                                                              Function 00007FF848DBEB0D Relevance: .1, Instructions: 65COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d3df054f149df77f35e2508aecfa157eaf607c4c4437bac0189b005e8e90787e
                                                                                                                              • Instruction ID: d247f7ca4508ce5ea552ae7f68a04427fdbb683b4b285d01d1a8e154b130ab23
                                                                                                                              • Opcode Fuzzy Hash: d3df054f149df77f35e2508aecfa157eaf607c4c4437bac0189b005e8e90787e
                                                                                                                              • Instruction Fuzzy Hash: 11012831F0E8091FDB94E71CA4587B873E1FFB9210B0401BAD40DCB266CF189C468789
                                                                                                                              Function 00007FF848DC041C Relevance: .1, Instructions: 64COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a1272ac199b3e07497dc27e02a528968144aa433711f3eddb5762e09fee904b3
                                                                                                                              • Instruction ID: 0776eda96cd2962c94414ab52fd59980d3338cf8c80de54c30c6ccf5f95fa248
                                                                                                                              • Opcode Fuzzy Hash: a1272ac199b3e07497dc27e02a528968144aa433711f3eddb5762e09fee904b3
                                                                                                                              • Instruction Fuzzy Hash: C611E13180EACC9FE746EB3898541A97FB0EF07290B5501D7D444CF1A3DA319A85C741
                                                                                                                              Function 00007FF848DB9C05 Relevance: .1, Instructions: 62COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 790b1d37dd56f10fc254497cf059dd5eda15f13dd75c9a18c861a92cbce8501b
                                                                                                                              • Instruction ID: b291e65a58893f056e3072b53615de76353b68e308f1d85ef261a3c332645c42
                                                                                                                              • Opcode Fuzzy Hash: 790b1d37dd56f10fc254497cf059dd5eda15f13dd75c9a18c861a92cbce8501b
                                                                                                                              • Instruction Fuzzy Hash: E501B121B1ED5A5FDAD8E61CA454BB823D1EFB9250B0501BBD40EC7295DE189C868389
                                                                                                                              Function 00007FF848DC78C5 Relevance: .1, Instructions: 62COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a372b9bd83008d39057ce0daaf7deb817c2748729eda4054f50a0d7b3c9f5eb5
                                                                                                                              • Instruction ID: e8d82ed8e4531a678d748761df2431c315d63caada2c979a37f0ebbd07aca06a
                                                                                                                              • Opcode Fuzzy Hash: a372b9bd83008d39057ce0daaf7deb817c2748729eda4054f50a0d7b3c9f5eb5
                                                                                                                              • Instruction Fuzzy Hash: FA11863150DA898FD756EB28D4246A57BB0EF47394B0901EAD04ECB1B2DF259C08C791
                                                                                                                              Function 00007FF848DB4D10 Relevance: .1, Instructions: 59COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a2e9a0f31b885b3374efa85901f530657a4b2262a9609bc35ce0a2a42bed20df
                                                                                                                              • Instruction ID: 1aaaa6e361baa8dee34a6a4af64369f69c02e76fb739d1cfa33a58949beba5c5
                                                                                                                              • Opcode Fuzzy Hash: a2e9a0f31b885b3374efa85901f530657a4b2262a9609bc35ce0a2a42bed20df
                                                                                                                              • Instruction Fuzzy Hash: 35012621B1CA482F8568F51D78422363BD6E79E670B04027EF4CFC3282DD04B80243D4
                                                                                                                              Function 00007FF848DB8EC0 Relevance: .1, Instructions: 56COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7604be314b4e814b7c1ceccb0915f495d0ece99ca41de0c59a4ba8d540c80174
                                                                                                                              • Instruction ID: 9d8ba9b29ef81da5c539239cdd2ad39c275c5f67db80f73e87ecd4841c6aaefb
                                                                                                                              • Opcode Fuzzy Hash: 7604be314b4e814b7c1ceccb0915f495d0ece99ca41de0c59a4ba8d540c80174
                                                                                                                              • Instruction Fuzzy Hash: 81018631709C1D4FEAD8FA1CA854B7933D1FBAC351B45017AD40CC7295DF199C428781
                                                                                                                              Function 00007FF84945DA98 Relevance: .1, Instructions: 51COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3ce3c9bdae205a990fd48af4a25f2acb91e9038ae028df089e67e308168a2f9f
                                                                                                                              • Instruction ID: e902ba533da326ed78d3908fa27054d35d67c4123948d4814839547e6912dfd5
                                                                                                                              • Opcode Fuzzy Hash: 3ce3c9bdae205a990fd48af4a25f2acb91e9038ae028df089e67e308168a2f9f
                                                                                                                              • Instruction Fuzzy Hash: C7F05922E0DDA91EE278709CA8092B377C8DB556B1F04027FF94DC3183EC46AC02C281
                                                                                                                              Function 00007FF848DBD2B4 Relevance: .1, Instructions: 51COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: aaecd25765909d78c38c5833fe79e69c9d855cf45abc9b9af6d703324939b8cb
                                                                                                                              • Instruction ID: f108a6b75524979b1946a1dbcbe9d491c38553631a4baee9cd5aa3328468d778
                                                                                                                              • Opcode Fuzzy Hash: aaecd25765909d78c38c5833fe79e69c9d855cf45abc9b9af6d703324939b8cb
                                                                                                                              • Instruction Fuzzy Hash: C201D621F0E8462FE658B62C985567933C2EFA47A0B24437BD00BC32DADE1CED464245
                                                                                                                              Function 00007FF848DB60FB Relevance: .0, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bc63f76a05524bf806f3365f9a6696f33ce218ed81bb31efbf01163f8c044c65
                                                                                                                              • Instruction ID: 9645ea86cb2a21e9387314c497cb036aaa08aea7f0ce73be24160b78314c7cd3
                                                                                                                              • Opcode Fuzzy Hash: bc63f76a05524bf806f3365f9a6696f33ce218ed81bb31efbf01163f8c044c65
                                                                                                                              • Instruction Fuzzy Hash: 1DF0F43050A948AFE7A4EA2CC859EB337E5FF65350F04023AE08AC3152EA24BC428760
                                                                                                                              Function 00007FF848DB7B39 Relevance: .0, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 069f35ba47acf6043cae7c75e13ba03a6fe9a9f27fcb4f04dab3e151c55a20e6
                                                                                                                              • Instruction ID: f97df6b8a3bdd5f76b349d2612986fe4adc7dbbb0e9be988e700ca6341d87481
                                                                                                                              • Opcode Fuzzy Hash: 069f35ba47acf6043cae7c75e13ba03a6fe9a9f27fcb4f04dab3e151c55a20e6
                                                                                                                              • Instruction Fuzzy Hash: 2DF04F51D0FBC94FD357A63858252A47F70EE57951B4E00EBC088CB1E3D7085C0D835A
                                                                                                                              Function 00007FF848DBADF6 Relevance: .0, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: df267e355c62251e3dce40636f041bd10eedf29203d3edfdf2365869c77c46a2
                                                                                                                              • Instruction ID: 3d098c95c52680b39616d0955c4129e23f6728a19fc363cd206dc8123810b0b0
                                                                                                                              • Opcode Fuzzy Hash: df267e355c62251e3dce40636f041bd10eedf29203d3edfdf2365869c77c46a2
