Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
XTN21MDFrg.exe

Overview

General Information

Sample name:XTN21MDFrg.exe
renamed because original name is a hash value
Original sample name:962c5a8ed8af958eb0168b57c08cea04.exe
Analysis ID:1561757
MD5:962c5a8ed8af958eb0168b57c08cea04
SHA1:33755435c11251f9ef63aabf3a81a80a89bd8844
SHA256:249d5278ba7c7d8057bf3437cb5f36d63f8ee047ce8068e26e250ee4e3d776ed
Tags:exeLummaStealeruser-abuse_ch
Infos:

Detection

LummaC
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the clipboard data
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Program does not show much activity (idle)
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • XTN21MDFrg.exe (PID: 2620 cmdline: "C:\Users\user\Desktop\XTN21MDFrg.exe" MD5: 962C5A8ED8AF958EB0168B57C08CEA04)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["3xc1aimbl0w.sbs", "300snails.sbs", "thicktoys.sbs", "faintbl0w.sbs"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.binstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Found malware configuration
    Source: XTN21MDFrg.exeMalware Configuration Extractor: LummaC {"C2 url": ["3xc1aimbl0w.sbs", "300snails.sbs", "thicktoys.sbs", "faintbl0w.sbs"]}
    Multi AV Scanner detection for submitted file
    Source: XTN21MDFrg.exeReversingLabs: Detection: 68%
    Machine Learning detection for sample
    Source: XTN21MDFrg.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: XTN21MDFrg.exeString decryptor: faintbl0w.sbs
    Source: XTN21MDFrg.exeString decryptor: 300snails.sbs
    Source: XTN21MDFrg.exeString decryptor: 3xc1aimbl0w.sbs
    Source: XTN21MDFrg.exeString decryptor: thicktoys.sbs
    Source: XTN21MDFrg.exeString decryptor: lid=%s&j=%s&ver=4.0
    Source: XTN21MDFrg.exeString decryptor: TeslaBrowser/5.5
    Source: XTN21MDFrg.exeString decryptor: - Screen Resoluton:
    Source: XTN21MDFrg.exeString decryptor: - Physical Installed Memory:
    Source: XTN21MDFrg.exeString decryptor: Workgroup: -
    Source: XTN21MDFrg.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: XTN21MDFrg.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 4C697C35h0_2_00AE1050
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov word ptr [ebx], dx0_2_00AB8890
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 1B6183F2h0_2_00AC68D0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov dword ptr [esi+04h], eax0_2_00ACE03F
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-2FEE79D7h]0_2_00AAD80D
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_00ACC81E
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movzx ecx, byte ptr [esp+esi+04h]0_2_00AC3850
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov byte ptr [edi], bl0_2_00AA91B0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 4C697C35h0_2_00AE11E0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movzx edx, byte ptr [esi+ecx+5F30FA22h]0_2_00AAB1D0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then jmp eax0_2_00AC51D0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax+000001ADh]0_2_00AB990C
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movsx eax, byte ptr [esi]0_2_00AE02F0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov ebx, edx0_2_00ABC225
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movsx eax, byte ptr [esi]0_2_00AE0210
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov byte ptr [edx], al0_2_00ACE3BE
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov ecx, eax0_2_00ABEB80
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov word ptr [esi], ax0_2_00ABEB80
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov word ptr [esi], ax0_2_00ABEB80
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-42FFC5DBh]0_2_00AAD392
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movzx eax, byte ptr [esi+edx+00000420h]0_2_00ACC3D0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov byte ptr [ebx], dl0_2_00ACC3D0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-5B418B08h]0_2_00ADC3D0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 98D5A07Fh0_2_00ADC3D0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov ecx, eax0_2_00ABD330
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movzx edi, byte ptr [esp+edx+000000E8h]0_2_00AAE4AF
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax]0_2_00AE1480
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov ecx, eax0_2_00AC6C90
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00ACB4E0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00AD5CC0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then jmp eax0_2_00AC5440
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movzx ebx, bx0_2_00AC55A4
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov dword ptr [ebp-10h], edx0_2_00AC4DA1
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-0CA2BA0Eh]0_2_00AACDB0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movzx eax, byte ptr [edi]0_2_00ADFDE0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movsx eax, byte ptr [esi]0_2_00ADFDE0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00AC35F0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov dword ptr [esi+04h], eax0_2_00ACEDCA
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then jmp eax0_2_00AC55D0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movzx edx, byte ptr [eax+ecx]0_2_00AAAD20
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov dword ptr [esi+04h], eax0_2_00ACED09
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-7269D38Fh]0_2_00AB8E83
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 32F24C0Bh0_2_00ADBE60
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 1B6183F2h0_2_00ADBFA0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov byte ptr [edi], al0_2_00ABFF90
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov edx, ecx0_2_00AAC795
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov ebx, ecx0_2_00AA77D0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then movzx edx, word ptr [eax]0_2_00AE1720
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then mov dword ptr [ecx], edi0_2_00AAB769
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then cmp dword ptr [ecx+ebx*8], 9C142CDAh0_2_00AE0F70
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 4x nop then jmp dword ptr [00AE6898h]0_2_00AB9744

    Networking

    barindex
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: 3xc1aimbl0w.sbs
    Source: Malware configuration extractorURLs: 300snails.sbs
    Source: Malware configuration extractorURLs: thicktoys.sbs
    Source: Malware configuration extractorURLs: faintbl0w.sbs
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AD3A50 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_00AD3A50
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AD3A50 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_00AD3A50
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AA8A700_2_00AA8A70
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AD88B00_2_00AD88B0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AC90B10_2_00AC90B1
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AA48800_2_00AA4880
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AD00820_2_00AD0082
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AC88F80_2_00AC88F8
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ACE0CB0_2_00ACE0CB
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AA98C00_2_00AA98C0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AC88DD0_2_00AC88DD
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AD38200_2_00AD3820
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ACE03F0_2_00ACE03F
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AA68300_2_00AA6830
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AA61800_2_00AA6180
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ACC9E30_2_00ACC9E3
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ABB1FA0_2_00ABB1FA
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ACC1F00_2_00ACC1F0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AC51D00_2_00AC51D0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AB990C0_2_00AB990C
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AAE9110_2_00AAE911
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AA59170_2_00AA5917
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AA59170_2_00AA5917
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AC49570_2_00AC4957
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AE02F00_2_00AE02F0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ACFAD80_2_00ACFAD8
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AACA3F0_2_00AACA3F
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ACA2350_2_00ACA235
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AE02100_2_00AE0210
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AA2A700_2_00AA2A70
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ACAA590_2_00ACAA59
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AD92500_2_00AD9250
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AC13AD0_2_00AC13AD
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ACE3BE0_2_00ACE3BE
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ABEB800_2_00ABEB80
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ADCB800_2_00ADCB80
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ACAB830_2_00ACAB83
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ACD3040_2_00ACD304
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ABF3C00_2_00ABF3C0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ACC3D00_2_00ACC3D0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ADC3D00_2_00ADC3D0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ABE3040_2_00ABE304
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ABC4BC0_2_00ABC4BC
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AE1CB00_2_00AE1CB0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AA34900_2_00AA3490
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AA6CC00_2_00AA6CC0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AA5CC00_2_00AA5CC0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AA94100_2_00AA9410
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AD0C610_2_00AD0C61
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AC54400_2_00AC5440
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AC55A40_2_00AC55A4
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AD35B00_2_00AD35B0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ACB5800_2_00ACB580
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ABCDE00_2_00ABCDE0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ADFDE00_2_00ADFDE0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ACEDCA0_2_00ACEDCA
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AC55D00_2_00AC55D0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AAAD200_2_00AAAD20
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ACED090_2_00ACED09
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AC2D100_2_00AC2D10
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AC7D610_2_00AC7D61
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AC8D610_2_00AC8D61
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ABFD500_2_00ABFD50
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ABDEB60_2_00ABDEB6
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AB8E830_2_00AB8E83
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AC0EF00_2_00AC0EF0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AB9ECF0_2_00AB9ECF
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AD8ED00_2_00AD8ED0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AA9E210_2_00AA9E21
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AA86700_2_00AA8670
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AA3E700_2_00AA3E70
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AD86500_2_00AD8650
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ABA7830_2_00ABA783
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AC6F9E0_2_00AC6F9E
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ABFF900_2_00ABFF90
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AD17900_2_00AD1790
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ABAFC20_2_00ABAFC2
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ACC7C60_2_00ACC7C6
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AC77C00_2_00AC77C0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AA77D00_2_00AA77D0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AC97D00_2_00AC97D0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AC3F260_2_00AC3F26
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AE17200_2_00AE1720
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AAB7690_2_00AAB769
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: String function: 00AA8450 appears 43 times
    Source: XTN21MDFrg.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@1/0@0/0
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00AD19E0 CoCreateInstance,0_2_00AD19E0
    Source: XTN21MDFrg.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: XTN21MDFrg.exeReversingLabs: Detection: 68%
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeFile read: C:\Users\user\Desktop\XTN21MDFrg.exeJump to behavior
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeSection loaded: wldp.dllJump to behavior
    Source: XTN21MDFrg.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeAPI coverage: 6.5 %
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeAPI call chain: ExitProcess graph end nodegraph_0-11366
    Source: C:\Users\user\Desktop\XTN21MDFrg.exeCode function: 0_2_00ADE420 LdrInitializeThunk,0_2_00ADE420
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: XTN21MDFrg.exe, 00000000.00000000.2114730785.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: faintbl0w.sbs
    Source: XTN21MDFrg.exe, 00000000.00000000.2114730785.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: 300snails.sbs
    Source: XTN21MDFrg.exe, 00000000.00000000.2114730785.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: 3xc1aimbl0w.sbs
    Source: XTN21MDFrg.exe, 00000000.00000000.2114730785.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: thicktoys.sbs

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.binstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.binstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    PowerShell    		1
    DLL Side-Loading    		1
    DLL Side-Loading    		11
    Deobfuscate/Decode Files or Information    		OS Credential Dumping2
    System Information Discovery    		Remote Services1
    Archive Collected Data    		1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    DLL Side-Loading    		LSASS MemoryApplication Window DiscoveryRemote Desktop Protocol2
    Clipboard Data    		1
    Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
    Obfuscated Files or Information    		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    XTN21MDFrg.exe68%ReversingLabsWin32.Spyware.Lummastealer
    XTN21MDFrg.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    thicktoys.sbsfalse
      		high
      300snails.sbsfalse
        		high
        faintbl0w.sbsfalse
          		high
          3xc1aimbl0w.sbsfalse
            		high

            World Map of Contacted IPs

            No contacted IP infos

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1561757
            Start date and time:2024-11-24 08:37:19 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 3m 57s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:4
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:XTN21MDFrg.exe
            renamed because original name is a hash value
            Original Sample Name:962c5a8ed8af958eb0168b57c08cea04.exe
            Detection:MAL
            Classification:mal80.troj.evad.winEXE@1/0@0/0
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:Failed
            Cookbook Comments:
            • Found application associated with file extension: .exe

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
            • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • VT rate limit hit for: XTN21MDFrg.exe

            Simulations

            Behavior and APIs

            No simulations

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            No created / dropped files found

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386, for MS Windows
            Entropy (8bit):6.835762106718957
            TrID:
            • Win32 Executable (generic) a (10002005/4) 99.96%
            • Generic Win/DOS Executable (2004/3) 0.02%
            • DOS Executable Generic (2002/1) 0.02%
            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
            File name:XTN21MDFrg.exe
            File size:314'880 bytes
            MD5:962c5a8ed8af958eb0168b57c08cea04
            SHA1:33755435c11251f9ef63aabf3a81a80a89bd8844
            SHA256:249d5278ba7c7d8057bf3437cb5f36d63f8ee047ce8068e26e250ee4e3d776ed
            SHA512:ff14cd9ca8e6afd0feab4831296fc8fad912fa3ab7b0b281ade512d47d72a26ecd3db28bbf31c11653616259edcebb415b52d78c4a06401b38df73b82bee1091
            SSDEEP:6144:oiTlHQl4ILtmbVJBTtnnoaRCC2pcdp5bUD8t6ans2PQ:9TlHQ2QMp9nQC29woanTI
            TLSH:72648C09DB6395E1C987447492DA777F9E355B0223389FC3DF80DF8178739A2983AA06
            File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....7g............................p.............@.......................................@..................................;.....

            File Icon

            Icon Hash:00928e8e8686b000

            Static PE Info

            General

            Entrypoint:0x408a70
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0x6737BFA2 [Fri Nov 15 21:39:46 2024 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:6
            OS Version Minor:0
            File Version Major:6
            File Version Minor:0
            Subsystem Version Major:6
            Subsystem Version Minor:0
            Import Hash:efd5a1321fb3549606827ae52de6c65d

            Entrypoint Preview

            Instruction
            push ebp
            push ebx
            push edi
            push esi
            sub esp, 00000210h
            call 00007F5F78805686h
            test al, al
            je 00007F5F787D1359h
            lea eax, dword ptr [esp+08h]
            push 00000000h
            push 00000010h
            push eax
            push 00000000h
            call dword ptr [00443D20h]
            call 00007F5F787FE478h
            test al, al
            je 00007F5F787D1336h
            call dword ptr [00443D38h]
            mov ecx, eax
            mov ebp, 81161F7Ah
            shr ebp, cl
            mov eax, 81161F7Ah
            xor edi, edi
            mov ebx, 00000000h
            test cl, 00000020h
            jne 00007F5F787D11C4h
            mov ebx, ebp
            mov edx, 8BAE9156h
            shrd edx, eax, cl
            test cl, 00000020h
            jne 00007F5F787D11C4h
            mov ebp, edx
            mov eax, 408B0FBDh
            mov esi, 408B0FBDh
            shr esi, cl
            test cl, 00000020h
            jne 00007F5F787D11C4h
            mov edi, esi
            mov edx, 45D748ABh
            shrd edx, eax, cl
            test cl, 00000020h
            jne 00007F5F787D11C4h
            mov esi, edx
            call dword ptr [00443D34h]
            mov dword ptr [esp+04h], eax
            mov ecx, esi
            and ecx, BA28B754h
            mov eax, edi
            and eax, 3F74F042h
            or ebp, 01h
            sub esi, ebp
            sbb edi, ebx
            and esi, 45D748ABh
            or esi, ecx
            and edi, 408B0FBDh
            or edi, eax
            mov ecx, 806609AEh
            mov eax, esi
            mul ecx
            imul esi, esi, 140D33F6h

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x43bcd0x8c.rdata
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x560000x3d24.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x43d180xbc.rdata
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x10000x40f700x4100019123cbe6d6d6ece37443763988c3005False0.5514310396634615data6.6966708648332025IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rdata0x420000x20a70x22000ba64fd07b6a291bcc2a1d249f0f028fFalse0.4639246323529412data6.532814521410839IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .data0x450000xfe6c0x5800dbb7cdc354d00d886b0c605e3483170cFalse0.5628551136363636data6.623873761562155IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .CRT0x550000x40x2009645e96cb6685e99a9863c2a7b48ac36False0.03125data0.04078075625387198IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0x560000x3d240x3e00d64405354e6597def3a5a046ae68883bFalse0.4984248991935484data6.45012777028915IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Imports

