Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
lLX6Po7hFJ.exe

Overview

General Information

Sample name:lLX6Po7hFJ.exe
renamed because original name is a hash value
Original sample name:07D9144C3B3CFE44C24F850A74FAAACC.exe
Analysis ID:1429081
MD5:07d9144c3b3cfe44c24f850a74faaacc
SHA1:1df82c6dbe192d9f78e137bb96c499fd5f0c93a5
SHA256:4cef1677e5e896054778060ec165cb35bcc4c923a38ea7eea43609dea20492f0
Tags:exeNanoCoreRAT
Infos:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Snort IDS alert for network traffic
Yara detected Nanocore RAT
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for dropped file
Machine Learning detection for sample
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • lLX6Po7hFJ.exe (PID: 7032 cmdline: "C:\Users\user\Desktop\lLX6Po7hFJ.exe" MD5: 07D9144C3B3CFE44C24F850A74FAAACC)
    • schtasks.exe (PID: 7100 cmdline: "schtasks.exe" /create /f /tn "DNS Host" /xml "C:\Users\user\AppData\Local\Temp\tmpC905.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 6372 cmdline: "schtasks.exe" /create /f /tn "DNS Host Task" /xml "C:\Users\user\AppData\Local\Temp\tmpC9F1.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 6392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • dw20.exe (PID: 7024 cmdline: dw20.exe -x -s 1468 MD5: 89106D4D0BA99F770EAFE946EA81BB65)
  • lLX6Po7hFJ.exe (PID: 2308 cmdline: C:\Users\user\Desktop\lLX6Po7hFJ.exe 0 MD5: 07D9144C3B3CFE44C24F850A74FAAACC)
  • dnshost.exe (PID: 5440 cmdline: "C:\Program Files (x86)\DNS Host\dnshost.exe" 0 MD5: 07D9144C3B3CFE44C24F850A74FAAACC)
  • dnshost.exe (PID: 6416 cmdline: "C:\Program Files (x86)\DNS Host\dnshost.exe" MD5: 07D9144C3B3CFE44C24F850A74FAAACC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Nanocore RAT, NanoCoreNanocore is a Remote Access Tool used to steal credentials and to spy on cameras. It as been used for a while by numerous criminal actors as well as by nation state threat actors.
  • APT33
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "191d33a5-79e3-4242-ad2a-bdb1cfa2", "Group": "Default", "Domain1": "", "Domain2": "0.tcp.eu.ngrok.io", "Port": 11720, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "0e000100", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo />\r\n  <Triggers />\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>4</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>\"#EXECUTABLEPATH\"</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
lLX6Po7hFJ.exeJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    lLX6Po7hFJ.exeWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
    • 0x1018d:$a1: NanoCore.ClientPluginHost
    • 0x1014d:$a2: NanoCore.ClientPlugin
    • 0x120a6:$b1: get_BuilderSettings
    • 0xffa9:$b2: ClientLoaderForm.resources
    • 0x117c6:$b3: PluginCommand
    • 0x1017e:$b4: IClientAppHost
    • 0x1a5fe:$b5: GetBlockHash
    • 0x126fe:$b6: AddHostEntry
    • 0x163f1:$b7: LogClientException
    • 0x1266b:$b8: PipeExists
    • 0x101b7:$b9: IClientLoggingHost
    lLX6Po7hFJ.exeNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0xfef5:$a: NanoCore
    • 0xff05:$a: NanoCore
    • 0x10139:$a: NanoCore
    • 0x1014d:$a: NanoCore
    • 0x1018d:$a: NanoCore
    • 0xff54:$b: ClientPlugin
    • 0x10156:$b: ClientPlugin
    • 0x10196:$b: ClientPlugin
    • 0x1007b:$c: ProjectData
    • 0x10a82:$d: DESCrypto
    • 0x1844e:$e: KeepAlive
    • 0x1643c:$g: LogClientMessage
    • 0x12637:$i: get_Connected
    • 0x10db8:$j: #=q
    • 0x10de8:$j: #=q
    • 0x10e04:$j: #=q
    • 0x10e34:$j: #=q
    • 0x10e50:$j: #=q
    • 0x10e6c:$j: #=q
    • 0x10e9c:$j: #=q
    • 0x10eb8:$j: #=q
    lLX6Po7hFJ.exeNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0x1018d:$x1: NanoCore.ClientPluginHost
    • 0x101ca:$x2: IClientNetworkHost
    • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    lLX6Po7hFJ.exeNanocoredetect Nanocore in memoryJPCERT/CC Incident Response Group
    • 0xfef5:$v1: NanoCore Client
    • 0xff05:$v1: NanoCore Client
    • 0x117c6:$v2: PluginCommand
    • 0x117ae:$v3: CommandType
    Click to see the 1 entries

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Program Files (x86)\DNS Host\dnshost.exeJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      C:\Program Files (x86)\DNS Host\dnshost.exeWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
      • 0x1018d:$a1: NanoCore.ClientPluginHost
      • 0x1014d:$a2: NanoCore.ClientPlugin
      • 0x120a6:$b1: get_BuilderSettings
      • 0xffa9:$b2: ClientLoaderForm.resources
      • 0x117c6:$b3: PluginCommand
      • 0x1017e:$b4: IClientAppHost
      • 0x1a5fe:$b5: GetBlockHash
      • 0x126fe:$b6: AddHostEntry
      • 0x163f1:$b7: LogClientException
      • 0x1266b:$b8: PipeExists
      • 0x101b7:$b9: IClientLoggingHost
      C:\Program Files (x86)\DNS Host\dnshost.exeNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0xfef5:$a: NanoCore
      • 0xff05:$a: NanoCore
      • 0x10139:$a: NanoCore
      • 0x1014d:$a: NanoCore
      • 0x1018d:$a: NanoCore
      • 0xff54:$b: ClientPlugin
      • 0x10156:$b: ClientPlugin
      • 0x10196:$b: ClientPlugin
      • 0x1007b:$c: ProjectData
      • 0x10a82:$d: DESCrypto
      • 0x1844e:$e: KeepAlive
      • 0x1643c:$g: LogClientMessage
      • 0x12637:$i: get_Connected
      • 0x10db8:$j: #=q
      • 0x10de8:$j: #=q
      • 0x10e04:$j: #=q
      • 0x10e34:$j: #=q
      • 0x10e50:$j: #=q
      • 0x10e6c:$j: #=q
      • 0x10e9c:$j: #=q
      • 0x10eb8:$j: #=q
      C:\Program Files (x86)\DNS Host\dnshost.exeNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0x1018d:$x1: NanoCore.ClientPluginHost
      • 0x101ca:$x2: IClientNetworkHost
      • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      C:\Program Files (x86)\DNS Host\dnshost.exeNanocoredetect Nanocore in memoryJPCERT/CC Incident Response Group
      • 0xfef5:$v1: NanoCore Client
      • 0xff05:$v1: NanoCore Client
      • 0x117c6:$v2: PluginCommand
      • 0x117ae:$v3: CommandType
      Click to see the 1 entries

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
        • 0xff8d:$a1: NanoCore.ClientPluginHost
        • 0xff4d:$a2: NanoCore.ClientPlugin
        • 0x11ea6:$b1: get_BuilderSettings
        • 0xfda9:$b2: ClientLoaderForm.resources
        • 0x115c6:$b3: PluginCommand
        • 0xff7e:$b4: IClientAppHost
        • 0x1a3fe:$b5: GetBlockHash
        • 0x124fe:$b6: AddHostEntry
        • 0x161f1:$b7: LogClientException
        • 0x1246b:$b8: PipeExists
        • 0xffb7:$b9: IClientLoggingHost
        00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
        • 0xfcf5:$a: NanoCore
        • 0xfd05:$a: NanoCore
        • 0xff39:$a: NanoCore
        • 0xff4d:$a: NanoCore
        • 0xff8d:$a: NanoCore
        • 0xfd54:$b: ClientPlugin
        • 0xff56:$b: ClientPlugin
        • 0xff96:$b: ClientPlugin
        • 0xfe7b:$c: ProjectData
        • 0x10882:$d: DESCrypto
        • 0x1824e:$e: KeepAlive
        • 0x1623c:$g: LogClientMessage
        • 0x12437:$i: get_Connected
        • 0x10bb8:$j: #=q
        • 0x10be8:$j: #=q
        • 0x10c04:$j: #=q
        • 0x10c34:$j: #=q
        • 0x10c50:$j: #=q
        • 0x10c6c:$j: #=q
        • 0x10c9c:$j: #=q
        • 0x10cb8:$j: #=q
        00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
        • 0xff8d:$x1: NanoCore.ClientPluginHost
        • 0xffca:$x2: IClientNetworkHost
        • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
        00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmpNanocoredetect Nanocore in memoryJPCERT/CC Incident Response Group
        • 0xfcf5:$v1: NanoCore Client
        • 0xfd05:$v1: NanoCore Client
        • 0x115c6:$v2: PluginCommand
        • 0x115ae:$v3: CommandType
        Click to see the 28 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.lLX6Po7hFJ.exe.5f00000.3.raw.unpackWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
        • 0xe75:$a1: NanoCore.ClientPluginHost
        • 0xe38:$a2: NanoCore.ClientPlugin
        • 0x120c:$b1: get_BuilderSettings
        • 0xec3:$b4: IClientAppHost
        • 0x127d:$b6: AddHostEntry
        • 0x12ec:$b7: LogClientException
        • 0x1261:$b8: PipeExists
        • 0xeb0:$b9: IClientLoggingHost
        0.2.lLX6Po7hFJ.exe.5f00000.3.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
        • 0xe75:$x1: NanoCore.ClientPluginHost
        • 0xe8f:$x2: IClientNetworkHost
        0.2.lLX6Po7hFJ.exe.5f00000.3.raw.unpackMALWARE_Win_NanoCoreDetects NanoCoreditekSHen
        • 0xe38:$x2: NanoCore.ClientPlugin
        • 0xe75:$x3: NanoCore.ClientPluginHost
        • 0xe5a:$i1: IClientApp
        • 0xe4e:$i2: IClientData
        • 0xe29:$i3: IClientNetwork
        • 0xec3:$i4: IClientAppHost
        • 0xe65:$i5: IClientDataHost
        • 0xeb0:$i6: IClientLoggingHost
        • 0xe8f:$i7: IClientNetworkHost
        • 0xea2:$i8: IClientUIHost
        • 0xed2:$i9: IClientNameObjectCollection
        • 0xef7:$i10: IClientReadOnlyNameObjectCollection
        • 0xe41:$s1: ClientPlugin
        • 0x177c:$s1: ClientPlugin
        • 0x1789:$s1: ClientPlugin
        • 0x11f9:$s6: get_ClientSettings
        • 0x1249:$s7: get_Connected
        0.2.lLX6Po7hFJ.exe.6194629.4.raw.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
          0.2.lLX6Po7hFJ.exe.6194629.4.raw.unpackWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
          • 0xb184:$a1: NanoCore.ClientPluginHost
          • 0xb14f:$a2: NanoCore.ClientPlugin
          • 0x100ca:$b1: get_BuilderSettings
          • 0x10039:$b7: LogClientException
          • 0xb19e:$b9: IClientLoggingHost
          Click to see the 42 entries