                                                                                                                              • Instruction Fuzzy Hash: C6018111F1ED8F5FE7C9F62850597B967D2EFA86C4F40407AD40EC328BEE28A94A4345
                                                                                                                              Function 00007FF84938F75F Relevance: .0, Instructions: 48COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bd9eb47d9794c69c105d9c0e1357417e9c82ab4cebf334f1d787a3c79d0d8823
                                                                                                                              • Instruction ID: e8688edf875f5a3d423a36350197ca4222738778efaa3dda0d45631188f2c0ba
                                                                                                                              • Opcode Fuzzy Hash: bd9eb47d9794c69c105d9c0e1357417e9c82ab4cebf334f1d787a3c79d0d8823
                                                                                                                              • Instruction Fuzzy Hash: 4BF02731A5EE591EE278608C6C0A2B737C8D797675F10213FE84ED3297EC4A7C424184
                                                                                                                              Function 00007FF848DCAAFD Relevance: .0, Instructions: 48COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d92597b934865e2dd0576defe37c64a8afed8ad915e8bb6528a05db0c6b5ca2e
                                                                                                                              • Instruction ID: 4fe5aa5044e7f1ad5ee99d7c7893b6fa2c6e9f2be280f9c9dc18caa6611b8437
                                                                                                                              • Opcode Fuzzy Hash: d92597b934865e2dd0576defe37c64a8afed8ad915e8bb6528a05db0c6b5ca2e
                                                                                                                              • Instruction Fuzzy Hash: 9F01A27084F3C99FD707B73498596E97FA1AF43394F0841EAE0988B0A3DBA84658C746
                                                                                                                              Function 00007FF848DB8F7D Relevance: .0, Instructions: 48COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 16bf3e89830e8266a34191ac02c3edfa9572112026cb091ee6c1599d608e2ce1
                                                                                                                              • Instruction ID: e7ccd1b872946eeed95b5f364778304fe4a6d3fe6818d6d9ed7cf7339162049c
                                                                                                                              • Opcode Fuzzy Hash: 16bf3e89830e8266a34191ac02c3edfa9572112026cb091ee6c1599d608e2ce1
                                                                                                                              • Instruction Fuzzy Hash: 80012830A1D9891FE7AAE72C88586B1B7F1FF68250B4041F7E009C319BDE199C46C381
                                                                                                                              Function 00007FF848DB755D Relevance: .0, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b2a0dff86d92d5394a2460ba5e27d4d7b7dd0c2f6db173bc5124af6783ea3b64
                                                                                                                              • Instruction ID: be56a74df5241eb7a15d1aa174190831a23c6e9cc852ec0155f40928e8344a00
                                                                                                                              • Opcode Fuzzy Hash: b2a0dff86d92d5394a2460ba5e27d4d7b7dd0c2f6db173bc5124af6783ea3b64
                                                                                                                              • Instruction Fuzzy Hash: D0F0963190E7C44FD356663858191A57BF0FF66211F4906FBD888DB1A7DB1D488A8352
                                                                                                                              Function 00007FF848DC06D8 Relevance: .0, Instructions: 44COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b90e4fd1ee0dec81493cb3cc27b5dd5861a8e7819c236d259362ac7d79ba19cc
                                                                                                                              • Instruction ID: 6b0f3f2b7d0c28329c41ed96633b3c99d38f0a56e36dbd376f4b58cbd6213da6
                                                                                                                              • Opcode Fuzzy Hash: b90e4fd1ee0dec81493cb3cc27b5dd5861a8e7819c236d259362ac7d79ba19cc
                                                                                                                              • Instruction Fuzzy Hash: 95F0F6315089084FCB58FA28E4489A6B3E0FFAD351B40073EE84EC31A0DF25A9C58784
                                                                                                                              Function 00007FF848DB7880 Relevance: .0, Instructions: 43COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 538c82b62c0a8abffed681c408b2d7bed12faf111e5915e6217d353e9a51bed8
                                                                                                                              • Instruction ID: 3e57adc2b4543b41ce50c9dc657c386c439129fff1d2f11ef3d7a8edb7d6b060
                                                                                                                              • Opcode Fuzzy Hash: 538c82b62c0a8abffed681c408b2d7bed12faf111e5915e6217d353e9a51bed8
                                                                                                                              • Instruction Fuzzy Hash: 64F0B431B19C091FE7A8E62D9848BB6B3E2FBA8350F4041B6E00EC3189DE18EC45C781
                                                                                                                              Function 00007FF848DBDF69 Relevance: .0, Instructions: 42COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 88b68b42580aa4dfb4ec95161183f8e401425042c4bcd162ff4d4098788b04bb
                                                                                                                              • Instruction ID: 3f4c1d6aa96623e82828602483c5fbad68afc5329983c8b454541880d35f1e2a
                                                                                                                              • Opcode Fuzzy Hash: 88b68b42580aa4dfb4ec95161183f8e401425042c4bcd162ff4d4098788b04bb
                                                                                                                              • Instruction Fuzzy Hash: AD01D13280E6C89FE755EB2488692E83FB0FF59250F4900EBC404CB0A7DA295948C701
                                                                                                                              Function 00007FF848DBCA18 Relevance: .0, Instructions: 40COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 62a00721ff5b1f39ab8ae4b70aa8098fee32aeaa1062c124545215cec83e71fc
                                                                                                                              • Instruction ID: 8983a57316b39a2e17d36c9f1415b578352f13ef9c3f4383a30675c1db8a09c5
                                                                                                                              • Opcode Fuzzy Hash: 62a00721ff5b1f39ab8ae4b70aa8098fee32aeaa1062c124545215cec83e71fc
                                                                                                                              • Instruction Fuzzy Hash: B5F05422E1E9DA5FF6A9A63C18553362BE0EF666C4F5900FAC049CF192D91C6C494349
                                                                                                                              Function 00007FF848DBBDA1 Relevance: .0, Instructions: 40COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 74a67f1db4a07c4133069a992dcb2c5d3d56db0f8495f4d0199fc661d4e68ecf
                                                                                                                              • Instruction ID: 21229e0867c3ef391d8d494f45f71fdb6d690311d3bb60aea184aac94ad605d7
                                                                                                                              • Opcode Fuzzy Hash: 74a67f1db4a07c4133069a992dcb2c5d3d56db0f8495f4d0199fc661d4e68ecf
                                                                                                                              • Instruction Fuzzy Hash: DFE0E563F5EACA1EF21D111C3C471B033C1CB665B0B1801ABC04AC31ABED0E59874384
                                                                                                                              Function 00007FF848DB522A Relevance: .0, Instructions: 39COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 09452fbbe939dc7887749dc46b78e1d2c2a2529b5f88fcdc46924bbe3bcd6fc1
                                                                                                                              • Instruction ID: ca004aaabed10efcc735f914e4aae241c31e6c45fe8955560c68ac723a84ecc0
                                                                                                                              • Opcode Fuzzy Hash: 09452fbbe939dc7887749dc46b78e1d2c2a2529b5f88fcdc46924bbe3bcd6fc1
                                                                                                                              • Instruction Fuzzy Hash: E5F04930E296888FDB58EF68CCA15BCB7E2EFA9741F20022DE44BD32C1DA206905C645
                                                                                                                              Function 00007FF848DB7590 Relevance: .0, Instructions: 39COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e2e9c63f27d2526b4b303ed65eac30d63385bc3bce6d36672b3d92069f91492c