            DLLImport
            SHELL32.dllSHEmptyRecycleBinW, SHGetFileInfoW, SHGetSpecialFolderPathW
            KERNEL32.dllCopyFileW, ExitProcess, GetCommandLineW, GetCurrentProcessId, GetCurrentThreadId, GetLogicalDrives, GetSystemDirectoryW, GlobalLock, GlobalUnlock
            USER32.dllCloseClipboard, GetClipboardData, GetDC, GetForegroundWindow, GetSystemMetrics, GetWindowLongW, OpenClipboard, ReleaseDC
            GDI32.dllBitBlt, CreateCompatibleBitmap, CreateCompatibleDC, CreateDIBSection, DeleteDC, DeleteObject, GetCurrentObject, GetDIBits, GetObjectW, GetPixel, SelectObject, StretchBlt
            ole32.dllCoCreateInstance, CoInitializeEx, CoInitializeSecurity, CoSetProxyBlanket, CoUninitialize
            OLEAUT32.dllSysAllocString, SysFreeString, VariantClear, VariantInit

            Network Behavior

            No network behavior found

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:02:38:09
            Start date:24/11/2024
            Path:C:\Users\user\Desktop\XTN21MDFrg.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\XTN21MDFrg.exe"
            Imagebase:0xaa0000
            File size:314'880 bytes
            MD5 hash:962C5A8ED8AF958EB0168B57C08CEA04
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:0.5%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:72%
              Total number of Nodes:25
              Total number of Limit Nodes:2
              execution_graph 11364 aa8a70 11365 aa8a7f 11364->11365 11366 aa8c1a ExitProcess 11365->11366 11367 aa8a87 SHGetSpecialFolderPathW 11365->11367 11368 aa8a9d 11367->11368 11369 aa8aa5 GetCurrentThreadId 11368->11369 11370 aa8c10 11368->11370 11371 aa8ac5 11369->11371 11370->11366 11372 aa8af8 GetCurrentProcessId GetForegroundWindow 11371->11372 11373 aa8af6 11371->11373 11374 aa8b70 11372->11374 11373->11372 11374->11370 11376 aacd40 CoInitializeEx 11374->11376 11377 adbb20 11378 adbb40 11377->11378 11378->11378 11379 adbb54 RtlAllocateHeap 11378->11379 11380 ae0c20 11381 ae0c40 11380->11381 11381->11381 11382 ae0d6e 11381->11382 11384 ade420 LdrInitializeThunk 11381->11384 11384->11382 11385 ae1050 11387 ae1080 11385->11387 11386 ae10de 11388 ae118e 11386->11388 11392 ade420 LdrInitializeThunk 11386->11392 11387->11386 11391 ade420 LdrInitializeThunk 11387->11391 11391->11386 11392->11388

              Executed Functions

              Function 00AA8A70 Relevance: 7.6, APIs: 5, Instructions: 137threadCOMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 00AA8A92
              • GetCurrentThreadId.KERNEL32 ref: 00AA8AA5
              • GetCurrentProcessId.KERNEL32 ref: 00AA8AF8
              • GetForegroundWindow.USER32 ref: 00AA8B62
                • Part of subcall function 00AACD40: CoInitializeEx.OLE32(00000000,00000002), ref: 00AACD53
              • ExitProcess.KERNEL32 ref: 00AA8C1C
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: CurrentProcess$ExitFolderForegroundInitializePathSpecialThreadWindow
              • String ID:
              • API String ID: 3701390975-0
              • Opcode ID: 8278790a5dd681f007c584f1ae8a6e0428d521298926d4067117ef294250802a
              • Instruction ID: 4e0fa436462a5b047b04d09e5671c2cc40728a5006531d01e613c6834912719f
              • Opcode Fuzzy Hash: 8278790a5dd681f007c584f1ae8a6e0428d521298926d4067117ef294250802a
              • Instruction Fuzzy Hash: 94414733B4071D0BD7287AE9DD8A369B58647C5750F0A8039A985DF3D6FEE88C0542D0
              Function 00ADE420 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 55 ade420-ade452 LdrInitializeThunk
              APIs
              • LdrInitializeThunk.NTDLL(00AE0F42,005C003F,00000008,00000018,?), ref: 00ADE44E
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
              • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
              • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
              • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
              Function 00AE1050 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 56 ae1050-ae1074 57 ae1080-ae10b6 56->57 57->57 58 ae10b8-ae10c3 57->58 59 ae110e-ae1113 58->59 60 ae10c5-ae10cf 58->60 61 ae11b9-ae11bb 59->61 62 ae1119-ae112a 59->62 63 ae10d0-ae10d7 60->63 64 ae11cc-ae11d3 61->64 65 ae11bd-ae11c4 61->65 66 ae1130-ae1165 62->66 67 ae10d9-ae10dc 63->67 68 ae10e0-ae10e6 63->68 69 ae11ca 65->69 70 ae11c6 65->70 66->66 71 ae1167-ae1172 66->71 67->63 72 ae10de 67->72 68->59 73 ae10e8-ae1106 call ade420 68->73 69->64 70->69 74 ae1174-ae117f 71->74 75 ae11b1-ae11b3 71->75 72->59 77 ae110b 73->77 78 ae1180-ae1187 74->78 75->61 79 ae11b5 75->79 77->59 80 ae1189-ae118c 78->80 81 ae1190-ae1196 78->81 79->61 80->78 82 ae118e 80->82 81->75 83 ae1198-ae11ae call ade420 81->83 82->75 83->75
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: 5|iL
              • API String ID: 2994545307-1880071150
              • Opcode ID: 7fb5102d9b3acd52815d13f4644aa7fa4434d48749ddc48bf5c12dcac270eb3f
              • Instruction ID: bb186d4552f5facc472a0641a87f92e6d20d529332df63c14d820c04abc14c37
              • Opcode Fuzzy Hash: 7fb5102d9b3acd52815d13f4644aa7fa4434d48749ddc48bf5c12dcac270eb3f
              • Instruction Fuzzy Hash: 80413871715391AFD718DF2AECC1B3AB7E6EB81344F18462CF2848B390E674E8128745
              Function 00ADBB20 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 52 adbb20-adbb35 53 adbb40-adbb52 52->53 53->53 54 adbb54-adbb69 RtlAllocateHeap 53->54
              APIs
              • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 00ADBB60
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: d21d5983463e6faa38e61dcbc6830ddf4632c46eeb640c40878de8bdc907cd37
              • Instruction ID: 96fc8bbe0e462884468503da4819f8c5582e8a6fd794f98bd03a0cbfa3ca76af
              • Opcode Fuzzy Hash: d21d5983463e6faa38e61dcbc6830ddf4632c46eeb640c40878de8bdc907cd37
              • Instruction Fuzzy Hash: 7FE0D83051C3408FD705AB24E8A5B6ABFA2EB96B14F50456DE4C2473E1C6364C2BCB13

