Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1545304
MD5:e2f4a20bf1778ddb6396f48f6f4a9a32
SHA1:75d402e0a8645b0a33f93ed6a66f76fe22496987
SHA256:a76920b863ff403f08436950963f30333e7b9297d36f2cec8e26bd94d66c8f1a
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Program does not show much activity (idle)
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 2872 cmdline: "C:\Users\user\Desktop\file.exe" MD5: E2F4A20BF1778DDB6396F48F6F4A9A32)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["contemteny.site", "goalyfeastz.site", "servicedny.site", "seallysl.site", "opposezmny.site", "authorisev.site", "dilemmadu.site", "faulteyotk.site"], "Build id": "2Zo0RN--PRIVATE"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.binstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Found malware configuration
    Source: file.exeMalware Configuration Extractor: LummaC {"C2 url": ["contemteny.site", "goalyfeastz.site", "servicedny.site", "seallysl.site", "opposezmny.site", "authorisev.site", "dilemmadu.site", "faulteyotk.site"], "Build id": "2Zo0RN--PRIVATE"}
    Multi AV Scanner detection for submitted file
    Source: file.exeReversingLabs: Detection: 44%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 82.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: file.exeString decryptor: servicedny.site
    Source: file.exeString decryptor: authorisev.site
    Source: file.exeString decryptor: faulteyotk.site
    Source: file.exeString decryptor: dilemmadu.site
    Source: file.exeString decryptor: contemteny.site
    Source: file.exeString decryptor: goalyfeastz.site
    Source: file.exeString decryptor: opposezmny.site
    Source: file.exeString decryptor: seallysl.site
    Source: file.exeString decryptor: goalyfeastz.site
    Source: file.exeString decryptor: lid=%s&j=%s&ver=4.0
    Source: file.exeString decryptor: TeslaBrowser/5.5
    Source: file.exeString decryptor: - Screen Resoluton:
    Source: file.exeString decryptor: - Physical Installed Memory:
    Source: file.exeString decryptor: Workgroup: -
    Source: file.exeString decryptor: 2Zo0RN--PRIVATE
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx esi, byte ptr [eax]0_2_005941F0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, ecx0_2_0059137E
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, ecx0_2_005913D5
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_0057E870
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [edi+ebx]0_2_00555820
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, eax0_2_0055E8DE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0056C8CE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, eax0_2_0058A97E
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [eax+ebx*8], 7CDE1E50h0_2_0058A97E
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B62B8D10h0_2_0058A97E
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B62B8D10h0_2_0058B170
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx+esi]0_2_0055C960
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+5A603547h]0_2_00560118
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ebx], dl0_2_00560118
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [ecx+eax-24F86745h]0_2_00560118
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, ecx0_2_00560118
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, ecx0_2_00560118
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+5A603547h]0_2_00560130
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ebx], dl0_2_00560130
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [ecx+eax-24F86745h]0_2_00560130
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, ecx0_2_00560130
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, ecx0_2_00560130
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp edx0_2_005931D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then xor byte ptr [ecx+ebx], bl0_2_005931D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-7DC9E524h]0_2_005741E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, eax0_2_0055E996
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_0057AA40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0057CA72
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0057CA72
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+1817620Ch]0_2_0057AA60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [eax+ebx], 00000030h0_2_005512D5
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+2BB126CDh]0_2_0058FAD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp edx0_2_005932C0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then xor byte ptr [ecx+ebx], bl0_2_005932C0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, edx0_2_00571B40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ebx], cl0_2_0057EB60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, eax0_2_0057EB60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then lea edx, dword ptr [eax-80h]0_2_0057EB60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [esi+ecx+0000009Ch]0_2_0057EB60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+068F7B6Bh]0_2_0057EB60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esi+04h], eax0_2_0057EB60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0057EB60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, ebx0_2_00571333
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx esi, byte ptr [eax]0_2_00594380
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp edx0_2_005933B0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then xor byte ptr [ecx+ebx], bl0_2_005933B0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp al, 2Eh0_2_0057AC04
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_0057E400
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, esi0_2_0056ECDE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00587CA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [ebx], ax0_2_0056F510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0056F510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, eax0_2_0055D500
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_0056D5AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-67BC38F0h]0_2_00591648
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0057DE70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+3Ch], 595A5B84h0_2_00590E3A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_0058C6D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, dword ptr [esp+54h]0_2_0057CEDA
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0056C6E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp edx0_2_00592EB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then xor byte ptr [ecx+ebx], bl0_2_00592EB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00575F00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, word ptr [edx]0_2_00578F00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then xor byte ptr [ecx+ebx], bl0_2_00593720
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx+52B71DE2h]0_2_00591720
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [esp+ebx-09A22FB6h]0_2_0058F7E0

    Networking

    barindex
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: contemteny.site
    Source: Malware configuration extractorURLs: goalyfeastz.site
    Source: Malware configuration extractorURLs: servicedny.site
    Source: Malware configuration extractorURLs: seallysl.site
    Source: Malware configuration extractorURLs: opposezmny.site
    Source: Malware configuration extractorURLs: authorisev.site
    Source: Malware configuration extractorURLs: dilemmadu.site
    Source: Malware configuration extractorURLs: faulteyotk.site
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00585210 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_00585210
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00585210 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_00585210
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005859B7 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,0_2_005859B7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005886FE0_2_005886FE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005928500_2_00592850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005510000_2_00551000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005768000_2_00576800
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056482A0_2_0056482A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005600C50_2_005600C5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005538E00_2_005538E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0057509D0_2_0057509D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005899400_2_00589940
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055F9700_2_0055F970
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0058A97E0_2_0058A97E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005579600_2_00557960
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005601180_2_00560118
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005601300_2_00560130
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005949200_2_00594920
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005831DE0_2_005831DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005931D00_2_005931D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005741E00_2_005741E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005791E00_2_005791E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005819800_2_00581980
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055F2500_2_0055F250
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0057AA400_2_0057AA40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055A2700_2_0055A270
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0057CA720_2_0057CA72
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055B2600_2_0055B260
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0058E2300_2_0058E230
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00570A240_2_00570A24
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005512D50_2_005512D5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005932C00_2_005932C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0058A2E00_2_0058A2E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056E2980_2_0056E298
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00571B400_2_00571B40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0057EB600_2_0057EB60
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055DB200_2_0055DB20
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055132D0_2_0055132D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00565BD80_2_00565BD8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0057C3E00_2_0057C3E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005923800_2_00592380
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005933B00_2_005933B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00589BA00_2_00589BA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00594C500_2_00594C50
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00584C600_2_00584C60
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0057AC040_2_0057AC04
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0058EC200_2_0058EC20
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00577CD20_2_00577CD2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056ECDE0_2_0056ECDE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055ECC00_2_0055ECC0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005794940_2_00579494
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005594BF0_2_005594BF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055BD700_2_0055BD70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056F5100_2_0056F510
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00579D000_2_00579D00
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055ADD00_2_0055ADD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00582D800_2_00582D80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005835B00_2_005835B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005755A40_2_005755A4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00558DA00_2_00558DA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056D5AF0_2_0056D5AF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00572E500_2_00572E50
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0057D6420_2_0057D642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0057BE100_2_0057BE10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005946200_2_00594620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0057762D0_2_0057762D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0057A6D00_2_0057A6D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00592EB00_2_00592EB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005726A00_2_005726A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0057762D0_2_0057762D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055D7600_2_0055D760
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00556F600_2_00556F60
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00578F000_2_00578F00
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005794940_2_00579494
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005937200_2_00593720
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005917200_2_00591720
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00558DA00_2_00558DA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0057B7D90_2_0057B7D9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0057B7FE0_2_0057B7FE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00559F9C0_2_00559F9C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00576F820_2_00576F82
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00584F800_2_00584F80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00591F800_2_00591F80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00554FA00_2_00554FA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00559FA80_2_00559FA8
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0056C2A0 appears 176 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0055C8C0 appears 71 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: classification engineClassification label: mal84.troj.evad.winEXE@1/0@0/0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00582088 CoCreateInstance,0_2_00582088
    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeReversingLabs: Detection: 44%
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: C:\Users\user\Desktop\file.exeAPI coverage: 4.9 %
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
    Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-15582
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00590D90 LdrInitializeThunk,0_2_00590D90
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exe, 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: servicedny.site
    Source: file.exe, 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: authorisev.site
    Source: file.exe, 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: faulteyotk.site
    Source: file.exe, 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: dilemmadu.site
    Source: file.exe, 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: contemteny.site
    Source: file.exe, 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: goalyfeastz.site
    Source: file.exe, 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: opposezmny.site
    Source: file.exe, 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: seallysl.site

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.binstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.binstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    PowerShell    		1
    DLL Side-Loading    		1
    DLL Side-Loading    		11
    Deobfuscate/Decode Files or Information    		OS Credential Dumping2
    System Information Discovery    		Remote Services1
    Screen Capture    		1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    DLL Side-Loading    		LSASS MemoryApplication Window DiscoveryRemote Desktop Protocol1
    Archive Collected Data    		1
    Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
    Obfuscated Files or Information    		Security Account ManagerQuery RegistrySMB/Windows Admin Shares2
    Clipboard Data    		SteganographyAutomated ExfiltrationData Encrypted for Impact

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe45%ReversingLabsWin32.Trojan.MintZard
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    goalyfeastz.sitetrue
      		unknown
      servicedny.sitetrue
        		unknown
        contemteny.sitetrue
          		unknown
          faulteyotk.sitetrue
            		unknown
            opposezmny.sitetrue
              		unknown
              seallysl.sitetrue
                		unknown
                dilemmadu.sitetrue
                  		unknown
                  authorisev.sitetrue
                    		unknown

                    World Map of Contacted IPs

                    No contacted IP infos

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1545304
                    Start date and time:2024-10-30 11:46:06 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 4m 3s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:5
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:file.exe
                    Detection:MAL
                    Classification:mal84.troj.evad.winEXE@1/0@0/0
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 92%
                    • Number of executed functions: 9
                    • Number of non-executed functions: 108
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • VT rate limit hit for: file.exe

                    Simulations

                    Behavior and APIs

                    No simulations

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASNs

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    No created / dropped files found

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Entropy (8bit):6.7615707075
                    TrID:
                    • Win32 Executable (generic) a (10002005/4) 99.96%
                    • Generic Win/DOS Executable (2004/3) 0.02%
                    • DOS Executable Generic (2002/1) 0.02%
                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                    File name:file.exe
                    File size:334'848 bytes
                    MD5:e2f4a20bf1778ddb6396f48f6f4a9a32
                    SHA1:75d402e0a8645b0a33f93ed6a66f76fe22496987
                    SHA256:a76920b863ff403f08436950963f30333e7b9297d36f2cec8e26bd94d66c8f1a
                    SHA512:13fd064e04d302471ab5ad28ed9e3a07ead4429046054ae4f7931bd2d24678857e0ae3a48ab0888da313e9ba320d3e73fe358cfc8c82796fceba7b31440c4126
                    SSDEEP:6144:+tWC7xvtddofKKrybbuMY88Jc/oZ3ipoOvYcOCL7E6tt7t2lp4:+RZtddofKKrzHPJ3ii0bL7E6t7S2
                    TLSH:E2649D09EB7381B1CC46847871DEB37F8A386B1547389FD7DB90DF8429636D2583AA06
                    File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.................D........................@.......................................@.................................R......