          Sigma Signatures

          AV Detection

          barindex
          Sigma detected: NanoCore
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\lLX6Po7hFJ.exe, ProcessId: 7032, TargetFilename: C:\Users\user\AppData\Roaming\9E146BE9-C76A-4720-BCDB-53011B87BD06\run.dat

          E-Banking Fraud

          barindex
          Sigma detected: NanoCore
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\lLX6Po7hFJ.exe, ProcessId: 7032, TargetFilename: C:\Users\user\AppData\Roaming\9E146BE9-C76A-4720-BCDB-53011B87BD06\run.dat

          System Summary

          barindex
          Sigma detected: Suspicious Schtasks From Env Var Folder
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "schtasks.exe" /create /f /tn "DNS Host" /xml "C:\Users\user\AppData\Local\Temp\tmpC905.tmp", CommandLine: "schtasks.exe" /create /f /tn "DNS Host" /xml "C:\Users\user\AppData\Local\Temp\tmpC905.tmp", CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\lLX6Po7hFJ.exe", ParentImage: C:\Users\user\Desktop\lLX6Po7hFJ.exe, ParentProcessId: 7032, ParentProcessName: lLX6Po7hFJ.exe, ProcessCommandLine: "schtasks.exe" /create /f /tn "DNS Host" /xml "C:\Users\user\AppData\Local\Temp\tmpC905.tmp", ProcessId: 7100, ProcessName: schtasks.exe
          Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Program Files (x86)\DNS Host\dnshost.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\lLX6Po7hFJ.exe, ProcessId: 7032, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DNS Host

          Persistence and Installation Behavior

          barindex
          Sigma detected: Scheduled temp file as task from temp location
          Source: Process startedAuthor: Joe Security: Data: Command: "schtasks.exe" /create /f /tn "DNS Host" /xml "C:\Users\user\AppData\Local\Temp\tmpC905.tmp", CommandLine: "schtasks.exe" /create /f /tn "DNS Host" /xml "C:\Users\user\AppData\Local\Temp\tmpC905.tmp", CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\lLX6Po7hFJ.exe", ParentImage: C:\Users\user\Desktop\lLX6Po7hFJ.exe, ParentProcessId: 7032, ParentProcessName: lLX6Po7hFJ.exe, ProcessCommandLine: "schtasks.exe" /create /f /tn "DNS Host" /xml "C:\Users\user\AppData\Local\Temp\tmpC905.tmp", ProcessId: 7100, ProcessName: schtasks.exe

          Stealing of Sensitive Information

          barindex
          Sigma detected: NanoCore
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\lLX6Po7hFJ.exe, ProcessId: 7032, TargetFilename: C:\Users\user\AppData\Roaming\9E146BE9-C76A-4720-BCDB-53011B87BD06\run.dat

          Remote Access Functionality

          barindex
          Sigma detected: NanoCore
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\lLX6Po7hFJ.exe, ProcessId: 7032, TargetFilename: C:\Users\user\AppData\Roaming\9E146BE9-C76A-4720-BCDB-53011B87BD06\run.dat

          Snort Signatures

          Timestamp:04/20/24-17:17:24.137391
          SID:2046914
          Source Port:49740
          Destination Port:11720
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/20/24-17:17:36.690000
          SID:2046914
          Source Port:49742
          Destination Port:11720
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/20/24-17:17:48.359619
          SID:2046914
          Source Port:49744
          Destination Port:11720
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/20/24-17:17:53.838742
          SID:2046914
          Source Port:49746
          Destination Port:11720
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/20/24-17:18:03.957905
          SID:2046914
          Source Port:49748
          Destination Port:11720
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/20/24-17:17:03.543122
          SID:2816718
          Source Port:49731
          Destination Port:11720
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/20/24-17:17:42.667256
          SID:2046914
          Source Port:49743
          Destination Port:11720
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/20/24-17:17:58.848463
          SID:2046914
          Source Port:49747
          Destination Port:11720
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/20/24-17:17:11.936397
          SID:2046914
          Source Port:49732
          Destination Port:11720
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/20/24-17:17:04.378880
          SID:2046914
          Source Port:49731
          Destination Port:11720
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/20/24-17:17:18.030331
          SID:2046914
          Source Port:49739
          Destination Port:11720
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/20/24-17:16:58.191892
          SID:2046914
          Source Port:49730
          Destination Port:11720
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/20/24-17:17:31.011935
          SID:2046914
          Source Port:49741
          Destination Port:11720
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: lLX6Po7hFJ.exeAvira: detected
          Antivirus detection for dropped file
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeAvira: detection malicious, Label: TR/Dropper.MSIL.Gen7
          Found malware configuration
          Source: 00000005.00000002.1722331286.00000000029D1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "191d33a5-79e3-4242-ad2a-bdb1cfa2", "Group": "Default", "Domain1": "", "Domain2": "0.tcp.eu.ngrok.io", "Port": 11720, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "0e000100", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"}
          Multi AV Scanner detection for domain / URL
          Source: 0.tcp.eu.ngrok.ioVirustotal: Detection: 16%Perma Link
          Source: 0.tcp.eu.ngrok.ioVirustotal: Detection: 16%Perma Link
          Multi AV Scanner detection for dropped file
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeReversingLabs: Detection: 97%
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeVirustotal: Detection: 90%Perma Link
          Multi AV Scanner detection for submitted file
          Source: lLX6Po7hFJ.exeReversingLabs: Detection: 97%
          Source: lLX6Po7hFJ.exeVirustotal: Detection: 90%Perma Link
          Yara detected Nanocore RAT
          Source: Yara matchFile source: lLX6Po7hFJ.exe, type: SAMPLE
          Source: Yara matchFile source: 0.2.lLX6Po7hFJ.exe.6194629.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.lLX6Po7hFJ.exe.6190000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.lLX6Po7hFJ.exe.6190000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.0.lLX6Po7hFJ.exe.e50000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.lLX6Po7hFJ.exe.3a230ed.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.lLX6Po7hFJ.exe.3a19c8e.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.1722331286.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.1722403436.00000000039D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.1722430742.0000000002921000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: lLX6Po7hFJ.exe PID: 7032, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: lLX6Po7hFJ.exe PID: 2308, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: dnshost.exe PID: 5440, type: MEMORYSTR
          Source: Yara matchFile source: C:\Program Files (x86)\DNS Host\dnshost.exe, type: DROPPED
          Machine Learning detection for dropped file
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeJoe Sandbox ML: detected
          Machine Learning detection for sample
          Source: lLX6Po7hFJ.exeJoe Sandbox ML: detected
          Source: lLX6Po7hFJ.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2046914 ET TROJAN NanoCore RAT CnC 7 192.168.2.4:49730 -> 3.125.223.134:11720
          Source: TrafficSnort IDS: 2046914 ET TROJAN NanoCore RAT CnC 7 192.168.2.4:49731 -> 3.125.223.134:11720
          Source: TrafficSnort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.2.4:49731 -> 3.125.223.134:11720
          Source: TrafficSnort IDS: 2046914 ET TROJAN NanoCore RAT CnC 7 192.168.2.4:49732 -> 3.125.223.134:11720
          Source: TrafficSnort IDS: 2046914 ET TROJAN NanoCore RAT CnC 7 192.168.2.4:49739 -> 18.158.249.75:11720
          Source: TrafficSnort IDS: 2046914 ET TROJAN NanoCore RAT CnC 7 192.168.2.4:49740 -> 3.125.223.134:11720
          Source: TrafficSnort IDS: 2046914 ET TROJAN NanoCore RAT CnC 7 192.168.2.4:49741 -> 3.125.223.134:11720
          Source: TrafficSnort IDS: 2046914 ET TROJAN NanoCore RAT CnC 7 192.168.2.4:49742 -> 18.192.31.165:11720
          Source: TrafficSnort IDS: 2046914 ET TROJAN NanoCore RAT CnC 7 192.168.2.4:49743 -> 3.125.223.134:11720
          Source: TrafficSnort IDS: 2046914 ET TROJAN NanoCore RAT CnC 7 192.168.2.4:49744 -> 3.125.223.134:11720
          Source: TrafficSnort IDS: 2046914 ET TROJAN NanoCore RAT CnC 7 192.168.2.4:49746 -> 3.125.223.134:11720
          Source: TrafficSnort IDS: 2046914 ET TROJAN NanoCore RAT CnC 7 192.168.2.4:49747 -> 18.192.31.165:11720
          Source: TrafficSnort IDS: 2046914 ET TROJAN NanoCore RAT CnC 7 192.168.2.4:49748 -> 18.158.249.75:11720
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs:
          Source: Malware configuration extractorURLs: 0.tcp.eu.ngrok.io
          Source: global trafficTCP traffic: 192.168.2.4:49730 -> 3.125.223.134:11720
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 18.158.249.75:11720
          Source: global trafficTCP traffic: 192.168.2.4:49742 -> 18.192.31.165:11720
          Source: Joe Sandbox ViewIP Address: 3.125.223.134 3.125.223.134
          Source: Joe Sandbox ViewIP Address: 18.192.31.165 18.192.31.165
          Source: Joe Sandbox ViewIP Address: 18.158.249.75 18.158.249.75
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_05802D56 WSARecv,0_2_05802D56
          Source: unknownDNS traffic detected: queries for: 0.tcp.eu.ngrok.io
          Source: Amcache.hve.12.drString found in binary or memory: http://upx.sf.net
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: RegisterRawInputDevicesmemstr_74eedc1b-d

          E-Banking Fraud

          barindex
          Yara detected Nanocore RAT
          Source: Yara matchFile source: lLX6Po7hFJ.exe, type: SAMPLE
          Source: Yara matchFile source: 0.2.lLX6Po7hFJ.exe.6194629.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.lLX6Po7hFJ.exe.6190000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.lLX6Po7hFJ.exe.6190000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.0.lLX6Po7hFJ.exe.e50000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.lLX6Po7hFJ.exe.3a230ed.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.lLX6Po7hFJ.exe.3a19c8e.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.1722331286.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.1722403436.00000000039D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.1722430742.0000000002921000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: lLX6Po7hFJ.exe PID: 7032, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: lLX6Po7hFJ.exe PID: 2308, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: dnshost.exe PID: 5440, type: MEMORYSTR
          Source: Yara matchFile source: C:\Program Files (x86)\DNS Host\dnshost.exe, type: DROPPED