              Non-executed Functions

              Function 00AC5440 Relevance: 34.6, Strings: 27, Instructions: 805COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 102 ac5440-ac54ab call aa8260 105 ac54b0-ac54dd 102->105 105->105 106 ac54df-ac5500 call ae1360 105->106 109 ac558c-ac559d 106->109 110 ac5549-ac554f 106->110 111 ac5535 106->111 112 ac5507-ac552e call ae1720 106->112 113 ac5537-ac553f 106->113 114 ac5540 106->114 115 ac5550 106->115 116 ac55e1-ac55ec 106->116 117 ac5542-ac5544 106->117 118 ac5552-ac5585 106->118 109->109 109->110 109->111 109->112 109->113 109->114 109->115 109->116 109->117 109->118 119 ac542f-ac5438 109->119 120 ac5426-ac542c call aa8450 109->120 121 ac53b9-ac53eb 109->121 122 ac5374-ac537b 109->122 123 ac53b1 109->123 110->115 111->113 112->109 112->110 112->111 112->115 112->116 112->118 113->114 124 ac55ee 116->124 125 ac55f3-ac561a call aa8440 call ae1480 116->125 127 ac6c78-ac6c82 117->127 118->109 118->116 120->119 129 ac53f0-ac540b 121->129 132 ac537d-ac5382 122->132 133 ac5384 122->133 123->121 124->125 144 ac5655 125->144 145 ac5630-ac564e call ae1360 125->145 146 ac5660-ac583f 125->146 147 ac5621 125->147 129->129 136 ac540d-ac541e call ac0ef0 129->136 134 ac5387-ac53aa call aa8440 132->134 133->134 134->109 134->110 134->111 134->112 134->113 134->114 134->115 134->116 134->117 134->118 134->119 134->120 134->121 134->123 136->120 144->146 145->144 145->146 148 ac5840-ac58ab 146->148 147->145 148->148 151 ac58ad-ac5b62 148->151 153 ac5b70-ac5b96 151->153 153->153 154 ac5b98-ac5d96 153->154 155 ac5da0-ac5dbd 154->155 155->155 156 ac5dbf-ac5fbf 155->156 157 ac5fc0-ac5fe4 156->157 157->157 158 ac5fe6-ac61e6 157->158 159 ac61f0-ac621a 158->159 159->159 160 ac621c-ac6280 159->160 161 ac6336-ac6385 160->161 162 ac6290-ac62a9 160->162 163 ac6320-ac632f 160->163 164 ac6430-ac643a 160->164 165 ac6441-ac646a call ae1360 160->165 166 ac6471-ac64c5 call ae19d0 160->166 168 ac6390-ac63b4 161->168 169 ac62b0-ac62da 162->169 163->161 163->162 163->163 163->164 163->165 163->166 164->163 164->164 164->165 164->166 165->164 165->166 166->161 166->162 166->163 166->164 166->165 175 ac69a0-ac69a2 166->175 168->168 172 ac63b6-ac63c3 168->172 169->169 173 ac62dc-ac62e8 169->173 176 ac63c5-ac63c8 172->176 177 ac63e1-ac63f1 172->177 173->175 178 ac62ee-ac62ff 173->178 175->127 179 ac63d0-ac63df 176->179 180 ac6411-ac6427 177->180 181 ac63f3-ac63f7 177->181 182 ac6300-ac6307 178->182 179->177 179->179 180->163 180->164 180->165 180->166 183 ac6400-ac640f 181->183 184 ac630d-ac6310 182->184 185 ac6996-ac699c 182->185 183->180 183->183 184->182 186 ac6312 184->186 187 ac699e-ac699f 185->187 188 ac69c6-ac69dc call ade420 185->188 186->175 187->175 188->127
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: 9yG$Y>[$.y-{$2q s$3c?a$3w+u$5u w$:<$<o0m$?s,q$@=g?$Sg/e$W9Q;$X5Y7$[O$\]$`Qo_$`a$l]f[$pInW$q%e'$s!u#$uEsC$vN${u$|-z/$Q_
              • API String ID: 0-3039968853
              • Opcode ID: aca45507ea2b03055be362a7a71ad8bda030c0ed73a256d6598321bbec878791
              • Instruction ID: 3419e6a65229cbd5ea29c864c3437a0c1f3f3acb0396b06d45cb7e0ed8104bc4
              • Opcode Fuzzy Hash: aca45507ea2b03055be362a7a71ad8bda030c0ed73a256d6598321bbec878791
              • Instruction Fuzzy Hash: 78824DB55093819BE334CF15E881BEFBBE1BB86344F108A2DD6D99B241DB748446CF92
              Function 00AD9250 Relevance: 30.4, APIs: 10, Strings: 7, Instructions: 627memorycomCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 191 ad9250-ad92a5 192 ad92b0-ad92ec 191->192 192->192 193 ad92ee-ad930a 192->193 195 ad930c 193->195 196 ad9317-ad9365 CoCreateInstance 193->196 195->196 197 ad936b-ad93b3 196->197 198 ad9926-ad994b call ae02f0 196->198 199 ad93c0-ad9419 197->199 207 ad994d-ad9951 198->207 208 ad9955-ad9957 198->208 199->199 201 ad941b-ad9452 SysAllocString 199->201 205 ad9458-ad9472 CoSetProxyBlanket 201->205 206 ad9912-ad9922 SysFreeString 201->206 209 ad9908-ad990e 205->209 210 ad9478-ad9497 205->210 206->198 207->208 211 ad996f-ad9976 208->211 209->206 214 ad94a0-ad94bb 210->214 212 ad998f-ad99da call abfd50 211->212 213 ad9978-ad997f 211->213 220 ad99e0-ad99eb 212->220 213->212 215 ad9981-ad998d 213->215 214->214 217 ad94bd-ad9541 SysAllocString 214->217 215->212 219 ad9550-ad957c 217->219 219->219 221 ad957e-ad95a3 SysAllocString 219->221 220->220 222 ad99ed-ad99f9 220->222 227 ad98ef-ad9901 SysFreeString * 2 221->227 228 ad95a9-ad95cb 221->228 223 ad99ff-ad9a0f call aa84f0 222->223 224 ad9960-ad9969 222->224 223->224 224->211 229 ad9a14-ad9a1b 224->229 227->209 232 ad98e5-ad98eb 228->232 233 ad95d1-ad95d4 228->233 232->227 233->232 234 ad95da-ad95df 233->234 234->232 235 ad95e5-ad963f VariantInit 234->235 236 ad9640-ad9693 235->236 236->236 237 ad9695-ad96b4 236->237 239 ad96ba-ad96c0 237->239 240 ad98d4-ad98e1 VariantClear 237->240 239->240 241 ad96c6-ad96d3 239->241 240->232 242 ad96d5-ad96da 241->242 243 ad9713 241->243 245 ad96ec-ad96f0 242->245 244 ad9715-ad972d call aa8440 243->244 254 ad986e-ad988e 244->254 255 ad9733-ad973d 244->255 247 ad96e0 245->247 248 ad96f2-ad96fd 245->248 250 ad96e1-ad96ea 247->250 251 ad96ff-ad9704 248->251 252 ad9706-ad970c 248->252 250->244 250->245 251->250 252->250 253 ad970e-ad9711 252->253 253->250 257 ad98c7-ad98d0 call aa8450 254->257 258 ad9890-ad98a6 254->258 255->254 256 ad9743-ad974b 255->256 259 ad9750-ad975c 256->259 257->240 258->257 260 ad98a8-ad98be 258->260 262 ad975e-ad9763 259->262 263 ad9770-ad9776 259->263 260->257 264 ad98c0-ad98c3 260->264 266 ad9800-ad9812 262->266 267 ad9778-ad977b 263->267 268 ad9795-ad97a3 263->268 264->257 269 ad9814-ad981e 266->269 267->268 270 ad977d-ad9793 267->270 271 ad97a9-ad97ac 268->271 272 ad982a-ad9833 268->272 269->254 273 ad9820-ad9822 269->273 270->266 271->272 275 ad97ae-ad97f7 271->275 272->269 274 ad9835-ad9838 272->274 273->259 276 ad9828 273->276 277 ad986a-ad986c 274->277 278 ad983a-ad9868 274->278 275->266 276->254 277->266 278->266
              APIs
              • CoCreateInstance.OLE32(00AE3678,00000000,00000001,00AE3668,00000000), ref: 00AD935D
              • SysAllocString.OLEAUT32(194B1B42), ref: 00AD9420
              • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00AD946A
              • SysAllocString.OLEAUT32(194B1B42), ref: 00AD94BE
              • SysAllocString.OLEAUT32(194B1B42), ref: 00AD957F
              • VariantInit.OLEAUT32(?), ref: 00AD95EA
              • SysFreeString.OLEAUT32(?), ref: 00AD9916
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: String$Alloc$BlanketCreateFreeInitInstanceProxyVariant
              • String ID: 7o=m$89$C$Ig:e$\$hw$lc
              • API String ID: 2895375541-4291297616
              • Opcode ID: 82eb9d9cf8323db6d5a27630d800adcc8affba6c35f93346f9b1e68d6f24b27c
              • Instruction ID: b46d289a760a37215f5a8d1c6b0dbc64628a4413578b7984071a5de74f5a0244
              • Opcode Fuzzy Hash: 82eb9d9cf8323db6d5a27630d800adcc8affba6c35f93346f9b1e68d6f24b27c
              • Instruction Fuzzy Hash: 82224276A083409FD714CF28C89576BBBE2EFC6710F18892DE5969B391D774D805CB82
              Function 00AC51D0 Relevance: 28.4, Strings: 22, Instructions: 910COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 279 ac51d0-ac5274 280 ac5280-ac52b6 279->280 280->280 281 ac52b8-ac5305 280->281 283 ac5310-ac5360 281->283 283->283 284 ac5362-ac536d 283->284 285 ac558c-ac559d 284->285 286 ac542f-ac5438 284->286 287 ac5549-ac554f 284->287 288 ac5426-ac542c call aa8450 284->288 289 ac5507-ac552e call ae1720 284->289 290 ac5540 284->290 291 ac55e1-ac55ec 284->291 292 ac5542-ac5544 284->292 293 ac53b9-ac53eb 284->293 294 ac5374-ac537b 284->294 295 ac5535 284->295 296 ac5537-ac553f 284->296 297 ac5550 284->297 298 ac53b1 284->298 299 ac5552-ac5585 284->299 285->285 285->286 285->287 285->288 285->289 285->290 285->291 285->292 285->293 285->294 285->295 285->296 285->297 285->298 285->299 287->297 288->286 289->285 289->287 289->291 289->295 289->297 289->299 304 ac55ee 291->304 305 ac55f3-ac561a call aa8440 call ae1480 291->305 301 ac6c78-ac6c82 292->301 306 ac53f0-ac540b 293->306 302 ac537d-ac5382 294->302 303 ac5384 294->303 295->296 296->290 298->293 299->285 299->291 308 ac5387-ac53aa call aa8440 302->308 303->308 304->305 321 ac5655 305->321 322 ac5630-ac564e call ae1360 305->322 323 ac5660-ac583f 305->323 324 ac5621 305->324 306->306 310 ac540d-ac541e call ac0ef0 306->310 308->285 308->286 308->287 308->288 308->289 308->290 308->291 308->292 308->293 308->295 308->296 308->297 308->298 308->299 310->288 321->323 322->321 322->323 325 ac5840-ac58ab 323->325 324->322 325->325 327 ac58ad-ac5b62 325->327 329 ac5b70-ac5b96 327->329 329->329 330 ac5b98-ac5d96 329->330 331 ac5da0-ac5dbd 330->331 331->331 332 ac5dbf-ac5fbf 331->332 333 ac5fc0-ac5fe4 332->333 333->333 334 ac5fe6-ac61e6 333->334 335 ac61f0-ac621a 334->335 335->335 336 ac621c-ac6280 335->336 337 ac6336-ac6385 336->337 338 ac6290-ac62a9 336->338 339 ac6320-ac632f 336->339 340 ac6430-ac643a 336->340 341 ac6441-ac646a call ae1360 336->341 342 ac6471-ac64c5 call ae19d0 336->342 344 ac6390-ac63b4 337->344 345 ac62b0-ac62da 338->345 339->337 339->338 339->339 339->340 339->341 339->342 340->339 340->340 340->341 340->342 341->340 341->342 342->337 342->338 342->339 342->340 342->341 351 ac69a0-ac69a2 342->351 344->344 349 ac63b6-ac63c3 344->349 345->345 348 ac62dc-ac62e8 345->348 348->351 354 ac62ee-ac62ff 348->354 352 ac63c5-ac63c8 349->352 353 ac63e1-ac63f1 349->353 351->301 356 ac63d0-ac63df 352->356 357 ac6411-ac6427 353->357 358 ac63f3-ac63f7 353->358 355 ac6300-ac6307 354->355 360 ac630d-ac6310 355->360 361 ac6996-ac699c 355->361 356->353 356->356 357->339 357->340 357->341 357->342 359 ac6400-ac640f 358->359 359->357 359->359 360->355 364 ac6312 360->364 362 ac699e-ac699f 361->362 363 ac69c6-ac69dc call ade420 361->363 362->351 363->301 364->351
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: 9yG$Y>[$.y-{$2q s$5u w$:<$@=g?$W9Q;$X5Y7$[O$\]$`Qo_$`a$l]f[$pInW$q%e'$s!u#$uEsC$vN${u$|-z/$Q_
              • API String ID: 0-2953381294
              • Opcode ID: 256e7ea51ddaca7872357447eaa0a4f2da74b9d8151a01b127e6fbe8023cef1f
              • Instruction ID: 483499e67de3eb85e833c42f7b45588a4bd74b47927931f83a341e1f1b255e0d
              • Opcode Fuzzy Hash: 256e7ea51ddaca7872357447eaa0a4f2da74b9d8151a01b127e6fbe8023cef1f
              • Instruction Fuzzy Hash: B3925FB59093818FE334CF55E881BABBBE1FB85344F01892DD6D99B251DB708446CF92
              Function 00AC55D0 Relevance: 28.3, Strings: 22, Instructions: 769COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 367 ac55d0-ac55da 368 ac558c-ac559d 367->368 369 ac55e1-ac55ec 367->369 368->368 368->369 370 ac542f-ac5438 368->370 371 ac5549-ac554f 368->371 372 ac5426-ac542c call aa8450 368->372 373 ac5507-ac552e call ae1720 368->373 374 ac5540 368->374 375 ac5542-ac5544 368->375 376 ac53b9-ac53eb 368->376 377 ac5374-ac537b 368->377 378 ac5535 368->378 379 ac5537-ac553f 368->379 380 ac5550 368->380 381 ac53b1 368->381 382 ac5552-ac5585 368->382 383 ac55ee 369->383 384 ac55f3-ac561a call aa8440 call ae1480 369->384 371->380 372->370 373->368 373->369 373->371 373->378 373->380 373->382 386 ac6c78-ac6c82 375->386 390 ac53f0-ac540b 376->390 387 ac537d-ac5382 377->387 388 ac5384 377->388 378->379 379->374 381->376 382->368 382->369 383->384 403 ac5655 384->403 404 ac5630-ac564e call ae1360 384->404 405 ac5660-ac583f 384->405 406 ac5621 384->406 392 ac5387-ac53aa call aa8440 387->392 388->392 390->390 394 ac540d-ac541e call ac0ef0 390->394 392->368 392->369 392->370 392->371 392->372 392->373 392->374 392->375 392->376 392->378 392->379 392->380 392->381 392->382 394->372 403->405 404->403 404->405 407 ac5840-ac58ab 405->407 406->404 407->407 410 ac58ad-ac5b62 407->410 412 ac5b70-ac5b96 410->412 412->412 413 ac5b98-ac5d96 412->413 414 ac5da0-ac5dbd 413->414 414->414 415 ac5dbf-ac5fbf 414->415 416 ac5fc0-ac5fe4 415->416 416->416 417 ac5fe6-ac61e6 416->417 418 ac61f0-ac621a 417->418 418->418 419 ac621c-ac6280 418->419 420 ac6336-ac6385 419->420 421 ac6290-ac62a9 419->421 422 ac6320-ac632f 419->422 423 ac6430-ac643a 419->423 424 ac6441-ac646a call ae1360 419->424 425 ac6471-ac64c5 call ae19d0 419->425 428 ac6390-ac63b4 420->428 427 ac62b0-ac62da 421->427 422->420 422->421 422->422 422->423 422->424 422->425 423->422 423->423 423->424 423->425 424->423 424->425 425->420 425->421 425->422 425->423 425->424 434 ac69a0-ac69a2 425->434 427->427 432 ac62dc-ac62e8 427->432 428->428 431 ac63b6-ac63c3 428->431 436 ac63c5-ac63c8 431->436 437 ac63e1-ac63f1 431->437 432->434 435 ac62ee-ac62ff 432->435 434->386 441 ac6300-ac6307 435->441 438 ac63d0-ac63df 436->438 439 ac6411-ac6427 437->439 440 ac63f3-ac63f7 437->440 438->437 438->438 439->422 439->423 439->424 439->425 444 ac6400-ac640f 440->444 442 ac630d-ac6310 441->442 443 ac6996-ac699c 441->443 442->441 445 ac6312 442->445 446 ac699e-ac699f 443->446 447 ac69c6-ac69dc call ade420 443->447 444->439 444->444 445->434 446->434 447->386
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: 9yG$Y>[$.y-{$2q s$5u w$:<$@=g?$W9Q;$X5Y7$[O$\]$`Qo_$`a$l]f[$pInW$q%e'$s!u#$uEsC$vN${u$|-z/$Q_
              • API String ID: 0-2953381294
              • Opcode ID: dbeed0d82469568eb62f4f15f97589b891180bb5c35458f19b2e75542200d12b