                    File Icon

                    Icon Hash:90cececece8e8eb0

                    Static PE Info

                    General

                    Entrypoint:0x40d0b0
                    Entrypoint Section:.text
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Time Stamp:0x6715CDA7 [Mon Oct 21 03:42:31 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:6
                    OS Version Minor:0
                    File Version Major:6
                    File Version Minor:0
                    Subsystem Version Major:6
                    Subsystem Version Minor:0
                    Import Hash:f5ad7569262698fb9eae9f54a4af280c

                    Entrypoint Preview

                    Instruction
                    push edi
                    push esi
                    sub esp, 2Ch
                    mov dword ptr [esp], 710E3123h
                    xor eax, eax
                    nop
                    nop
                    mov ecx, eax
                    add cl, 0000003Dh
                    xor cl, byte ptr [esp+eax]
                    add cl, FFFFFFCFh
                    mov byte ptr [esp+eax], cl
                    inc eax
                    cmp eax, 04h
                    jne 00007FB2D881972Eh
                    mov esi, dword ptr [esp]
                    call 00007FB2D884C139h
                    test al, al
                    je 00007FB2D88198D9h
                    call 00007FB2D884438Ch
                    test al, al
                    je 00007FB2D88198C7h
                    mov ecx, esi
                    and ecx, 34A7AD07h
                    mov edx, esi
                    mov eax, esi
                    or esi, 34A7AD07h
                    imul esi, ecx
                    xor ecx, 34A7AD07h
                    and edx, CB5852F8h
                    lea edi, dword ptr [00000002h+edx*2]
                    sub edi, edx
                    add edi, FFFFFFFEh
                    or eax, CB5852F8h
                    mov edx, edi
                    and edx, eax
                    or eax, edi
                    not eax
                    imul eax, edx
                    mov edx, edi
                    and edx, ecx
                    or edi, ecx
                    imul edi, edx
                    add esi, edi
                    add esi, eax
                    mov edi, esi
                    shr edi, 07h
                    xor edi, esi
                    mov eax, edi
                    and eax, F5AE3701h
                    mov ecx, edi
                    and ecx, 0A51C8FEh
                    or edi, 0A51C8FEh
                    imul edi, ecx
                    xor ecx, 0A51C8FEh
                    imul ecx, eax
                    add edi, ecx
                    call dword ptr [004481ACh]
                    mov dword ptr [esp], F9814689h
                    mov word ptr [esp+04h], 0000h

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x480520x8c.rdata
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x590000x4b80.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x4819c0xbc.rdata
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x10000x442b80x4440044608c6e2848810b5efa0e9a7b922cd9False0.5487315418956044data6.601624760368542IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .rdata0x460000x25270x2600f56a63840f9b0722ee007c6b90252d24False0.4369860197368421data6.454837802198663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .data0x490000xf5180x6200b0266cc045a35151394b57109c20c9e2False0.49960140306122447data6.15803565276463IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .reloc0x590000x4b800x4c001a6e4bcb7a19a779e696996fffb94813False0.43770559210526316data6.457467952497308IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                    Imports

                    DLLImport
                    KERNEL32.dllCopyFileW, ExitProcess, GetCommandLineW, GetCurrentProcessId, GetCurrentThreadId, GetLogicalDrives, GetSystemDirectoryW, GlobalLock, GlobalUnlock
                    SHELL32.dllShellExecuteW
                    USER32.dllCloseClipboard, FindWindowExW, GetClipboardData, GetDC, GetForegroundWindow, GetSystemMetrics, GetWindowLongW, GetWindowThreadProcessId, IsWindowEnabled, IsWindowVisible, OpenClipboard, ReleaseDC
                    ole32.dllCoCreateInstance, CoInitialize, CoInitializeSecurity, CoSetProxyBlanket, CoUninitialize
                    OLEAUT32.dllSysAllocString, SysFreeString, VariantClear, VariantInit
                    GDI32.dllBitBlt, CreateCompatibleBitmap, CreateCompatibleDC, DeleteDC, DeleteObject, GetCurrentObject, GetDIBits, GetObjectW, SelectObject, StretchBlt

                    Network Behavior

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Oct 30, 2024 11:47:44.279051065 CET5359007162.159.36.2192.168.2.4
                    Oct 30, 2024 11:47:44.918107986 CET53609151.1.1.1192.168.2.4

                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:06:46:56
                    Start date:30/10/2024
                    Path:C:\Users\user\Desktop\file.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\file.exe"
                    Imagebase:0x550000
                    File size:334'848 bytes
                    MD5 hash:E2F4A20BF1778DDB6396F48F6F4A9A32
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    Disassembly

                    Reset < >

                      Execution Graph

                      Execution Coverage:1.1%
                      Dynamic/Decrypted Code Coverage:0%
                      Signature Coverage:36.7%
                      Total number of Nodes:49
                      Total number of Limit Nodes:3
                      execution_graph 15576 58dc18 15577 58dc1e RtlAllocateHeap 15576->15577 15578 590f68 15579 590f71 GetForegroundWindow 15578->15579 15580 590f84 15579->15580 15581 55d0b0 15583 55d0c0 15581->15583 15582 55d277 ExitProcess 15583->15582 15584 55d0f1 GetCurrentThreadId 15583->15584 15585 55d272 15583->15585 15591 55d180 15584->15591 15600 590ca0 15585->15600 15587 55d24f GetForegroundWindow 15588 55d25f 15587->15588 15589 55d259 GetCurrentProcessId 15587->15589 15595 55e1c0 15588->15595 15589->15588 15591->15587 15591->15591 15593 55d236 ShellExecuteW 15591->15593 15592 55d264 15592->15585 15599 55f960 FreeLibrary 15592->15599 15593->15587 15596 55e200 15595->15596 15596->15596 15597 55e27e LoadLibraryExW 15596->15597 15598 55e293 15597->15598 15598->15592 15599->15585 15603 591d40 15600->15603 15602 590ca5 FreeLibrary 15602->15582 15604 591d49 15603->15604 15604->15602 15605 5886fe 15606 588a43 15605->15606 15606->15606 15607 588cef 15606->15607 15609 590d90 LdrInitializeThunk 15606->15609 15609->15606 15615 5910f1 15616 591140 15615->15616 15617 59126e 15616->15617 15619 590d90 LdrInitializeThunk 15616->15619 15619->15617 15620 5941f0 15622 594210 15620->15622 15621 59426e 15623 59432e 15621->15623 15627 590d90 LdrInitializeThunk 15621->15627 15622->15621 15626 590d90 LdrInitializeThunk 15622->15626 15626->15621 15627->15623 15633 5913d5 15634 5913e6 15633->15634 15636 59143e 15634->15636 15640 590d90 LdrInitializeThunk 15634->15640 15639 590d90 LdrInitializeThunk 15636->15639 15638 59156f 15639->15638 15640->15636 15641 5914f4 15642 591520 15641->15642 15642->15642 15643 59155e 15642->15643 15645 590d90 LdrInitializeThunk 15642->15645 15645->15643

                      Executed Functions

                      Function 005886FE Relevance: 66.6, Strings: 53, Instructions: 390COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 0 5886fe-588a3e 1 588a43-588a53 0->1 1->1 2 588a55 1->2 3 588a57-588a5d 2->3 4 588a5f-588ac3 3->4 5 588ac5-588afe 3->5 4->3 6 588b00-588b03 5->6 7 588b1c-588b86 6->7 8 588b05-588b1a 6->8 9 588b88-588b8b 7->9 8->6 10 588bbc-588bea 9->10 11 588b8d-588bba 9->11 12 588bec-588bef 10->12 11->9 13 588c08-588c64 12->13 14 588bf1-588c06 12->14 15 588c66-588c69 13->15 14->12 16 588c6b-588ce0 15->16 17 588ce2-588ce5 15->17 16->15 18 588ce7-588ced 17->18 19 588cef 18->19 20 588cf4-588d06 18->20 23 588d7f-588db2 19->23 21 588d08 20->21 22 588d0a-588d10 20->22 24 588d70-588d73 21->24 25 588d12 22->25 26 588d14-588d65 call 590d90 22->26 28 588d75 24->28 29 588d77-588d7a 24->29 25->24 30 588d6a-588d6d 26->30 28->23 29->18 30->24
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID: !$!$#$#$%$%$'$'$)$*$+$+$-$/$/$1$3$4$5$7$9$9$;$;:54$=$=$?$?$@$@$E$F$K$K$M$N$P$Q$Q$U$U$V$V$_$`$e$h$i$j$k$r$t$v
                      • API String ID: 2994545307-164515761
                      • Opcode ID: d1afcabed76c93b217c7220e32ea563226352bd2a2cdd59a9e10f9781deca4b1
                      • Instruction ID: 693989284ebfc40e30f7428e5a98aad8cb6c35f3d94711d9ed2728abb62bd5d5
                      • Opcode Fuzzy Hash: d1afcabed76c93b217c7220e32ea563226352bd2a2cdd59a9e10f9781deca4b1
                      • Instruction Fuzzy Hash: A4224E219087E98DDB22C67C8C4879DBFA15B63324F0843D9D4E96B3D2C7750A86CB66
                      Function 00590D90 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 69 590d90-590dc2 LdrInitializeThunk
                      APIs
                      • LdrInitializeThunk.NTDLL(005940E0,005C003F,00000002,00000018,?), ref: 00590DBE
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                      • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                      • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                      • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                      Function 005941F0 Relevance: .2, Instructions: 157COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 114 5941f0-59420f 115 594210-594242 114->115 115->115 116 594244-59424f 115->116 117 594251-594259 116->117 118 5942a4-5942a9 116->118 119 594260-594267 117->119 120 594359-59435f 118->120 121 5942af-5942c4 118->121 122 594269-59426c 119->122 123 594270-594276 119->123 124 594361-594368 120->124 125 594370-594377 120->125 126 5942d0-594302 121->126 122->119 127 59426e 122->127 123->118 128 594278-59429c call 590d90 123->128 129 59436a 124->129 130 59436e 124->130 126->126 131 594304-59430f 126->131 127->118 136 5942a1 128->136 129->130 130->125 133 594351-594353 131->133 134 594311-594319 131->134 133->120 135 594355 133->135 137 594320-594327 134->137 135->120 136->118 138 594329-59432c 137->138 139 594330-594336 137->139 138->137 141 59432e 138->141 139->133 140 594338-59434e call 590d90 139->140 140->133 141->133
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: df7690760af0d9241fc371e5d077e204e7329e3097b122f4b6c5d59bbc397782
                      • Instruction ID: 33b7c9961a24ea1ae0af1417c8fb262d320be1fa48f05d3861136ece28a73396
                      • Opcode Fuzzy Hash: df7690760af0d9241fc371e5d077e204e7329e3097b122f4b6c5d59bbc397782
                      • Instruction Fuzzy Hash: FF417835704300AFDF248B689CC1F3A7BA6BFA9704F19582CF6855B3A0D671AC46DB81
                      Function 005913D5 Relevance: .1, Instructions: 102COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 144 5913d5-5913f3 146 591400-591412 144->146 146->146 147 591414-59141c 146->147 148 59144c 147->148 149 59141e-591429 147->149 151 59144f-59145f 148->151 150 591430-591437 149->150 153 591439-59143c 150->153 154 591440-591446 150->154 152 591460-591472 151->152 152->152 155 591474-59147c 152->155 153->150 156 59143e 153->156 154->148 157 5915ba-5915c3 call 590d90 154->157 159 5914ac-5914c0 155->159 160 59147e-591489 155->160 156->148 161 5915c8-5915d0 157->161 165 591560-59156a call 590d90 159->165 162 591490-591497 160->162 161->151 163 591499-59149c 162->163 164 5914a0-5914a6 162->164 163->162 166 59149e 163->166 164->159 164->165 168 59156f-591586 165->168 166->159
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 99147bb12a627f23f12e6054c209aa9b601d835409fc242ae0bcdc76f8156876
                      • Instruction ID: 9007fcc0243e6f801fbcc43cc68d9e123bd5f961d2d5d622585efa62381601d6
                      • Opcode Fuzzy Hash: 99147bb12a627f23f12e6054c209aa9b601d835409fc242ae0bcdc76f8156876
                      • Instruction Fuzzy Hash: 0D212B346187224FCF149F1888D057677E1FB9F724F152A2CD1A6572D1C3306C06DB69
                      Function 0059137E Relevance: .1, Instructions: 57COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 194 59137e-59145f 196 591460-591472 194->196 196->196 197 591474-59147c 196->197 198 5914ac-5914c0 197->198 199 59147e-591489 197->199 203 591560-59156a call 590d90 198->203 200 591490-591497 199->200 201 591499-59149c 200->201 202 5914a0-5914a6 200->202 201->200 204 59149e 201->204 202->198 202->203 206 59156f-591586 203->206 204->198
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8531108e06a1fef4b7c336f300ecb50a83e82a25d1443f3e4950717fce4f7494
                      • Instruction ID: 22191851b81a8832a3935969606c1a9cff07d01bf690e2336fbee0ca7a22ac55
                      • Opcode Fuzzy Hash: 8531108e06a1fef4b7c336f300ecb50a83e82a25d1443f3e4950717fce4f7494
                      • Instruction Fuzzy Hash: 4A01D6306546128FDF58DF14D8D18367753F7AE354F25192DD197872A1C330A809DB15
                      Function 0055D0B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                      • GetCurrentThreadId.KERNEL32 ref: 0055D165
                      • ShellExecuteW.SHELL32(00000000,81368735,00598050,?,00000000,00000005), ref: 0055D249
                      • GetForegroundWindow.USER32(?,00000000,00000005), ref: 0055D24F
                      • GetCurrentProcessId.KERNEL32(?,00000000,00000005), ref: 0055D259
                      • ExitProcess.KERNEL32 ref: 0055D279
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: CurrentProcess$ExecuteExitForegroundShellThreadWindow
                      • String ID: ps
                      • API String ID: 1013327911-2817149839
                      • Opcode ID: fd87a8e1ef45494481ecdbf41ff4f1c96c0a261824c0660cca439184dc87dd95
                      • Instruction ID: 81adc2054afa8f443a3c8f6849f139c1df576f3a23df842dfd5725573d93458a
                      • Opcode Fuzzy Hash: fd87a8e1ef45494481ecdbf41ff4f1c96c0a261824c0660cca439184dc87dd95
                      • Instruction Fuzzy Hash: F941E6312083414BE714AB75982A36FBFD6AFD6314F158D1EE8C5DB292DE74C80ACB52
                      Function 00590F20 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 59 590f20-590f3a 60 590f40-590f5b 59->60 60->60 61 590f5d-590fa7 GetForegroundWindow call 593bb0 60->61
                      APIs
                      • GetForegroundWindow.USER32 ref: 00590F76
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: ForegroundWindow
                      • String ID: 2123
                      • API String ID: 2020703349-208623094
                      • Opcode ID: 64722fe8141886208eb76d8ea89980d0f6d08612bb008d240a15a30e913609d5
                      • Instruction ID: 649dde9f3524eb4a020aa7b0a3737194f858620faeb0db82e66dc6aa545bc05c
                      • Opcode Fuzzy Hash: 64722fe8141886208eb76d8ea89980d0f6d08612bb008d240a15a30e913609d5
                      • Instruction Fuzzy Hash: D9F028359182409FEB10DB28D8456667BA1F792318F089D2DE4D1C32A1C735C905DB42
                      Function 00590F68 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 65 590f68-590f7f GetForegroundWindow call 593bb0 68 590f84-590fa7 65->68
                      APIs
                      • GetForegroundWindow.USER32 ref: 00590F76
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: ForegroundWindow
                      • String ID:
                      • API String ID: 2020703349-0
                      • Opcode ID: 91d532772ba8534bed70dbb43af48b8dd448c221423ea6d44ab03953f91cffe9
                      • Instruction ID: 4014b676ae24e7308ce075f76484b0bea9e4e18ba4ccdb0d0a35c1b59229001d
                      • Opcode Fuzzy Hash: 91d532772ba8534bed70dbb43af48b8dd448c221423ea6d44ab03953f91cffe9
                      • Instruction Fuzzy Hash: 49E08C79A10200DFDB04DB24EC9A4753BA5F72A309704081AE583C3361CB329948EB05
                      Function 0058DC18 Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 70 58dc18-58dc24 RtlAllocateHeap
                      APIs
                      • RtlAllocateHeap.NTDLL(?,00000000,?,?,00000000), ref: 0058DC24
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: AllocateHeap
                      • String ID:
                      • API String ID: 1279760036-0
                      • Opcode ID: 2e71ad051b161969058ede17d6a613be866ac08d96091bfbae27fea4530ce253
                      • Instruction ID: 8fea4697be8f7b069a1e590bd39036b536db3c9a93e7149be0b46b4d13ebb0d4
                      • Opcode Fuzzy Hash: 2e71ad051b161969058ede17d6a613be866ac08d96091bfbae27fea4530ce253
                      • Instruction Fuzzy Hash: A9B01230146110F8D03117110CC6FFF6C7CAF53F59F102004F208241C00754A001E07D