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: lLX6Po7hFJ.exe, type: SAMPLEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: lLX6Po7hFJ.exe, type: SAMPLEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: lLX6Po7hFJ.exe, type: SAMPLEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: lLX6Po7hFJ.exe, type: SAMPLEMatched rule: detect Nanocore in memory Author: JPCERT/CC Incident Response Group
          Source: lLX6Po7hFJ.exe, type: SAMPLEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 0.2.lLX6Po7hFJ.exe.5f00000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 0.2.lLX6Po7hFJ.exe.5f00000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.lLX6Po7hFJ.exe.5f00000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 0.2.lLX6Po7hFJ.exe.6194629.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 0.2.lLX6Po7hFJ.exe.6194629.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.lLX6Po7hFJ.exe.6194629.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 0.2.lLX6Po7hFJ.exe.6190000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 0.2.lLX6Po7hFJ.exe.6190000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.lLX6Po7hFJ.exe.6190000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 5.2.lLX6Po7hFJ.exe.2a10c44.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 5.2.lLX6Po7hFJ.exe.2a10c44.0.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 5.2.lLX6Po7hFJ.exe.2a10c44.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 6.2.dnshost.exe.2960d88.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 6.2.dnshost.exe.2960d88.0.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 6.2.dnshost.exe.2960d88.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 0.2.lLX6Po7hFJ.exe.6190000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 0.2.lLX6Po7hFJ.exe.6190000.5.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.lLX6Po7hFJ.exe.6190000.5.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 0.0.lLX6Po7hFJ.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 0.0.lLX6Po7hFJ.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 0.0.lLX6Po7hFJ.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.0.lLX6Po7hFJ.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: detect Nanocore in memory Author: JPCERT/CC Incident Response Group
          Source: 0.0.lLX6Po7hFJ.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 5.2.lLX6Po7hFJ.exe.3a230ed.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 5.2.lLX6Po7hFJ.exe.3a230ed.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 5.2.lLX6Po7hFJ.exe.3a230ed.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 5.2.lLX6Po7hFJ.exe.3a19c8e.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 5.2.lLX6Po7hFJ.exe.3a19c8e.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 5.2.lLX6Po7hFJ.exe.3a19c8e.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 5.2.lLX6Po7hFJ.exe.3a19c8e.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 0.2.lLX6Po7hFJ.exe.34d962c.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 0.2.lLX6Po7hFJ.exe.34d962c.0.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.lLX6Po7hFJ.exe.34d962c.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: detect Nanocore in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
          Source: 00000000.00000002.2701205255.0000000005F00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 00000000.00000002.2701205255.0000000005F00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 00000000.00000002.2701205255.0000000005F00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
          Source: 00000005.00000002.1722331286.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 00000005.00000002.1722331286.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 00000005.00000002.1722403436.00000000039D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 00000005.00000002.1722403436.00000000039D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 00000006.00000002.1722430742.0000000002921000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 00000006.00000002.1722430742.0000000002921000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 00000000.00000002.2698885233.00000000034C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: Process Memory Space: lLX6Po7hFJ.exe PID: 7032, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: Process Memory Space: lLX6Po7hFJ.exe PID: 7032, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: Process Memory Space: lLX6Po7hFJ.exe PID: 7032, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: Process Memory Space: lLX6Po7hFJ.exe PID: 7032, type: MEMORYSTRMatched rule: detect Nanocore in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: lLX6Po7hFJ.exe PID: 2308, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: Process Memory Space: lLX6Po7hFJ.exe PID: 2308, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: Process Memory Space: dnshost.exe PID: 5440, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: Process Memory Space: dnshost.exe PID: 5440, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: C:\Program Files (x86)\DNS Host\dnshost.exe, type: DROPPEDMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: C:\Program Files (x86)\DNS Host\dnshost.exe, type: DROPPEDMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: C:\Program Files (x86)\DNS Host\dnshost.exe, type: DROPPEDMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: C:\Program Files (x86)\DNS Host\dnshost.exe, type: DROPPEDMatched rule: detect Nanocore in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Program Files (x86)\DNS Host\dnshost.exe, type: DROPPEDMatched rule: Detects NanoCore Author: ditekSHen
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_05803562 NtQuerySystemInformation,0_2_05803562
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_05803527 NtQuerySystemInformation,0_2_05803527
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_019C89880_2_019C8988
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_019CB0280_2_019CB028
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_019C38500_2_019C3850
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_019C2FA80_2_019C2FA8
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_019C23A00_2_019C23A0
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_019C95880_2_019C9588
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_019C306F0_2_019C306F
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_019C964F0_2_019C964F
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 5_2_04AF2FA85_2_04AF2FA8
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 5_2_04AF23A05_2_04AF23A0
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 5_2_04AF38505_2_04AF3850
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 5_2_04AF306F5_2_04AF306F
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeCode function: 6_2_04B023A06_2_04B023A0
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeCode function: 6_2_04B02FA86_2_04B02FA8
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeCode function: 6_2_04B0306F6_2_04B0306F
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeCode function: 7_2_057538507_2_05753850
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeCode function: 7_2_057523A07_2_057523A0
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeCode function: 7_2_05752FA87_2_05752FA8
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeCode function: 7_2_0575306F7_2_0575306F
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 1468
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2701421997.00000000061B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs lLX6Po7hFJ.exe
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2699827452.0000000004527000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs lLX6Po7hFJ.exe
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs lLX6Po7hFJ.exe
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs lLX6Po7hFJ.exe
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2701205255.0000000005F00000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs lLX6Po7hFJ.exe
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2698885233.00000000034C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs lLX6Po7hFJ.exe
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2698134620.00000000015DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs lLX6Po7hFJ.exe
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2699827452.0000000004540000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs lLX6Po7hFJ.exe
          Source: lLX6Po7hFJ.exe, 00000005.00000002.1722331286.00000000029D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs lLX6Po7hFJ.exe
          Source: lLX6Po7hFJ.exe, 00000005.00000002.1722331286.00000000029D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs lLX6Po7hFJ.exe
          Source: lLX6Po7hFJ.exe, 00000005.00000002.1722403436.00000000039D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs lLX6Po7hFJ.exe
          Source: lLX6Po7hFJ.exe, 00000005.00000002.1722403436.00000000039D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs lLX6Po7hFJ.exe
          Source: lLX6Po7hFJ.exe, 00000005.00000002.1722403436.00000000039D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs lLX6Po7hFJ.exe
          Source: lLX6Po7hFJ.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: lLX6Po7hFJ.exe, type: SAMPLEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: lLX6Po7hFJ.exe, type: SAMPLEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: lLX6Po7hFJ.exe, type: SAMPLEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: lLX6Po7hFJ.exe, type: SAMPLEMatched rule: Nanocore author = JPCERT/CC Incident Response Group, description = detect Nanocore in memory, rule_usage = memory scan, reference = internal research
          Source: lLX6Po7hFJ.exe, type: SAMPLEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 0.2.lLX6Po7hFJ.exe.5f00000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 0.2.lLX6Po7hFJ.exe.5f00000.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 0.2.lLX6Po7hFJ.exe.5f00000.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 0.2.lLX6Po7hFJ.exe.6194629.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 0.2.lLX6Po7hFJ.exe.6194629.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 0.2.lLX6Po7hFJ.exe.6194629.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 0.2.lLX6Po7hFJ.exe.6190000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 0.2.lLX6Po7hFJ.exe.6190000.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 0.2.lLX6Po7hFJ.exe.6190000.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 5.2.lLX6Po7hFJ.exe.2a10c44.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 5.2.lLX6Po7hFJ.exe.2a10c44.0.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 5.2.lLX6Po7hFJ.exe.2a10c44.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 6.2.dnshost.exe.2960d88.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 6.2.dnshost.exe.2960d88.0.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 6.2.dnshost.exe.2960d88.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 0.2.lLX6Po7hFJ.exe.6190000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 0.2.lLX6Po7hFJ.exe.6190000.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 0.2.lLX6Po7hFJ.exe.6190000.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 0.0.lLX6Po7hFJ.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 0.0.lLX6Po7hFJ.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 0.0.lLX6Po7hFJ.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 0.0.lLX6Po7hFJ.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore author = JPCERT/CC Incident Response Group, description = detect Nanocore in memory, rule_usage = memory scan, reference = internal research
          Source: 0.0.lLX6Po7hFJ.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 5.2.lLX6Po7hFJ.exe.3a230ed.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 5.2.lLX6Po7hFJ.exe.3a230ed.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 5.2.lLX6Po7hFJ.exe.3a230ed.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 5.2.lLX6Po7hFJ.exe.3a19c8e.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 5.2.lLX6Po7hFJ.exe.3a19c8e.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 5.2.lLX6Po7hFJ.exe.3a19c8e.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 5.2.lLX6Po7hFJ.exe.3a19c8e.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 0.2.lLX6Po7hFJ.exe.34d962c.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 0.2.lLX6Po7hFJ.exe.34d962c.0.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 0.2.lLX6Po7hFJ.exe.34d962c.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Nanocore author = JPCERT/CC Incident Response Group, description = detect Nanocore in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 00000000.00000002.2701205255.0000000005F00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 00000000.00000002.2701205255.0000000005F00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 00000000.00000002.2701205255.0000000005F00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 00000005.00000002.1722331286.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 00000005.00000002.1722331286.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 00000005.00000002.1722403436.00000000039D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 00000005.00000002.1722403436.00000000039D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 00000006.00000002.1722430742.0000000002921000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 00000006.00000002.1722430742.0000000002921000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 00000000.00000002.2698885233.00000000034C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: Process Memory Space: lLX6Po7hFJ.exe PID: 7032, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: Process Memory Space: lLX6Po7hFJ.exe PID: 7032, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: Process Memory Space: lLX6Po7hFJ.exe PID: 7032, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: Process Memory Space: lLX6Po7hFJ.exe PID: 7032, type: MEMORYSTRMatched rule: Nanocore author = JPCERT/CC Incident Response Group, description = detect Nanocore in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: lLX6Po7hFJ.exe PID: 2308, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: Process Memory Space: lLX6Po7hFJ.exe PID: 2308, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: Process Memory Space: dnshost.exe PID: 5440, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: Process Memory Space: dnshost.exe PID: 5440, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: C:\Program Files (x86)\DNS Host\dnshost.exe, type: DROPPEDMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: C:\Program Files (x86)\DNS Host\dnshost.exe, type: DROPPEDMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: C:\Program Files (x86)\DNS Host\dnshost.exe, type: DROPPEDMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: C:\Program Files (x86)\DNS Host\dnshost.exe, type: DROPPEDMatched rule: Nanocore author = JPCERT/CC Incident Response Group, description = detect Nanocore in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Program Files (x86)\DNS Host\dnshost.exe, type: DROPPEDMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: lLX6Po7hFJ.exeStatic PE information: Section: .rsrc ZLIB complexity 1.0003107244318181
          Source: dnshost.exe.0.drStatic PE information: Section: .rsrc ZLIB complexity 1.0003107244318181
          Source: lLX6Po7hFJ.exe, --qVxXNKnhAcArgJoGGYXiyyQ--.csCryptographic APIs: 'TransformFinalBlock'
          Source: lLX6Po7hFJ.exe, --qVxXNKnhAcArgJoGGYXiyyQ--.csCryptographic APIs: 'TransformFinalBlock'
          Source: lLX6Po7hFJ.exe, --qjIje6jGWLd2EOkfZXKqBbg--.csCryptographic APIs: 'TransformFinalBlock'
          Source: dnshost.exe.0.dr, --qVxXNKnhAcArgJoGGYXiyyQ--.csCryptographic APIs: 'TransformFinalBlock'
          Source: dnshost.exe.0.dr, --qVxXNKnhAcArgJoGGYXiyyQ--.csCryptographic APIs: 'TransformFinalBlock'
          Source: dnshost.exe.0.dr, --qjIje6jGWLd2EOkfZXKqBbg--.csCryptographic APIs: 'TransformFinalBlock'
          Source: lLX6Po7hFJ.exe, --qjIje6jGWLd2EOkfZXKqBbg--.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
          Source: lLX6Po7hFJ.exe, --qjIje6jGWLd2EOkfZXKqBbg--.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: dnshost.exe.0.dr, --qjIje6jGWLd2EOkfZXKqBbg--.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
          Source: dnshost.exe.0.dr, --qjIje6jGWLd2EOkfZXKqBbg--.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: classification engineClassification label: mal100.troj.evad.winEXE@12/12@18/3
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_05803322 AdjustTokenPrivileges,0_2_05803322
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_058032EB AdjustTokenPrivileges,0_2_058032EB
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeFile created: C:\Program Files (x86)\DNS HostJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeFile created: C:\Users\user\AppData\Roaming\9E146BE9-C76A-4720-BCDB-53011B87BD06Jump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeMutant created: NULL
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{191d33a5-79e3-4242-ad2a-bdb1cfa2960f}
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6392:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7156:120:WilError_03
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeFile created: C:\Users\user\AppData\Local\Temp\tmpC905.tmpJump to behavior
          Source: lLX6Po7hFJ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: lLX6Po7hFJ.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: lLX6Po7hFJ.exeReversingLabs: Detection: 97%
          Source: lLX6Po7hFJ.exeVirustotal: Detection: 90%
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeFile read: C:\Users\user\Desktop\lLX6Po7hFJ.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\lLX6Po7hFJ.exe "C:\Users\user\Desktop\lLX6Po7hFJ.exe"
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /f /tn "DNS Host" /xml "C:\Users\user\AppData\Local\Temp\tmpC905.tmp"
          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /f /tn "DNS Host Task" /xml "C:\Users\user\AppData\Local\Temp\tmpC9F1.tmp"
          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\Users\user\Desktop\lLX6Po7hFJ.exe C:\Users\user\Desktop\lLX6Po7hFJ.exe 0
          Source: unknownProcess created: C:\Program Files (x86)\DNS Host\dnshost.exe "C:\Program Files (x86)\DNS Host\dnshost.exe" 0
          Source: unknownProcess created: C:\Program Files (x86)\DNS Host\dnshost.exe "C:\Program Files (x86)\DNS Host\dnshost.exe"
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 1468
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /f /tn "DNS Host" /xml "C:\Users\user\AppData\Local\Temp\tmpC905.tmp"Jump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /f /tn "DNS Host Task" /xml "C:\Users\user\AppData\Local\Temp\tmpC9F1.tmp"Jump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 1468Jump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: version.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: version.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
          Source: lLX6Po7hFJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: lLX6Po7hFJ.exe, --qjIje6jGWLd2EOkfZXKqBbg--.cs.Net Code: _0023_003Dqf3c4WtE_0024_0024thN5QyBMvo3u0lth2VF5hmfUsIv1r8yRkg_003D System.Reflection.Assembly.Load(byte[])
          Source: lLX6Po7hFJ.exe, --qjIje6jGWLd2EOkfZXKqBbg--.cs.Net Code: _0023_003Dq_FL69pQf17BUSAFbWYu1SStMAbdu_0024R1GJ8VY8UL5_EA_003D System.Reflection.Assembly.Load(byte[])
          Source: lLX6Po7hFJ.exe, --qxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecU-.cs.Net Code: _0023_003DqKU0J1fiP8KA33eFK1owekQ_003D_003D System.Reflection.Assembly.Load(byte[])
          Source: dnshost.exe.0.dr, --qjIje6jGWLd2EOkfZXKqBbg--.cs.Net Code: _0023_003Dqf3c4WtE_0024_0024thN5QyBMvo3u0lth2VF5hmfUsIv1r8yRkg_003D System.Reflection.Assembly.Load(byte[])
          Source: dnshost.exe.0.dr, --qjIje6jGWLd2EOkfZXKqBbg--.cs.Net Code: _0023_003Dq_FL69pQf17BUSAFbWYu1SStMAbdu_0024R1GJ8VY8UL5_EA_003D System.Reflection.Assembly.Load(byte[])
          Source: dnshost.exe.0.dr, --qxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecU-.cs.Net Code: _0023_003DqKU0J1fiP8KA33eFK1owekQ_003D_003D System.Reflection.Assembly.Load(byte[])
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_01567538 push ebp; ret 0_2_01567539
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_0156752C push ecx; ret 0_2_0156752D
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_01569DB0 pushad ; retf 0_2_01569DB1
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_01569DAC push eax; retf 0_2_01569DAD
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_0185026D push ds; retf 007Ch0_2_018504C4
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeFile created: C:\Program Files (x86)\DNS Host\dnshost.exeJump to dropped file