              • Instruction ID: d2d8ada60891c1754f806c8c9bd722bb764b4a0f4196ccb6d7d034f1220aafa9
              • Opcode Fuzzy Hash: dbeed0d82469568eb62f4f15f97589b891180bb5c35458f19b2e75542200d12b
              • Instruction Fuzzy Hash: 46723CB55093819BE334CF15E981BEFBBE1BB86344F008A2DD6D99B241DB708446CF92
              Function 00ABFF90 Relevance: 19.7, Strings: 15, Instructions: 923COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: _fV$'$ "$.kG$0 ..$7d[Y$MKB$QSeh$WnK{$[ptv$kRo_$o$f$pDyy$rsC@$uwyT$}$(`
              • API String ID: 0-2908751823
              • Opcode ID: 01a404a59a89832726e8522f493fda22bc1f7cb8fae02a23f5c4af2e414b142d
              • Instruction ID: a5af4550e2f589de73605a54e4472bebe2c9c0956a496f471874c6f16c3b672f
              • Opcode Fuzzy Hash: 01a404a59a89832726e8522f493fda22bc1f7cb8fae02a23f5c4af2e414b142d
              • Instruction Fuzzy Hash: 3B62E070604B81CFC735CF39C890B66BBE1AF56314B198A6DC4E68BB92D735E806CB50
              Function 00AC88DD Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 366fileCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 644 ac88dd-ac88f1 call aa8450 647 ac897e-ac8996 call ae0c20 644->647 648 ac890b-ac895e 644->648 653 ac8aca-ac8acd 647->653 654 ac8b20-ac8b32 647->654 655 ac89e3-ac8a37 call aa8440 call acb140 647->655 656 ac8c1c-ac8c2d 647->656 657 ac899d-ac89b2 call ae0f70 647->657 658 ac8a3e-ac8a7e 647->658 659 ac8afe-ac8b0d 647->659 660 ac8b3f-ac8b50 647->660 661 ac8d58 647->661 662 ac8af8 647->662 663 ac89b9-ac89dc call aa8440 call ae1050 647->663 664 ac8b39 647->664 665 ac8ad6-ac8aef call acb4e0 call aa8450 647->665 666 ac8af0 647->666 667 ac8cd2-ac8ce6 647->667 668 ac8af2 647->668 650 ac8960-ac8972 648->650 650->650 652 ac8974-ac8978 CopyFileW 650->652 652->647 653->665 654->653 654->654 654->656 654->660 654->662 654->664 654->665 654->666 654->667 654->668 655->653 655->654 655->656 655->658 655->659 655->660 655->662 655->664 655->665 655->666 655->667 655->668 674 ac8c2f-ac8c45 656->674 675 ac8c00-ac8c02 656->675 657->653 657->654 657->655 657->656 657->658 657->659 657->660 657->662 657->663 657->664 657->665 657->666 657->667 657->668 676 ac8a80-ac8aab 658->676 659->653 659->654 659->656 659->660 659->662 659->664 659->665 659->666 659->667 659->668 670 ac8b5b-ac8b71 660->670 671 ac8b52-ac8b56 660->671 661->661 662->659 663->653 663->654 663->655 663->656 663->658 663->659 663->660 663->662 663->664 663->665 663->666 663->667 663->668 665->666 666->668 678 ac8cf0-ac8d1c 667->678 686 ac8b75-ac8b8c call aa8440 670->686 687 ac8b73 670->687 681 ac8be7-ac8bf6 call acc1f0 671->681 684 ac8c49-ac8c60 call aa8440 674->684 685 ac8c47 674->685 679 ac8c04-ac8c13 call acc1f0 675->679 676->676 688 ac8aad-ac8ac3 call acb370 676->688 678->678 690 ac8d1e-ac8d26 678->690 679->656 681->656 709 ac8c9b-ac8cb7 684->709 710 ac8c62-ac8c64 684->710 685->684 711 ac8b8e-ac8b90 686->711 712 ac8bcb-ac8be4 686->712 687->686 688->653 688->654 688->656 688->659 688->660 688->662 688->664 688->665 688->666 688->667 688->668 690->661 699 ac8d28-ac8d33 690->699 708 ac8d40-ac8d47 699->708 713 ac8d49-ac8d4c 708->713 714 ac8d50-ac8d56 708->714 709->679 716 ac8c66-ac8c68 710->716 717 ac8c92-ac8c98 call aa8450 710->717 718 ac8bc2-ac8bc8 call aa8450 711->718 719 ac8b92-ac8b94 711->719 712->681 713->708 715 ac8d4e 713->715 714->661 720 ac8d9f-ac8dae call ade420 714->720 715->661 721 ac8c70-ac8c90 716->721 717->709 718->712 723 ac8ba0-ac8bc0 719->723 721->717 721->721 723->718 723->723
              APIs
              • CopyFileW.KERNEL32(00000000,?,00000000,?,?,?,?,yhKH 0M::,g@mYU-1X(&), ref: 00AC8978
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: CopyFile
              • String ID: 0M:$1X(&$:,g@$;:=<$=(05$=(05yhKH 0M::,g@mYU-1X(&$L#L-$mYU-$yhKH
              • API String ID: 1304948518-1839588596
              • Opcode ID: 47151f7be5086ea96c1fdff54ef8c546d39bc2bfc5887862b3d13cc17ae95874
              • Instruction ID: f1953de6e3b876e56e79e56c6e4cee6aa46e3b973ee86f97b2e39d00a4376ac7
              • Opcode Fuzzy Hash: 47151f7be5086ea96c1fdff54ef8c546d39bc2bfc5887862b3d13cc17ae95874
              • Instruction Fuzzy Hash: 2ED1DEB5A00246DFDB15CF68D881AAEBBB1FF89300F198169D405AB351EB35AD52CF90
              Function 00AC88F8 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 295fileCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 729 ac88f8-ac8904 730 ac897e-ac8996 call ae0c20 729->730 731 ac890b-ac895e 729->731 736 ac8aca-ac8acd 730->736 737 ac8b20-ac8b32 730->737 738 ac89e3-ac8a37 call aa8440 call acb140 730->738 739 ac8c1c-ac8c2d 730->739 740 ac899d-ac89b2 call ae0f70 730->740 741 ac8a3e-ac8a7e 730->741 742 ac8afe-ac8b0d 730->742 743 ac8b3f-ac8b50 730->743 744 ac8d58 730->744 745 ac8af8 730->745 746 ac89b9-ac89dc call aa8440 call ae1050 730->746 747 ac8b39 730->747 748 ac8ad6-ac8aef call acb4e0 call aa8450 730->748 749 ac8af0 730->749 750 ac8cd2-ac8ce6 730->750 751 ac8af2 730->751 733 ac8960-ac8972 731->733 733->733 735 ac8974-ac8978 CopyFileW 733->735 735->730 736->748 737->736 737->737 737->739 737->743 737->745 737->747 737->748 737->749 737->750 737->751 738->736 738->737 738->739 738->741 738->742 738->743 738->745 738->747 738->748 738->749 738->750 738->751 757 ac8c2f-ac8c45 739->757 758 ac8c00-ac8c02 739->758 740->736 740->737 740->738 740->739 740->741 740->742 740->743 740->745 740->746 740->747 740->748 740->749 740->750 740->751 759 ac8a80-ac8aab 741->759 742->736 742->737 742->739 742->743 742->745 742->747 742->748 742->749 742->750 742->751 753 ac8b5b-ac8b71 743->753 754 ac8b52-ac8b56 743->754 744->744 745->742 746->736 746->737 746->738 746->739 746->741 746->742 746->743 746->745 746->747 746->748 746->749 746->750 746->751 748->749 749->751 761 ac8cf0-ac8d1c 750->761 769 ac8b75-ac8b8c call aa8440 753->769 770 ac8b73 753->770 764 ac8be7-ac8bf6 call acc1f0 754->764 767 ac8c49-ac8c60 call aa8440 757->767 768 ac8c47 757->768 762 ac8c04-ac8c13 call acc1f0 758->762 759->759 771 ac8aad-ac8ac3 call acb370 759->771 761->761 773 ac8d1e-ac8d26 761->773 762->739 764->739 792 ac8c9b-ac8cb7 767->792 793 ac8c62-ac8c64 767->793 768->767 794 ac8b8e-ac8b90 769->794 795 ac8bcb-ac8be4 769->795 770->769 771->736 771->737 771->739 771->742 771->743 771->745 771->747 771->748 771->749 771->750 771->751 773->744 782 ac8d28-ac8d33 773->782 791 ac8d40-ac8d47 782->791 796 ac8d49-ac8d4c 791->796 797 ac8d50-ac8d56 791->797 792->762 799 ac8c66-ac8c68 793->799 800 ac8c92-ac8c98 call aa8450 793->800 801 ac8bc2-ac8bc8 call aa8450 794->801 802 ac8b92-ac8b94 794->802 795->764 796->791 798 ac8d4e 796->798 797->744 803 ac8d9f-ac8dae call ade420 797->803 798->744 804 ac8c70-ac8c90 799->804 800->792 801->795 806 ac8ba0-ac8bc0 802->806 804->800 804->804 806->801 806->806
              APIs
              • CopyFileW.KERNEL32(00000000,?,00000000,?,?,?,?,yhKH 0M::,g@mYU-1X(&), ref: 00AC8978
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: CopyFile
              • String ID: 0M:$1X(&$:,g@$;:=<$=(05$=(05yhKH 0M::,g@mYU-1X(&$L#L-$mYU-$yhKH
              • API String ID: 1304948518-1839588596
              • Opcode ID: 9c04578cf42a8956089b6978bf288f75b4394a5c1cbaf552493b703b2bf7214f
              • Instruction ID: acd6039e50d3d53d259ce5c2e080331d8a54a13c080b786a2fc7aff965bd3b21
              • Opcode Fuzzy Hash: 9c04578cf42a8956089b6978bf288f75b4394a5c1cbaf552493b703b2bf7214f
              • Instruction Fuzzy Hash: BBB1C0B5A04246DFDB15CF68D881B6EBBB1BF49300F1A81A8D405AB351EB35AD52CFD0
              Function 00AC2D10 Relevance: 16.8, Strings: 13, Instructions: 584COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: AllocateHeapInitializeThunk
              • String ID: !@$($)$*$+$+$,$/$/$1$2$3$f
              • API String ID: 383220839-3341998751
              • Opcode ID: c5e26434375478f920783f0a2539b4c0cdb4dbc56a7631d30020f9c6073b9cce
              • Instruction ID: 3fbfc31573c3e8eb972e65864516e6bc189acd3263d336ba01193dc126e012c8
              • Opcode Fuzzy Hash: c5e26434375478f920783f0a2539b4c0cdb4dbc56a7631d30020f9c6073b9cce
              • Instruction Fuzzy Hash: C432F47260C3808FD725CB28C49076EFBE1AB95324F1A8A2DE5D5C7392D7B98945CB43
              Function 00AA9410 Relevance: 10.4, Strings: 8, Instructions: 439COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: )x$CEa~$C}yD$FyOA$P$^!$`|Vz$9$
              • API String ID: 0-1872272304
              • Opcode ID: 7eba135c86ffd7cc95433c9f1a24ca243a7e8e9c30315bf08df24b183b5bbefe
              • Instruction ID: aaf5f1e4217aa48692383eb7f3be71ecc3682dfb6240c138c6f7f996c5271460
              • Opcode Fuzzy Hash: 7eba135c86ffd7cc95433c9f1a24ca243a7e8e9c30315bf08df24b183b5bbefe
              • Instruction Fuzzy Hash: C6C1F33250C7918AD721CF29C8507ABBFE1AF97344F09499DE8D49B392D739C909CB92
              Function 00ACC3D0 Relevance: 10.3, Strings: 8, Instructions: 266COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: $(''$)-$"$fi<b$h@KJ$u@wB$x}KH$yrt@$~FCs
              • API String ID: 0-2904395653
              • Opcode ID: 71efca7a55692cc9432a6c39ffd1753fc2df8fb23a0bdcebc830f9c6e3c21261
              • Instruction ID: 0b69707eac7be9d17633003d4ade260d1ca119c63e64b6b8a07d3b62228c68d2
              • Opcode Fuzzy Hash: 71efca7a55692cc9432a6c39ffd1753fc2df8fb23a0bdcebc830f9c6e3c21261
              • Instruction Fuzzy Hash: C591D2B1604B808BD339CF39D9A17A3BBE2AF96304F18995DC0EF4B386C77464058B55
              Function 00AC7D61 Relevance: 9.3, Strings: 7, Instructions: 519COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: ""$2$7Rn~$Iy~s$obwa$ujcw$yd-K$yrtp
              • API String ID: 0-1936000690
              • Opcode ID: c9bc17c5adb397e80ed05965d357fa05bafb06861a4391c9d15ee3be2e3c4923
              • Instruction ID: 893940d1a14a85c3e4be911d9ee6c7c46ddb69c2d5e79cfa64e6d810f29056e0
              • Opcode Fuzzy Hash: c9bc17c5adb397e80ed05965d357fa05bafb06861a4391c9d15ee3be2e3c4923
              • Instruction Fuzzy Hash: 5EF122B550C3818FD714CF64D88176FBBE5AF86304F1988ACE5858B342EB39D906CB92
              Function 00AD3A50 Relevance: 9.1, APIs: 6, Instructions: 147clipboardCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
              • String ID:
              • API String ID: 2832541153-0
              • Opcode ID: 55d8a43163d0e3fe3930fdb5dd03cc0d4a5d841910a2db20580334ab8b4c4eef
              • Instruction ID: 591d7539f1393c714ee6b35fb3b97aa10db1c5d57ed3f20c02cd191030ed1512
              • Opcode Fuzzy Hash: 55d8a43163d0e3fe3930fdb5dd03cc0d4a5d841910a2db20580334ab8b4c4eef
              • Instruction Fuzzy Hash: 9A51D5B2908B829BDB14ABBC884926EBFB0AB41310F05877ED4A68B3D1D3359555C793
              Function 00AAAD20 Relevance: 9.1, Strings: 7, Instructions: 359COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: /X$HY$M_$nqN$SQ$W%U$_]
              • API String ID: 0-922328653
              • Opcode ID: a93baa6d6078d3aee6df4733b70d1c0a5451bf61c3a3af2d70059fc64556ab01
              • Instruction ID: 21dc24cfe3e103b795400fd12dbbad5889e1d872684514effee0d610bd59b329
              • Opcode Fuzzy Hash: a93baa6d6078d3aee6df4733b70d1c0a5451bf61c3a3af2d70059fc64556ab01
              • Instruction Fuzzy Hash: D2C1067565C3848FD324CF2584A136BFBE2ABD2714F28CA6DE4D50B392D7758805CB92
              Function 00AC55A4 Relevance: 8.9, Strings: 7, Instructions: 189COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: )Jmi$1Spt$BLJN$PnoL$[VQa$_fXl$x
              • API String ID: 0-175320553
              • Opcode ID: 4cd30540406a5a47d939916d664cd61c737a20f97aa7ff7ee567af08f8372b7f
              • Instruction ID: 90abcc64ed58a3c860f5ad72847874691dad355ca1e3316896099f557726bd71
              • Opcode Fuzzy Hash: 4cd30540406a5a47d939916d664cd61c737a20f97aa7ff7ee567af08f8372b7f
              • Instruction Fuzzy Hash: 5B5133326583828BD724CB6484917EBFBF1EF95340F1A863DC489CB282E7349906D792
              Function 00AAE4AF Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 244COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: Uninitialize
              • String ID: %>?$7(6 $=$10$T|2
              • API String ID: 3861434553-3970780521
              • Opcode ID: 401294b7c15899851f510a866eb0df0767f23e09c6942486179a6588695eea2f
              • Instruction ID: e345f0bedaef5f447231dde3a04f00d0e204caee2648edbc0a9bf3f5c9939fc8
              • Opcode Fuzzy Hash: 401294b7c15899851f510a866eb0df0767f23e09c6942486179a6588695eea2f
              • Instruction Fuzzy Hash: BB51287550C3D28AD325CB25D4A07BBFFE2AFA3304F1C885DD4C69B282D77989098762
              Function 00AD0082 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 222memoryCOMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: AllocString
              • String ID: 0$rr3w$rr3w
              • API String ID: 2525500382-585071120
              • Opcode ID: 266be993275fcb09a2d28b099e612b29fafce7b6423cbf4c0ba1c0845247d9b6
              • Instruction ID: da61bb4f9a0866d3f5348f6ea5f9a8b4cc9fe6cf5532f0c689de6b61e951d07e
              • Opcode Fuzzy Hash: 266be993275fcb09a2d28b099e612b29fafce7b6423cbf4c0ba1c0845247d9b6
              • Instruction Fuzzy Hash: 36C12B31148FC18AD332CA3C88897D3BFD16B66324F084A9DD1FA8B7D2D6B96145C766
              Function 00AB990C Relevance: 6.7, Strings: 5, Instructions: 491COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: "onm$HK$R/A)$X?s9$v