                                                                                                                              • Instruction ID: ab865df932690a82af6bca6c0ac5de20d6e7ed5a485a5510506bb14cec6c1d97
                                                                                                                              • Opcode Fuzzy Hash: e2e9c63f27d2526b4b303ed65eac30d63385bc3bce6d36672b3d92069f91492c
                                                                                                                              • Instruction Fuzzy Hash: B5F08231609A084FCB98A62CF8485A673E1EBE9226B440B7FE84DD31A4DE6599858781
                                                                                                                              Function 00007FF848DCB3BB Relevance: .0, Instructions: 38COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 87a899e8f5e37b43c385857cad684074591066264fb83a99ddd45f721736025e
                                                                                                                              • Instruction ID: 7432df0ef40ee7ddcca2b3f77010a88848f810a48abc910b645d1444376d294a
                                                                                                                              • Opcode Fuzzy Hash: 87a899e8f5e37b43c385857cad684074591066264fb83a99ddd45f721736025e
                                                                                                                              • Instruction Fuzzy Hash: 5BF0543070D90A4FE760E65D94C07AD72C1EF983A1F104277D009C72A9DE58DC854784
                                                                                                                              Function 00007FF84945DE6E Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1b6723d5986711ac778fd6cb1b4a6f709013b74e5a91b7b9b243d9961d0fbad3
                                                                                                                              • Instruction ID: dbf02bd31fe547a61f6bcf55002055ac1cfb107623f9f52c6feca86eccf00edc
                                                                                                                              • Opcode Fuzzy Hash: 1b6723d5986711ac778fd6cb1b4a6f709013b74e5a91b7b9b243d9961d0fbad3
                                                                                                                              • Instruction Fuzzy Hash: 74F05C32B1CA440FD27CAA0C7842178B3C2FB89730F50017FF04AC228BDD1E58028189
                                                                                                                              Function 00007FF84945DF6A Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 91d4268bd5a0fdeefc86d994e43b1b5a2a74e282a435513eab2ff28b3c8f76c6
                                                                                                                              • Instruction ID: e1e9e201f2962d7c43d0fe84f0242c6956a51af9bd557f686c715dc9560a10c7
                                                                                                                              • Opcode Fuzzy Hash: 91d4268bd5a0fdeefc86d994e43b1b5a2a74e282a435513eab2ff28b3c8f76c6
                                                                                                                              • Instruction Fuzzy Hash: 17F0EC32B1D7550FD278AE1C7856178B3C2EB89774F50117FF18EC2287DD1A5842C18A
                                                                                                                              Function 00007FF84945DC76 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 98f61411f226a968078677e1daa3ad50f4619b4170bb5022ed9e213fcf6b5e58
                                                                                                                              • Instruction ID: 8d690a13f749d798ffeaeeb66252ac4ce0d5cb9c27ae9190b516e041401ae704
                                                                                                                              • Opcode Fuzzy Hash: 98f61411f226a968078677e1daa3ad50f4619b4170bb5022ed9e213fcf6b5e58
                                                                                                                              • Instruction Fuzzy Hash: 11F0E532B1DA550FE26CBE5C78561B8B3C2FB89775F50117FF14AC2287DD1A5842828A
                                                                                                                              Function 00007FF84945DD72 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3d2f0c937274f7e16db9547fc6f7ad864d9e5a515693f0b479ded91ae318c512
                                                                                                                              • Instruction ID: e86cdf030096934dba608240b8a1bbad2dd767c851beabd8e226a51a693435fe
                                                                                                                              • Opcode Fuzzy Hash: 3d2f0c937274f7e16db9547fc6f7ad864d9e5a515693f0b479ded91ae318c512
                                                                                                                              • Instruction Fuzzy Hash: B9F05C32B1CA540FE2787E1C7852278B3C2EB89730F40017FF14EC2287DD1958438289
                                                                                                                              Function 00007FF84945E066 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fce675ba9b48e1dad8f9816227f50e3592ae9a9caf880f3661a552a520cec815
                                                                                                                              • Instruction ID: c1bea98d416ac930a77ef82ca3abeb151b29d805bd872d5c88eee19173c7419a
                                                                                                                              • Opcode Fuzzy Hash: fce675ba9b48e1dad8f9816227f50e3592ae9a9caf880f3661a552a520cec815
                                                                                                                              • Instruction Fuzzy Hash: AAF05C32F1C6540FE228AE0C7846178B3C2EB89634F40017FF04EC2287DD195802C18A
                                                                                                                              Function 00007FF84945E162 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1bffc908f8021d67970db7d141ea973186958ffd76527cf6a994fd44ceedac6f
                                                                                                                              • Instruction ID: 8ff4090eb9aa1929ec5103e82ffa6553e350d6fbf686c3120d16f8c73a98281b
                                                                                                                              • Opcode Fuzzy Hash: 1bffc908f8021d67970db7d141ea973186958ffd76527cf6a994fd44ceedac6f
                                                                                                                              • Instruction Fuzzy Hash: 8DF05532B1DB544FE228AE0CB856179B3C2EB89770F00017FF04EC228BDD1A5943C28A
                                                                                                                              Function 00007FF84945E10E Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f95f4ccc81c4614df1699e9778bf242805464835053edf452f0307dc41767f3c
                                                                                                                              • Instruction ID: fa5003ffec6bfa79f13ecdd92f3cbfbe71a438caaed1d4f98edc4b78971e818e
                                                                                                                              • Opcode Fuzzy Hash: f95f4ccc81c4614df1699e9778bf242805464835053edf452f0307dc41767f3c
                                                                                                                              • Instruction Fuzzy Hash: 48F05532B2DA444FE27CAA0C7846178B3C2EB89634F40017FF04EC228BDD1A5803828A
                                                                                                                              Function 00007FF84945E20A Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c263a0117efba6fad19681b3a29f5f8768bb12998ace876e78df06e43a7df98a
                                                                                                                              • Instruction ID: 3bdf46827e21a130ae8bd8576c418381d3dff3d6e0479178dd32c08c78015c1a
                                                                                                                              • Opcode Fuzzy Hash: c263a0117efba6fad19681b3a29f5f8768bb12998ace876e78df06e43a7df98a
                                                                                                                              • Instruction Fuzzy Hash: 38F05532B1DB440FE27CAA0C7846178B3C2EBC9630F10017FF44EC228BDD1A5942C28A
                                                                                                                              Function 00007FF84945DF16 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e1bec1fe19a17c2e97849337e34d4a1cbb069bd503b51c04c01ebd6aa501b1ac
                                                                                                                              • Instruction ID: 5e2a88899a15c1d97342d120035b0e1b6993040da18197d30bf512466f5452ab
                                                                                                                              • Opcode Fuzzy Hash: e1bec1fe19a17c2e97849337e34d4a1cbb069bd503b51c04c01ebd6aa501b1ac
                                                                                                                              • Instruction Fuzzy Hash: DCF0E532B1DA550FE268AE1C7856178B3C2EB89674F50117FF18EC2287DD1A5842C28A
                                                                                                                              Function 00007FF84945E012 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fb9aadcc247844817d7ab208930034995ea103f501735fed551760ce82477912