          Boot Survival

          barindex
          Uses schtasks.exe or at.exe to add and modify task schedules
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /f /tn "DNS Host" /xml "C:\Users\user\AppData\Local\Temp\tmpC905.tmp"
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run DNS HostJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run DNS HostJump to behavior

          Hooking and other Techniques for Hiding and Protection

          barindex
          Hides that the sample has been downloaded from the Internet (zone.identifier)
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeFile opened: C:\Users\user\Desktop\lLX6Po7hFJ.exe:Zone.Identifier read attributes | deleteJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeMemory allocated: 1810000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeMemory allocated: 34C0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeMemory allocated: 54C0000 memory commit | memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeMemory allocated: CA0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeMemory allocated: 29D0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeMemory allocated: CA0000 memory commit | memory reserve | memory write watchJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeMemory allocated: A90000 memory reserve | memory write watchJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeMemory allocated: 2920000 memory reserve | memory write watchJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeMemory allocated: 4920000 memory commit | memory reserve | memory write watchJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeMemory allocated: 1AB0000 memory reserve | memory write watchJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeMemory allocated: 3600000 memory reserve | memory write watchJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeMemory allocated: 1BD0000 memory commit | memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeWindow / User API: threadDelayed 7229Jump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeWindow / User API: foregroundWindowGot 1719Jump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exe TID: 4312Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exe TID: 7140Thread sleep time: -98500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exe TID: 1072Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exe TID: 7140Thread sleep time: -3614500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exe TID: 7124Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exe TID: 6464Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exe TID: 480Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_0580169A GetSystemInfo,0_2_0580169A
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Program Files (x86)\DNS Host\dnshost.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: Amcache.hve.12.drBinary or memory string: VMware
          Source: Amcache.hve.12.drBinary or memory string: VMware Virtual USB Mouse
          Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin
          Source: Amcache.hve.12.drBinary or memory string: VMware, Inc.
          Source: Amcache.hve.12.drBinary or memory string: VMware20,1hbin@
          Source: Amcache.hve.12.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
          Source: Amcache.hve.12.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.12.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
          Source: dw20.exe, 0000000C.00000003.2696488856.0000000000705000.00000004.00000020.00020000.00000000.sdmp, dw20.exe, 0000000C.00000002.2698469429.0000000000705000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: Amcache.hve.12.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.12.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
          Source: Amcache.hve.12.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.12.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2698134620.0000000001660000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: Amcache.hve.12.drBinary or memory string: vmci.sys
          Source: Amcache.hve.12.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
          Source: dw20.exe, 0000000C.00000002.2698469429.00000000006F1000.00000004.00000020.00020000.00000000.sdmp, dw20.exe, 0000000C.00000003.2696488856.00000000006EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx/f
          Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin`
          Source: Amcache.hve.12.drBinary or memory string: \driver\vmci,\driver\pci
          Source: Amcache.hve.12.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.12.drBinary or memory string: VMware20,1
          Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Generation Counter
          Source: Amcache.hve.12.drBinary or memory string: NECVMWar VMware SATA CD00
          Source: Amcache.hve.12.drBinary or memory string: VMware Virtual disk SCSI Disk Device
          Source: Amcache.hve.12.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
          Source: Amcache.hve.12.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
          Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
          Source: Amcache.hve.12.drBinary or memory string: VMware PCI VMCI Bus Device
          Source: dw20.exe, 0000000C.00000002.2698293438.0000000000688000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWPNo%SystemRoot%\system32\mswsock.dllex^
          Source: Amcache.hve.12.drBinary or memory string: VMware VMCI Bus Device
          Source: Amcache.hve.12.drBinary or memory string: VMware Virtual RAM
          Source: Amcache.hve.12.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
          Source: Amcache.hve.12.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeMemory allocated: page read and write | page guardJump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /f /tn "DNS Host" /xml "C:\Users\user\AppData\Local\Temp\tmpC905.tmp"Jump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /f /tn "DNS Host Task" /xml "C:\Users\user\AppData\Local\Temp\tmpC9F1.tmp"Jump to behavior
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 1468Jump to behavior
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2698885233.0000000003714000.00000004.00000800.00020000.00000000.sdmp, lLX6Po7hFJ.exe, 00000000.00000002.2698885233.000000000374C000.00000004.00000800.00020000.00000000.sdmp, lLX6Po7hFJ.exe, 00000000.00000002.2698134620.0000000001660000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2698885233.000000000378B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerP
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2698885233.000000000374C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerl
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2698134620.0000000001660000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managert$
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: Amcache.hve.12.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
          Source: Amcache.hve.12.drBinary or memory string: msmpeng.exe
          Source: Amcache.hve.12.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
          Source: Amcache.hve.12.drBinary or memory string: MsMpEng.exe