              • API String ID: 0-4191733568
              • Opcode ID: 359292f72d763933c1ae0d8ccb6e151ca8443c40338dc16f62c8982c5ddd9ba3
              • Instruction ID: 4684fd95d1c6c09761aefcdf44c784916aecb33b47aad8b2071922b67df057e9
              • Opcode Fuzzy Hash: 359292f72d763933c1ae0d8ccb6e151ca8443c40338dc16f62c8982c5ddd9ba3
              • Instruction Fuzzy Hash: CD12DFB56093818BD738CF24C8A57EBBBE5FF95314F08895CD4CA8B292E7784505CB82
              Function 00AC6F9E Relevance: 6.7, Strings: 5, Instructions: 415COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: ;:=<$Ny$bq$zj${`
              • API String ID: 0-427255626
              • Opcode ID: 9f28fa0bb33c8cbb7cf1ce606911bc52cf86750e5216bf5218b760866a11042a
              • Instruction ID: e15d6220b96b5291b43e04e6277ac59c82f7a59940a9e95c6963000cbe963abd
              • Opcode Fuzzy Hash: 9f28fa0bb33c8cbb7cf1ce606911bc52cf86750e5216bf5218b760866a11042a
              • Instruction Fuzzy Hash: 13E1D2B5A04246DFDB14CFA9DC81AAEBBB2FF55300F1980A8E551AF361D7359942CF80
              Function 00AC90B1 Relevance: 6.6, Strings: 5, Instructions: 383COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: FX_M$P@EZ$aHXN$}PSU$}PSU}PSU}PSU}PSU
              • API String ID: 0-3769906081
              • Opcode ID: ab25b1f4522a85923a2e160fb326c2eb4cf1256f719f4adfd884ab02a2687fac
              • Instruction ID: e5ceacdeab4b2a47e9ffcfcfab6054568e39d5ae7ac7644f73efae0bb036815b
              • Opcode Fuzzy Hash: ab25b1f4522a85923a2e160fb326c2eb4cf1256f719f4adfd884ab02a2687fac
              • Instruction Fuzzy Hash: 13E1C671E04285CFDB04CFA8D8957AEBBB2AF4A314F1A81ACD4556F3A1C7759D02CB90
              Function 00AC6C90 Relevance: 6.5, Strings: 5, Instructions: 213COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: D}$Sp$S~$X_$sB
              • API String ID: 0-2074769466
              • Opcode ID: b3d578ceabb7e91782cd02d317d1b7f3f2e96c6f2b729bc3cad980b6991a411d
              • Instruction ID: f8212af1d60dfe97125fa3f3861253231d711c0a38b30806445095027e0d4720
              • Opcode Fuzzy Hash: b3d578ceabb7e91782cd02d317d1b7f3f2e96c6f2b729bc3cad980b6991a411d
              • Instruction Fuzzy Hash: 4F51ABB45083408BD710DF24D8A2B6BBBF0FF92764F154A1CE5D68B291E7788905CB9B
              Function 00AA98C0 Relevance: 5.4, Strings: 4, Instructions: 410COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: -y{$X$XY$t|z
              • API String ID: 0-3366321878
              • Opcode ID: e81c00b56c73558ad4a375fe612f3130a1ee21d3bc8defda4ad9d4fa9622640f
              • Instruction ID: ba30b8bef7cb242b2bf6b0816794e4135332dac5c7bc1b8b7e6159d002de2f02
              • Opcode Fuzzy Hash: e81c00b56c73558ad4a375fe612f3130a1ee21d3bc8defda4ad9d4fa9622640f
              • Instruction Fuzzy Hash: 6BC104716083808BE718DF35D85576BBBE5EBD2314F188A2DE5D68B392CB38C905CB52
              Function 00ACAB83 Relevance: 5.4, Strings: 4, Instructions: 386COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: 6/JT$;:=<$D/JT$FTGN
              • API String ID: 0-2223222905
              • Opcode ID: e73a7fc4e2bb19c150d40a17157c57c8df8aa9c33ba05587f65d0e590837a29f
              • Instruction ID: b6eecfcc5814510814c74277169760240b0b1f678fdbe12a9c9d35eea59f7d9d
              • Opcode Fuzzy Hash: e73a7fc4e2bb19c150d40a17157c57c8df8aa9c33ba05587f65d0e590837a29f
              • Instruction Fuzzy Hash: 47D16771E04198CFCB14CFA8D891BBDBBB2AF1A314F1A81ACE4516B391D7395D01CB92
              Function 00AA91B0 Relevance: 5.3, Strings: 4, Instructions: 261COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: O[M@$T(F&$UKKX$j
              • API String ID: 0-1885386310
              • Opcode ID: 97e84a6f11231ccd1c36d43f8651d917bf6311de1855abfe1527903d33f6c9e4
              • Instruction ID: a684d17f95ff58e0b9bcb7dbe064204004e6f5ecc53d707800d3a35501cb012a
              • Opcode Fuzzy Hash: 97e84a6f11231ccd1c36d43f8651d917bf6311de1855abfe1527903d33f6c9e4
              • Instruction Fuzzy Hash: 2961B17054D3C18AD7118F2980E07ABFFE0EFA7354F18456DE8D54B282C77A891ADB62
              Function 00AB8E83 Relevance: 5.3, Strings: 4, Instructions: 256COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: At$VlVk$]]EX$^d^c
              • API String ID: 0-2893682494
              • Opcode ID: 642fc65976a5e1c6038cfb24f393ce0f4cb1fb4a55219280c451178bfa8e9e67
              • Instruction ID: 23dd82f9b9765c6bf22c97e850036c90dfd3d81748fce69546fa72cbcf54cfc9
              • Opcode Fuzzy Hash: 642fc65976a5e1c6038cfb24f393ce0f4cb1fb4a55219280c451178bfa8e9e67
              • Instruction Fuzzy Hash: 968124B5908380CBE3309F24D8427EBB7E5FF9A304F04092CE6998B292E7758515CB57
              Function 00AACDB0 Relevance: 5.2, Strings: 4, Instructions: 249COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: 1BE*$T1S7$\W$xr
              • API String ID: 0-494225041
              • Opcode ID: 4e1e6f3cd782768e962d300b7424941fb0d29b3398c40651c6aecdf6e07bb4ec
              • Instruction ID: 3cbf244abd2f8aad3310080c90bdd4cefb0bf014c81c55e6c66e392d9eb2765c
              • Opcode Fuzzy Hash: 4e1e6f3cd782768e962d300b7424941fb0d29b3398c40651c6aecdf6e07bb4ec
              • Instruction Fuzzy Hash: EB91AEB154D3D18FD331CF29D4907EBBBE1AB97304F14896CD0DA5B292D775480A8BA2
              Function 00ACE3BE Relevance: 4.4, Strings: 3, Instructions: 669COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: *XJl$YwS9$xtNw
              • API String ID: 0-2076723864
              • Opcode ID: 3809162ea0c64110326da59dd898b4f98396512a17369a5bdbb489ab794e35f6
              • Instruction ID: edf620de92527ab5e1a60bbeb06926079ba8e102c98474ca1271ee126ed7dfc0
              • Opcode Fuzzy Hash: 3809162ea0c64110326da59dd898b4f98396512a17369a5bdbb489ab794e35f6
              • Instruction Fuzzy Hash: 74229570608B818FD729CF3984607A3BBE2AF67304F19886DC4DB9B792D775A406CB51
              Function 00ACA235 Relevance: 4.1, Strings: 3, Instructions: 323COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: D@$I^$Md
              • API String ID: 0-4131734681
              • Opcode ID: 6ee663de64705c61a5ea18aa1aa1b423dd9161b6ab45a6fba9fba43116b263bb
              • Instruction ID: 861f5f7150b8adae6061d1066fbe2787112720b8889c3e4c7f69eacb5c74719b
              • Opcode Fuzzy Hash: 6ee663de64705c61a5ea18aa1aa1b423dd9161b6ab45a6fba9fba43116b263bb
              • Instruction Fuzzy Hash: 1BA12976E002298BCF24CFA8C8A17AE77B1FF55314F19816DD896AF395EB384901CB41
              Function 00ACE0CB Relevance: 4.1, Strings: 3, Instructions: 309COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: Gz~A$OOuH${BGy
              • API String ID: 0-673351052
              • Opcode ID: 120a211cc5382bdfcd98b8ef803ed448f2542ed038e3c0742ca48d2b1770891b
              • Instruction ID: a32606d4207484b20684a5cfaf3e3c94bfb00c2fdb5cbdad40d289cf8779662d
              • Opcode Fuzzy Hash: 120a211cc5382bdfcd98b8ef803ed448f2542ed038e3c0742ca48d2b1770891b
              • Instruction Fuzzy Hash: 539126716047818FE725CB388881BA3BBD2AFA2314F198A2DD4EB4B7C2D775B805C751
              Function 00AC8D61 Relevance: 4.0, Strings: 3, Instructions: 227COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: (+$fM.$KE
              • API String ID: 0-2816184506
              • Opcode ID: 9a205e17f4f80d8b51fd481b118c286d9a78c7688dca2ba0ccca94b338a00254
              • Instruction ID: da3ad9329bae1964741ff7cff68fcc16d167fb37076c567ab160337c6d935b1e
              • Opcode Fuzzy Hash: 9a205e17f4f80d8b51fd481b118c286d9a78c7688dca2ba0ccca94b338a00254
              • Instruction Fuzzy Hash: A171F176A04254DFDB04CFA4DC817AEBB72FF89310F1A41A8E9046F395DBB59802CB80
              Function 00ACC9E3 Relevance: 3.9, Strings: 3, Instructions: 193COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: ,"O$";$kfgk
              • API String ID: 0-2346484820
              • Opcode ID: ffe55e10f284b170074131a3363b931961061893573aee96fd7ea6f70b97d89f
              • Instruction ID: 322f18b718e0536ad747a9bfa6e0ddf9a5fde77f3681cdeed589e36fe2e6fc66
              • Opcode Fuzzy Hash: ffe55e10f284b170074131a3363b931961061893573aee96fd7ea6f70b97d89f
              • Instruction Fuzzy Hash: F8510C71109B808AD726CF35C4607B7BFE2AF97228F9985ADD5DB4B247CB385406C718
              Function 00AC4957 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 256COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: DrivesLogical
              • String ID: I=[;
              • API String ID: 999431828-61854675
              • Opcode ID: 36965a57f4b853cffa799405aebf84f18427751824bc64ece30d3f3cc9985feb
              • Instruction ID: c8c0fcce29fa197b395acce76b6de09044fee88bc389f0c07ea91b9748722646
              • Opcode Fuzzy Hash: 36965a57f4b853cffa799405aebf84f18427751824bc64ece30d3f3cc9985feb
              • Instruction Fuzzy Hash: D39101B1A10209CFDB14CF99DD92BAEBBB1FF89314F1585A8D452AF362D3349902CB54
              Function 00ADC3D0 Relevance: 3.2, Strings: 2, Instructions: 650COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: /.-,$f
              • API String ID: 2994545307-268397193
              • Opcode ID: 0da83f6ab180923736ace1b9e06d90646a0bab0b81d999db9119062e63e39a29
              • Instruction ID: 29c69a79c5e0fd526ac99bd730f137801355d7927cf9a99d20c2d429a15e2010
              • Opcode Fuzzy Hash: 0da83f6ab180923736ace1b9e06d90646a0bab0b81d999db9119062e63e39a29
              • Instruction Fuzzy Hash: 8222F4716483428FC714CF29C890A7ABBE2BBC9324F548A2EF4928B391D775DC45CB42
              Function 00AB9ECF Relevance: 2.9, Strings: 2, Instructions: 437COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: ($^
              • API String ID: 0-2972045208
              • Opcode ID: c6ddd8eec990dcef220560838ce1b73ba19a39c43406217fdbb7be4ce2e5bbf6
              • Instruction ID: 52172fcf726dc4c2bd82b27b0990611c53ca9266d92f198c883fd04be5c207bb
              • Opcode Fuzzy Hash: c6ddd8eec990dcef220560838ce1b73ba19a39c43406217fdbb7be4ce2e5bbf6
              • Instruction Fuzzy Hash: C3F1E3705083818FD725CF29C8A57ABBBE1FF96314F18896CE5C98B292D7359806CB52
              Function 00AA3E70 Relevance: 2.9, Strings: 2, Instructions: 402COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: )$IEND
              • API String ID: 0-707183367
              • Opcode ID: f6652b85496064cbb45a8ac2d108ea21c3aaef928085ab9541e9f24ed7ab0a17
              • Instruction ID: 430187d7a62c2881a366056db452d42316b675ec2f4226b522ccab1678df1593
              • Opcode Fuzzy Hash: f6652b85496064cbb45a8ac2d108ea21c3aaef928085ab9541e9f24ed7ab0a17
              • Instruction Fuzzy Hash: E8E1C071A087019FE710DF28D88076AFBE0BB9A304F14492DF9999B3C1D7B5E915CB92
              Function 00ACED09 Relevance: 2.8, Strings: 2, Instructions: 312COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: \eQZ$vT^4
              • API String ID: 0-3607082246
              • Opcode ID: b0833ab2b9285eb95a8a448db4dff8ea5f566e1b2a7ec94cfad2675e5b5f9724
              • Instruction ID: 37a25d379499b7f092c91d90d68d059d6f0797c61494530a2dfcbffd195ab7d4
              • Opcode Fuzzy Hash: b0833ab2b9285eb95a8a448db4dff8ea5f566e1b2a7ec94cfad2675e5b5f9724
              • Instruction Fuzzy Hash: 67A1C770604B818FE725CF39C465BB3BBE2AF52304F19896DD0EB8B281DB75A405CB16
              Function 00ACEDCA Relevance: 2.8, Strings: 2, Instructions: 310COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: \eQZ$vT^4
              • API String ID: 0-3607082246
              • Opcode ID: 99add90daa563090cde718cea7c832e49962682b38193fac5356da5a9549bf47
              • Instruction ID: dada4f8a8e6d227511893fe107f3ededea7dcadcca0a77f0fa9bbe0f722fa4c1
              • Opcode Fuzzy Hash: 99add90daa563090cde718cea7c832e49962682b38193fac5356da5a9549bf47
              • Instruction Fuzzy Hash: F0A1B870604B818FE729CF39C465BB3BBE2AF52304F19896DD0EB8B281D775A405CB55
              Function 00ACE03F Relevance: 2.8, Strings: 2, Instructions: 287COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: \eQZ$vT^4
              • API String ID: 0-3607082246
              • Opcode ID: f46ec9add2c21ebe4050ae3e3b00a0fefd470afe1fd987f703044163612e535e
              • Instruction ID: 3594fb35b9027ce7517184fe8a4e9e6002614a671e3d3a89616979cd18665a4d
              • Opcode Fuzzy Hash: f46ec9add2c21ebe4050ae3e3b00a0fefd470afe1fd987f703044163612e535e
              • Instruction Fuzzy Hash: F791B771604B818FE325CF39C451BB3BBE2AF52304F19896DD0EB87281D775A409CB66
              Function 00ACAA59 Relevance: 2.7, Strings: 2, Instructions: 234COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: \$dY
              • API String ID: 0-3471542007
              • Opcode ID: 02443204ad4ceb7b4b469ba7e85f483ffb5e3d7f73d35973e475fd1d27afb839
              • Instruction ID: 512920926b0150637508de90e1d7c8f74a8f6da626dafa00edc7308453ac4c9e
              • Opcode Fuzzy Hash: 02443204ad4ceb7b4b469ba7e85f483ffb5e3d7f73d35973e475fd1d27afb839
              • Instruction Fuzzy Hash: DC7176B2A443018FD718CF64C885B9ABFB2FB45314F5A82ADE1525F391C7758486CBC1
              Function 00ABD330 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: GU$P
              • API String ID: 0-4264775118
              • Opcode ID: 92372cc9fe417a99a4c613bbea39d2efe3f8b7acda3d21894831747d905d1cd2
              • Instruction ID: 769b27adf836c831753190c7e2da30c250ae412ad602fa5570091c3577d3dc65