                      Non-executed Functions

                      Function 00560130 Relevance: 40.4, APIs: 4, Strings: 18, Instructions: 1884COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: #Tw$;:54$;:54$=i<o$F]$J!G'$K=C#$Noni$T1S7$U`3$V[$_]$`1d7$d5h;$f[zU$xr${){/${-S
                      • API String ID: 0-2033873944
                      • Opcode ID: 013e4b89a187bab10a8d914835bf561485cad49168c10cedb43d5c88bba5a9f5
                      • Instruction ID: 4df552fa76ec5d9dc5eb2a79ade0a8abb5cf2563bcf6d6466b73604bc09beb3f
                      • Opcode Fuzzy Hash: 013e4b89a187bab10a8d914835bf561485cad49168c10cedb43d5c88bba5a9f5
                      • Instruction Fuzzy Hash: DFD231B16047408FD7248F25D89572BBFF1FF96304F18896DE4968B392D736A806CB92
                      Function 00585210 Relevance: 31.6, APIs: 6, Strings: 12, Instructions: 120clipboardCOMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: Clipboard$CloseDataLongOpenWindow
                      • String ID: I$K$L$N$V$V$X$Y$Y$]$_$q
                      • API String ID: 1647500905-2073889574
                      • Opcode ID: 4e2d5467591a4e544010ca6f004ba4b6100c5a219634ed9419716185ac971f75
                      • Instruction ID: 76002f626e09f941f36ff0be4424fb6de4b1a58e8cb38a60a32fd4406bebdeaf
                      • Opcode Fuzzy Hash: 4e2d5467591a4e544010ca6f004ba4b6100c5a219634ed9419716185ac971f75
                      • Instruction Fuzzy Hash: E9415D7150C7818FE301BF78D44936FBFD0AB92354F054C2EE9C996282EAB985489763
                      Function 00577CD2 Relevance: 30.7, Strings: 24, Instructions: 728COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: 'UvW$'s7u$)A-C$/]-_$2w0i$53$9)$;:54$<&$B1W3$DK$Eq$HyJ{$N=M?$TeVg$XY$Y-\/$Z5B7$j%r'$n9_;$pq$t)i+$u$}z
                      • API String ID: 0-458764563
                      • Opcode ID: 72930a5e2f53d0b24df48e62fad2f49e9d6387dc00e21efc808a65851cbafd2e
                      • Instruction ID: 5ccde5648f527e6303325c2326de741f064b8080cacb3177cc8d8d824d32ce2f
                      • Opcode Fuzzy Hash: 72930a5e2f53d0b24df48e62fad2f49e9d6387dc00e21efc808a65851cbafd2e
                      • Instruction Fuzzy Hash: AB723DB45093818AE734CF15E880BAFBBE1FBD2344F14892DD5D99B261DB70844ADF92
                      Function 00560118 Relevance: 26.3, APIs: 4, Strings: 10, Instructions: 1780COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: #Tw$;:54$;:54$F]$Noni$T1S7$V[$_]$f[zU$xr
                      • API String ID: 0-3009026325
                      • Opcode ID: fd6f1e050d04336120b88a99dafcaff0fa088064bac20cae2bf92632fc3a73ee
                      • Instruction ID: 82e1f868f19d7d8373dedea3b1c5618594b6b7ad4f9e477fafb1cd673afd8e8b
                      • Opcode Fuzzy Hash: fd6f1e050d04336120b88a99dafcaff0fa088064bac20cae2bf92632fc3a73ee
                      • Instruction Fuzzy Hash: F2C231B56047408FD7248F29D89572ABFF1FF96304F18856DE4868B3A2D736E806CB91
                      Function 0056F510 Relevance: 24.0, Strings: 18, Instructions: 1543COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: $!by*$$$)*+$$123X$1X74$45$5670$;:54$=n=c$H$PQRS$Xqrs$\]^_$`abc$eyv$sDK}$vv@
                      • API String ID: 0-744883782
                      • Opcode ID: 13f1eced7531beb5e9316e0926913d6a4ada2e68553125c6b6456450ba9d52f5
                      • Instruction ID: 8348c44ed00f03a52bc336a6d9083c17ab8304d69f4fec5ef168cee039ceca56
                      • Opcode Fuzzy Hash: 13f1eced7531beb5e9316e0926913d6a4ada2e68553125c6b6456450ba9d52f5
                      • Instruction Fuzzy Hash: CFB2CC705083818FD725CF25D8947ABBFE2BFD6304F18992DE5C98B292E7748809DB52
                      Function 0057EB60 Relevance: 23.8, APIs: 2, Strings: 10, Instructions: 2801COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: "JZ$'Rx/$*JZ$34t$ODIF$Y?^i$fjnr$kk$syrh$vNHF
                      • API String ID: 0-2617420629
                      • Opcode ID: 9d93311ba5c056a3c8ae24c790b04c08317552f3111c3c707cdbd27e7f786dd0
                      • Instruction ID: 9f86951a78c9c18cd5095f5c526d72c97de22da846d811fee8fd4e0e41ecd3fa
                      • Opcode Fuzzy Hash: 9d93311ba5c056a3c8ae24c790b04c08317552f3111c3c707cdbd27e7f786dd0
                      • Instruction Fuzzy Hash: 0C13E474504B818BE725CF35D4907A3BFE1AF57304F0889ADC5EB9B282D779A40ADB21
                      Function 0058A97E Relevance: 19.8, APIs: 9, Strings: 2, Instructions: 587memoryCOMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: AllocString
                      • String ID: ;:54$;:54
                      • API String ID: 2525500382-2193779323
                      • Opcode ID: 040a910e0ad33a01b946635920ebdb5a26a7581bc73c314e6a42835b6c9bbe56
                      • Instruction ID: a2a0b791217473d89e45a44104503d7331fafa0ca7caeaaca32b50d7213403d0
                      • Opcode Fuzzy Hash: 040a910e0ad33a01b946635920ebdb5a26a7581bc73c314e6a42835b6c9bbe56
                      • Instruction Fuzzy Hash: 6C125676A00701CFE714DF24D885B2ABBB2FF99300F15892ED946977A1D735E806DB90
                      Function 00589BA0 Relevance: 17.8, Strings: 14, Instructions: 304COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: '$($2$6$<$<$>$>$?$?$D$I$}$~
                      • API String ID: 0-1549446310
                      • Opcode ID: 367a348c16854c040ed8a8e1c50337844c82badbceb661a6883815d7b6a28ffd
                      • Instruction ID: 0914f91be5bb4ccea486fd311ca278decc1fa1841a393679de82ff61f376a2e6
                      • Opcode Fuzzy Hash: 367a348c16854c040ed8a8e1c50337844c82badbceb661a6883815d7b6a28ffd
                      • Instruction Fuzzy Hash: AFB1282390D7D14AD311957D888535BEEC21BE7228F2E8BADE9E4D73C6C579CC068392
                      Function 005512D5 Relevance: 16.0, Strings: 12, Instructions: 987COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: 0$0$0$0000$0000$0000$0000$0000$0000$0000$@$i
                      • API String ID: 0-3385986306
                      • Opcode ID: c9b826fc1b3eab4ca24aea91a70d7c635a026a98100ed44903679ac47375c3ad
                      • Instruction ID: c9702ef78e7073b436f2f73e385056d7f1f6a93aa8fc2b8f6d02da24e09d8dc7
                      • Opcode Fuzzy Hash: c9b826fc1b3eab4ca24aea91a70d7c635a026a98100ed44903679ac47375c3ad
                      • Instruction Fuzzy Hash: BE82A4756093818FC719CF28C4A432ABFE1BB96305F18895EE8DA97391D374DD49CB82
                      Function 0055F970 Relevance: 15.3, Strings: 12, Instructions: 280COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: ,q's$?u>w$@=E?$Q!R#$S)J+$Z-^/$x%F'$A"C$EG$IK$U?W$Y[
                      • API String ID: 0-4103194446
                      • Opcode ID: 16b1b611466ab1e4342ccbbe9f912533bc0f812caf2b047c6ad8b5e8d640ab59
                      • Instruction ID: 623e4123f31d6286b43dcd2d1eb9706e5fa8e6d6e76e642a1d7929e52f6946e8
                      • Opcode Fuzzy Hash: 16b1b611466ab1e4342ccbbe9f912533bc0f812caf2b047c6ad8b5e8d640ab59
                      • Instruction Fuzzy Hash: 02B189B064C3809FE3348F65E89179FBBA1ABD6314F148A2DE5D91B391C7B48405CF86
                      Function 00576800 Relevance: 13.4, APIs: 1, Strings: 6, Instructions: 1152COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: ;:54$InA>$InA>$P$SV$bqW
                      • API String ID: 0-3037716019
                      • Opcode ID: 640f843bb2d3315b7ab4813a14e476e03433328d8202629504e39bfef8eefcd0
                      • Instruction ID: 11000e70b0b3df050cafb97cfe9baa49d0b3033799d442af7f23ec6352089596
                      • Opcode Fuzzy Hash: 640f843bb2d3315b7ab4813a14e476e03433328d8202629504e39bfef8eefcd0
                      • Instruction Fuzzy Hash: 08822675A04216CFEB04CF68EC807AEBBB2FF49310F198168D945AB391D735AD46DB90
                      Function 00551000 Relevance: 13.2, Strings: 10, Instructions: 702COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: $ $+$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff$gfff$gfff$C
                      • API String ID: 0-2787901311
                      • Opcode ID: 9710c41e617e8a4883776b8b4a7a7edf03594f5fd8782054b970b0ea76721bc8
                      • Instruction ID: e71433392ac3ee59f0d51f3801615190a770e130ad1f9458be9c17411869a699
                      • Opcode Fuzzy Hash: 9710c41e617e8a4883776b8b4a7a7edf03594f5fd8782054b970b0ea76721bc8
                      • Instruction Fuzzy Hash: A14227716087418FC718CE29C4A036ABFE2BBD9315F188A6EE8D58B391D335DD49CB46
                      Function 0058A2E0 Relevance: 11.6, Strings: 9, Instructions: 302COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID: 4$4$5$5$:$:$;$;$;45:;
                      • API String ID: 2994545307-652432164
                      • Opcode ID: 1dacd6793f1c121ee70ef47ca38439ea7a6d2275faa64175967b8a270a640983
                      • Instruction ID: 753cd18b10c270a83a4cabdb22bad376a4eaffc7b09ad9cfb24c04a04e0dfe30
                      • Opcode Fuzzy Hash: 1dacd6793f1c121ee70ef47ca38439ea7a6d2275faa64175967b8a270a640983
                      • Instruction Fuzzy Hash: FAB1697220D3808FEB059A38889436EBFD27BD6354F1D492EE8D6973D2DA758945C313
                      Function 0057AA40 Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 523COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: 3L,S$;:54$D4'2$gw$t|
                      • API String ID: 0-148604455
                      • Opcode ID: 7a0a5991033a61016a34e4175131b1348cc119d98891df9d7893dfe8d518763e
                      • Instruction ID: 913609fd68930ee838d826fd0e4f1627efbf77e8d94fe018b8da6304dbee18ce
                      • Opcode Fuzzy Hash: 7a0a5991033a61016a34e4175131b1348cc119d98891df9d7893dfe8d518763e
                      • Instruction Fuzzy Hash: A3F122B65083408FE7249F24D88576BBBE2FFD5314F058A2CE5C99B391E7748906CB82
                      Function 0056ECDE Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 521COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID: ;:54$;:54$;:54$;:54$;:54
                      • API String ID: 2994545307-1306776023
                      • Opcode ID: 33cd715bf3932bed5c0c96b1c4afa30e4436376c6022cf9456e1c5c9adbed211
                      • Instruction ID: 780863be1dcd7aa68dc9efdfe99e88d1df42990faabaf38cb814f4fcef78e228
                      • Opcode Fuzzy Hash: 33cd715bf3932bed5c0c96b1c4afa30e4436376c6022cf9456e1c5c9adbed211
                      • Instruction Fuzzy Hash: A6F14936A49340CFDB24CB14E88166BBBA6FB9B700F19992CD5C257352D335DC42CB92
                      Function 0055D760 Relevance: 10.3, Strings: 8, Instructions: 302COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: 9tWU$<194$ALC:$JHz~$UQGq$UW$^$^\V^
                      • API String ID: 0-3233791986
                      • Opcode ID: 1b76c00ea30690e806b229d34a8721d4fbe8444d2ee39c48be022f5bad116e41
                      • Instruction ID: 6c4398039382bea69a49ef9487dcf9c9eb20d4b454b5297ecb1f166544ceec1b
                      • Opcode Fuzzy Hash: 1b76c00ea30690e806b229d34a8721d4fbe8444d2ee39c48be022f5bad116e41
                      • Instruction Fuzzy Hash: 9891AB7250C3918FD321CF29945035ABFE0AF96705F08899DE8E99B352C735C94ACBA6