                                                                                                                              • Instruction ID: ee3c47c29724beca9b0ac5be0676a493000aaea7e9f9235f31575ac905d5f505
                                                                                                                              • Opcode Fuzzy Hash: fb9aadcc247844817d7ab208930034995ea103f501735fed551760ce82477912
                                                                                                                              • Instruction Fuzzy Hash: 47F02732B1D6540FD268AA0C7856178B3C2EB89A64F00017FE14EC2287D91A5842818A
                                                                                                                              Function 00007FF84945DD1E Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 02b783318924f7464c43c82bafc63f225e083a4620db5dfb1c45452ad559309e
                                                                                                                              • Instruction ID: fa18d31b1ea7bd83510864f80da0e77fbef680c4a70627ca6c66165bb8006ec4
                                                                                                                              • Opcode Fuzzy Hash: 02b783318924f7464c43c82bafc63f225e083a4620db5dfb1c45452ad559309e
                                                                                                                              • Instruction Fuzzy Hash: BAF05C32B1CA440FE22CBE0C7842179B3C2EB89634F40017FF44AC228BDD1958038289
                                                                                                                              Function 00007FF84945DE1A Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 82fff987b1a5b12664e0ba293c1d8af622c6e11f717cacc142470788383c086e
                                                                                                                              • Instruction ID: 2a758907fd7b36f6a45e244935de98024e02bab8a38e22c73e3158a310a653fd
                                                                                                                              • Opcode Fuzzy Hash: 82fff987b1a5b12664e0ba293c1d8af622c6e11f717cacc142470788383c086e
                                                                                                                              • Instruction Fuzzy Hash: A3F05C32F1CA540FE228BE0C7842178B3C2EB99634F50017FF04AC2287DD1A5843C189
                                                                                                                              Function 00007FF84945DC22 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a7bdcb92892ba4a9a4f09e913fc38cc5cec0dc86a94602ee53a3ccbd1576ef88
                                                                                                                              • Instruction ID: f880de7d77714014891a96240e73bcca1134189ce3593fe00caac459b910260f
                                                                                                                              • Opcode Fuzzy Hash: a7bdcb92892ba4a9a4f09e913fc38cc5cec0dc86a94602ee53a3ccbd1576ef88
                                                                                                                              • Instruction Fuzzy Hash: 31F0EC32B1D6550FE2686E1C7856178B3C2EB99674F50017FF54EC2287DD195843828A
                                                                                                                              Function 00007FF84945DBCE Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 74cb7b5520c2e9cdb3f53bbe38c3f51622a5f73d4105b8541965e8634c0a1b0a
                                                                                                                              • Instruction ID: c193e8f39ed8d5775cf866bdd21f8532f101227f909a41086aa51f0477059580
                                                                                                                              • Opcode Fuzzy Hash: 74cb7b5520c2e9cdb3f53bbe38c3f51622a5f73d4105b8541965e8634c0a1b0a
                                                                                                                              • Instruction Fuzzy Hash: 64F0EC32B1DA550FE26CBA1C7856178B3C2EB89775F50017FF54AC2287DD1958428189
                                                                                                                              Function 00007FF84945DCCA Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cea7b829eb30dad6fab824ee530b8b2821d494c90fe1ba1479ea5b7d849ae7e4
                                                                                                                              • Instruction ID: a485f4d8b39e7190e57c2d4f63b9644315ac9f8efe8c55c1e00d3dbad7f17b17
                                                                                                                              • Opcode Fuzzy Hash: cea7b829eb30dad6fab824ee530b8b2821d494c90fe1ba1479ea5b7d849ae7e4
                                                                                                                              • Instruction Fuzzy Hash: 62F0EC32B1D6551FE2687A5C7856178B3C2EB89774F50027FF14AC2287DD1A58428189
                                                                                                                              Function 00007FF84945DFBE Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b99c93a47ee3c3de9276dda4cad0d0dce2e3fc074f4fb7fb208c46f0649bc3d3
                                                                                                                              • Instruction ID: 1ff33f42db1cd70cf76bb5edba68fd879835066a608761da40e2c0b960a8fbb2
                                                                                                                              • Opcode Fuzzy Hash: b99c93a47ee3c3de9276dda4cad0d0dce2e3fc074f4fb7fb208c46f0649bc3d3
                                                                                                                              • Instruction Fuzzy Hash: EFF05C32F1C6440FD2787A0C7842178B3C2FB89630F00017FF04EC2287DD1A5902818A
                                                                                                                              Function 00007FF84945E0BA Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 770106b898cb13b55b1846d3054c0e7b1362a9b71ad687fdee7133070295aa97
                                                                                                                              • Instruction ID: f1979cd943cf70a5e50ab921324513c6bdf04b6ffe1088935647366666065ae1
                                                                                                                              • Opcode Fuzzy Hash: 770106b898cb13b55b1846d3054c0e7b1362a9b71ad687fdee7133070295aa97
                                                                                                                              • Instruction Fuzzy Hash: 71F0EC32F5D7554FD26CAA1C7856179B3C2EB89674F50017FF14EC2287DD1A5843818A
                                                                                                                              Function 00007FF84945DDC6 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 74219e37cc2ab0a56c421f90b39b0c88a63a110fe9a283585f40523fcd5e5b7d
                                                                                                                              • Instruction ID: f7f21048aac1edf9179bc41f8f45fdcac429d5eda7b02a055d23585203f316eb
                                                                                                                              • Opcode Fuzzy Hash: 74219e37cc2ab0a56c421f90b39b0c88a63a110fe9a283585f40523fcd5e5b7d
                                                                                                                              • Instruction Fuzzy Hash: ADF05532B1CA440FE23CBE0C7862178B3C2EB89774F50017FF14AC2287DD1A5843828A
                                                                                                                              Function 00007FF84945DEC2 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cd32e1371e087ee6ba32aaaa8395d390809166f77cac78ee83b2b13fdfc93607
                                                                                                                              • Instruction ID: 1ff18918f3247030a63980e4cfaec3b8afd2a4637d2484dd15dbb555e8a2006d
                                                                                                                              • Opcode Fuzzy Hash: cd32e1371e087ee6ba32aaaa8395d390809166f77cac78ee83b2b13fdfc93607
                                                                                                                              • Instruction Fuzzy Hash: B2F0E532B5DA550FE268AE1C7856178B3C2EB99675F50027FF14EC2287DD1A6842C28A
                                                                                                                              Function 00007FF84945E1B6 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 16cdb42c7c8441c26422ce62a87ae67499f8682c3da4db9513ec3fde22463faa
                                                                                                                              • Instruction ID: d6d3c915093c7a730dde490e4f9a58ce8db9d7cf2a8abebd5fda247b30d41d5a
                                                                                                                              • Opcode Fuzzy Hash: 16cdb42c7c8441c26422ce62a87ae67499f8682c3da4db9513ec3fde22463faa
                                                                                                                              • Instruction Fuzzy Hash: 1EF0E532F1DA550FE278AA1C7856179B3C2EB89675F5001BFF14EC2287DD1A5942828A
                                                                                                                              Function 00007FF849389A66 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e220c0e7e267b05576aa5831e034a6177247d66d77d6fc2e31135fb61dae85ce