              • Opcode Fuzzy Hash: 92372cc9fe417a99a4c613bbea39d2efe3f8b7acda3d21894831747d905d1cd2
              • Instruction Fuzzy Hash: ED51F2740183518BD714DF25C4A17ABBBF4EF96364F048A6CE4D58B292E3788906CB97
              Function 00AAC795 Relevance: 2.5, Strings: 2, Instructions: 33COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: Y3@x$k "#
              • API String ID: 0-1967048124
              • Opcode ID: 62008463e77c4082c740bd6adcd4b572ec9bf2028bac55942aa63c00852eb5dd
              • Instruction ID: fc85076903a97364b6acb3feef73c7ce47ef02b522091bae424a28b16dda6a42
              • Opcode Fuzzy Hash: 62008463e77c4082c740bd6adcd4b572ec9bf2028bac55942aa63c00852eb5dd
              • Instruction Fuzzy Hash: DCF090706183805FC7888F34DCD173BB7A2AB82314F54992DA142972D2CBB5D8068F14
              Function 00ABE304 Relevance: 2.0, Strings: 1, Instructions: 764COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: |}
              • API String ID: 0-2241360599
              • Opcode ID: 76b1d8fb52daeb039410c20e3b493f6b451b7f51f66a20c4922068df1c8c2cc1
              • Instruction ID: 0176920b3b3641f774382df3d01cc6b3d09a3a6b66f02de916a09b75406f1181
              • Opcode Fuzzy Hash: 76b1d8fb52daeb039410c20e3b493f6b451b7f51f66a20c4922068df1c8c2cc1
              • Instruction Fuzzy Hash: 683216B5A00606CFCB14CF69C8922FABBB5FF55310F18866CD4569B392E738A951CBD0
              Function 00AC35F0 Relevance: 1.7, APIs: 1, Instructions: 241comCOMMON
              Download Yara Rule
              APIs
              • CoCreateInstance.OLE32(00AE3598,00000000,00000001,00AE3588), ref: 00AC3619
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: CreateInstance
              • String ID:
              • API String ID: 542301482-0
              • Opcode ID: 42f3aab5f79dc3ec1e023259d7764084bf4422c09a13ad01cba3236f853de876
              • Instruction ID: 437d59ebefe37d9115bf9692b6788a3b7ed87aaf0c342defa0773966916b34d2
              • Opcode Fuzzy Hash: 42f3aab5f79dc3ec1e023259d7764084bf4422c09a13ad01cba3236f853de876
              • Instruction Fuzzy Hash: DF519EB6600304ABDB209B24CC96FB773B4EF86754F16895CF9868B391E375DA04C762
              Function 00AC97D0 Relevance: 1.7, Strings: 1, Instructions: 475COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: |1[3O=]?O9H;(EFG
              • API String ID: 0-2327365969
              • Opcode ID: c2737fc08e4d767fcd1c08087ab989f13811d6e69971cedf3f0cffa3640a4dea
              • Instruction ID: 50e7c12ade18dfdb03665c082ab08bc30cfc8e29319bdaf3d9c001e8ea74d15d
              • Opcode Fuzzy Hash: c2737fc08e4d767fcd1c08087ab989f13811d6e69971cedf3f0cffa3640a4dea
              • Instruction Fuzzy Hash: 7DE10171E04268CBDB14CFA8D8917EEBBB1FF85314F15416DD916AB281EB749A06CB80
              Function 00AC3850 Relevance: 1.7, Strings: 1, Instructions: 432COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: lmno
              • API String ID: 0-919139636
              • Opcode ID: b79a24f3a75e5f6c910fae20f697c7bd517fb893e78f17f189f798ae4ebfe6b3
              • Instruction ID: 7391461d3e9f5172151544b124f85398fbcce9f105a657a58ee2b34032ff3369
              • Opcode Fuzzy Hash: b79a24f3a75e5f6c910fae20f697c7bd517fb893e78f17f189f798ae4ebfe6b3
              • Instruction Fuzzy Hash: 7FB12777A043109BDB249B28C852B7BB7E1EFD1324F1AC52DE8C697281E775DE018792
              Function 00AC77C0 Relevance: 1.7, Strings: 1, Instructions: 424COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: ;:=<
              • API String ID: 2994545307-1779823811
              • Opcode ID: 49ae0ffc05df3122fff3d10af7feb608f2464130300da35b30450fd44b960b68
              • Instruction ID: 63ca398d9223d7e5580c0c1cb44536e6c7c37002d17c633c049f4879616f8b60
              • Opcode Fuzzy Hash: 49ae0ffc05df3122fff3d10af7feb608f2464130300da35b30450fd44b960b68
              • Instruction Fuzzy Hash: 02C14872A0C3018BD714CB29C851B3FB7E2EBD5310F1A856DE88A8B395D675DD02CB82
              Function 00ABEB80 Relevance: 1.6, Strings: 1, Instructions: 389COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: dg
              • API String ID: 0-2476624039
              • Opcode ID: 79be673158ecbd45acdb1693720608de45a6c7f9f0f4d1faf1ea0cc4ef691891
              • Instruction ID: c54b63222769c853c091d1c3bc860f053a9035050469795e32fad1f35cde6025
              • Opcode Fuzzy Hash: 79be673158ecbd45acdb1693720608de45a6c7f9f0f4d1faf1ea0cc4ef691891
              • Instruction Fuzzy Hash: 7CB1DE75A183018BC724CF28C8513BBB7F5EF95714F48992CE8DA9B291E738D905C792
              Function 00AD8ED0 Relevance: 1.6, Strings: 1, Instructions: 317COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-3019521637
              • Opcode ID: 6d498f37400ebf6ac52cb8785ad371845242e980d4a752b8965158af54a0244f
              • Instruction ID: d78b78c7efc7dbf9223d14ac047687a26e4eaeb4f56ec0f2e655554dcfffc472
              • Opcode Fuzzy Hash: 6d498f37400ebf6ac52cb8785ad371845242e980d4a752b8965158af54a0244f
              • Instruction Fuzzy Hash: AD913577B043114BD318DE68DC826BBB7E3BBC4314F0A853EDA9697395EA749C068781
              Function 00ABDEB6 Relevance: 1.5, Strings: 1, Instructions: 289COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: 4 2S
              • API String ID: 0-2035458613
              • Opcode ID: 48533b8487eb974ac9218d4a7de4e681a601179caae9b775e3de4005f979e61c
              • Instruction ID: 4f7872095c5578628cd7bd7289e165ef0f7b61009e2f0b6a297e7df95fc2cce2
              • Opcode Fuzzy Hash: 48533b8487eb974ac9218d4a7de4e681a601179caae9b775e3de4005f979e61c
              • Instruction Fuzzy Hash: C6712A71A183118BC725CF28C8917AB77E2EFD9314F08866DE8C69B385E7749901C792
              Function 00AE1CB0 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: FGFA
              • API String ID: 2994545307-1293343293
              • Opcode ID: 98f0b2718bfe233e9212f9a6f74b11133a40cffc21bd804adddaee0f14ea2e94
              • Instruction ID: e20b8463f6ee2bf725f8897470b160b40227736252d5c8a7d3b0ccc1ce485915
              • Opcode Fuzzy Hash: 98f0b2718bfe233e9212f9a6f74b11133a40cffc21bd804adddaee0f14ea2e94
              • Instruction Fuzzy Hash: 777155716083909FC728CF29D891A7FB7E2EBC5354F18892CE8968B391DB349C05C782
              Function 00AA6180 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: ,
              • API String ID: 0-3772416878
              • Opcode ID: 42698df11754288f7c7e22d86eca644924014b76b5d582c7a606c14b27339af4
              • Instruction ID: 47007686158e0325668730fb5a4085d85ff5de82fa3be4e1f10b99240a252e9e
              • Opcode Fuzzy Hash: 42698df11754288f7c7e22d86eca644924014b76b5d582c7a606c14b27339af4
              • Instruction Fuzzy Hash: 0CB148715083819FC325CF58C98065BFBE0AFAA704F484A2DE5D997782D731E918CBA7
              Function 00AAB1D0 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: LJ
              • API String ID: 0-1839849906
              • Opcode ID: c7b3ce89b0d2f6264b8752ed36495ac91c2768a5a7fd89b029c775137524f881
              • Instruction ID: 21594203d5dcbe6e969e49adf4f6520da82b7c89710d805481201a08232ec161
              • Opcode Fuzzy Hash: c7b3ce89b0d2f6264b8752ed36495ac91c2768a5a7fd89b029c775137524f881
              • Instruction Fuzzy Hash: C4D1E9B0111B80DBE3748F22E994787BBF1BB42754F608E1CD1EA2BA85C774A006CF95
              Function 00ABC4BC Relevance: 1.5, Strings: 1, Instructions: 245COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: 8-
              • API String ID: 0-3812798818
              • Opcode ID: 20fc81fce02fe6b391ff2be7b83f0511e06d7cf125620e5bac4aa39a2fb39c10
              • Instruction ID: 45045f019616bf38d9092afc99033a028b1593103ca05ea8f56e67e037d664bc
              • Opcode Fuzzy Hash: 20fc81fce02fe6b391ff2be7b83f0511e06d7cf125620e5bac4aa39a2fb39c10
              • Instruction Fuzzy Hash: 876136729043218BC3249F24C4915ABB7F2FFE6760F1A965CE8D52B3A5E7319D41C781
              Function 00ACB580 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: "
              • API String ID: 0-123907689
              • Opcode ID: d605f69cb6a61cba6e277e74b20d9a248e2b5eec550f027b6d34fa71407e500c
              • Instruction ID: 0da8909a7904dbd317e1ad392859b632636361ebe665ba2861de686710e92ac2
              • Opcode Fuzzy Hash: d605f69cb6a61cba6e277e74b20d9a248e2b5eec550f027b6d34fa71407e500c
              • Instruction Fuzzy Hash: B5712B327197144BC7209E7CC881B2A76D6ABC5730F1A872CE8B58B3E5DB768C058791
              Function 00AE1720 Relevance: 1.5, Strings: 1, Instructions: 242COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: %*+(
              • API String ID: 2994545307-3233224373
              • Opcode ID: a73366a54e8203fe5f2b2e328aaf2f3fe57cf9f9e86afedafd0ef30fc707d07c
              • Instruction ID: c161ac86bf6e512c8321f987e7e1e9b48fd3bd5a56e26149ffadd88e9535d922
              • Opcode Fuzzy Hash: a73366a54e8203fe5f2b2e328aaf2f3fe57cf9f9e86afedafd0ef30fc707d07c
              • Instruction Fuzzy Hash: 7E81CD756042519FD728CF2AC891A2AB7F2FF99714F19892CE5848B365EB31EC01CB42
              Function 00ABB1FA Relevance: 1.5, Strings: 1, Instructions: 240COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: K7
              • API String ID: 2994545307-4265185514
              • Opcode ID: 836ce609fd8d7541b8354be1d832bf058f819542b0fc44c3efae122fcab1a577
              • Instruction ID: c6b665f7895805188f11935889c483b3566dba0d75f11113da5d7535d1b93dc3
              • Opcode Fuzzy Hash: 836ce609fd8d7541b8354be1d832bf058f819542b0fc44c3efae122fcab1a577
              • Instruction Fuzzy Hash: C751C3702143459FD728CF68C8917BFB7A6FB95320F18D62CD4860F693C3B598068BA6
              Function 00ABC225 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: 8-
              • API String ID: 0-3812798818
              • Opcode ID: 1f4c82585ae2ca1189b3fa543be5cb0ae4dda77933e967ac6b59ce915dd9c51a
              • Instruction ID: ad1510f7ded197cb7037d1b8f269a15531d371400a93cb4a61ce1c79db383079
              • Opcode Fuzzy Hash: 1f4c82585ae2ca1189b3fa543be5cb0ae4dda77933e967ac6b59ce915dd9c51a
              • Instruction Fuzzy Hash: A86102715083218BC724DF28C890AABB7F2FFD6760F19965DE8C15B269E7348941CB82
              Function 00ABCDE0 Relevance: 1.5, Strings: 1, Instructions: 233COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: _
              • API String ID: 0-701932520
              • Opcode ID: 7b1c84dfc49a57f4cdae99e8a8640978ba2130b47c9efc287de491818f3e80cb
              • Instruction ID: e7319247fb97077a06a462faaac3c0dff85a131b4307286a5ed2a7eac583304f
              • Opcode Fuzzy Hash: 7b1c84dfc49a57f4cdae99e8a8640978ba2130b47c9efc287de491818f3e80cb
              • Instruction Fuzzy Hash: 6871F91761428109DB2CDF748897777BAE6DF84308F2991BFC595CF69BE938C2024786
              Function 00ABA783 Relevance: 1.5, Strings: 1, Instructions: 209COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: gfff
              • API String ID: 2994545307-1553575800
              • Opcode ID: b0bb8590851d169fe8db05de3dcade9d60bf99ddad01c95373e9846199ed77f5
              • Instruction ID: acfa79997e375a77b9733333bf39dc8a0bf6198874f74bad13f6f34ca417f795
              • Opcode Fuzzy Hash: b0bb8590851d169fe8db05de3dcade9d60bf99ddad01c95373e9846199ed77f5
              • Instruction Fuzzy Hash: 1B6149766042504FD318CB28C8A17BB77E6EBD5314F48C62DE096CF3D6EB7989468782
              Function 00ABFD50 Relevance: 1.5, Strings: 1, Instructions: 204COMMON
              Download Yara Rule
              Strings
              • 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ, xrefs: 00ABFE22
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ
              • API String ID: 0-442858466
              • Opcode ID: 9b51ae8ac4f47c31c5fa82ff1a9ed8ea367ce00aa61c61377644d87c9808ed30
              • Instruction ID: ad822df822f5908e5ac8166d835dccafa56812960951376e6219fdf44c1fa438
              • Opcode Fuzzy Hash: 9b51ae8ac4f47c31c5fa82ff1a9ed8ea367ce00aa61c61377644d87c9808ed30
              • Instruction Fuzzy Hash: D061C637A095D18FDB24CA7C5C512F9BAAB4F96334B3D836AE5B18B3E2C665C9018341
              Function 00ABAFC2 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: K7
              • API String ID: 2994545307-4265185514
              • Opcode ID: 52e52e0a660bfa15cbfd8caf452876b815dda68c563905bfb9c95cc636fa25c0
              • Instruction ID: e75957842861dd7f56e5aadd48d6a68735ce5f2f79cc461e3d68456fb8cf4c2b
              • Opcode Fuzzy Hash: 52e52e0a660bfa15cbfd8caf452876b815dda68c563905bfb9c95cc636fa25c0
              • Instruction Fuzzy Hash: 7451B3702043409FD725CB6DD892BBBB7A6FF91320F58C62DD4960B293C7B59C068B62
              Function 00ACC81E Relevance: 1.4, Strings: 1, Instructions: 150COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: >2%8
              • API String ID: 0-3601729801
              • Opcode ID: 848814b3989d441c721d04afff9daceb8ef06bfc67e59062b3259a786056eee1
              • Instruction ID: 29ad0a968c3cb9f884e01c37084be8a0f8773e7245c6cc28b7f2c6610bddb8d6
              • Opcode Fuzzy Hash: 848814b3989d441c721d04afff9daceb8ef06bfc67e59062b3259a786056eee1
              • Instruction Fuzzy Hash: F34116A45047828BE3228B39C4A1BB3FFE1AF67314F18199DE1EB4B293C37128068755
              Function 00AE11E0 Relevance: 1.4, Strings: 1, Instructions: 137COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: 5|iL