                      Function 0055D500 Relevance: 10.2, Strings: 8, Instructions: 218COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: &%9b$)vBW$*#1/$9&!:$s$>%$sp$.$x$x|."
                      • API String ID: 0-2964809603
                      • Opcode ID: e15111653fabfa8ae9ca1ff26d6d509ab9527342194df1257f5b8c1e77c5e471
                      • Instruction ID: 01b746a0137217cc5be8092b2695b7980718a66addfa91098225501af081375d
                      • Opcode Fuzzy Hash: e15111653fabfa8ae9ca1ff26d6d509ab9527342194df1257f5b8c1e77c5e471
                      • Instruction Fuzzy Hash: DA51D37110D3C18BD315CF2994A076BBFE0EF93306F1859ADE8D54B291D279884ACB62
                      Function 0055F250 Relevance: 9.2, Strings: 7, Instructions: 471COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: DuVw$EqLs$N=G?$^9[;$vIyK$w%G'$zMNO
                      • API String ID: 0-2443247208
                      • Opcode ID: df05870f829f203a78dbab3bc343ed5c4109e04a8c7090fa7d64ddeb34735482
                      • Instruction ID: 9cfaa350377403023e3d803ea27b6f2f7e325ebaea95fdd774d535a5ef9a77ce
                      • Opcode Fuzzy Hash: df05870f829f203a78dbab3bc343ed5c4109e04a8c7090fa7d64ddeb34735482
                      • Instruction Fuzzy Hash: 671245B1204B01DFE3248F25D895B93BBF5FB48314F158A2DD4AA8BBA0D774B449DB90
                      Function 00570A24 Relevance: 8.0, Strings: 6, Instructions: 505COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: OI$RR$_W$_W$us$}z{
                      • API String ID: 0-2933034762
                      • Opcode ID: c6cc906fa8593c2182518d214fb52b054f4b142820c92c5940b92d7d6c8cd5f4
                      • Instruction ID: cf21d0b43def9ce60bdd46aeda5bf69ab7190298e516c4715934e2db3ca494e1
                      • Opcode Fuzzy Hash: c6cc906fa8593c2182518d214fb52b054f4b142820c92c5940b92d7d6c8cd5f4
                      • Instruction Fuzzy Hash: DCF11372A103058FDB14CFA9D88169EBBF2FF84314F18C66DD894AB341D7749946CB90
                      Function 0055DB20 Relevance: 7.9, Strings: 6, Instructions: 361COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: Lk$U\$Zb$\_$`$hVkg
                      • API String ID: 0-3858985552
                      • Opcode ID: 4a04dab9104de57b935060c39b53173e4c6b96dea42b23dfd239031b92b16592
                      • Instruction ID: 872c88b8a580b2b8ffb95c24f21098e5567809a6fd2a0ae00295cc0a67ea9942
                      • Opcode Fuzzy Hash: 4a04dab9104de57b935060c39b53173e4c6b96dea42b23dfd239031b92b16592
                      • Instruction Fuzzy Hash: 94C1DFB16083408FE320DF25D89175BBFE2EBD5314F14892DE5C58B292EA7885498BA3
                      Function 0058EC20 Relevance: 7.0, Strings: 5, Instructions: 723COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID: ;:54$;:54$InA>$InA>$f
                      • API String ID: 2994545307-3857589079
                      • Opcode ID: 53e4d38f9e28b12380f1d7e685a6bd67a398523124f4e6c3bb10bdcef62c88c7
                      • Instruction ID: e5929daa741873da6379faf1d8f0f876f335fdc4bb66272da270dbead348ddfa
                      • Opcode Fuzzy Hash: 53e4d38f9e28b12380f1d7e685a6bd67a398523124f4e6c3bb10bdcef62c88c7
                      • Instruction Fuzzy Hash: 3732D0726093419FD714DF29C880A2BBBE2BBC8314F18CA2DE895AB395D774D805CB52
                      Function 005741E0 Relevance: 6.7, Strings: 5, Instructions: 461COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: ){zy$)6$)B$|~$sq
                      • API String ID: 0-2449703377
                      • Opcode ID: e731e981822598db79e2601d1d5ff92519328de9a30e974f2d51c93bab1628fa
                      • Instruction ID: 99be5f5d576d0d3994241c2b35bcad1f1152fdd45da3b65577d03b17b2d011bf
                      • Opcode Fuzzy Hash: e731e981822598db79e2601d1d5ff92519328de9a30e974f2d51c93bab1628fa
                      • Instruction Fuzzy Hash: 71C1E0B15083108BD724DF25E85276BBBF1FF92354F188A1CE4DA8B391E7399805DB92
                      Function 0055ECC0 Relevance: 6.7, Strings: 5, Instructions: 426COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: 52$\XTR$`a$f\nf$ngfa
                      • API String ID: 0-1621357096
                      • Opcode ID: eb67efaff5a392fabd44397bb75d855b2ee924c70ae4a9d16ca55daeee65b127
                      • Instruction ID: 0f99ffb08578e36b033728c0f8aa6157e3e648e2c1f7e53512e6990cf469dab8
                      • Opcode Fuzzy Hash: eb67efaff5a392fabd44397bb75d855b2ee924c70ae4a9d16ca55daeee65b127
                      • Instruction Fuzzy Hash: 46D1E47150C7908BD314CF29C86136BFFE1BBC1715F28892EE8E59B381D775890A8B92
                      Function 00579D00 Relevance: 6.7, Strings: 5, Instructions: 405COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: ;:54$;:54$EG$IJK$uw
                      • API String ID: 0-855178105
                      • Opcode ID: 5feed6dbfa64bee18e7932ad3396ae87f4b51eacc29d8482fc2a7471d7c6a8e8
                      • Instruction ID: ce096181b9cd5f05cb5f9b14126397b4488b756b4cb43232a2c1aae112594962
                      • Opcode Fuzzy Hash: 5feed6dbfa64bee18e7932ad3396ae87f4b51eacc29d8482fc2a7471d7c6a8e8
                      • Instruction Fuzzy Hash: F7E100B5608340DFE7248F64E881B6FBFA1FBD5304F15892DE5C98B252DB319809DB92
                      Function 0057509D Relevance: 6.4, Strings: 5, Instructions: 163COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: 4$5$:$;$e
                      • API String ID: 0-2923545159
                      • Opcode ID: 72baa159026735af9583170e5f60e007a0a051be3bd52c6e3fb1e3ac4b199a75
                      • Instruction ID: cd7fbe59f9c8f2d0a67b7c190657ac86921aa62556ee355b02c3dfa3fb8e12ca
                      • Opcode Fuzzy Hash: 72baa159026735af9583170e5f60e007a0a051be3bd52c6e3fb1e3ac4b199a75
                      • Instruction Fuzzy Hash: 8F61A13550C7C08FD320CA68988439BBFD1BBD6314F298A2DD5E9873D2D6B98849D753
                      Function 005755A4 Relevance: 6.4, Strings: 5, Instructions: 157COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: 4$5$:$;$e
                      • API String ID: 0-2923545159
                      • Opcode ID: 06c3c7a67dfe3da6b3cd62d1c0ec05993883bd93e104edfc59e60f0c7ec11efe
                      • Instruction ID: 3617a641eb92451c8a2ca7d114318d28b2a72d55dac72d72a18e16be1e6bac9b
                      • Opcode Fuzzy Hash: 06c3c7a67dfe3da6b3cd62d1c0ec05993883bd93e104edfc59e60f0c7ec11efe
                      • Instruction Fuzzy Hash: 2A51E37650CBC08BD324CA68D44474BBFD1ABD6324F198A6DD4E9C73C2D2B9C846DB52
                      Function 0056E298 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                      Download Yara Rule
                      APIs
                      • FindWindowExW.USER32(00000000,?,A3D19DEA,00000000), ref: 0056E410
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: FindWindow
                      • String ID:
                      • API String ID: 134000473-0
                      • Opcode ID: ac72eea09d880e53cb20b0ef81bf426d3dc442b90aa18ff55bd78ddd26fb0ce8
                      • Instruction ID: d07619d9174d2be0fc1c429925ec9d0c5c03987fa8aa4dfe4424a7782e56d72e
                      • Opcode Fuzzy Hash: ac72eea09d880e53cb20b0ef81bf426d3dc442b90aa18ff55bd78ddd26fb0ce8
                      • Instruction Fuzzy Hash: CBD10F756083918FD724CF28D85166EBBE2BFD9308F09896DE4C99B391DB30D805DB82
                      Function 00576F82 Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 524COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: ;:54$bqW
                      • API String ID: 0-380127681
                      • Opcode ID: f1efd461650fc9e7cca8b1bc3d89b62598e73d5bea84721013e440e9c043f771
                      • Instruction ID: 3a4ac07439f2cee07478a061c1e489790467b7f649dd31b0f010e9e6ec53239d
                      • Opcode Fuzzy Hash: f1efd461650fc9e7cca8b1bc3d89b62598e73d5bea84721013e440e9c043f771
                      • Instruction Fuzzy Hash: 5DF146B1E04209CFEB04CF68D8817AEBBB2FF89304F298569D905AB351D7759D06DB90
                      Function 00578F00 Relevance: 5.5, Strings: 4, Instructions: 489COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: ;:54$HyJ{$TeVg$pq
                      • API String ID: 0-3800776496
                      • Opcode ID: 74c42a369e6281b0554cc6c0afbb94d376c92d33e24420ff65f8423fd1436e73
                      • Instruction ID: e19a6246556fe8b92f0ad4be309ae846f49553968dbc6a748a46898bd88edb40
                      • Opcode Fuzzy Hash: 74c42a369e6281b0554cc6c0afbb94d376c92d33e24420ff65f8423fd1436e73
                      • Instruction Fuzzy Hash: 75F115729183528BC720CF24C8806BBBBF2FFD5744F59886DD4C95B264DB309946EB92
                      Function 0055132D Relevance: 5.4, Strings: 4, Instructions: 388COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: -$0123456789abcdefxp$gfff$gfff
                      • API String ID: 0-3657095489
                      • Opcode ID: 89cedd8ab36495f0e30384a5def45608cbba8f8175b2fa9dcf5dc12dceadd049
                      • Instruction ID: bb78ad592214618d6dfb22824e4ff21577b953a2678d4864cde9d6fcb911f96d
                      • Opcode Fuzzy Hash: 89cedd8ab36495f0e30384a5def45608cbba8f8175b2fa9dcf5dc12dceadd049
                      • Instruction Fuzzy Hash: 22E16E7160C7928FC715CE29C49026AFFE1BFD9315F088A6EE8D987352D234D949CB92
                      Function 005859B7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: MetricsSystem
                      • String ID:
                      • API String ID: 4116985748-3916222277
                      • Opcode ID: 04ef88b8d1766cd5cfbdca6c93613d96c58258ef1736e2e4956262b15937ef59
                      • Instruction ID: 6ca59f9f793aa2833d7d65eceb18ae39d0b2880262d409e61925a367f3cfac0e
                      • Opcode Fuzzy Hash: 04ef88b8d1766cd5cfbdca6c93613d96c58258ef1736e2e4956262b15937ef59
                      • Instruction Fuzzy Hash: 115171B4E152048FCB40EFACD9856ADBBF0BB49310F11856AE898E7350D734AD49CF92
                      Function 0057D642 Relevance: 5.3, Strings: 4, Instructions: 333COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: @z.$;:54$Fx~F$zD{B
                      • API String ID: 0-1365873924
                      • Opcode ID: 70d1e7b0286a2415b5e323efee4968312d17f62885746a6941018f66fe7f208d
                      • Instruction ID: 0b6b4650690c51ae42f87500d0ef54c8a94a7cb725cdfdb3b1038ce0a016715e
                      • Opcode Fuzzy Hash: 70d1e7b0286a2415b5e323efee4968312d17f62885746a6941018f66fe7f208d
                      • Instruction Fuzzy Hash: 27B1367120C3408FC7049F28E89166A7FF2BFD5314F488A6DF4D84B291D735890ADB62
                      Function 00592EB0 Relevance: 4.8, Strings: 3, Instructions: 1010COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: "5Y$@3Y$G3Y
                      • API String ID: 0-3621771147
                      • Opcode ID: fc63ca1c57eac919e34fad4e4cdc3b1491a8fb946b6e2365b35dda3610e77386
                      • Instruction ID: bfbd7204cb5698ab278227652d64a684cd5b5293d3315a2fecb101a03ba589f3
                      • Opcode Fuzzy Hash: fc63ca1c57eac919e34fad4e4cdc3b1491a8fb946b6e2365b35dda3610e77386