                                                                                                                              • Instruction ID: df43ebfc9bec6841541513f9f384247cc7c1cf53dce4eeaccded411061924f67
                                                                                                                              • Opcode Fuzzy Hash: e220c0e7e267b05576aa5831e034a6177247d66d77d6fc2e31135fb61dae85ce
                                                                                                                              • Instruction Fuzzy Hash: B2F05C32F1D6440FE228AA0C7842178B7C1FB8A624F10117FE44BC228ADD1A1802818A
                                                                                                                              Function 00007FF849389676 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 265d8fd02b495a7cdb590d7c5bd5c381eda34b88fa1bead90ed7c392d1ec5c6a
                                                                                                                              • Instruction ID: 80e2504efb2c0a15ecdb3d50c1ff7a6d2c549cfe01664d14cd3e6177f8ee069c
                                                                                                                              • Opcode Fuzzy Hash: 265d8fd02b495a7cdb590d7c5bd5c381eda34b88fa1bead90ed7c392d1ec5c6a
                                                                                                                              • Instruction Fuzzy Hash: BAF0EC32B5D6450FE268AE1C785617877C1EBC9664F51117FE44AC2286DD1A5842418A
                                                                                                                              Function 00007FF849389A12 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7fd9846c16c4e6779642cba0860ce745be1a39aa4a11d9fb84f29a749f723495
                                                                                                                              • Instruction ID: 03e9a82c9fbbe7fef7c4bc6d963a94fbc719e42f758dde46ba14624666a11dee
                                                                                                                              • Opcode Fuzzy Hash: 7fd9846c16c4e6779642cba0860ce745be1a39aa4a11d9fb84f29a749f723495
                                                                                                                              • Instruction Fuzzy Hash: B4F0EC32B1D6450FE268EA1C785617877C1EBC9668F50117FE44EC6286DD1A5842418A
                                                                                                                              Function 00007FF849389622 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: da316ed444fdd9d9a6e0715e5811971a772fb988c51c89d2711081e78c83d795
                                                                                                                              • Instruction ID: f6e57b709691dff021a164677e5818d0c6955bcea428d28c0cf262ec241b172b
                                                                                                                              • Opcode Fuzzy Hash: da316ed444fdd9d9a6e0715e5811971a772fb988c51c89d2711081e78c83d795
                                                                                                                              • Instruction Fuzzy Hash: 33F0E532B1DA450FE268AA1C7856178B7D2EB8A674F50117FE44AC628ADD1A5843828A
                                                                                                                              Function 00007FF849389ABA Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 704f83d9461bb7f18e55e29ce7a8b9cb30fec1a517b058daabe656102b5352c0
                                                                                                                              • Instruction ID: 56f4e11bf0e2714e877068d07ade66d7386437fa9cc804cf5ca333b4f5793eb5
                                                                                                                              • Opcode Fuzzy Hash: 704f83d9461bb7f18e55e29ce7a8b9cb30fec1a517b058daabe656102b5352c0
                                                                                                                              • Instruction Fuzzy Hash: 54F0EC32B5D6450FE26CAA1C7856178B7C1EB8A664F50117FE44AC228ADD1A5843418A
                                                                                                                              Function 00007FF84938996A Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7faf3c14df4a245ca045822b1f3cd8dca4de6301ba7f42d2461065ba363fb9cb
                                                                                                                              • Instruction ID: 5b794cc802e2f731195995a5ea30373d4037a76d61b38eb7e8e68e791ea814f8
                                                                                                                              • Opcode Fuzzy Hash: 7faf3c14df4a245ca045822b1f3cd8dca4de6301ba7f42d2461065ba363fb9cb
                                                                                                                              • Instruction Fuzzy Hash: C7F0E532B1DB450FE678AE1C7856178B7C2EB8A764F50117FE54AC228BDD1A5842828A
                                                                                                                              Function 00007FF849389916 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 19e8a18bc9e70465e9f6b15b420553253d3f00795c829fb82d5b77dee235358a
                                                                                                                              • Instruction ID: 7a5eb76042c277861066d7297c427d63e831fd23e4af3a38eddfcb55493604a4
                                                                                                                              • Opcode Fuzzy Hash: 19e8a18bc9e70465e9f6b15b420553253d3f00795c829fb82d5b77dee235358a
                                                                                                                              • Instruction Fuzzy Hash: 18F05C32B1D6440FE268AE1C784217C73C2EB89624F00117FE04EC2287DD1A18028289
                                                                                                                              Function 00007FF849389526 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b7223c1d6c11abb19be12afbca81a8c811668b89ae24f9d06bb52caaf2c6ee26
                                                                                                                              • Instruction ID: 3d854c905596d20cff776cdffd31b9585ef134ddccb6631c66918f210ad42d04
                                                                                                                              • Opcode Fuzzy Hash: b7223c1d6c11abb19be12afbca81a8c811668b89ae24f9d06bb52caaf2c6ee26
                                                                                                                              • Instruction Fuzzy Hash: 69F05C32F1D6440FE228AE0C784617873C2EBCA625F50117FE44AC2286DD1A18024289
                                                                                                                              Function 00007FF8493899BE Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 94cbcffde40525a88b81d223125dc05d1e196b8bcfb3293df92785ce00d39a7c
                                                                                                                              • Instruction ID: 236fef5aab5c4d871b27090a67799ec73649471aace21e1764b5917ac6375928
                                                                                                                              • Opcode Fuzzy Hash: 94cbcffde40525a88b81d223125dc05d1e196b8bcfb3293df92785ce00d39a7c
                                                                                                                              • Instruction Fuzzy Hash: 3CF05C32F1D6440FE268AA0C784217873C2FBCA668F40117FE44AC228BDD1A1C02818A
                                                                                                                              Function 00007FF8493895CE Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b4ab1b190c6cfba8d9ca28d1f7e937004e07594366d246efb4f720ddac1d5c54
                                                                                                                              • Instruction ID: 3c0e8f2efe7ddbc5d25b9093b0def686dbfb7c954e8ca10e46b06b2cef4d40a2
                                                                                                                              • Opcode Fuzzy Hash: b4ab1b190c6cfba8d9ca28d1f7e937004e07594366d246efb4f720ddac1d5c54
                                                                                                                              • Instruction Fuzzy Hash: B6F0EC32B5DA450FF268AA1C785617877C2EBC9774F50117FE44AC228ADD1A58424189
                                                                                                                              Function 00007FF84938957A Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3d4592c52db805bc4d0d5664fd9880c3010d30fc9c6c99bfe2c908a613d0b432
                                                                                                                              • Instruction ID: 456837a0484caef155d9de0015d1cde9617605622678416da383827b12c7776b
                                                                                                                              • Opcode Fuzzy Hash: 3d4592c52db805bc4d0d5664fd9880c3010d30fc9c6c99bfe2c908a613d0b432
                                                                                                                              • Instruction Fuzzy Hash: 59F0EC32B1D6450FE268AA1C785617977C1EBC9769F50117FE44AC2286DD1A58424289
                                                                                                                              Function 00007FF849389C0A Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 00a94e4273bc0839025816452c62d59b260b2bfbd0c3ce21fa478b6572c894fe