              • API String ID: 2994545307-1880071150
              • Opcode ID: 84233b14bcc66313219cf96271aa10331fd0741bd442528a54694962cf369d46
              • Instruction ID: b9cfd5084929b96cb2482f3685dd215781f8fc36441531df8d146ec5a0b08ed5
              • Opcode Fuzzy Hash: 84233b14bcc66313219cf96271aa10331fd0741bd442528a54694962cf369d46
              • Instruction Fuzzy Hash: 7A413571314382AFE724DF6ADC81B7AB7E6FB81354F18842CF281CB290E674E8118745
              Function 00AC4DA1 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID: p8
              • API String ID: 0-2130562967
              • Opcode ID: 4b31a3246126061bf5018c62323f32c7c7b3c92daf2ee7996877bb07479b73ad
              • Instruction ID: 6a7c04c627fb551d2b58f5d01bfc6515d76219db702e7a42edae7711a9a37536
              • Opcode Fuzzy Hash: 4b31a3246126061bf5018c62323f32c7c7b3c92daf2ee7996877bb07479b73ad
              • Instruction Fuzzy Hash: 2631A9B6D147288F8B18CFE8D8905AEBBB1FB25314F29562CDA617B394D7781900CF85
              Function 00ADFDE0 Relevance: .9, Instructions: 854COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5842b4d22f90d907e48d27cae17a7b69f1d7a052f2dc216e43eeee95c9048783
              • Instruction ID: 71fd3fc05fc1b4c9ef0085e8eed3c5fb5f4a50462b7fe10d005c9fb1ec111be1
              • Opcode Fuzzy Hash: 5842b4d22f90d907e48d27cae17a7b69f1d7a052f2dc216e43eeee95c9048783
              • Instruction Fuzzy Hash: B6422335A08391CFC704CF68D8D06AAB7E1FB9A310F19847DD9868B351D778E986CB91
              Function 00AA77D0 Relevance: .8, Instructions: 841COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ce35907d57f9f54abcfd436ffff034d089d242f90efa385d37cc7449ac22ee44
              • Instruction ID: ced0da76e2fdbe690a2279d4898f97c9180f71fdde7b9670fef729583dbf041c
              • Opcode Fuzzy Hash: ce35907d57f9f54abcfd436ffff034d089d242f90efa385d37cc7449ac22ee44
              • Instruction Fuzzy Hash: E652D13160C3118BC729DF18D8806BFB3E2FFC5314F258A2DD99697285D739A955CB82
              Function 00AC3F26 Relevance: .8, Instructions: 813COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6d9e98643e6aa8c72c026c83c3abfa6804e2cb04594948ecdd3275617e091bc4
              • Instruction ID: 4f4a6ba3a9097fea9f8eb5f1aa6060d36019cef50c1528e7b331e0dbd1e3cb27
              • Opcode Fuzzy Hash: 6d9e98643e6aa8c72c026c83c3abfa6804e2cb04594948ecdd3275617e091bc4
              • Instruction Fuzzy Hash: E842E276A04256CFDB08CFA8DC91BAEB7B2FB49310F198178E551AB395D734AC42CB50
              Function 00AA2A70 Relevance: .7, Instructions: 674COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 05a4fa2da4ee36729fa03971b8769ceb0b284d68fdc4be854d00270db6ed747b
              • Instruction ID: 18c0edb557ba0c65cf39ebef9e1a8a744a1a18f6dbc6e6acb780f0dfdcc4e39e
              • Opcode Fuzzy Hash: 05a4fa2da4ee36729fa03971b8769ceb0b284d68fdc4be854d00270db6ed747b
              • Instruction Fuzzy Hash: CD52D1325083458FCB15CF29C0907AABBE1BF8A314F198A6DF8DA5B381D775D949CB81
              Function 00AA6CC0 Relevance: .7, Instructions: 670COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d0d4925936940f04f96a89fd52bafd7d7b81572c6c76f0da61b49da8e05c03cb
              • Instruction ID: 6c91d5854e3361c53d087954f66f97a22a1ea8cb57eb5bf1f60edc8391b5c0b4
              • Opcode Fuzzy Hash: d0d4925936940f04f96a89fd52bafd7d7b81572c6c76f0da61b49da8e05c03cb
              • Instruction Fuzzy Hash: 9A52A670A0C7849FEB35CB24C8847ABBBE1EB92314F14492ED5D707AC2D379A985CB51
              Function 00AA3490 Relevance: .6, Instructions: 619COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 63d07c6e6b0044d62c821cceb0003059c22fcf5c322f45c492cf7204ba097836
              • Instruction ID: 33aeb3141603513d990b47d9e5a35ccff97f6da0db7e518e0d71b62ef9a89e06
              • Opcode Fuzzy Hash: 63d07c6e6b0044d62c821cceb0003059c22fcf5c322f45c492cf7204ba097836
              • Instruction Fuzzy Hash: C8422672A15B108FCB68CF29C59052AB7F2BF46710B644A2EE69787F90D736F944CB10
              Function 00AE0210 Relevance: .6, Instructions: 586COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cd06dd069f47dce9aa76d47b6815e6f08b13f1af897b573927c9e2bca10121b4
              • Instruction ID: 70b7149f369a6fd13570b42865a3330205f1b5902b35c63c7504757f646382f2
              • Opcode Fuzzy Hash: cd06dd069f47dce9aa76d47b6815e6f08b13f1af897b573927c9e2bca10121b4
              • Instruction Fuzzy Hash: A3021035A08291CFC704CF69D8D06AAB7E2EF9A310F09897CD9858B351D778E946CB91
              Function 00AE02F0 Relevance: .5, Instructions: 543COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 62a7ce8d35f5bcf897eeca270a7b89a1ca6ed6dc14d7c6ab3369a2edabd5112b
              • Instruction ID: 8747e76eed0d63305fe307b28002269c169331c964371f985d299427f8572e5a
              • Opcode Fuzzy Hash: 62a7ce8d35f5bcf897eeca270a7b89a1ca6ed6dc14d7c6ab3369a2edabd5112b
              • Instruction Fuzzy Hash: 3302F131A08391CFC704CF69D8D06AAB7E2EF9A310F19897DD8858B351D774E946CB91
              Function 00AC13AD Relevance: .5, Instructions: 528COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a57bc0d18e038412e411abbd3359c0c8b5e5da86444efddb2a407b477d55d57
              • Instruction ID: e43ce45bc54fb8a7d9e8991a8287ef7262eb21231187a5acc0996cd4e8fc6201
              • Opcode Fuzzy Hash: 2a57bc0d18e038412e411abbd3359c0c8b5e5da86444efddb2a407b477d55d57
              • Instruction Fuzzy Hash: A1327F21508BC18ED3268A3C8845356BFD16B67328F1C879DD4E98F7D3C26AD54BC7A2
              Function 00ACD304 Relevance: .4, Instructions: 421COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 587489836f42e28a314a4c853eb132ad485068c4c470d54e5945815726f36014
              • Instruction ID: 42a081d75534a719281cd42fb5bc88f4147a0a636f2a2429750c83bc63076340
              • Opcode Fuzzy Hash: 587489836f42e28a314a4c853eb132ad485068c4c470d54e5945815726f36014
              • Instruction Fuzzy Hash: 49E1B960608B818EE725CF39C450BB3BBE19F57304F0988ADC5EB8B287D779A509C761
              Function 00AA5CC0 Relevance: .4, Instructions: 399COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8fd375bf3516db857a5b8f4e9d18a7a4dde794f11d07c13cb422ee88cba72c16
              • Instruction ID: 1cb37dfd05b06396ea3c72690aebf3600082a04b95109954e9204d497c5eab73
              • Opcode Fuzzy Hash: 8fd375bf3516db857a5b8f4e9d18a7a4dde794f11d07c13cb422ee88cba72c16
              • Instruction Fuzzy Hash: 19E178716087418FC720CF29C880A6BFBE1EF99304F48892DE5D587792E775E948CB96
              Function 00AB8890 Relevance: .4, Instructions: 364COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d175fb34663c67ddb9fbdd5aa66509f8ae27efb4170e4d766d821209026cdeb1
              • Instruction ID: e9a3b68070229eff1454171f207de67c076c34fe781535b33f2ebe0389c279a1
              • Opcode Fuzzy Hash: d175fb34663c67ddb9fbdd5aa66509f8ae27efb4170e4d766d821209026cdeb1
              • Instruction Fuzzy Hash: 7B8134B1904315DBCB209F18DC926BB73B8FF95354F49492CF8864B292FB39A911C792
              Function 00ACC7C6 Relevance: .3, Instructions: 332COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c7e7323b5d6a56750589e7dbcb67c466738469dc188b6d58f8815d6002fa977e
              • Instruction ID: 9a6dbe745f3bdb15adc84a3d0bca6fcb7d9eecfd3dcebfa8f1564416e4444f32
              • Opcode Fuzzy Hash: c7e7323b5d6a56750589e7dbcb67c466738469dc188b6d58f8815d6002fa977e
              • Instruction Fuzzy Hash: E7B11C32605B428FD728CB29C4A1773B7E2EBA536471A862DC5AB0B7D2C734B805D791
              Function 00AA6830 Relevance: .3, Instructions: 303COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 21eef490a741124f975e333f9f41dbbf26a33a26c0eb5ce82e57c9491807e06d
              • Instruction ID: c073305d10707b9272e2afa2b3fb75aa322f6b79c6a65df219b2b6bed873413b
              • Opcode Fuzzy Hash: 21eef490a741124f975e333f9f41dbbf26a33a26c0eb5ce82e57c9491807e06d
              • Instruction Fuzzy Hash: CAC139B2A487418FC360CF68DC96BABB7F1EB85318F08492DD1D9C7242E778A155CB46
              Function 00AA8670 Relevance: .3, Instructions: 301COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8877a15621853e77fcf958b29e2022818d3076c94812715f1bcdae0deb8f94d3
              • Instruction ID: ca3488973cfaf19acdf967dfe3eddccdc9aebb4b246259d5fc1310b7e0f9b5b6
              • Opcode Fuzzy Hash: 8877a15621853e77fcf958b29e2022818d3076c94812715f1bcdae0deb8f94d3
              • Instruction Fuzzy Hash: 21913D72E082654BC7215E2DCC801AAB7A3ABC3350F698A15D8E59B3D9EF3CD94546C1
              Function 00AD88B0 Relevance: .3, Instructions: 284COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 90def7e7967b5ac5e8f1ce832c6c7e9234fa4de33fc9e0ca97dbf0b13ef28955
              • Instruction ID: 3ab4286a2d7b10cc6d2f9c7fc34117d934ad55075c897ce3e99e7115fe09693d
              • Opcode Fuzzy Hash: 90def7e7967b5ac5e8f1ce832c6c7e9234fa4de33fc9e0ca97dbf0b13ef28955
              • Instruction Fuzzy Hash: CBB12E719086C18FCB12CB7CC8413ADBFB1AB57314F1D829AD5E69B396C63E9805C761
              Function 00AAB769 Relevance: .3, Instructions: 284COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99af4a8af6eb877335cc97c701284015d74d0c08ba2e7ccaa9a1c41e714e2369
              • Instruction ID: 36a8b9df36217ae5f1c5688447d03f2ec6145357c477f80ee0458186b4fffe36
              • Opcode Fuzzy Hash: 99af4a8af6eb877335cc97c701284015d74d0c08ba2e7ccaa9a1c41e714e2369
              • Instruction Fuzzy Hash: F7A1AC72610B01CFC324CF65EC95B67B7F6FB84304F15892DD5AA8B6A0DB34E9068B10
              Function 00ADCB80 Relevance: .3, Instructions: 277COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5b87b11583e0f5d28605c66e7a394b14b2a4f26a5d78a3762c92f41778c330a8
              • Instruction ID: 3b64305441d79f46aff666b325a45f12e99cd6fa63634304102368119fca0bd2
              • Opcode Fuzzy Hash: 5b87b11583e0f5d28605c66e7a394b14b2a4f26a5d78a3762c92f41778c330a8
              • Instruction Fuzzy Hash: 6991E47420C3968FC315CF29C49062EBBE2AFC6324F58C56EE5E68B392D635D845CB52
              Function 00AD0C61 Relevance: .3, Instructions: 275COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4bd44b00e5c0b366fd54dd496cabea2acc73dd2d3ddcaaf09f5627c448534ac
              • Instruction ID: 7a49b9e8602eb14f81ef0aa0525efe3a315a1a8dce760030fcedabf736f078d8
              • Opcode Fuzzy Hash: f4bd44b00e5c0b366fd54dd496cabea2acc73dd2d3ddcaaf09f5627c448534ac
              • Instruction Fuzzy Hash: 7CB1D872A05B804FD3158B38C8D53AABFD2ABD9318F1D897DC5DB87387D67994098702
              Function 00ABF3C0 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 24f4b291ac0a3ea306717361f7976b00c4650e7ec81a34a26931c4cbd9c82808
              • Instruction ID: 07a79e4ffa16bfbadc42167f9ded06a6e1150f817b75c5e9f4efbb32b6bab685
              • Opcode Fuzzy Hash: 24f4b291ac0a3ea306717361f7976b00c4650e7ec81a34a26931c4cbd9c82808
              • Instruction Fuzzy Hash: 34813A32A042614FCB22CE2C8C9069ABBD1AB85324F1DC379D8A98B3D2D675DC46D7D1
              Function 00ACFAD8 Relevance: .3, Instructions: 254COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 61d16638bb3ab2752475b57ef75838a267f80fc04eec0f528c9aec494d02ad9f
              • Instruction ID: 88abc675b1a241a8d0975b09c15a1604f4c0dc56fa5c3572216069c650f50d7a
              • Opcode Fuzzy Hash: 61d16638bb3ab2752475b57ef75838a267f80fc04eec0f528c9aec494d02ad9f
              • Instruction Fuzzy Hash: F2A13A71A08B804FC3158B38C4953ABBFE2AB96308F19887DC9DB47346D679A449C712
              Function 00AE1480 Relevance: .3, Instructions: 251COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 79824667687143c45bcc1730534c2234dbfa36fcda9857c1f20848890479d198
              • Instruction ID: 1725cc469e6f9fc2a0f305cd560ad0978a6152796bcbd0e98c1bd22d3a69ad33
              • Opcode Fuzzy Hash: 79824667687143c45bcc1730534c2234dbfa36fcda9857c1f20848890479d198
              • Instruction Fuzzy Hash: 57614272A043919FCB28DF29CC91B2EB7E2FFD4350F19882CE5858B391EB3598018742
              Function 00AD35B0 Relevance: .2, Instructions: 218COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 40c35f7bdf6f88e8064f741c2965ccd5bd9ca670d8763f6af20c0d7dcc225574
              • Instruction ID: 27c5d93e68ee46593593bd16b6cd32b80ba797385527e5299b4d97e3b31589fe
              • Opcode Fuzzy Hash: 40c35f7bdf6f88e8064f741c2965ccd5bd9ca670d8763f6af20c0d7dcc225574
              • Instruction Fuzzy Hash: FC610637B49AD147CB18997C5C622BA7A534B96334F2D832FE6F34B3E1D6498A015382
              Function 00AAE911 Relevance: .2, Instructions: 214COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 04ede6d648604903f573c883e85f9ac25d2d72bc838f2f8cbe48834466c0f01d
              • Instruction ID: e792bcf6aa2c23932dd7a2590362e2de0b3106d7822c100bcce2196c5a99efbc
              • Opcode Fuzzy Hash: 04ede6d648604903f573c883e85f9ac25d2d72bc838f2f8cbe48834466c0f01d
              • Instruction Fuzzy Hash: 3D51D2317093D04BE359CB6AD8D136B7793BBD9320F1ACC2CD29A9B2A5DB7A4C024751
              Function 00AAD392 Relevance: .2, Instructions: 208COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b093ef4ad3b982e4083c22eb1fb09ccd8f44491fab3dfbe5016665fad2492f9f
              • Instruction ID: 9697e28b9235fcd9cd2332b485a36be3cd9bdb4312c1c01ae3b8c5776733cd99
              • Opcode Fuzzy Hash: b093ef4ad3b982e4083c22eb1fb09ccd8f44491fab3dfbe5016665fad2492f9f
              • Instruction Fuzzy Hash: E4610772E183918BD324CB28CC5179FB7E29FD5304F19C93DD4C9A7385EA7948068B86