          Stealing of Sensitive Information

          barindex
          Yara detected Nanocore RAT
          Source: Yara matchFile source: lLX6Po7hFJ.exe, type: SAMPLE
          Source: Yara matchFile source: 0.2.lLX6Po7hFJ.exe.6194629.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.lLX6Po7hFJ.exe.6190000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.lLX6Po7hFJ.exe.6190000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.0.lLX6Po7hFJ.exe.e50000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.lLX6Po7hFJ.exe.3a230ed.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.lLX6Po7hFJ.exe.3a19c8e.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.1722331286.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.1722403436.00000000039D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.1722430742.0000000002921000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: lLX6Po7hFJ.exe PID: 7032, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: lLX6Po7hFJ.exe PID: 2308, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: dnshost.exe PID: 5440, type: MEMORYSTR
          Source: Yara matchFile source: C:\Program Files (x86)\DNS Host\dnshost.exe, type: DROPPED

          Remote Access Functionality

          barindex
          Detected Nanocore Rat
          Source: lLX6Po7hFJ.exe, 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: NanoCore.ClientPluginHost
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2701205255.0000000005F00000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2701205255.0000000005F00000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2698885233.00000000034C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
          Source: lLX6Po7hFJ.exe, 00000000.00000002.2698885233.00000000034C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
          Source: lLX6Po7hFJ.exe, 00000005.00000002.1722331286.00000000029D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
          Source: lLX6Po7hFJ.exe, 00000005.00000002.1722331286.00000000029D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
          Source: lLX6Po7hFJ.exe, 00000005.00000002.1722403436.00000000039D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
          Source: lLX6Po7hFJ.exe, 00000005.00000002.1722403436.00000000039D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
          Source: dnshost.exe, 00000006.00000002.1722430742.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
          Source: dnshost.exe, 00000006.00000002.1722430742.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
          Source: lLX6Po7hFJ.exeString found in binary or memory: NanoCore.ClientPluginHost
          Source: dnshost.exe.0.drString found in binary or memory: NanoCore.ClientPluginHost
          Yara detected Nanocore RAT
          Source: Yara matchFile source: lLX6Po7hFJ.exe, type: SAMPLE
          Source: Yara matchFile source: 0.2.lLX6Po7hFJ.exe.6194629.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.lLX6Po7hFJ.exe.6190000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.lLX6Po7hFJ.exe.6190000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.0.lLX6Po7hFJ.exe.e50000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.lLX6Po7hFJ.exe.3a230ed.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.lLX6Po7hFJ.exe.3a1eac4.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.lLX6Po7hFJ.exe.3a19c8e.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.1722331286.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.1722403436.00000000039D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.1722430742.0000000002921000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: lLX6Po7hFJ.exe PID: 7032, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: lLX6Po7hFJ.exe PID: 2308, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: dnshost.exe PID: 5440, type: MEMORYSTR
          Source: Yara matchFile source: C:\Program Files (x86)\DNS Host\dnshost.exe, type: DROPPED
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_0580289A bind,0_2_0580289A
          Source: C:\Users\user\Desktop\lLX6Po7hFJ.exeCode function: 0_2_05802848 bind,0_2_05802848

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Scheduled Task/Job          		1
          Scheduled Task/Job          		1
          Access Token Manipulation          		2
          Masquerading          		11
          Input Capture          		111
          Security Software Discovery          		Remote Services11
          Input Capture          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/Job1
          Registry Run Keys / Startup Folder          		12
          Process Injection          		1
          Disable or Modify Tools          		LSASS Memory2
          Process Discovery          		Remote Desktop Protocol11
          Archive Collected Data          		1
          Non-Standard Port          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAt1
          DLL Side-Loading          		1
          Scheduled Task/Job          		31
          Virtualization/Sandbox Evasion          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared Drive1
          Remote Access Software          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
          Registry Run Keys / Startup Folder          		1
          Access Token Manipulation          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput Capture1
          Ingress Tool Transfer          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
          DLL Side-Loading          		12
          Process Injection          		LSA Secrets3
          System Information Discovery          		SSHKeylogging1
          Non-Application Layer Protocol          		Scheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Deobfuscate/Decode Files or Information          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input Capture11
          Application Layer Protocol          		Data Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          Hidden Files and Directories          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Obfuscated Files or Information          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
          Software Packing          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
          DLL Side-Loading          		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1429081 Sample: lLX6Po7hFJ.exe Startdate: 20/04/2024 Architecture: WINDOWS Score: 100 40 Snort IDS alert for network traffic 2->40 42 Multi AV Scanner detection for domain / URL 2->42 44 Found malware configuration 2->44 46 13 other signatures 2->46 7 lLX6Po7hFJ.exe 1 14 2->7         started        12 lLX6Po7hFJ.exe 3 2->12         started        14 dnshost.exe 3 2->14         started        16 dnshost.exe 2 2->16         started        process3 dnsIp4 34 18.158.249.75, 11720, 49739, 49748 AMAZON-02US United States 7->34 36 18.192.31.165, 11720, 49742, 49747 AMAZON-02US United States 7->36 38 0.tcp.eu.ngrok.io 3.125.223.134, 11720, 49730, 49731 AMAZON-02US United States 7->38 28 C:\Program Files (x86)\DNS Host\dnshost.exe, PE32 7->28 dropped 30 C:\Users\user\AppData\Roaming\...\run.dat, data 7->30 dropped 32 C:\Users\user\AppData\Local\...\tmpC905.tmp, XML 7->32 dropped 48 Detected Nanocore Rat 7->48 50 Uses schtasks.exe or at.exe to add and modify task schedules 7->50 52 Hides that the sample has been downloaded from the Internet (zone.identifier) 7->52 18 schtasks.exe 1 7->18         started        20 schtasks.exe 1 7->20         started        22 dw20.exe 21 12 7->22         started        file5 signatures6 process7 process8 24 conhost.exe 18->24         started        26 conhost.exe 20->26         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          lLX6Po7hFJ.exe97%ReversingLabsByteCode-MSIL.Backdoor.NanoCore
          lLX6Po7hFJ.exe90%VirustotalBrowse
          lLX6Po7hFJ.exe100%AviraTR/Dropper.MSIL.Gen7
          lLX6Po7hFJ.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Program Files (x86)\DNS Host\dnshost.exe100%AviraTR/Dropper.MSIL.Gen7
          C:\Program Files (x86)\DNS Host\dnshost.exe100%Joe Sandbox ML
          C:\Program Files (x86)\DNS Host\dnshost.exe97%ReversingLabsByteCode-MSIL.Backdoor.NanoCore
          C:\Program Files (x86)\DNS Host\dnshost.exe90%VirustotalBrowse

          Unpacked PE Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          0.tcp.eu.ngrok.io16%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          0.tcp.eu.ngrok.io16%VirustotalBrowse

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          0.tcp.eu.ngrok.io
          		3.125.223.134
          		truetrueunknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          true
            		low
            0.tcp.eu.ngrok.iotrueunknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://upx.sf.netAmcache.hve.12.drfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              3.125.223.134
              		0.tcp.eu.ngrok.ioUnited States
              		16509AMAZON-02UStrue
              18.192.31.165
              		unknownUnited States
              		16509AMAZON-02UStrue
              18.158.249.75
              		unknownUnited States
              		16509AMAZON-02UStrue

              General Information

              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1429081
              Start date and time:2024-04-20 17:16:06 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 7m 3s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:14
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:lLX6Po7hFJ.exe
              renamed because original name is a hash value
              Original Sample Name:07D9144C3B3CFE44C24F850A74FAAACC.exe
              Detection:MAL
              Classification:mal100.troj.evad.winEXE@12/12@18/3
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 462
              • Number of non-executed functions: 13
              Cookbook Comments:
              • Found application associated with file extension: .exe

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 52.168.117.173
              • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtQueryValueKey calls found.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              16:16:56AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DNS Host C:\Program Files (x86)\DNS Host\dnshost.exe
              16:16:57Task SchedulerRun new task: DNS Host path: "C:\Users\user\Desktop\lLX6Po7hFJ.exe" s>$(Arg0)
              16:16:57Task SchedulerRun new task: DNS Host Task path: "C:\Program Files (x86)\DNS Host\dnshost.exe" s>$(Arg0)
              17:16:55API Interceptor1049491x Sleep call for process: lLX6Po7hFJ.exe modified
              17:18:40API Interceptor1x Sleep call for process: dw20.exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              3.125.223.134aXDh3Stgy2.exeGet hashmaliciousNjratBrowse
                AKsHpy5O2W.exeGet hashmaliciousNjratBrowse
                  P1Oyl92c7q.exeGet hashmaliciousNjratBrowse
                    Z5355AqwOr.exeGet hashmaliciousNjratBrowse
                      OkT2NAJRba.exeGet hashmaliciousNjratBrowse
                        aLbc2QiwYI.exeGet hashmaliciousNjratBrowse
                          G1oJ1idmVw.dllGet hashmaliciousGhostRatBrowse
                            X1YSjOIudz.exeGet hashmaliciousNjratBrowse
                              hitler.exeGet hashmaliciousNjratBrowse
                                sCQUQePiWI.exeGet hashmaliciousNjratBrowse
                                  18.192.31.165muyq8X8qXp.exeGet hashmaliciousUnknownBrowse
                                  • 3eae-79-191-34-149.eu.ngrok.io/sysvndump/send
                                  18.158.249.75xaa.doc.docxGet hashmaliciousCVE-2021-40444Browse
                                  • 259f-88-231-63-13.eu.ngrok.io/exploit.html

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  0.tcp.eu.ngrok.ioaXDh3Stgy2.exeGet hashmaliciousNjratBrowse
                                  • 18.158.249.75
                                  9VnALqFMbF.exeGet hashmaliciousDarkCometBrowse
                                  • 3.125.209.94
                                  AKsHpy5O2W.exeGet hashmaliciousNjratBrowse
                                  • 3.125.223.134
                                  D6p5mclMzu.exeGet hashmaliciousNjratBrowse
                                  • 3.124.142.205
                                  P1Oyl92c7q.exeGet hashmaliciousNjratBrowse
                                  • 3.124.142.205
                                  F1RBq1AGOt.exeGet hashmaliciousNjratBrowse
                                  • 3.125.209.94
                                  8egiXe8bX1.exeGet hashmaliciousRedLineBrowse
                                  • 3.125.102.39
                                  hIn6sixPtb.exeGet hashmaliciousNjratBrowse
                                  • 3.124.142.205
                                  chrome.exeGet hashmaliciousXWormBrowse
                                  • 18.192.31.165
                                  q3cVpZs8mu.exeGet hashmaliciousNjratBrowse
                                  • 3.125.102.39