                                                                                                                              • Instruction ID: dddfad45f767a7684d4ca1a08553ffaf7d0e6431daf448fdf56454b108500510
                                                                                                                              • Opcode Fuzzy Hash: 00a94e4273bc0839025816452c62d59b260b2bfbd0c3ce21fa478b6572c894fe
                                                                                                                              • Instruction Fuzzy Hash: 89F0EC32F1D6450FE27CEA1C785617877C2EF89664F50117FE44AC228ADD1A6C424189
                                                                                                                              Function 00007FF8493898C2 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9f3242a657958daa515d2f2454e4308c082a41ff522bc885d774cfa8beab4f2b
                                                                                                                              • Instruction ID: f4a2f134c426370071094b97ba238b45ca02d038602ceb7f8c8ea384013ccc39
                                                                                                                              • Opcode Fuzzy Hash: 9f3242a657958daa515d2f2454e4308c082a41ff522bc885d774cfa8beab4f2b
                                                                                                                              • Instruction Fuzzy Hash: 85F05C32B1D6450FE268EE0C785217873C1EB8A764F00017FE04EC2286DD1A18438189
                                                                                                                              Function 00007FF849389B62 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a8e5799532ae6a11fe6f60727bd490db2a986c7e4486551ff89c3a41c02f994e
                                                                                                                              • Instruction ID: 5fc19ede4b9b1bdcf7cf3e546d0fa2fc90f700fdad2957df5077570cffba9f4f
                                                                                                                              • Opcode Fuzzy Hash: a8e5799532ae6a11fe6f60727bd490db2a986c7e4486551ff89c3a41c02f994e
                                                                                                                              • Instruction Fuzzy Hash: 58F0EC32B1D6450FE66CAE1C785617877C2EB89765F50117FE44AC228ADD1A68428189
                                                                                                                              Function 00007FF849389772 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 999f9f7c810c7f316ad8bc91ea7710f54c46c7ac9f5dd9fc6517805ee08e1072
                                                                                                                              • Instruction ID: d74523c52c12f431188c7894c907149de99aa70c832df136bf6dd14375190dde
                                                                                                                              • Opcode Fuzzy Hash: 999f9f7c810c7f316ad8bc91ea7710f54c46c7ac9f5dd9fc6517805ee08e1072
                                                                                                                              • Instruction Fuzzy Hash: C5F0EC32B1D6450FE268AE1C785617877C1EB8A764F50117FE44FC2286DD1A58424189
                                                                                                                              Function 00007FF849389B0E Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 18c486af64d44a51236a1d9b96b34964516b28535dd70553897c048ba4dd9361
                                                                                                                              • Instruction ID: dd7b778e0231857b46b7e17143aeed68074e25e4c24210ae2e301d9450396a41
                                                                                                                              • Opcode Fuzzy Hash: 18c486af64d44a51236a1d9b96b34964516b28535dd70553897c048ba4dd9361
                                                                                                                              • Instruction Fuzzy Hash: 8DF0EC32B1D6550FE27CAE1C785617877C2EBC9665F50117FE44AC228EDD1A68434189
                                                                                                                              Function 00007FF849389BB6 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d3f5a8352599d1df55f68dd188b6bc9fa8f5c59a54b475c6030a4d73421c510e
                                                                                                                              • Instruction ID: ccee9b9f99b391b1bcbeb52842cc317969a31ecbead8bf862f2795be38d4fb1b
                                                                                                                              • Opcode Fuzzy Hash: d3f5a8352599d1df55f68dd188b6bc9fa8f5c59a54b475c6030a4d73421c510e
                                                                                                                              • Instruction Fuzzy Hash: BEF0EC32F1D6450FE27CBA1C7856178B7C2EB89669F50117FE04AC2286DD1A68424189
                                                                                                                              Function 00007FF849189E2A Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3433316659.00007FF849170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849170000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849170000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 262f5e58cb7141ca0c5392fdb313755eebe425292dba83a175801095392a35d1
                                                                                                                              • Instruction ID: f9bb44947623b8731315e837ed9b421df074e2ec914146fb956fdafd93bf7453
                                                                                                                              • Opcode Fuzzy Hash: 262f5e58cb7141ca0c5392fdb313755eebe425292dba83a175801095392a35d1
                                                                                                                              • Instruction Fuzzy Hash: 88F0E532B1DB450FE668AA1C789617977C2EF89764F5002BFE04AC2286DD1E5843968A
                                                                                                                              Function 00007FF849189E7E Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3433316659.00007FF849170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849170000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849170000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: caa3fa6978a61add81afce7ef96232ef2eee3ed0c6e72404b2edeebede5eed87
                                                                                                                              • Instruction ID: 83dfb7ed11e3b1d411ba3bf7878a2769cc0dd5c66cc4dc29c21a887c8ac803d9
                                                                                                                              • Opcode Fuzzy Hash: caa3fa6978a61add81afce7ef96232ef2eee3ed0c6e72404b2edeebede5eed87
                                                                                                                              • Instruction Fuzzy Hash: 1EF0EC21B2DA450FD268AA1C78561B977C2EBC9665F54017FE44AC2286DD1D5843428A
                                                                                                                              Function 00007FF84918A2C2 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3433316659.00007FF849170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849170000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849170000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 09f30a991ed8c4edd4dc8e08fea16ba9644c9daead095f8e1d06b7f65a8a4322
                                                                                                                              • Instruction ID: baf557dc5a77354fae9a2080cf0d8fa22b9a5cb15f03eb8b8268f9607f805810
                                                                                                                              • Opcode Fuzzy Hash: 09f30a991ed8c4edd4dc8e08fea16ba9644c9daead095f8e1d06b7f65a8a4322
                                                                                                                              • Instruction Fuzzy Hash: 30F0E522B1DB550FE268AA1C785617973C2EF89764F5401BFE44AC2286DD1E5843828A
                                                                                                                              Function 00007FF849189ED2 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3433316659.00007FF849170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849170000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849170000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ae5203a7d49e8ee64a8251c2da949b6df38ff2526f9fe90e1290a3220c7dbbae
                                                                                                                              • Instruction ID: fa156b47ff631edebdc300fa105f68d37fb70cf6de2151ef479e83f925a55df7
                                                                                                                              • Opcode Fuzzy Hash: ae5203a7d49e8ee64a8251c2da949b6df38ff2526f9fe90e1290a3220c7dbbae
                                                                                                                              • Instruction Fuzzy Hash: 15F0E522B2DA450FE268EE1C785617977C2EB89764F5002BFE04EC2286DD1E5843928A
                                                                                                                              Function 00007FF84945E2AF Relevance: .0, Instructions: 36COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 81f58c32945f30bed3912103e792dbb96d8f34f521a45bb97518cdf2ca5dc2bd