                      • Instruction Fuzzy Hash: F262E136A05211CFCB08CF68D8916AEBBF2FB99314F1A817ED846E7355D734A945CB80
                      Function 005931D0 Relevance: 4.4, Strings: 3, Instructions: 680COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: "5Y$@3Y$G3Y
                      • API String ID: 0-3621771147
                      • Opcode ID: e7372ce038dc79811ea934997fcedfe00b4a6ef7908cbbd0e9f786abd4c7e9d0
                      • Instruction ID: 937de4dd38f12b887b37e111950a92ee179fffbc80096002521b90957257dc3d
                      • Opcode Fuzzy Hash: e7372ce038dc79811ea934997fcedfe00b4a6ef7908cbbd0e9f786abd4c7e9d0
                      • Instruction Fuzzy Hash: 5E12DF36A05211CFCB08CF68D8906AEBBF2FB99314F1A847EC946E7351D335A915DB90
                      Function 00571B40 Relevance: 4.4, Strings: 3, Instructions: 657COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID: ;:54$;:54$s}
                      • API String ID: 2994545307-2837035532
                      • Opcode ID: 9fca2a9584fec3e617ab824aadf5d0fe9bc7e2d6138a828ec475e8fc6a239d88
                      • Instruction ID: 40bd32d90d85e1ed31210a81778d2d0a4a9c9283535a79f5d3c9387000b42187
                      • Opcode Fuzzy Hash: 9fca2a9584fec3e617ab824aadf5d0fe9bc7e2d6138a828ec475e8fc6a239d88
                      • Instruction Fuzzy Hash: D822EEB16083418FEB24DF14D881B6FBBE6FBC6744F14882CE9899B291D774D841EB52
                      Function 005932C0 Relevance: 4.4, Strings: 3, Instructions: 637COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: "5Y$@3Y$G3Y
                      • API String ID: 0-3621771147
                      • Opcode ID: 61947a38350fed8dbed2a0fd409335035f08ec42793331f00394bc08df1517dc
                      • Instruction ID: c10c3d6285c14771620c77b374521162fded7b395ac929fbfba3b9443fa5c5f1
                      • Opcode Fuzzy Hash: 61947a38350fed8dbed2a0fd409335035f08ec42793331f00394bc08df1517dc
                      • Instruction Fuzzy Hash: CD02F035A05211CFCB18CF68D8906AEBBF2FB9A314F1A847ED846E7351D331A915DB90
                      Function 0057AC04 Relevance: 4.3, Strings: 3, Instructions: 578COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: SRP\$TU$YB]G
                      • API String ID: 0-3716301176
                      • Opcode ID: 5cca469120687ce9be142d9fdf394e8f00da5729f1165f78fa2043bb279bc74b
                      • Instruction ID: 6d2b64fea3e1971a2bfb47ff2944669962ef7e6f2b3faccac96259eff125b802
                      • Opcode Fuzzy Hash: 5cca469120687ce9be142d9fdf394e8f00da5729f1165f78fa2043bb279bc74b
                      • Instruction Fuzzy Hash: 5C0213B16083418FD7148F28D89166FBBE2FFD6305F18892DE4C987251E378D94ADB92
                      Function 00592850 Relevance: 4.2, Strings: 3, Instructions: 475COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: InA>$P$3
                      • API String ID: 0-4254740818
                      • Opcode ID: e46053b24d3a9d5befc2d910381dc0cee3f54ed9d12407e8bc366f080083ca4f
                      • Instruction ID: f1b648fb5a2fc42720b05132d49b624231f270de936015687fd84542053041f7
                      • Opcode Fuzzy Hash: e46053b24d3a9d5befc2d910381dc0cee3f54ed9d12407e8bc366f080083ca4f
                      • Instruction Fuzzy Hash: 43F109726083614FDB25CE28985036FBBE2FBC5714F158A2DE8A59B3D1CB74C8468BC1
                      Function 0056D5AF Relevance: 4.2, Strings: 3, Instructions: 404COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: ;:54$J$r
                      • API String ID: 0-2889753551
                      • Opcode ID: 96b488522102d3e494aba43f5ea9e7c7a7637af25cf631d2b2fe446e1c15f268
                      • Instruction ID: 75771ee27c8cfe1ead581184b69aa474222317bd24e0631cd790293eac3f95df
                      • Opcode Fuzzy Hash: 96b488522102d3e494aba43f5ea9e7c7a7637af25cf631d2b2fe446e1c15f268
                      • Instruction Fuzzy Hash: 86D114B1A083418FD7248F28D8517ABBBF2FFE6304F04892DE4C98B252D7759945CB92
                      Function 0057C3E0 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: Ea#c$Uqrs$cba
                      • API String ID: 0-809142158
                      • Opcode ID: e2147311133b2dccf8616343ef1deb4812e673e474334928f2b37e56903e365b
                      • Instruction ID: 664d6a6a28b3a71db7dfb97442fa9bedef0af7ae4f029681cc3f6ddb9b1aadae
                      • Opcode Fuzzy Hash: e2147311133b2dccf8616343ef1deb4812e673e474334928f2b37e56903e365b
                      • Instruction Fuzzy Hash: 9F71CE721083558FD720CF25984475FFBE4FBC5714F01892DE8E9AB281D778960A8BD2
                      Function 0055E8DE Relevance: 3.8, Strings: 3, Instructions: 51COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: %!-0$:g;1$j
                      • API String ID: 0-565037024
                      • Opcode ID: 79b570b3e4e4f15de695b25e66a22ef13158d3c3be476f6c7a8548782b0e1b4b
                      • Instruction ID: b0f91d1c3855a24ec53e35adeb79d886b4fa37a553936dbd8653676da3e91e02
                      • Opcode Fuzzy Hash: 79b570b3e4e4f15de695b25e66a22ef13158d3c3be476f6c7a8548782b0e1b4b
                      • Instruction Fuzzy Hash: 4911C16020C380CBC7598F29946112BFFF0FB92705F585E5EE4D26B255D370CA0E8B46
                      Function 0055E996 Relevance: 3.8, Strings: 3, Instructions: 25COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: %!-0$:g;1$j
                      • API String ID: 0-565037024
                      • Opcode ID: fa23b5c8106c8b6eb18a1e5e27922acec8cb3fb0240a5a66eefb843f2f12593b
                      • Instruction ID: d02e11240d5dea89577b178df7e799ef507272580fb54467aea3200f48f3ebc9
                      • Opcode Fuzzy Hash: fa23b5c8106c8b6eb18a1e5e27922acec8cb3fb0240a5a66eefb843f2f12593b
                      • Instruction Fuzzy Hash: EAF017B00193408BD7558F29955151FFFE0FBD6218F906F5CE0E66B291D3B1C60A8B4B
                      Function 0057B7D9 Relevance: 3.2, Strings: 2, Instructions: 674COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: E!~#$lm
                      • API String ID: 0-1992677951
                      • Opcode ID: 79f01a6771c3c2ad0fb5839d16e7218274b10e6ad7fb01a12f6c2c4b9f1d533c
                      • Instruction ID: 6c2cd820641ff58e62456b9f08fce7f8fdbffb5d95fd885b12fb7a20e9f4f9ac
                      • Opcode Fuzzy Hash: 79f01a6771c3c2ad0fb5839d16e7218274b10e6ad7fb01a12f6c2c4b9f1d533c
                      • Instruction Fuzzy Hash: E4320271908341CFE7208F24E85071ABFE2FFD9310F198A6DE99997291D731A909DB82
                      Function 0057B7FE Relevance: 3.1, Strings: 2, Instructions: 613COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: E!~#$lm
                      • API String ID: 0-1992677951
                      • Opcode ID: d527fa697dc46a37a8adfb06b7cdfc01843c6dff85b381146b88da310b91176e
                      • Instruction ID: f8353f60372b0ad43f6ec1ec6c18c79da137b5f8cb590b3d74087c0b6b35ddf6
                      • Opcode Fuzzy Hash: d527fa697dc46a37a8adfb06b7cdfc01843c6dff85b381146b88da310b91176e
                      • Instruction Fuzzy Hash: 3F22F171908341CFE7108F24E85071BBFE2FFD9314F19896DE9999B291D731A909DB82
                      Function 005726A0 Relevance: 3.0, Strings: 2, Instructions: 480COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: WV%'$%W
                      • API String ID: 0-2706675338
                      • Opcode ID: 4cd629bfa35b357c2183a7e03bffbb6138099c49bf31991c5e05be8ad07f076a
                      • Instruction ID: 9c9a88badb697ad5bcffa015f4e711fb36f1c5167697951869fbbc9b5f0f598e
                      • Opcode Fuzzy Hash: 4cd629bfa35b357c2183a7e03bffbb6138099c49bf31991c5e05be8ad07f076a
                      • Instruction Fuzzy Hash: 7DE114B6A083519BE3119F24EC9176BBFE5FBC1304F08882DF8C59B242E6759D099793
                      Function 005538E0 Relevance: 2.9, Strings: 2, Instructions: 404COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: Inf$NaN
                      • API String ID: 0-3500518849
                      • Opcode ID: 69772da95b87ac4daa703c57c8d4cb564400f824f0df467750b1c43471005fbf
                      • Instruction ID: 1b3e5d7a6c3e637cdcd84384d73a19cb5cb57eac2bd2b91fafa208fc723ffaf7
                      • Opcode Fuzzy Hash: 69772da95b87ac4daa703c57c8d4cb564400f824f0df467750b1c43471005fbf
                      • Instruction Fuzzy Hash: 9ED1C371A083129BC704CF28C89565ABBE5FFC4791F158E2EFC9997390E671DD488B81
                      Function 0057A6D0 Relevance: 2.8, Strings: 2, Instructions: 324COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID: ;:54$SJK^
                      • API String ID: 2994545307-880411129
                      • Opcode ID: 347a168befec530164c097e9ba012f668a98a098136c3f6848d8593824e0d154
                      • Instruction ID: 4c21a1286462d97f2c19a3806ed8c4116f6df0404fab40e4b5dfc3b78da6d5c0
                      • Opcode Fuzzy Hash: 347a168befec530164c097e9ba012f668a98a098136c3f6848d8593824e0d154
                      • Instruction Fuzzy Hash: 188138B2A083014BD7249E64EC9573FBFE2FBD5714F19C42CE98987282E6749C06A753
                      Function 005594BF Relevance: 2.8, Strings: 2, Instructions: 305COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: 0$8
                      • API String ID: 0-46163386
                      • Opcode ID: a233991c965b67b354b4685af8b70cd89c019736a897f6501f2dd314a1c3628a
                      • Instruction ID: 8f9203862b5ceb4f32c231a98e31fe373d18779aee9c137d785c9e95b4812725
                      • Opcode Fuzzy Hash: a233991c965b67b354b4685af8b70cd89c019736a897f6501f2dd314a1c3628a
                      • Instruction Fuzzy Hash: 30E11D75608380DFC710CF28D854A8ABBF1BB99344F49896DF88997351D335EA58DF82
                      Function 005600C5 Relevance: 2.7, Strings: 2, Instructions: 198COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: is$s
                      • API String ID: 0-4051906996
                      • Opcode ID: 17c44dfe7c91d2b646ae1657614edb21d52c442faf6f59f598ca6f108b0c35c7
                      • Instruction ID: 264df72918aa74305ba396dc9c743477aa81d8712a6814cd9fc1e92669bfa726
                      • Opcode Fuzzy Hash: 17c44dfe7c91d2b646ae1657614edb21d52c442faf6f59f598ca6f108b0c35c7
                      • Instruction Fuzzy Hash: F4610371608312DFD3148F65ECA072BB7BAFF95315F06892DF985872A0E7759808DB82
                      Function 005933B0 Relevance: 1.8, Strings: 1, Instructions: 572COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: "5Y
                      • API String ID: 0-1947099258
                      • Opcode ID: 5c01152452ba33ce2b5eb5aeb839c891048cc79b44c683d9d252f1088b20bcc8
                      • Instruction ID: 28509efe18122d9a4f15c5ba3b792c2c66d18942399092c4c1fa0ce09a90b9c2
                      • Opcode Fuzzy Hash: 5c01152452ba33ce2b5eb5aeb839c891048cc79b44c683d9d252f1088b20bcc8
                      • Instruction Fuzzy Hash: 5002EF35A05215CFCB08CF68D8906AEBBF2FB9A314F1A807ED846E7351D735A905CB90
                      Function 00554FA0 Relevance: 1.8, Strings: 1, Instructions: 514COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: %1.17g
                      • API String ID: 0-1551345525