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  AMAZON-02USqk9TaBBxh8.exeGet hashmaliciousLummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                  • 52.216.33.65
                                  https://prayas.co/assets/nagateliteqfuk.exeGet hashmaliciousUnknownBrowse
                                  • 3.72.134.250
                                  https://19apmic17.z13.web.core.windows.net/Get hashmaliciousTechSupportScamBrowse
                                  • 3.161.188.93
                                  https://bestjavporn58xxcom.z13.web.core.windows.net/index.htmlGet hashmaliciousUnknownBrowse
                                  • 108.138.82.189
                                  https://hentaieracomxx.z13.web.core.windows.net/index.htmlGet hashmaliciousUnknownBrowse
                                  • 108.138.82.203
                                  PO_PDF24172024.scr.exeGet hashmaliciousFormBookBrowse
                                  • 75.2.60.5
                                  https://19apmic11.z13.web.core.windows.net/Get hashmaliciousTechSupportScamBrowse
                                  • 99.86.229.70
                                  https://allmylinkswebgt.z13.web.core.windows.net/index.htmlGet hashmaliciousUnknownBrowse
                                  • 108.138.82.231
                                  https://runrun.it/share/portal/EfC1XUoTbGbNOUmdGet hashmaliciousHTMLPhisherBrowse
                                  • 52.216.217.225
                                  SecuriteInfo.com.Win32.SuspectCrc.28876.20318.xlsxGet hashmaliciousAgentTeslaBrowse
                                  • 3.140.76.209
                                  AMAZON-02USqk9TaBBxh8.exeGet hashmaliciousLummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                  • 52.216.33.65
                                  https://prayas.co/assets/nagateliteqfuk.exeGet hashmaliciousUnknownBrowse
                                  • 3.72.134.250
                                  https://19apmic17.z13.web.core.windows.net/Get hashmaliciousTechSupportScamBrowse
                                  • 3.161.188.93
                                  https://bestjavporn58xxcom.z13.web.core.windows.net/index.htmlGet hashmaliciousUnknownBrowse
                                  • 108.138.82.189
                                  https://hentaieracomxx.z13.web.core.windows.net/index.htmlGet hashmaliciousUnknownBrowse
                                  • 108.138.82.203
                                  PO_PDF24172024.scr.exeGet hashmaliciousFormBookBrowse
                                  • 75.2.60.5
                                  https://19apmic11.z13.web.core.windows.net/Get hashmaliciousTechSupportScamBrowse
                                  • 99.86.229.70
                                  https://allmylinkswebgt.z13.web.core.windows.net/index.htmlGet hashmaliciousUnknownBrowse
                                  • 108.138.82.231
                                  https://runrun.it/share/portal/EfC1XUoTbGbNOUmdGet hashmaliciousHTMLPhisherBrowse
                                  • 52.216.217.225
                                  SecuriteInfo.com.Win32.SuspectCrc.28876.20318.xlsxGet hashmaliciousAgentTeslaBrowse
                                  • 3.140.76.209
                                  AMAZON-02USqk9TaBBxh8.exeGet hashmaliciousLummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                  • 52.216.33.65
                                  https://prayas.co/assets/nagateliteqfuk.exeGet hashmaliciousUnknownBrowse
                                  • 3.72.134.250
                                  https://19apmic17.z13.web.core.windows.net/Get hashmaliciousTechSupportScamBrowse
                                  • 3.161.188.93
                                  https://bestjavporn58xxcom.z13.web.core.windows.net/index.htmlGet hashmaliciousUnknownBrowse
                                  • 108.138.82.189
                                  https://hentaieracomxx.z13.web.core.windows.net/index.htmlGet hashmaliciousUnknownBrowse
                                  • 108.138.82.203
                                  PO_PDF24172024.scr.exeGet hashmaliciousFormBookBrowse
                                  • 75.2.60.5
                                  https://19apmic11.z13.web.core.windows.net/Get hashmaliciousTechSupportScamBrowse
                                  • 99.86.229.70
                                  https://allmylinkswebgt.z13.web.core.windows.net/index.htmlGet hashmaliciousUnknownBrowse
                                  • 108.138.82.231
                                  https://runrun.it/share/portal/EfC1XUoTbGbNOUmdGet hashmaliciousHTMLPhisherBrowse
                                  • 52.216.217.225
                                  SecuriteInfo.com.Win32.SuspectCrc.28876.20318.xlsxGet hashmaliciousAgentTeslaBrowse
                                  • 3.140.76.209

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  C:\Program Files (x86)\DNS Host\dnshost.exe

                                  Download File
                                  Process:C:\Users\user\Desktop\lLX6Po7hFJ.exe
                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                  Category:dropped
                                  Size (bytes):207872
                                  Entropy (8bit):7.4489272119388685
                                  Encrypted:false
                                  SSDEEP:6144:sLV6Bta6dtJmakIM51O3JM1fMKQqa7FPp0k4v:sLV6BtpmkBGpC78v
                                  MD5:07D9144C3B3CFE44C24F850A74FAAACC
                                  SHA1:1DF82C6DBE192D9F78E137BB96C499FD5F0C93A5
                                  SHA-256:4CEF1677E5E896054778060EC165CB35BCC4C923A38EA7EEA43609DEA20492F0
                                  SHA-512:39120F944F46DFA34F0D4A2E59A9BDB74A76D9F69B55C054969A96666B0366651BCC2A0AB4A48F3243A2046E961F43FBA5E13D5B04248EEAE0F86B7428133584
                                  Malicious:true
                                  Yara Hits:
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: C:\Program Files (x86)\DNS Host\dnshost.exe, Author: Joe Security
                                  • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: C:\Program Files (x86)\DNS Host\dnshost.exe, Author: unknown
                                  • Rule: NanoCore, Description: unknown, Source: C:\Program Files (x86)\DNS Host\dnshost.exe, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: C:\Program Files (x86)\DNS Host\dnshost.exe, Author: Florian Roth
                                  • Rule: Nanocore, Description: detect Nanocore in memory, Source: C:\Program Files (x86)\DNS Host\dnshost.exe, Author: JPCERT/CC Incident Response Group
                                  • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: C:\Program Files (x86)\DNS Host\dnshost.exe, Author: ditekSHen
                                  Antivirus:
                                  • Antivirus: Avira, Detection: 100%
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  • Antivirus: ReversingLabs, Detection: 97%
                                  • Antivirus: Virustotal, Detection: 90%, Browse
                                  Reputation:low
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.T.....................b........... ........@.. ......................................................................8...W.... ..._........................................................................... ............... ..H............text........ ...................... ..`.reloc..............................@..B.rsrc...._... ...`..................@..@................t.......H...........T............................................................0..Q........o5.......*.o6....-.&......3+..+.... ....3......1..... 2.... ....3.... .......*.*....0..E.......s7....-(&s8....-&&s9....,$&s:........s;........*.....+.....+.....+.....0..........~....o<...*..0..........~....o=...*..0..........~....o>...*..0..........~....o?...*..0..........~....o@...*..0.............-.&(A...*&+...0..$.......~B........-.(...+.-.&+..B...+.~B...*.0.............-.&(A...*&+...0..

                                  C:\Program Files (x86)\DNS Host\dnshost.exe:Zone.Identifier

                                  Download File
                                  Process:C:\Users\user\Desktop\lLX6Po7hFJ.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):26
                                  Entropy (8bit):3.95006375643621
                                  Encrypted:false
                                  SSDEEP:3:ggPYV:rPYV
                                  MD5:187F488E27DB4AF347237FE461A079AD
                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                  Malicious:false
                                  Reputation:high, very likely benign file
                                  Preview:[ZoneTransfer]....ZoneId=0

                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lLX6Po7hFJ.exe_52236c2e729429a1e3187843149972c92a6f610_00000000_229a7c85-0bb3-4dc3-8de8-e15575f19acb\Report.wer

                                  Download File
                                  Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):65536
                                  Entropy (8bit):1.0345274919822214
                                  Encrypted:false
                                  SSDEEP:192:RWyBBYjGRVLqaRY9wHloympeFCyb42QUmzuiF0Z24IO8:cyBBEGRV2aaahmzuiF0Y4IO8
                                  MD5:45AC5D04AB82DC416F086B99D3C8817B
                                  SHA1:FFED13DDF89DE9DA782B608A6491C51445BD0D13
                                  SHA-256:608CB8218DF4FD6DDF0D9D92C95A3C2A4227E791A52FE37416C98413933DB410
                                  SHA-512:6FC2B0C6B087565E21C6CE9126E627224100DFA567ED454F96094AFDCDA606018959DF6B5A8D1BCE4E49FD1FD00BE9FDC7348269911A7F3F5EB48D9D12B02B86
                                  Malicious:false
                                  Reputation:low
                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.8.0.9.9.9.0.9.9.9.6.9.3.1.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.8.0.9.9.9.1.0.2.9.3.8.0.7.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.2.9.a.7.c.8.5.-.0.b.b.3.-.4.d.c.3.-.8.d.e.8.-.e.1.5.5.7.5.f.1.9.a.c.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.7.8.-.0.0.0.1.-.0.0.1.4.-.0.0.5.4.-.2.3.c.7.3.5.9.3.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.9.3.a.7.b.9.d.4.3.5.5.e.d.e.a.5.6.e.c.2.4.4.b.a.9.9.4.1.9.9.5.0.0.0.0.f.f.f.f.!.0.0.0.0.1.d.f.8.2.c.6.d.b.e.1.9.2.d.9.f.7.8.e.1.3.7.b.b.9.6.c.4.9.9.f.d.5.f.0.c.9.3.a.5.!.l.L.X.6.P.o.7.h.F.J...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.5././.0.2././.2.2.:.0.0.:.4.9.:.3.7.!.0.!.l.L.X.6.P.o.7.h.F.J...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....T.a.r.g.e.t.A.s.I.d.=.4.0.2.....I.s.F.a.t.a.l.=.4.2.9.4.