                                                                                                                              • Instruction ID: 18e51c79b43e6b70c219436df58e811d168454e0b94749445d854aad3af1dda9
                                                                                                                              • Opcode Fuzzy Hash: 81f58c32945f30bed3912103e792dbb96d8f34f521a45bb97518cdf2ca5dc2bd
                                                                                                                              • Instruction Fuzzy Hash: D8E02B32F1DB480FD26CAB1C7852178B3C2EBC9634F44017FF04EC2287DD1A5842828A
                                                                                                                              Function 00007FF849389CAF Relevance: .0, Instructions: 36COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f9f16ca884a4affdb23cb26d357b1d5ccc499b00db5324966790228d262ff1ec
                                                                                                                              • Instruction ID: 812de5276c7ff8b119ff2356ba518144b1fecb707bfc940e9adf8903a8cd7806
                                                                                                                              • Opcode Fuzzy Hash: f9f16ca884a4affdb23cb26d357b1d5ccc499b00db5324966790228d262ff1ec
                                                                                                                              • Instruction Fuzzy Hash: 6CE02B32F5DA480FD26CAB1C7852178B3C2EB89624F40117FE04AC2287DD5A6846828A
                                                                                                                              Function 00007FF848DBB40E Relevance: .0, Instructions: 36COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: df5ed39edfb234df4fdb24ec3b3a768e9a89e2b515191fbde15662e23774f825
                                                                                                                              • Instruction ID: f8133884c544791fba11f5d165165664fcd0b48fc34b51a29abf6ae2234e0e84
                                                                                                                              • Opcode Fuzzy Hash: df5ed39edfb234df4fdb24ec3b3a768e9a89e2b515191fbde15662e23774f825
                                                                                                                              • Instruction Fuzzy Hash: D4F03020F1DE491FE698F62D541A37932C2EFA8651F40053AD00EC3397EE286C45064A
                                                                                                                              Function 00007FF84945E25E Relevance: .0, Instructions: 34COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3441149002.00007FF849450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849450000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff849450000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 127b186770f3278a69ff7cb24694bd3651fb3e593c342c16a766d37b6afaf176
                                                                                                                              • Instruction ID: 297d7c02c1fc293e6dd3b4afa05633d0b23b3091898425d591467ac2661f99d7
                                                                                                                              • Opcode Fuzzy Hash: 127b186770f3278a69ff7cb24694bd3651fb3e593c342c16a766d37b6afaf176
                                                                                                                              • Instruction Fuzzy Hash: 50E0E532B1D6858FD2286A1C7852179B3C2FB89674F50057FF18AC228BD92A5406C28A
                                                                                                                              Function 00007FF849389C5E Relevance: .0, Instructions: 34COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3438509023.00007FF84937D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF84937D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff84937d000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6eb6a463c548d1fafde16c43a93ae3a66495ab3620727553c7c9ddd7924da55f
                                                                                                                              • Instruction ID: edc50b91213127c7cca05f18a1e46afb6ca2568d6f82c7affab402f35fb71c7a
                                                                                                                              • Opcode Fuzzy Hash: 6eb6a463c548d1fafde16c43a93ae3a66495ab3620727553c7c9ddd7924da55f
                                                                                                                              • Instruction Fuzzy Hash: EFE0EC32B1D6494FD268AA1C7856178B7C1EB85664F50117FE14A8114AD91A6402818D
                                                                                                                              Function 00007FF848DB9411 Relevance: .0, Instructions: 33COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b67a0ad2de95896c751eff8c7170d351210f40c1e9f9ac108ffa52fd8bbf4ef1
                                                                                                                              • Instruction ID: cda82381cb350164d002f796c851fbc252e595168fd68709609ce62d890f5e6d
                                                                                                                              • Opcode Fuzzy Hash: b67a0ad2de95896c751eff8c7170d351210f40c1e9f9ac108ffa52fd8bbf4ef1
                                                                                                                              • Instruction Fuzzy Hash: 3EE0ED2180FBC54FE393A638095E7647FA2AF17620B5900DBD008CB0A3EA2C0809935B
                                                                                                                              Function 00007FF848DB7EB1 Relevance: .0, Instructions: 32COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: edc48f7d7a57829f3cac83396b2baa6acba113af5073e2ca99c5b0555c39b2ac
                                                                                                                              • Instruction ID: cbc36fe4f7f66c14cf362e3573f92ce8518936b79021d26cc092f74ea2d5980c
                                                                                                                              • Opcode Fuzzy Hash: edc48f7d7a57829f3cac83396b2baa6acba113af5073e2ca99c5b0555c39b2ac
                                                                                                                              • Instruction Fuzzy Hash: E6E06831D0ED0C8FDB04FA9AAC986D53BA8FF9D328F04012AE00CC3090D3254984C719
                                                                                                                              Function 00007FF848DB4651 Relevance: .0, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b11aef907d3b0cbec48fc6a6f372ede8162db7ee0fedf75c05e2d1fcfb8758a0
                                                                                                                              • Instruction ID: 8869fe7e6f0ef79a623e0c9460fbc0266bd999347273056c2232952692f2e20e
                                                                                                                              • Opcode Fuzzy Hash: b11aef907d3b0cbec48fc6a6f372ede8162db7ee0fedf75c05e2d1fcfb8758a0
                                                                                                                              • Instruction Fuzzy Hash: 0CF03972C0DA8C9FDB51EBA4881A2CDBB70EF14365F0440E6E5289B182E7385618CF95
                                                                                                                              Function 00007FF848DCB6C8 Relevance: .0, Instructions: 30COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3c67a9043cde5909f02ca892a21fc2fb921f8b45173471099b6617ef0fdfdb6b
                                                                                                                              • Instruction ID: 1bdfaf3ef2da3f349600758ed85d009264d278e9b8a0f791a6696c32aa3c2e1a
                                                                                                                              • Opcode Fuzzy Hash: 3c67a9043cde5909f02ca892a21fc2fb921f8b45173471099b6617ef0fdfdb6b
                                                                                                                              • Instruction Fuzzy Hash: 44E09A11F2EC6E1AFAA8B2A854063BC40C5DF486D5F4401B5E81ED32CADD1C6D8606D9
                                                                                                                              Function 00007FF848E07627 Relevance: .0, Instructions: 30COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 49b7a0fdfd8df2ab42b590b2301c9c3e4098408a969b9cf2b1c8beab14d33a04
                                                                                                                              • Instruction ID: 017866f6e070986deeb950e8b9dc56ad6893865bfe79e45ef7394efcedc53fa3
                                                                                                                              • Opcode Fuzzy Hash: 49b7a0fdfd8df2ab42b590b2301c9c3e4098408a969b9cf2b1c8beab14d33a04
                                                                                                                              • Instruction Fuzzy Hash: 65E0DF35D1C9AC8FDB44BA68BC142E9BBA4FB8A308F0409AAE45CC7181E73A5455C359
                                                                                                                              Function 00007FF848DCB39D Relevance: .0, Instructions: 29COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0491c7d1eaa6044fde7eec25d384eaacee7167c1d24b8153c9aa716a7fa70f7a
                                                                                                                              • Instruction ID: af604aa18e2320779c6998a8db69c5b2d15ed1aa4018aeb29d6f61241a8785db