                      • Opcode ID: bccd747df8b43742985ef3bff5607e7c28a2fda63d59b2ed158c702751db84e7
                      • Instruction ID: da65e6146c663770b51d89dfb7d7b5e1edc756132462c28de06dd9a2f272762a
                      • Opcode Fuzzy Hash: bccd747df8b43742985ef3bff5607e7c28a2fda63d59b2ed158c702751db84e7
                      • Instruction Fuzzy Hash: D602D575608B428BD7158E68C4B032ABFE2BFA1306F19896EDC998B351F771D84DC741
                      Function 00575F00 Relevance: 1.8, APIs: 1, Instructions: 251comCOMMON
                      Download Yara Rule
                      APIs
                      • CoCreateInstance.OLE32(005979D8,00000000,00000001,005979C8), ref: 00575F29
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: CreateInstance
                      • String ID:
                      • API String ID: 542301482-0
                      • Opcode ID: cf6fb3afb71d8867e80c42824c775eb0f46a9c1bc8f885463856e9a24622efb5
                      • Instruction ID: 1a23efae97ecc2b23210c3849c9d05dca278e4842c10c310e2b8f12d0ba80457
                      • Opcode Fuzzy Hash: cf6fb3afb71d8867e80c42824c775eb0f46a9c1bc8f885463856e9a24622efb5
                      • Instruction Fuzzy Hash: 7461EEB12106049BDB209F24EC9AB773BB4FF85358F088558F94ACB291F775E804E762
                      Function 0057E400 Relevance: 1.6, Strings: 1, Instructions: 382COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: "
                      • API String ID: 0-123907689
                      • Opcode ID: 93ecab8819888c1490301e4ea4446f15b79a23bacf294943aa3e848e668045df
                      • Instruction ID: 4c965558823d737642708f01d12544ea55b25e7a9176b5c2229c1678b64218b8
                      • Opcode Fuzzy Hash: 93ecab8819888c1490301e4ea4446f15b79a23bacf294943aa3e848e668045df
                      • Instruction Fuzzy Hash: 1EC106B1A043015FD7148E24E45676BBFE9BB89314F18C9ADE89D8B381E734DC05D792
                      Function 00592380 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: <?=1
                      • API String ID: 0-2411229740
                      • Opcode ID: 3a82c5a8f0761463553721c09dd663f6d982d474351bb318c476d7cb168133f9
                      • Instruction ID: 00433079ed047cf3e0b1174c7381d66d2e07138bbfa02c3a464e35303891006a
                      • Opcode Fuzzy Hash: 3a82c5a8f0761463553721c09dd663f6d982d474351bb318c476d7cb168133f9
                      • Instruction Fuzzy Hash: 18B11472B043116BEB149E28DC9176BBBD6FBD0314F09893DF9959B385EA34EC048791
                      Function 005835B0 Relevance: 1.6, Strings: 1, Instructions: 320COMMON
                      Download Yara Rule
                      Strings
                      • 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ, xrefs: 005836B7
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ
                      • API String ID: 0-442858466
                      • Opcode ID: 703548f95b8098e11517aca9ba9093edb0556b6e01cae77a229a26155241ada5
                      • Instruction ID: 5300c9f528a9e91c4726d33a6693f26ca6ee4b9446bbbcaa7b3d89720a57ef1e
                      • Opcode Fuzzy Hash: 703548f95b8098e11517aca9ba9093edb0556b6e01cae77a229a26155241ada5
                      • Instruction Fuzzy Hash: BBA15D33F1A5914BC718DE7C8C522ADAE936B96730F2E837ADCB1EB3D4C52889059350
                      Function 00571333 Relevance: 1.5, Strings: 1, Instructions: 288COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: US
                      • API String ID: 0-1549774597
                      • Opcode ID: 425815a9dfaa7e711629446053e8fe56234fcabd993e671128803590ebda6ed0
                      • Instruction ID: 3150060b524de834705f0e8907605d8f88c727a455442bdc9c00cc6e948c229e
                      • Opcode Fuzzy Hash: 425815a9dfaa7e711629446053e8fe56234fcabd993e671128803590ebda6ed0
                      • Instruction Fuzzy Hash: C4816CB1900605CBDB10CF69D8926BBBBB0FF45364F258209D85A5F391E331D906DB94
                      Function 0058F7E0 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID: InA>
                      • API String ID: 2994545307-2903657838
                      • Opcode ID: 21336ac4490539e8e1ebf90f51426a8a9e4314b20a19f9626f12c1ce9eaf8a2e
                      • Instruction ID: a8f1426fabe7850d003e73285e029796bc4ffee908e30a82a6d3caf338aece39
                      • Opcode Fuzzy Hash: 21336ac4490539e8e1ebf90f51426a8a9e4314b20a19f9626f12c1ce9eaf8a2e
                      • Instruction Fuzzy Hash: C271E671608301AFD714EE28C884B3ABFE2BBC8314F24892CEDD5A7395D6719C459B91
                      Function 0057E870 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: "
                      • API String ID: 0-123907689
                      • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                      • Instruction ID: 3d17e2bad9522e3065d6f66c711027e09de62e05a983dfa41129c16b1024191d
                      • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                      • Instruction Fuzzy Hash: F271E732A083154BD714CE28E88531FBFE6BBC9710F29C9ADE49D9B391D234DC45A782
                      Function 0058E230 Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID: ;:54
                      • API String ID: 2994545307-2887251705
                      • Opcode ID: 66282d62ab0e3708b175228e1bf71d8be271344e0bcb67e4ea2956eee30e020e
                      • Instruction ID: a8e51e7e2c6d704272dc9ead6cc1772ddae1eb4a68e10a31262cd4cf0138f015
                      • Opcode Fuzzy Hash: 66282d62ab0e3708b175228e1bf71d8be271344e0bcb67e4ea2956eee30e020e
                      • Instruction Fuzzy Hash: 7D514873B147104FDB18DA29CC8273ABAA3BBD9310F19C82CDD95AB391DA349C418781
                      Function 0056482A Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID: +
                      • API String ID: 2994545307-2126386893
                      • Opcode ID: 0d394482d541f5ea2dc7a9d4a986e5972f7c4b7a35fdb9507b9a7e72c64bf192
                      • Instruction ID: 81d29578cacf41856708a8c09643126116c2bedf1b101beb488f9af52835d77a
                      • Opcode Fuzzy Hash: 0d394482d541f5ea2dc7a9d4a986e5972f7c4b7a35fdb9507b9a7e72c64bf192
                      • Instruction Fuzzy Hash: 0851CF31248B818FE329CB38C8947677FE2BB96314F198A5DD1AB877C2C635A845CB51
                      Function 0057CEDA Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: ;:54
                      • API String ID: 0-2887251705
                      • Opcode ID: 6350eeb1170719671a52e72afab97fb84898c878e0ac993cfdd4a2af2c87b99c
                      • Instruction ID: edfac79aa0c1f64280fd50f5bf57bc1719e8d293934f9a02a842d2e2e8d47073
                      • Opcode Fuzzy Hash: 6350eeb1170719671a52e72afab97fb84898c878e0ac993cfdd4a2af2c87b99c
                      • Instruction Fuzzy Hash: B401B13121C2008FDB188F10A8C153BBF63FBEA314F28D85DD58917156C3749C4AAB61
                      Function 0055BD70 Relevance: .8, Instructions: 830COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3165bc55115523de59345c5195674b73c5ddc2ef69068c5c63219a4f04796b64
                      • Instruction ID: 4eff0cd303ce7b11fe7d33c2e155434be864f3c2a5bf3ceca1528ed2935493ff
                      • Opcode Fuzzy Hash: 3165bc55115523de59345c5195674b73c5ddc2ef69068c5c63219a4f04796b64
                      • Instruction Fuzzy Hash: 3552F5315083118FC724DF18E8942BEBBE1FFD4316F25892EDD9697281E734A959CB82
                      Function 0055B260 Relevance: .7, Instructions: 670COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 23773fefdf73a65947ee722dbd1aa0620558f186c2f40689ade288da1c3d0059
                      • Instruction ID: a838bc90c02ab61e084a27f4f6f8d208680a3d9072c41d1628059ca783cf8f7b
                      • Opcode Fuzzy Hash: 23773fefdf73a65947ee722dbd1aa0620558f186c2f40689ade288da1c3d0059
                      • Instruction Fuzzy Hash: CA52B5709087888FFB35CB24C4A83A7BFE1BB91315F14491FD9E606AC2D379A989C751
                      Function 00556F60 Relevance: .7, Instructions: 657COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0044cea5533ebf879ae26d58815c8a63ea2fc59df4f4364c222f46518cae7f60
                      • Instruction ID: 93b5a6026856dfa2329553529756f9785483e01ed53a2ebb63d0d681af068807
                      • Opcode Fuzzy Hash: 0044cea5533ebf879ae26d58815c8a63ea2fc59df4f4364c222f46518cae7f60
                      • Instruction Fuzzy Hash: E852A03150C3498BCB14CF29D0A06AABFE1FF88315F198A6EEC9957352D774E949CB81
                      Function 00572E50 Relevance: .7, Instructions: 655COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5b070488ab676890071885afb814527a59073014d798d7f4f48a7f3c9c17b8bd
                      • Instruction ID: aad4459144e9d1357b3c131b98807676df1aaf91f58ee9b1e004fb995c515ec6
                      • Opcode Fuzzy Hash: 5b070488ab676890071885afb814527a59073014d798d7f4f48a7f3c9c17b8bd
                      • Instruction Fuzzy Hash: 75625CB0508B808EE372CB3C8849797BFE5AB5A314F084A9DD0EE8B3D2D7756505C766
                      Function 00557960 Relevance: .6, Instructions: 611COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 61d32f38630d718c13215c0fd040dccfcc9f3a6f93a3e694377e04bab4618ae9
                      • Instruction ID: 6621546c5cc05c52be4ea05df89ae18383439d82dc2bd045076b5bb6ca53241e
                      • Opcode Fuzzy Hash: 61d32f38630d718c13215c0fd040dccfcc9f3a6f93a3e694377e04bab4618ae9
                      • Instruction Fuzzy Hash: EC422870518B158FC368CF29D5A052ABBF1BF89711B604A2EDA9787F90D736F848CB10
                      Function 00591720 Relevance: .5, Instructions: 497COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dd437bb9305c9af7e3124421262e7a529a03758915b3ddbe07373823e5cff453
                      • Instruction ID: 74abadd4744179ca866980d0afbea4e1e9114d2b8890c8bd3943377b4ef9f1d7
                      • Opcode Fuzzy Hash: dd437bb9305c9af7e3124421262e7a529a03758915b3ddbe07373823e5cff453
                      • Instruction Fuzzy Hash: 8DF17532A1C351CFC714CF38D89112ABBE2BB99310F1A863ED99587392E734D949CB91
                      Function 0055A270 Relevance: .4, Instructions: 399COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d8e88b7cbd39bbd3665fdfcbb4fcb2809eb00c2d7e36ac19dd5f7b175e2c8b1d
                      • Instruction ID: b8776a9764e357248927720354b535e762dd6f0cc84aada401a9f72098aeaa49
                      • Opcode Fuzzy Hash: d8e88b7cbd39bbd3665fdfcbb4fcb2809eb00c2d7e36ac19dd5f7b175e2c8b1d
                      • Instruction Fuzzy Hash: 12E158755083418FC720DF69C890A2BBFE1FF99304F44892EE8D587752E675E948CB92
                      Function 00579494 Relevance: .4, Instructions: 390COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c2e31e1f31f45ae890715b62bc37ae181b63e35feaeb23bd51f66d3622a1f321
                      • Instruction ID: cee32a77786aa8baeac6ec5a514fabc66afd6126aa194f651b4ccde04f4edf90
                      • Opcode Fuzzy Hash: c2e31e1f31f45ae890715b62bc37ae181b63e35feaeb23bd51f66d3622a1f321
                      • Instruction Fuzzy Hash: 26D105329583418BD734CE68D4417ABBBE2FB96350F18C92DD4DE87341E638D849E7A2