                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER3C5C.tmp.WERInternalMetadata.xml

                                  Download File
                                  Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):7636
                                  Entropy (8bit):3.7103030667580272
                                  Encrypted:false
                                  SSDEEP:192:R6l7wVeJFM6Rur6Y9tSU1gmfnrap1uw1fBUam:R6lXJ+6Ir6Y3SU1gmfnrmu6fBo
                                  MD5:06AE7FF2C574C987FFA1E657BA9560BC
                                  SHA1:7E6F5B97BC6F5F455EE6C634EE6474B06661DAA2
                                  SHA-256:2F546EF5F63D14646B3C2D1453590FFC855FA794F02914BB86D98E682697CB3D
                                  SHA-512:D4A1A1551CDC81077493A6EE2C5A08F7854E9034E1434A829226AFE0C8BD474DA4CB55FA58FEC1D7C1624DA99E513689A066A0F2B98F590CEB6CBD701EED3511
                                  Malicious:false
                                  Reputation:low
                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.0.3.2.<./.P.i.

                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER3C7C.tmp.xml

                                  Download File
                                  Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):4546
                                  Entropy (8bit):4.497031625511132
                                  Encrypted:false
                                  SSDEEP:96:uIjf8I7dx7VqBJFKoPHQJPHO2zft7tyOd:uIQYdx7gTRHIHTzFp3
                                  MD5:CCCC460ECF339FF2EA9B1D59241485B0
                                  SHA1:229A8A921452BA4E05781742F483B6E709A96154
                                  SHA-256:5A3EE79478901BDB0871A34FFB33A2EDEF4C1B9C27291AB1CFBDE6BBDFA47478
                                  SHA-512:E1C00367E4227E98B60FFCC9778CDF609ADE5E48EB00EF1538E00C6838396B2A33C09D778760BFB71DD672A90203F30F5D0926C51880FECE96BCA3CC4F4ADE2E
                                  Malicious:false
                                  Reputation:low
                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="288381" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                  C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dnshost.exe.log

                                  Download File
                                  Process:C:\Program Files (x86)\DNS Host\dnshost.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):525
                                  Entropy (8bit):5.259753436570609
                                  Encrypted:false
                                  SSDEEP:12:Q3LaJU2C9XAn10U29xtUz1B0U2uk71K6xhk70Ug+9pfu9tv:MLF2CpI329Iz52VMzffuT
                                  MD5:BAF1CCDBBF490EC9AD4777DEA18A088E
                                  SHA1:182D70FB02C352E77B48E8659283D448143AE92B
                                  SHA-256:7712762A17AA3E6D3F233930BF94E91878F87A9C1C3010AC5346A4E615197E81
                                  SHA-512:53B86FAC03DD2FA75D140143C9B1D7F49FC1E9605DAE1B894910848864D153F239676B0AF37E5666EA9E606EED8F3BF180846ADC6DB82B7840F3C1AC2EFCDEA8
                                  Malicious:false
                                  Reputation:moderate, very likely benign file
                                  Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..

                                  C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\lLX6Po7hFJ.exe.log

                                  Download File
                                  Process:C:\Users\user\Desktop\lLX6Po7hFJ.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):525
                                  Entropy (8bit):5.259753436570609
                                  Encrypted:false
                                  SSDEEP:12:Q3LaJU2C9XAn10U29xtUz1B0U2uk71K6xhk70Ug+9pfu9tv:MLF2CpI329Iz52VMzffuT
                                  MD5:BAF1CCDBBF490EC9AD4777DEA18A088E
                                  SHA1:182D70FB02C352E77B48E8659283D448143AE92B
                                  SHA-256:7712762A17AA3E6D3F233930BF94E91878F87A9C1C3010AC5346A4E615197E81
                                  SHA-512:53B86FAC03DD2FA75D140143C9B1D7F49FC1E9605DAE1B894910848864D153F239676B0AF37E5666EA9E606EED8F3BF180846ADC6DB82B7840F3C1AC2EFCDEA8
                                  Malicious:false
                                  Reputation:moderate, very likely benign file
                                  Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..

                                  C:\Users\user\AppData\Local\Temp\tmpC905.tmp

                                  Download File
                                  Process:C:\Users\user\Desktop\lLX6Po7hFJ.exe
                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1300
                                  Entropy (8bit):5.118096768456212
                                  Encrypted:false
                                  SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0Yg8xtn:cbk4oL600QydbQxIYODOLedq3s8j
                                  MD5:8F65F715E996FD5CC73C3A8AE48A817B
                                  SHA1:05D08CB7E77CBBE7A97D2113E07561864313344D
                                  SHA-256:077A6B8A6BFB2B94896CBB6B291F56AC64182522C757557BD1277DCC66E0901B
                                  SHA-512:46F47AE857A8CAC285F60E3EA2A277243462E554157DE79E81C99983C4B7F352E93E0A0506931E85EFB7242B52D8A47C1413171DB03BAA1511FFFFAB1C464EF2
                                  Malicious:true
                                  Preview:<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak

                                  C:\Users\user\AppData\Local\Temp\tmpC9F1.tmp

                                  Download File
                                  Process:C:\Users\user\Desktop\lLX6Po7hFJ.exe
                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                  Category:modified
                                  Size (bytes):1306
                                  Entropy (8bit):5.104451641222393
                                  Encrypted:false
                                  SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R9lxtn:cbk4oL600QydbQxIYODOLedq3S9lj
                                  MD5:CFD32F0E8DBE9B358E7445116E8FC086
                                  SHA1:00D89923A223372FAC166743853397ABD974825B
                                  SHA-256:3662F5D5D156CFA337FF07F335FC9D34B46E66DB3A7A2CF69C820DD4BA273ADD
                                  SHA-512:A190E08EDA457DF3FA3C25AA4C1211DDB8377B2C04BB3B16110F5C0FF1E440A709A1FB6543357C8625C323A1BF4E52ECF74115C1382A6EC10BBA657F42DF5014
                                  Malicious:false
                                  Preview:<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak

                                  C:\Users\user\AppData\Roaming\9E146BE9-C76A-4720-BCDB-53011B87BD06\run.dat

                                  Download File
                                  Process:C:\Users\user\Desktop\lLX6Po7hFJ.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):8
                                  Entropy (8bit):2.75
                                  Encrypted:false
                                  SSDEEP:3:FHt:f
                                  MD5:FC0600FACC59FE2D0642FC881E3EB415
                                  SHA1:46E1C2A187E1156B4F90672E785536666E51A45C
                                  SHA-256:8B69D02B871B5BAC24D06595EA28D3FC50139E541618C0EFC356882440545D1D
                                  SHA-512:599495F6AFEB6B863FDE0184F49AC03BFC2B611C21998D0DB76685A2B0F0F0DDEEE044DBB1B5ADC665ACA5535D7AB4289286AFC162CB29D3EEB0BA690E170E7E
                                  Malicious:true
                                  Preview:.$..La.H

                                  C:\Users\user\AppData\Roaming\9E146BE9-C76A-4720-BCDB-53011B87BD06\task.dat

                                  Download File
                                  Process:C:\Users\user\Desktop\lLX6Po7hFJ.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):37
                                  Entropy (8bit):4.334736393288403
                                  Encrypted:false
                                  SSDEEP:3:oNt+WfWJp9iA:oNwv9iA
                                  MD5:D12CA04ABAF993D6BA8F8E7BB5DF88DB
                                  SHA1:B5A164408E1279CA4295D7CFAF29D305EB4A5CDB
                                  SHA-256:99D75FD0E6A554301FAE723713FCB380451333D6C1BA27BA52FF6D565C78EB6D
                                  SHA-512:3651BBEE4C684188A4EEFF39A4DC5261016E795B1EF18738912A1B79DFF091C50A77FE51DE7355F9B2AA7D1C1927F0587CC7682059559BF5171C763467058A33
                                  Malicious:false
                                  Preview:C:\Users\user\Desktop\lLX6Po7hFJ.exe

                                  C:\Windows\appcompat\Programs\Amcache.hve

                                  Download File
                                  Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                  File Type:MS Windows registry file, NT/2000 or above
                                  Category:dropped
                                  Size (bytes):1835008
                                  Entropy (8bit):4.465375589575937
                                  Encrypted:false
                                  SSDEEP:6144:PIXfpi67eLPU9skLmb0b4gWSPKaJG8nAgejZMMhA2gX4WABl0uNpdwBCswSbt:gXD94gWlLZMM6YFH/+t
                                  MD5:34D2EFF39BC07BC5A34A8797A604FB63
                                  SHA1:096C8EEEFD9D54FA74C80BB11C55579DC0C49E2A
                                  SHA-256:CA58A15A01CAEBF18EAC4E6193BC3091708159010B49793FAA5F29109098F229
                                  SHA-512:C683757241CDD7AA462D1D59F3132095456BE67278A3E75444AF9BF0B6A6ABB62EB36612FC7108193895A7EC73B2AA24CAA1577FA1E38701FD0B0F23A0834852
                                  Malicious:false
                                  Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...6...............................................................................................................................................................................................................................................................................................................................................B..4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  Static File Info

                                  General

                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                  Entropy (8bit):7.4489272119388685
                                  TrID:
                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                  • DOS Executable Generic (2002/1) 0.01%
                                  File name:lLX6Po7hFJ.exe
                                  File size:207'872 bytes
                                  MD5:07d9144c3b3cfe44c24f850a74faaacc
                                  SHA1:1df82c6dbe192d9f78e137bb96c499fd5f0c93a5
                                  SHA256:4cef1677e5e896054778060ec165cb35bcc4c923a38ea7eea43609dea20492f0
                                  SHA512:39120f944f46dfa34f0d4a2e59a9bdb74a76d9f69b55c054969a96666b0366651bcc2a0ab4a48f3243a2046e961f43fba5e13d5b04248eeae0f86b7428133584
                                  SSDEEP:6144:sLV6Bta6dtJmakIM51O3JM1fMKQqa7FPp0k4v:sLV6BtpmkBGpC78v
                                  TLSH:2114CF567BA8492FE2DE867D712202129779C2D3ACD3F3DE28D455B75B223E406071E3
                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.T.....................b........... ........@.. .....................................................................