                                                                                                                              • Opcode Fuzzy Hash: 0491c7d1eaa6044fde7eec25d384eaacee7167c1d24b8153c9aa716a7fa70f7a
                                                                                                                              • Instruction Fuzzy Hash: 85E09221B0E80A5FEB50B669A8806FD7382DFC13F1F14437AE816C72D9EE5CD8864385
                                                                                                                              Function 00007FF848DBB9B7 Relevance: .0, Instructions: 28COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c4108ae0d65055312ca0e533a8ad330f3b5b37b9ae7042c69ccd28fac0d69397
                                                                                                                              • Instruction ID: 7230a33a530ebedafda557677b419e36a11e285e4c6bbb59f8c4aa7987e8ebca
                                                                                                                              • Opcode Fuzzy Hash: c4108ae0d65055312ca0e533a8ad330f3b5b37b9ae7042c69ccd28fac0d69397
                                                                                                                              • Instruction Fuzzy Hash: 9DE09252E2EC8A5FD358B629540667572D2FF686E0F4801BDC04B831CADE1CAA09028D
                                                                                                                              Function 00007FF848DB7132 Relevance: .0, Instructions: 27COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 07391d77c0749d505ae154162c3c213459de9a5c485f2ab99389136837b64339
                                                                                                                              • Instruction ID: 15fa350e27d837e7782b26a7b173abb87cc4d14562e4bdc9fb8240b9251a3175
                                                                                                                              • Opcode Fuzzy Hash: 07391d77c0749d505ae154162c3c213459de9a5c485f2ab99389136837b64339
                                                                                                                              • Instruction Fuzzy Hash: B2E0D821F0E8498FF388F128901437517D2FBA9681F504066C00DC32AAEE185C424300
                                                                                                                              Function 00007FF848DB6A85 Relevance: .0, Instructions: 25COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8d71d9ccd87b018b93e47d06c1d75be237a5428addb892eaae56951a8773395a
                                                                                                                              • Instruction ID: c713c0cdbf73808068f3c8462642dc555d41edce60633584abe58d7e9f079e45
                                                                                                                              • Opcode Fuzzy Hash: 8d71d9ccd87b018b93e47d06c1d75be237a5428addb892eaae56951a8773395a
                                                                                                                              • Instruction Fuzzy Hash: 78E0DF10A1F9C91FE357723C0419B382FE2DF97664F1800EAD048C7093DE1C180A935E
                                                                                                                              Function 00007FF848DB39F8 Relevance: .0, Instructions: 20COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 75baa188189bee0e45a41c4334fdf1eec7231336daf057d2a1662cc5ff0bbc53
                                                                                                                              • Instruction ID: 8c569705727419b9e96ea402114ba115bc1fee991079172444b8a6c747535ff6
                                                                                                                              • Opcode Fuzzy Hash: 75baa188189bee0e45a41c4334fdf1eec7231336daf057d2a1662cc5ff0bbc53
                                                                                                                              • Instruction Fuzzy Hash: 90E08C71C0891CAEDF10FFA4D8013DEB7B0FF14358F0080A6E528A3140D73822188F98
                                                                                                                              Function 00007FF848DBAE60 Relevance: .0, Instructions: 20COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2b034c1a08149f426ff1ad33edf03c630d39a97fc8bc73120121706d134100fd
                                                                                                                              • Instruction ID: edc51463c61daa956fc2c4b9a543c917ec2bd4cd3681d6ba6f966dd4276d4a28
                                                                                                                              • Opcode Fuzzy Hash: 2b034c1a08149f426ff1ad33edf03c630d39a97fc8bc73120121706d134100fd
                                                                                                                              • Instruction Fuzzy Hash: 2DD01236E1A80A9FEFD4AD184445B6933E1FB74780B004165C41883145DA28AD964781
                                                                                                                              Function 00007FF848DB4F58 Relevance: .0, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3f9a0a1218ebd11ffcb89070e91a10016e44b434364328a0e94a99b2c8fc4e1e
                                                                                                                              • Instruction ID: daf51f5b1a9a45ca6c67d1c4b45fb029f4b8b80b0d05bccca00e1f5554c3a4b2
                                                                                                                              • Opcode Fuzzy Hash: 3f9a0a1218ebd11ffcb89070e91a10016e44b434364328a0e94a99b2c8fc4e1e
                                                                                                                              • Instruction Fuzzy Hash: FAD05B2055E90E8FD645F72DC49162437E0FF19384FD440E4D40DDB291DE1AFC498705
                                                                                                                              Function 00007FF848DC6890 Relevance: .0, Instructions: 17COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e2f9f4a41e527b046b3a193ad67c3b34b80602849e701a2f134f7b6320743307
                                                                                                                              • Instruction ID: 9add2cf073dd9abadc70589a5284cf0f3709f153fc1f1984efaaffad465a130f
                                                                                                                              • Opcode Fuzzy Hash: e2f9f4a41e527b046b3a193ad67c3b34b80602849e701a2f134f7b6320743307
                                                                                                                              • Instruction Fuzzy Hash: 36D01770D2D50DEEDF41FFA484016EEB7A4EF40384F000566F41DD3145DB38A6188789
                                                                                                                              Function 00007FF848DCB3D5 Relevance: .0, Instructions: 15COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e4e25f96ac453c384aea529bf10034b817b4db19bf04cb5637d50970923276c5
                                                                                                                              • Instruction ID: 653f0017038334827829e40b7e309614466aecc6fd1a68b7ad9715a426f5ddc4
                                                                                                                              • Opcode Fuzzy Hash: e4e25f96ac453c384aea529bf10034b817b4db19bf04cb5637d50970923276c5
                                                                                                                              • Instruction Fuzzy Hash: 9BC012313098088FD6A4EA8EF884AA977E0FF4826171000F6F009CB2A5D615DC808780
                                                                                                                              Function 00007FF848DBC446 Relevance: .0, Instructions: 9COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0fdb33f5f26c8e4a571297b11a218b81f98e08b745221400251803a84565c0e2
                                                                                                                              • Instruction ID: b15d7265435fe3d6f3c35a7d775f6174cb843b434240ba92f8b78e698f8b0b12
                                                                                                                              • Opcode Fuzzy Hash: 0fdb33f5f26c8e4a571297b11a218b81f98e08b745221400251803a84565c0e2
                                                                                                                              • Instruction Fuzzy Hash: 4EB01202E2E84F2EF2957129005A3B812E2FF745A0F100070C00EC318BEE1D2947020D
                                                                                                                              Function 00007FF848DB704B Relevance: .0, Instructions: 8COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3425963862.00007FF848DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DB0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff848db0000_Screenpresso.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 37bf07e6d565cba27f04ad066b9f9ad27fa058b2f66c2e7abe978f2938c06771
                                                                                                                              • Instruction ID: e80c8166f170a1ddd55b8009026bcb0c76f67d9941c27e6cc48fa213082d33e7
                                                                                                                              • Opcode Fuzzy Hash: 37bf07e6d565cba27f04ad066b9f9ad27fa058b2f66c2e7abe978f2938c06771
                                                                                                                              • Instruction Fuzzy Hash: 5EB01253F04C064FE3985018088937003E2D7B44407055031880FC3145ED040C060244