                      Function 00593720 Relevance: .3, Instructions: 334COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 973741e0e5fe4e958e5e9c49afd3cb56f91b0037b4fdb03d1c549d093c1ff868
                      • Instruction ID: 9abc44acd3c224f552d2db44550b583231b2ab0f79a1dd56af4e93a4bd009c63
                      • Opcode Fuzzy Hash: 973741e0e5fe4e958e5e9c49afd3cb56f91b0037b4fdb03d1c549d093c1ff868
                      • Instruction Fuzzy Hash: 39A1DD35A05215CFCF08CF68D8902AEBBB2FB9A314F1A847EC546A7351D331AA15DB90
                      Function 00591F80 Relevance: .3, Instructions: 334COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: eac841d61561f7c76d3cfa0428fd2bbba70c5532be49c318d509e35fcbaaa1dc
                      • Instruction ID: 399eccf91ce5b9031b4038b5692bad8ec22ecda5c069847e236db0c8e035ef74
                      • Opcode Fuzzy Hash: eac841d61561f7c76d3cfa0428fd2bbba70c5532be49c318d509e35fcbaaa1dc
                      • Instruction Fuzzy Hash: FBA12932B18311AFDF28DA39CC41B6BBBD2FBC8314F18C92CE995D7295E63498419752
                      Function 0057CA72 Relevance: .3, Instructions: 318COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 889b139a6f717c3af82a5d50c9c87367e5ff48e209267ebbf92f10946418183d
                      • Instruction ID: fd0307e61eb5f28c1472aef9c6185e4d96ecdc3e49f68019a1ecd605049ae2c1
                      • Opcode Fuzzy Hash: 889b139a6f717c3af82a5d50c9c87367e5ff48e209267ebbf92f10946418183d
                      • Instruction Fuzzy Hash: 28910F719483158BD320DF55E89162BBBA1FFE2314F08892DE9C94B390E7789A05DB92
                      Function 00594C50 Relevance: .3, Instructions: 311COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 36349d8ef514e2f8ada81bd1bbd76319927aaf3bb9081dc2c3243bd83c31e77e
                      • Instruction ID: 12f58f22a816724c0b5c8a2c75067af40e61f96faeea4ef507a78636b4281218
                      • Opcode Fuzzy Hash: 36349d8ef514e2f8ada81bd1bbd76319927aaf3bb9081dc2c3243bd83c31e77e
                      • Instruction Fuzzy Hash: C491C1356083119FCB24CF18D880A6BBBE6FF99710F19852CE9819B350D771EC46CB92
                      Function 0055ADD0 Relevance: .3, Instructions: 303COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5bb38836aa2fc0c02311f2ee4b3c29a57ce834601b3de9f78f5398ad176a45f4
                      • Instruction ID: 6420a59708b6ac39046b7bf076bc0564b8d54e929eb106a9e333c7cf85b15376
                      • Opcode Fuzzy Hash: 5bb38836aa2fc0c02311f2ee4b3c29a57ce834601b3de9f78f5398ad176a45f4
                      • Instruction Fuzzy Hash: AFC170B19087418FD370CF68DC9A7ABBBE1BF85318F08492DD5D9C6242E778A159CB06
                      Function 00594920 Relevance: .3, Instructions: 301COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 3d0f7085f975d6cf39112e2ddc27059a4a43b1d5ec646eabf76bb2cfc4abdc77
                      • Instruction ID: bcaf9cfc2255fdbd6662aaa6f3e0593a63a67f2c4804620d3ee91adfe1f8b5c0
                      • Opcode Fuzzy Hash: 3d0f7085f975d6cf39112e2ddc27059a4a43b1d5ec646eabf76bb2cfc4abdc77
                      • Instruction Fuzzy Hash: 7BA1AE352093019FCB14DF18C490E2ABBE2FF99710F05896CE9958B361EB71EC56CB92
                      Function 00594620 Relevance: .3, Instructions: 298COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: cd82ffbcdfbfb09d90fe6d44ed5443bb9ef7a44bc68841b14afa675347c72232
                      • Instruction ID: 4c92511b1f6961afce6bce88eb780302830fa7354ee4fc3859eef2f6f5861a6c
                      • Opcode Fuzzy Hash: cd82ffbcdfbfb09d90fe6d44ed5443bb9ef7a44bc68841b14afa675347c72232
                      • Instruction Fuzzy Hash: 068105356083519BCB14DF18D89093BBBE2FFDA750F19852CE9859B361EB309C42DB92
                      Function 00584C60 Relevance: .3, Instructions: 283COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8bff9d9d4921966c61448bd09a134b7b64a076f8faaf1de2fe99a5a08475b6c0
                      • Instruction ID: 123023b2bf46aba54e0807cedff38728a1d7477ab253c9223efa586a58e21249
                      • Opcode Fuzzy Hash: 8bff9d9d4921966c61448bd09a134b7b64a076f8faaf1de2fe99a5a08475b6c0
                      • Instruction Fuzzy Hash: F4912933A2A9924BD318993C4C112BA6D476FD7330B3EC72ABDB6DB3E5D6248D125350
                      Function 00581980 Relevance: .3, Instructions: 277COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3ef889015e91f7a3a7656171532d6b63e5eff0524738f0c9b0c8242826e87780
                      • Instruction ID: 148b9616c1e1cc0f26b0dc904f13ce23886c6f66f6662a40fe4691f54cd6602a
                      • Opcode Fuzzy Hash: 3ef889015e91f7a3a7656171532d6b63e5eff0524738f0c9b0c8242826e87780
                      • Instruction Fuzzy Hash: D3B11876604F818FD3159B38C8903A6BFE2BFD6314F19C96CC9E64B396DA34A846C741
                      Function 00582D80 Relevance: .3, Instructions: 259COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a3f91020c104d948fd6ca35f7c7b0217213e65d5d40ba504073df545314a35f7
                      • Instruction ID: 0a9c4f4769f3a02ad323efa779c27813a2c260039e7ec47c24b655be5f25a208
                      • Opcode Fuzzy Hash: a3f91020c104d948fd6ca35f7c7b0217213e65d5d40ba504073df545314a35f7
                      • Instruction Fuzzy Hash: 03A12575A08B808FD3119F3CC890366BFE2BFDA304F18896CD9DA8B756D635A845C742
                      Function 005831DE Relevance: .3, Instructions: 258COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1972d064372f1a8ddea7434840d6bcfa4e9ee46c1fa76510e1d4b6482ac3fa97
                      • Instruction ID: ce796b4a372cf5d9a4b0ae7a0b6a037d5c76a6c84c795583d89a780b01c12eee
                      • Opcode Fuzzy Hash: 1972d064372f1a8ddea7434840d6bcfa4e9ee46c1fa76510e1d4b6482ac3fa97
                      • Instruction Fuzzy Hash: F4A10575A09B808FD3119F3CC89035ABFE2BFDA314F18896CC9DA8B756D635A845C742
                      Function 00565BD8 Relevance: .2, Instructions: 234COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 88cb59d0a610388b79dea0d9662cebdf40c33abcbc64d4e333196a319bca3423
                      • Instruction ID: 2b1544b60ea82dde31de5a675f42c62b4b5f4ba3c32a62cdd80ac65ce63e3cf8
                      • Opcode Fuzzy Hash: 88cb59d0a610388b79dea0d9662cebdf40c33abcbc64d4e333196a319bca3423
                      • Instruction Fuzzy Hash: 7591C475604B808FC325CF3CC851366BFE2AF9A310F198A6DD4EACB396D635A946C711
                      Function 00584F80 Relevance: .2, Instructions: 230COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e387515b38d977fa8ab8682cc4fd3afc220c013736bf5370eefd269ca3443652
                      • Instruction ID: 71eaf7b176c069e3c6870a8779f593e604b35140442ffff7f263940a713aff7f
                      • Opcode Fuzzy Hash: e387515b38d977fa8ab8682cc4fd3afc220c013736bf5370eefd269ca3443652
                      • Instruction Fuzzy Hash: E9710833B19E9147C7249D3C8C853A5AE936BE6334B3D837AEDB1AB3D5D52688059340
                      Function 00558DA0 Relevance: .2, Instructions: 223COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cedd8c407b950abafc7488a3d4b16ed83360af4c77d5bbabd48b9ccd701764c9
                      • Instruction ID: 83e14041cfe512136b873634ee4c462bd5cc0f4bf69fe1808e4a8a225ea997b8
                      • Opcode Fuzzy Hash: cedd8c407b950abafc7488a3d4b16ed83360af4c77d5bbabd48b9ccd701764c9
                      • Instruction Fuzzy Hash: 83719975609201CFD708CF29D4902AABBE2FFC9316F19C96EE84847294C775D949DF81
                      Function 0057BE10 Relevance: .2, Instructions: 208COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1e5a2f297a7d58935c9e85b7ba2f4e8e9061277745866f73631ee443d871ad62
                      • Instruction ID: 38488a4048c613b86b590032ed784eb6164c889d63d0aa041d769160cb6f21d3
                      • Opcode Fuzzy Hash: 1e5a2f297a7d58935c9e85b7ba2f4e8e9061277745866f73631ee443d871ad62
                      • Instruction Fuzzy Hash: 4751DFB1714A054BD714CE2CE98072ABBD2BBC5214F2D8A39E989C7391DB70EC02DB91
                      Function 00589940 Relevance: .2, Instructions: 189COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f367f8f5ecc45097846795fd34e8c8963d6acf5eabfc43f7f435ff06ce4ba9ef
                      • Instruction ID: e477a24bb3fd95bd3ad1d7430b3408a601e31f133fadb0e22cdec958a9ea6489
                      • Opcode Fuzzy Hash: f367f8f5ecc45097846795fd34e8c8963d6acf5eabfc43f7f435ff06ce4ba9ef
                      • Instruction Fuzzy Hash: 5A515DB15087548FE314EF29D89436BBBE1BBC4314F144A2DE8E997351E379DA088F92
                      Function 0057762D Relevance: .2, Instructions: 170COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 34895df0f9f8a6c2adcb9fa9de4cd84fbb31f0b99714edf9a2e9b1bae8c68355
                      • Instruction ID: 474b9bee57989320379ab5198de6345ff69e25c8531bf158320c027f14e3a414
                      • Opcode Fuzzy Hash: 34895df0f9f8a6c2adcb9fa9de4cd84fbb31f0b99714edf9a2e9b1bae8c68355
                      • Instruction Fuzzy Hash: 5851FFB55046108FEB108F66D8D16AA7FB2EF96310F1496ACD95A5F28EC774C842CF88
                      Function 00555820 Relevance: .2, Instructions: 163COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 24d4142c6b2e84abfed853ec9763fdc43640e5fb84519b84b3d1ec37c36d8007
                      • Instruction ID: 17b3b02086265643d425af5569c93aeba47165d95bf3fb5cce2004dde26de05d
                      • Opcode Fuzzy Hash: 24d4142c6b2e84abfed853ec9763fdc43640e5fb84519b84b3d1ec37c36d8007
                      • Instruction Fuzzy Hash: E251C2B4A047019FC714DF18C8A0926BBA1FF84326F19466EEC998B352E731EC49CB91
                      Function 005791E0 Relevance: .2, Instructions: 159COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6407d944228fb2f99f1bb7ee5eee5a3b539f651d3843e9b5ac9b4b5854922da8
                      • Instruction ID: b93a11f624e54b7473df1b1ef854bce3d97ceab4c205bf9d418afc50e8f7bc6b
                      • Opcode Fuzzy Hash: 6407d944228fb2f99f1bb7ee5eee5a3b539f651d3843e9b5ac9b4b5854922da8
                      • Instruction Fuzzy Hash: 3441FE32429723CBC320DF68C4801AAB7B2FF99780B5AC96CC5845B334D7716C62E791
                      Function 00594380 Relevance: .2, Instructions: 154COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 8b783f8a6bbad38cf9c8b08f0ef28543cc1b7f006d7bc8973e18d9479a6f43c9
                      • Instruction ID: 229819c7f41db54e11d02eaf0f9818b217eb7bcf28f5de761ac9637781f34db2
                      • Opcode Fuzzy Hash: 8b783f8a6bbad38cf9c8b08f0ef28543cc1b7f006d7bc8973e18d9479a6f43c9
                      • Instruction Fuzzy Hash: 1B417A35345300AFDF248B58DCC1F7A7BA6FB99708F18542CE6855B3A0D671AC06DB81
                      Function 0058B170 Relevance: .1, Instructions: 142COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 61d70e1723853c19ecb9d4bc4e2fddd29a6d3e795ce1974697ba3eb990deded3
                      • Instruction ID: 5d4e6d45bb21484ae4e9b47adb7ad6becb6886db10f3b2c00ce8a34d7d63ea58
                      • Opcode Fuzzy Hash: 61d70e1723853c19ecb9d4bc4e2fddd29a6d3e795ce1974697ba3eb990deded3
                      • Instruction Fuzzy Hash: 10314A7A7043055BFB10BA659C85E3F7A9EBBD4714F080428FD55A7252F731DC0583A1
                      Function 0056C6E0 Relevance: .1, Instructions: 128COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5ac4eaaadf1db2a879d87574249f052c36dc9867d327f953accd22faa4742cbc