              Function 00AD3820 Relevance: .2, Instructions: 200COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 797991fc09abe80d0718dd59f5cfbca2ec5c793dc9720baceca4fbf819945f75
              • Instruction ID: d672f1c2ec96979b8d943dccba71942caae89115643847f356f9521e1c370d7b
              • Opcode Fuzzy Hash: 797991fc09abe80d0718dd59f5cfbca2ec5c793dc9720baceca4fbf819945f75
              • Instruction Fuzzy Hash: 64510637B5D6D047DB28893C5C622A97A930FD2374B2CC36EE5F78B3E1C5668A065342
              Function 00AD1790 Relevance: .2, Instructions: 199COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 77454b5419bfb8b8cc724c067d6d9131c1d5dfaaffd05355a74a90fbac97d233
              • Instruction ID: 898c6b0bc111982b6a2c0c06bf1756500ad1c6dbd7d0ec5bb63457d4c5d34a78
              • Opcode Fuzzy Hash: 77454b5419bfb8b8cc724c067d6d9131c1d5dfaaffd05355a74a90fbac97d233
              • Instruction Fuzzy Hash: EC513337A4DAE057E729863C58703B97AA30BA2334F2D876EE5F34B3E1C54648469341
              Function 00AA4880 Relevance: .2, Instructions: 190COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 133bb28eba3ab286a24db119ff72b6d60bec249f8115545970fa598720fd6dd0
              • Instruction ID: 79bfb8774e4011d4656896f31130da6e2ac080c965a590a737a1be576400cfe7
              • Opcode Fuzzy Hash: 133bb28eba3ab286a24db119ff72b6d60bec249f8115545970fa598720fd6dd0
              • Instruction Fuzzy Hash: 0F71AE75A18742CFD708CF38E4A139A77E0FB88359F05896DE8948B280C7B9C956CF91
              Function 00AD8650 Relevance: .2, Instructions: 189COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 066fc37291c9f9dd355c26c9b3030ec2df02353854a1d19a01af866dc0a88e35
              • Instruction ID: 38a5e802265167ee4de09a44e37f364ec1efea399d7342ee2d671fb73928c6f6
              • Opcode Fuzzy Hash: 066fc37291c9f9dd355c26c9b3030ec2df02353854a1d19a01af866dc0a88e35
              • Instruction Fuzzy Hash: 50516DB15087548FE314DF29D89435BBBE1BBC4318F544A2EE4EA87350E779DA088F92
              Function 00AA9E21 Relevance: .2, Instructions: 188COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ce5804579e8e2a3ba924f04bbaecc15cfcbf2bbbb0c71027fd0f2048b2a116b9
              • Instruction ID: c1442d1e78794b78831b100f47657196bb5717c0c38baebc258ff1696253a6c3
              • Opcode Fuzzy Hash: ce5804579e8e2a3ba924f04bbaecc15cfcbf2bbbb0c71027fd0f2048b2a116b9
              • Instruction Fuzzy Hash: AF511672E513644BDB54CF68CC897DE7B72AF96310F1842E8D9886B256CB780E45CF90
              Function 00AC0EF0 Relevance: .2, Instructions: 171COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d9ceb7332c56766bdb606d14448347ee3bace8c78c3cf7882103809ade790a9e
              • Instruction ID: ee8e6023944e227ea815f42eb5b651728b0f79f2811d3a9166b96082a0f962f3
              • Opcode Fuzzy Hash: d9ceb7332c56766bdb606d14448347ee3bace8c78c3cf7882103809ade790a9e
              • Instruction Fuzzy Hash: C5411579A08340DFD314DF68DCD1B1F7BA4EB9A364F05883DF98687281DB7199058792
              Function 00AACA3F Relevance: .2, Instructions: 167COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ccfe73474d4cd0aeba5dbb1a115d15f3381b02ffe518fcac90bcdc414903dc49
              • Instruction ID: 94bd9784005915da39315697396f898d788b91575164efaad9ab9af6fff3f18d
              • Opcode Fuzzy Hash: ccfe73474d4cd0aeba5dbb1a115d15f3381b02ffe518fcac90bcdc414903dc49
              • Instruction Fuzzy Hash: E64113B22183418FD318DF25DC9566BB7E2FFC5320F488A2CE0D58B350E77888048B52
              Function 00ACC1F0 Relevance: .1, Instructions: 125COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a72ec5854972c82a6171acf6841bcfc3108c68ed06db64fba700098dff25ceeb
              • Instruction ID: 3a1221ab6ef11a244f56b4d77722826aa9c2ef7a97543539ac051852c26a1ab7
              • Opcode Fuzzy Hash: a72ec5854972c82a6171acf6841bcfc3108c68ed06db64fba700098dff25ceeb
              • Instruction Fuzzy Hash: 22314BB3E14A3D0BD7184D2DAC1527A76825BD9161F4E836EEC6A8F3C6DE309C1692C0
              Function 00AD19E0 Relevance: .1, Instructions: 120COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c38ad07a8799e64090c921b5839303321f6dc58cbbc08920b25906d84c3c2f7f
              • Instruction ID: 632e9787544d6a05fa2020e839fc3eb987ccd4c2cdcb6544b5fe760dc1fd5bcd
              • Opcode Fuzzy Hash: c38ad07a8799e64090c921b5839303321f6dc58cbbc08920b25906d84c3c2f7f
              • Instruction Fuzzy Hash: 57814CB490A3C58BC374CF56D99969BBBE0BB89348F114A1ED48C5B350CFB8144ACF96
              Function 00ADBE60 Relevance: .1, Instructions: 108COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 025c214827d04255f25fa6b423f59ddee6c7c2c724ee4b5ca9cbecab298dbd9c
              • Instruction ID: 2cbf7da4166ed28b0e1dc8e1baf5e4dfe7ac87070b71075282c360f342b77af2
              • Opcode Fuzzy Hash: 025c214827d04255f25fa6b423f59ddee6c7c2c724ee4b5ca9cbecab298dbd9c
              • Instruction Fuzzy Hash: F331FFB19193149BD320CF29C88176BBBE5EB8A714F15C82EF4969B351C375CC85CBA2
              Function 00AE0F70 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: e0ba19e68d449bc4eca555f0c54707d5509e27d7fd218d31ea69e8fd5c0d009f
              • Instruction ID: da235b78a7987ad61d54539a93f6ab48cb3add6b6029203e9296e3d8019c0b07
              • Opcode Fuzzy Hash: e0ba19e68d449bc4eca555f0c54707d5509e27d7fd218d31ea69e8fd5c0d009f
              • Instruction Fuzzy Hash: 36218776B102816FC724CF29DC81BBAB7A6EBC2314F18852DE5908B255EA748992C741
              Function 00AC68D0 Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 972ab3cebbaa7102e2f6b7efae2ee2ce3e0c1ff3ef6042c517e8c18c6c8bf20f
              • Instruction ID: 43dffade39d589b9ef45e608f7c9d6e1c6ed3d143444dc8d314dcd733f95481e
              • Opcode Fuzzy Hash: 972ab3cebbaa7102e2f6b7efae2ee2ce3e0c1ff3ef6042c517e8c18c6c8bf20f
              • Instruction Fuzzy Hash: 5911C136609240DFD705CFA4E890A3BB3A2FBE5311F5A583CE4C69B221C231AD42CB51
              Function 00AAD80D Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ceb2300ddad83eeae624854a04c49cd5a6e1d869c0a4681c42ff56c2ba474cf2
              • Instruction ID: 09d79f035f26437ba8d47ad32363dc5356135acd83b89a6ccb8a690e7b218aec
              • Opcode Fuzzy Hash: ceb2300ddad83eeae624854a04c49cd5a6e1d869c0a4681c42ff56c2ba474cf2
              • Instruction Fuzzy Hash: 43212435A042818BE715DB18C88273BB7A3BBC6310F28D81CD1CBAB295DF79DC028751
              Function 00AD5CC0 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
              • Instruction ID: ea428ab2a2c1d0ae7553b441501740f0e0d40116924999299d47fdc80ad22396
              • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
              • Instruction Fuzzy Hash: 6611E533E055D40EC316CE3C8444565BFE30AA3235B69839AF4FA9B3D2D6228D8A8374
              Function 00ACB4E0 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0a84b9b61d851313882d9d7b316dd99cbb60904fbe9ae12bebbb479acf459418
              • Instruction ID: 3dc80a8aa74ce6c9f32420122abb6beb3ae03ef1dc41ddbfb7cccd62fc9c3da2
              • Opcode Fuzzy Hash: 0a84b9b61d851313882d9d7b316dd99cbb60904fbe9ae12bebbb479acf459418
              • Instruction Fuzzy Hash: A001B1F5A1030947DB209F1495C2F3BB2A86F85708F0A442CE81A47342EF77EC0486B5
              Function 00ADBFA0 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 6a678ec140f60de53f654aa21f3b39529d3d4b2536e758d1eadda75d411904dd
              • Instruction ID: 9e39cc29c35ab6117bd2ad952f61c385e1505a4ef4cfe3fc6666cd45b919ef9e
              • Opcode Fuzzy Hash: 6a678ec140f60de53f654aa21f3b39529d3d4b2536e758d1eadda75d411904dd
              • Instruction Fuzzy Hash: 71014174B402058BD2309B55AC806BBB776EBD23B8F6DC02EE1820B309D2729C43C361
              Function 00AA5917 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f2b4b0f7d7d10642223230f1b70a8872533fb6a25654bed0decc31026fe99bbb
              • Instruction ID: 9abe9be017b949f8dc102d71d4c53bf7990d4cb2b645143fbe4ca91c453d6693
              • Opcode Fuzzy Hash: f2b4b0f7d7d10642223230f1b70a8872533fb6a25654bed0decc31026fe99bbb
              • Instruction Fuzzy Hash: 17213E2520E3C09BC3AAC63C54D50AFBEA25EF7100F885D9DF5C21B797C5658859CBA3
              Function 00AB9744 Relevance: .0, Instructions: 7COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 004a38c7d514574a1659670a07ea4e638e5594b9ad80e4186269c0863da12b59
              • Instruction ID: 1a84529b421b9c4a90e93826caf8252b10e4f0e114f7048b52fb86b9405911f7
              • Opcode Fuzzy Hash: 004a38c7d514574a1659670a07ea4e638e5594b9ad80e4186269c0863da12b59
              • Instruction Fuzzy Hash: EFA022E8C08002C3C2008E003802038F038822B208F003C30800E33003EA20E008830E
              Function 00AD2570 Relevance: 75.4, APIs: 1, Strings: 42, Instructions: 179memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 86 ad2570-ad25be 87 ad25c3-ad25d1 86->87 87->87 88 ad25d3 87->88 89 ad25d5-ad25d8 88->89 90 ad2628-ad283b SysAllocString 89->90 91 ad25da-ad2626 89->91 92 ad2840-ad284e 90->92 91->89 92->92 93 ad2850 92->93 94 ad2852-ad2855 93->94 95 ad28ae-ad291c 94->95 96 ad2857-ad28ac 94->96 99 ad2922-ad2994 95->99 96->94 101 ad2996-ad299e 99->101
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: AllocString
              • String ID: $"$'$'$)$-$0$6$>$?$A$A$C$E$G$I$K$L$M$O$P$Q$Q$S$U$W$_$a$c$e$g$i$k$m$o$q$s$u$w$y${$}
              • API String ID: 2525500382-291393788
              • Opcode ID: 387908f2034c94b3da3b2d01d896f8a05f19be3f843edabe7ec2fc0ae0aefbca
              • Instruction ID: 056502ddbf2b5f77703a2bf81a7104b70077d1c5b407b2252f01af9a23b4ee3c
              • Opcode Fuzzy Hash: 387908f2034c94b3da3b2d01d896f8a05f19be3f843edabe7ec2fc0ae0aefbca
              • Instruction Fuzzy Hash: 96A11B2050C7C1C9E331C67C884879FBEC12BA2218F188AAED4ED9B3D2D7B94549C763
              Function 00AD2CC9 Relevance: 26.4, APIs: 1, Strings: 14, Instructions: 115COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 458 ad2cc9-ad2d96 call aa8440 VariantInit 461 ad2d9b-ad2da6 458->461 461->461 462 ad2da8-ad2dbd 461->462 463 ad2dbf-ad2dc2 462->463 464 ad2e2e-ad2ea4 463->464 465 ad2dc4-ad2e2c 463->465 465->463
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitVariant
              • String ID: Q$S$U$W$Y$[$]$_$c$i$k$l$m$o
              • API String ID: 1927566239-3562216331
              • Opcode ID: 37ca03bb879a3a595a6933519adfa41cc297958c45b34cbae14d2d4770b4c0f3
              • Instruction ID: 1612ba885125c7bb3738d7a2d89e544558ba029ea7ae32810bb02d919a104724
              • Opcode Fuzzy Hash: 37ca03bb879a3a595a6933519adfa41cc297958c45b34cbae14d2d4770b4c0f3
              • Instruction Fuzzy Hash: 04512A7251C7D18AD321CB68884838BFFE15BD6314F098A5DE5E84B3D6C7B58405CBA3
              Function 00AD1DCE Relevance: 26.4, APIs: 1, Strings: 14, Instructions: 111COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 467 ad1dce-ad1e9e VariantInit 468 ad1ea3-ad1eae 467->468 468->468 469 ad1eb0 468->469 470 ad1eb2-ad1eb5 469->470 471 ad1eb7-ad1f11 470->471 472 ad1f13-ad1f74 470->472 471->470
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitVariant
              • String ID: Q$S$U$W$Y$[$]$_$c$i$k$l$m$o
              • API String ID: 1927566239-3562216331
              • Opcode ID: c7b2644c9718691cdaf4f1ec54678679ca588878c47c0d155504969e6a09d362
              • Instruction ID: b56592e0ddb17765213b49482afba4fe1883350fb14e4862b814176eeb26c890
              • Opcode Fuzzy Hash: c7b2644c9718691cdaf4f1ec54678679ca588878c47c0d155504969e6a09d362
              • Instruction Fuzzy Hash: 87412B3151C7C18ED3258A7C885939BBFE15BD6324F098A9DE4E48B3D2C6B984098B63
              Function 00AD29D2 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 112COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: Variant$ClearInit
              • String ID: R$S$X$]$a
              • API String ID: 2610073882-3248165904
              • Opcode ID: d7debfbce5f36d80083d4a0551730ebab79a085caccb94786dadd70df23e6902
              • Instruction ID: 886ed75fdeaccd110d2e9682ed8d6f54b9f824570e72b1173daf29dfbe0ed2d6
              • Opcode Fuzzy Hash: d7debfbce5f36d80083d4a0551730ebab79a085caccb94786dadd70df23e6902
              • Instruction Fuzzy Hash: A051287250C7D18AC361DB3C888824BBFD19B96224F594B9DF4F49B3E2D67085058B53
              Function 00AD310D Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 111COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3352001827.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
              • Associated: 00000000.00000002.3351984581.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352032952.0000000000AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352051206.0000000000AE5000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3352069325.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_aa0000_XTN21MDFrg.jbxd
              Similarity
              • API ID: InitVariant
              • String ID: R$S$X$]$a
              • API String ID: 1927566239-3248165904
              • Opcode ID: 09233ce194a289b8625ad9e6aebe145483a60044e219c09e29348882368c4dbd
              • Instruction ID: 395a90ce73d572a2bb9c56e791ef01d240a90fb2b1396ff712f70d0d9c6f1656
              • Opcode Fuzzy Hash: 09233ce194a289b8625ad9e6aebe145483a60044e219c09e29348882368c4dbd
              • Instruction Fuzzy Hash: 69513A7250C7C18AC365CB3C888464BBFD15B97224F594B9EF4F48B3E2D76586068B53