                      • Instruction ID: 6c801901f87cb1050ee1fcefbde3548ff9eaea91acf9a346e976805b875fc67b
                      • Opcode Fuzzy Hash: 5ac4eaaadf1db2a879d87574249f052c36dc9867d327f953accd22faa4742cbc
                      • Instruction Fuzzy Hash: 5841ED745053019BE7249F14C856BFBBBE4FF8A720F004A18F9D58B2D1E3B49905CBA2
                      Function 0055C960 Relevance: .1, Instructions: 106COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2e39b47d5e8a9fdadff90607e363d12ddf690496f365585e828c43316a0f8579
                      • Instruction ID: 3a3e45224237fe77091a6d8af79083771ad1a40685e8bc02ceedf845adb2dcd1
                      • Opcode Fuzzy Hash: 2e39b47d5e8a9fdadff90607e363d12ddf690496f365585e828c43316a0f8579
                      • Instruction Fuzzy Hash: A63104298497E54AD732C92DC4B046DBF907D9736979942EECCF10F783C542898A92E1
                      Function 0056C8CE Relevance: .1, Instructions: 94COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e747d0bf38ec192ebd84e50434a27f77cfbe7b16c4a5e4621280d8f333865cc1
                      • Instruction ID: 3f84b0f166a35e2459a89b4f2f77159bba8a6a39a25d873779872c4063ec4732
                      • Opcode Fuzzy Hash: e747d0bf38ec192ebd84e50434a27f77cfbe7b16c4a5e4621280d8f333865cc1
                      • Instruction Fuzzy Hash: A831A0B15083818BC7349F14C4523EBBBB0FFA6364F14991DE4C99B391E7749941CB96
                      Function 00559F9C Relevance: .1, Instructions: 66COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c3b4f7fbd76a0aab0cb8dbef73bda59f5fa727afa006ef537c30bd6014a84c57
                      • Instruction ID: 58300571a72de2d1dc6f905c1213875215ac7ee5315da85785ee2b332f3097ae
                      • Opcode Fuzzy Hash: c3b4f7fbd76a0aab0cb8dbef73bda59f5fa727afa006ef537c30bd6014a84c57
                      • Instruction Fuzzy Hash: 6821E732B146604BE7448F66CCD82167752FFCA221F0A8229FE96973E5CA70EC09D640
                      Function 00587CA0 Relevance: .1, Instructions: 64COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                      • Instruction ID: 3a30005e5df53455a9eaaeeeb415091e2cdbe16d124554b4e77d2d0a87633011
                      • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                      • Instruction Fuzzy Hash: 8411A933A491D80EC3169D3C8400575BFA32B97635B794399F8F4AB2D2D622CD8B8355
                      Function 00590E3A Relevance: .1, Instructions: 64COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3f00ff1fcfa788835357bfa4f531f9d67e781ff6cdd130998f81c73c1dc7d788
                      • Instruction ID: 5c18713336b56f4826894e7936a46419b45f84910a5fe38ba82d29e6202e95d3
                      • Opcode Fuzzy Hash: 3f00ff1fcfa788835357bfa4f531f9d67e781ff6cdd130998f81c73c1dc7d788
                      • Instruction Fuzzy Hash: 321194346156408FCB0CDB28D47166EBBB3F796305F84A96EE193C7B64C7389806EB49
                      Function 00559FA8 Relevance: .1, Instructions: 64COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 267584efc3f3ad6279d5605a8ea7441ea6772460410e3f4c3abef6a672cd2c89
                      • Instruction ID: ba723bc29c7dea30d5dc3a96edc6a9edf3ef1fd1f7911588885f1c9142a1241d
                      • Opcode Fuzzy Hash: 267584efc3f3ad6279d5605a8ea7441ea6772460410e3f4c3abef6a672cd2c89
                      • Instruction Fuzzy Hash: 0111D632B146604BE7448F65DC981267752FBDA221F0E8325FE969B3E5C630EC19D680
                      Function 0057DE70 Relevance: .1, Instructions: 63COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f84c3b131bcf499d63e6b80aa2f1beace20ffa960dffd1ad22babe7e1f8cb60c
                      • Instruction ID: 29f2b3874c88c26845a7a136ff4f861e116f55a278e5a1ddcbd400e36dd92ba0
                      • Opcode Fuzzy Hash: f84c3b131bcf499d63e6b80aa2f1beace20ffa960dffd1ad22babe7e1f8cb60c
                      • Instruction Fuzzy Hash: F2014CF26003025BD621AE64A8D5B2BBABD7FA1704F18842CEC085F202DB65EC09D7A1
                      Function 0058FAD0 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2a7917468483c5130027cd63e0adc2d9fadf527509834d484890d9d963c30a63
                      • Instruction ID: cf5238c99dca836e69ecebb42be9cdcbb4318dbd5adfa0d9b8c08f9516f9fb89
                      • Opcode Fuzzy Hash: 2a7917468483c5130027cd63e0adc2d9fadf527509834d484890d9d963c30a63
                      • Instruction Fuzzy Hash: F61127B05153805FCB44EF25D89052BBAF8EB99349F889C2CE492E7350D734C501CF02
                      Function 00582088 Relevance: .0, Instructions: 42COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 045dced272a5f1048af34c4b1f34a1074db81e44d104384cdd97c38c0b949749
                      • Instruction ID: 6aa146687af9357e99ff78aeabcad37bf8787c91c25ea3f6174f0f26116588d2
                      • Opcode Fuzzy Hash: 045dced272a5f1048af34c4b1f34a1074db81e44d104384cdd97c38c0b949749
                      • Instruction Fuzzy Hash: 7311E0B45087408FD750DF28C58878ABBE0FB09314F1488ADE899CB346D77AE589CB91
                      Function 0057AA60 Relevance: .0, Instructions: 39COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ec94185906337b703f91508f1d87b946c2118f7559473a5e103671118734696f
                      • Instruction ID: 3ed7dfb9892a7210bd919233874a0739ce52149cb0b6a3007e6e3344a1051b2c
                      • Opcode Fuzzy Hash: ec94185906337b703f91508f1d87b946c2118f7559473a5e103671118734696f
                      • Instruction Fuzzy Hash: AD019AB08093849AD244AFA5C8A5A1BFFE4AB92314F50592CF1E68B290C7B98409CF52
                      Function 00591648 Relevance: .0, Instructions: 25COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8bb40167e43dcd59c0ac062f8e8b86de486d66a53201e0e1767842e97e92b03e
                      • Instruction ID: e9aecc893b7dd2d1e6e1dddad81de34ce9e069b33c1b68d570e4b1be6b27f4e0
                      • Opcode Fuzzy Hash: 8bb40167e43dcd59c0ac062f8e8b86de486d66a53201e0e1767842e97e92b03e
                      • Instruction Fuzzy Hash: 00F0A7B6C066618EC304DF21D415466BAA3A7EA610F56D92CC5D1ABA44CB319404DBC7
                      Function 0058C6D0 Relevance: .0, Instructions: 21COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                      • Instruction ID: f9d7a2f287794e56206058f94af5d8d741babac084bde512b3ea7c38320c2186
                      • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                      • Instruction Fuzzy Hash: 12D05E2160822146AB649E1EA400977FBE0FA87B51B49A56EF982F3148E230DC41D2B9
                      Function 005844AC Relevance: 52.7, APIs: 1, Strings: 29, Instructions: 163memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 207 5844ac-5844fa 208 5844ff-58450d 207->208 208->208 209 58450f-584516 208->209 210 584518-58451b 209->210 211 58451d-584570 210->211 212 584572-584785 SysAllocString 210->212 211->210 213 58478a-584798 212->213 213->213 214 58479a 213->214 215 58479c-58479f 214->215 216 5847a1-5847d0 215->216 217 5847d2-584836 215->217 216->215
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: AllocString
                      • String ID: 0$A$C$E$E$E$G$I$L$M$O$V$X$a$c$d$e$g$i$k$m$o$q$s$u$w$y${$}
                      • API String ID: 2525500382-1585318030
                      • Opcode ID: d1a5ab2a7130bf0871590537956f805fc59903d53ba097efcfd3b749dcb7844e
                      • Instruction ID: 35e414fe50c59b5b46ec1e42c99364b73963fdd9bcf7033ef2eebf18b8698d1c
                      • Opcode Fuzzy Hash: d1a5ab2a7130bf0871590537956f805fc59903d53ba097efcfd3b749dcb7844e
                      • Instruction Fuzzy Hash: D291092150C7C189E332C73C880879BBED16BA3224F088B9DD5ED9B2D2C7B90449D767
                      Function 005840F6 Relevance: 26.4, APIs: 1, Strings: 14, Instructions: 104COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: InitVariant
                      • String ID: @$A$C$E$G$I$K$M$O$q$s$u$w$y
                      • API String ID: 1927566239-3739842773
                      • Opcode ID: 4118ad79861aec9f5b183c6a0a56d5d966295959b53eac1c354cc7f905d7bc5d
                      • Instruction ID: 6a0e3b26ae669efcaca0080b004f2d2df441fbc14239bb363757f4768dc80b64
                      • Opcode Fuzzy Hash: 4118ad79861aec9f5b183c6a0a56d5d966295959b53eac1c354cc7f905d7bc5d
                      • Instruction Fuzzy Hash: 4E51457150C7C18AE325CB38845839EBFD16BE6324F184A9DE4E94B3E2C7B88845CB53
                      Function 005842D4 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 94COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: Variant$ClearInit
                      • String ID: !$($-$-$2$3$7$8$=$?
                      • API String ID: 2610073882-1101923984
                      • Opcode ID: ea1903417a571e4383bcd205bd8d1aacab0fa31a8655491cc394fe3f42dd86e7
                      • Instruction ID: 3d84d6e59d2f21befecb2926648aa88ac0b9b0df61fc3a0679fcc46a12bea98e
                      • Opcode Fuzzy Hash: ea1903417a571e4383bcd205bd8d1aacab0fa31a8655491cc394fe3f42dd86e7
                      • Instruction Fuzzy Hash: BC41467150C7C18ED3259B38884865ABFE16BA6324F094A9DE5E4873D2CBB5844AC753
                      Function 0056CBE6 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 273threadCOMMON
                      Download Yara Rule
                      APIs
                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 0056CCA3
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: ProcessThreadWindow
                      • String ID: ;:54$TU
                      • API String ID: 1653199695-2129887498
                      • Opcode ID: 870d38e1a4bc48eb857b9575410f849cc262e017446d65ee527dae9d9da44d55
                      • Instruction ID: 1f1dc5361b358bd04a371937164d6fa01f6fe4b9a854f108b3f50d568317c9f8
                      • Opcode Fuzzy Hash: 870d38e1a4bc48eb857b9575410f849cc262e017446d65ee527dae9d9da44d55
                      • Instruction Fuzzy Hash: 00911771608341CFE710CF24E99176BBBB6FFD9715F0A882AE58487260E334E849DB52
                      Function 005856A7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2929362596.0000000000551000.00000020.00000001.01000000.00000003.sdmp, Offset: 00550000, based on PE: true
                      • Associated: 00000000.00000002.2929351475.0000000000550000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929411807.0000000000599000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929425314.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2929439073.00000000005A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_550000_file.jbxd
                      Similarity
                      • API ID: MetricsSystem
                      • String ID:
                      • API String ID: 4116985748-3916222277
                      • Opcode ID: 08ac97cd7a7c9f3ec7fa7e91c86915efb8dc5299dd44fecd166ab176f99aea02
                      • Instruction ID: 1706eb698ecb03b02242519e2ba8befb077c74291a430848d74996be21a46209
                      • Opcode Fuzzy Hash: 08ac97cd7a7c9f3ec7fa7e91c86915efb8dc5299dd44fecd166ab176f99aea02
                      • Instruction Fuzzy Hash: B03190B49143048FDB40EF6CD98561EBBF4BB89304F11852EE488DB360DB70A948DB92