                                  File Icon

                                  Icon Hash:90cececece8e8eb0

                                  Static PE Info

                                  General

                                  Entrypoint:0x41e792
                                  Entrypoint Section:.text
                                  Digitally signed:false
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                  DLL Characteristics:
                                  Time Stamp:0x54E927A1 [Sun Feb 22 00:49:37 2015 UTC]
                                  TLS Callbacks:
                                  CLR (.Net) Version:
                                  OS Version Major:4
                                  OS Version Minor:0
                                  File Version Major:4
                                  File Version Minor:0
                                  Subsystem Version Major:4
                                  Subsystem Version Minor:0
                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                  Entrypoint Preview

                                  Instruction
                                  jmp dword ptr [00402000h]
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al

                                  Data Directories

                                  NameVirtual AddressVirtual Size Is in Section
                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x1e7380x57.text
                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x220000x15fc8.rsrc
                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x200000xc.reloc
                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                  Sections

                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                  .text0x20000x1c7980x1c8005579f6bdb26e34a67dfc0f6a507ee611False0.5945124040570176data6.5980804852315424IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  .reloc0x200000xc0x200fa81a8e21b7ba0db59d9a42aa7a5e570False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                  .rsrc0x220000x15fc80x1600049bcb2ba6f42631efed3dd8f8370617eFalse1.0003107244318181data7.997347846738398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                  Resources

                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                  RT_RCDATA0x220580x15f70data1.0004001422728082

                                  Imports

                                  DLLImport
                                  mscoree.dll_CorExeMain

                                  Network Behavior

                                  Snort IDS Alerts

                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                  04/20/24-17:17:24.137391TCP2046914ET TROJAN NanoCore RAT CnC 74974011720192.168.2.43.125.223.134
                                  04/20/24-17:17:36.690000TCP2046914ET TROJAN NanoCore RAT CnC 74974211720192.168.2.418.192.31.165
                                  04/20/24-17:17:48.359619TCP2046914ET TROJAN NanoCore RAT CnC 74974411720192.168.2.43.125.223.134
                                  04/20/24-17:17:53.838742TCP2046914ET TROJAN NanoCore RAT CnC 74974611720192.168.2.43.125.223.134
                                  04/20/24-17:18:03.957905TCP2046914ET TROJAN NanoCore RAT CnC 74974811720192.168.2.418.158.249.75
                                  04/20/24-17:17:03.543122TCP2816718ETPRO TROJAN NanoCore RAT Keep-Alive Beacon4973111720192.168.2.43.125.223.134
                                  04/20/24-17:17:42.667256TCP2046914ET TROJAN NanoCore RAT CnC 74974311720192.168.2.43.125.223.134
                                  04/20/24-17:17:58.848463TCP2046914ET TROJAN NanoCore RAT CnC 74974711720192.168.2.418.192.31.165
                                  04/20/24-17:17:11.936397TCP2046914ET TROJAN NanoCore RAT CnC 74973211720192.168.2.43.125.223.134
                                  04/20/24-17:17:04.378880TCP2046914ET TROJAN NanoCore RAT CnC 74973111720192.168.2.43.125.223.134
                                  04/20/24-17:17:18.030331TCP2046914ET TROJAN NanoCore RAT CnC 74973911720192.168.2.418.158.249.75
                                  04/20/24-17:16:58.191892TCP2046914ET TROJAN NanoCore RAT CnC 74973011720192.168.2.43.125.223.134
                                  04/20/24-17:17:31.011935TCP2046914ET TROJAN NanoCore RAT CnC 74974111720192.168.2.43.125.223.134

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Apr 20, 2024 17:16:56.228662014 CEST4973011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:16:56.435530901 CEST11720497303.125.223.134192.168.2.4
                                  Apr 20, 2024 17:16:56.435688972 CEST4973011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:16:56.469959974 CEST4973011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:16:56.676558018 CEST11720497303.125.223.134192.168.2.4
                                  Apr 20, 2024 17:16:56.951133966 CEST4973011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:16:57.157915115 CEST11720497303.125.223.134192.168.2.4
                                  Apr 20, 2024 17:16:57.158000946 CEST4973011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:16:57.364367008 CEST11720497303.125.223.134192.168.2.4
                                  Apr 20, 2024 17:16:57.364666939 CEST4973011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:16:57.571516037 CEST11720497303.125.223.134192.168.2.4
                                  Apr 20, 2024 17:16:57.571710110 CEST4973011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:16:57.778506994 CEST11720497303.125.223.134192.168.2.4
                                  Apr 20, 2024 17:16:57.778645992 CEST4973011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:16:57.985223055 CEST11720497303.125.223.134192.168.2.4
                                  Apr 20, 2024 17:16:57.985297918 CEST4973011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:16:58.191816092 CEST11720497303.125.223.134192.168.2.4
                                  Apr 20, 2024 17:16:58.191891909 CEST4973011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:16:58.373116016 CEST4973011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:16:58.398425102 CEST11720497303.125.223.134192.168.2.4
                                  Apr 20, 2024 17:16:58.398653030 CEST4973011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:02.496771097 CEST4973111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:02.705611944 CEST11720497313.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:02.705822945 CEST4973111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:02.706064939 CEST4973111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:02.914865017 CEST11720497313.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:02.915088892 CEST4973111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:03.124845028 CEST11720497313.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:03.124922991 CEST4973111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:03.333929062 CEST11720497313.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:03.334028959 CEST4973111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:03.543047905 CEST11720497313.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:03.543122053 CEST4973111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:03.751923084 CEST11720497313.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:03.752023935 CEST4973111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:03.960779905 CEST11720497313.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:03.960887909 CEST4973111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:04.169773102 CEST11720497313.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:04.169872999 CEST4973111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:04.378757000 CEST11720497313.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:04.378880024 CEST4973111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:04.528868914 CEST4973111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:04.587606907 CEST11720497313.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:04.587879896 CEST4973111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:08.653834105 CEST4973211720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:08.861382008 CEST11720497323.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:08.861500978 CEST4973211720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:08.862850904 CEST4973211720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:09.070281982 CEST11720497323.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:09.070396900 CEST4973211720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:09.277859926 CEST11720497323.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:09.277936935 CEST4973211720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:09.485487938 CEST11720497323.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:09.485586882 CEST4973211720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:09.693484068 CEST11720497323.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:09.693866968 CEST4973211720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:09.901721954 CEST11720497323.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:09.901962996 CEST4973211720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:10.109420061 CEST11720497323.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:10.185362101 CEST4973211720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:10.392734051 CEST11720497323.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:10.392833948 CEST4973211720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:10.600294113 CEST11720497323.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:10.600399971 CEST4973211720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:10.808165073 CEST11720497323.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:11.520167112 CEST4973211720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:11.728585958 CEST11720497323.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:11.728682995 CEST4973211720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:11.936283112 CEST11720497323.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:11.936397076 CEST4973211720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:11.997706890 CEST4973211720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:12.144325018 CEST11720497323.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:12.144479990 CEST4973211720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:16.139549017 CEST4973911720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:17:16.348557949 CEST117204973918.158.249.75192.168.2.4
                                  Apr 20, 2024 17:17:16.350541115 CEST4973911720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:17:16.350796938 CEST4973911720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:17:16.559737921 CEST117204973918.158.249.75192.168.2.4
                                  Apr 20, 2024 17:17:16.560123920 CEST4973911720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:17:16.769434929 CEST117204973918.158.249.75192.168.2.4
                                  Apr 20, 2024 17:17:16.769651890 CEST4973911720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:17:16.978907108 CEST117204973918.158.249.75192.168.2.4
                                  Apr 20, 2024 17:17:16.979294062 CEST4973911720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:17:17.188668013 CEST117204973918.158.249.75192.168.2.4
                                  Apr 20, 2024 17:17:17.189347029 CEST4973911720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:17:17.398582935 CEST117204973918.158.249.75192.168.2.4
                                  Apr 20, 2024 17:17:17.402292967 CEST4973911720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:17:17.611428976 CEST117204973918.158.249.75192.168.2.4
                                  Apr 20, 2024 17:17:17.611788988 CEST4973911720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:17:17.820889950 CEST117204973918.158.249.75192.168.2.4
                                  Apr 20, 2024 17:17:17.820965052 CEST4973911720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:17:18.030077934 CEST117204973918.158.249.75192.168.2.4
                                  Apr 20, 2024 17:17:18.030330896 CEST4973911720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:17:18.122662067 CEST4973911720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:17:18.239346981 CEST117204973918.158.249.75192.168.2.4
                                  Apr 20, 2024 17:17:18.239438057 CEST4973911720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:17:22.247869015 CEST4974011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:22.456825018 CEST11720497403.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:22.456984043 CEST4974011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:22.457343102 CEST4974011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:22.666804075 CEST11720497403.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:22.666865110 CEST4974011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:22.875648022 CEST11720497403.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:22.875827074 CEST4974011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:23.084590912 CEST11720497403.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:23.084712982 CEST4974011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:23.293508053 CEST11720497403.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:23.293737888 CEST4974011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:23.502877951 CEST11720497403.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:23.504296064 CEST4974011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:23.714279890 CEST11720497403.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:23.716285944 CEST4974011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:23.927850962 CEST11720497403.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:23.928284883 CEST4974011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:24.137257099 CEST11720497403.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:24.137391090 CEST4974011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:24.325834990 CEST4974011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:24.346044064 CEST11720497403.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:24.348258972 CEST4974011720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:29.130882978 CEST4974111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:29.339993954 CEST11720497413.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:29.340186119 CEST4974111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:29.340476990 CEST4974111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:29.549094915 CEST11720497413.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:29.549186945 CEST4974111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:29.757843971 CEST11720497413.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:29.758043051 CEST4974111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:29.966984034 CEST11720497413.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:29.967148066 CEST4974111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:30.176054001 CEST11720497413.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:30.176224947 CEST4974111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:30.384994030 CEST11720497413.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:30.385149956 CEST4974111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:30.593859911 CEST11720497413.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:30.593934059 CEST4974111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:30.802823067 CEST11720497413.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:30.802902937 CEST4974111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:31.011713028 CEST11720497413.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:31.011934996 CEST4974111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:31.106983900 CEST4974111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:31.220547915 CEST11720497413.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:31.220623970 CEST4974111720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:35.232255936 CEST4974211720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:35.440092087 CEST117204974218.192.31.165192.168.2.4
                                  Apr 20, 2024 17:17:35.440440893 CEST4974211720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:35.440562010 CEST4974211720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:35.648292065 CEST117204974218.192.31.165192.168.2.4
                                  Apr 20, 2024 17:17:35.648422956 CEST4974211720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:35.856242895 CEST117204974218.192.31.165192.168.2.4
                                  Apr 20, 2024 17:17:35.856590033 CEST4974211720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:36.064487934 CEST117204974218.192.31.165192.168.2.4
                                  Apr 20, 2024 17:17:36.064690113 CEST4974211720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:36.273324013 CEST117204974218.192.31.165192.168.2.4
                                  Apr 20, 2024 17:17:36.273669958 CEST4974211720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:36.481616974 CEST117204974218.192.31.165192.168.2.4
                                  Apr 20, 2024 17:17:36.481848955 CEST4974211720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:36.689867973 CEST117204974218.192.31.165192.168.2.4
                                  Apr 20, 2024 17:17:36.690000057 CEST4974211720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:36.891896963 CEST117204974218.192.31.165192.168.2.4
                                  Apr 20, 2024 17:17:36.892162085 CEST4974211720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:36.892795086 CEST4974211720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:36.897851944 CEST117204974218.192.31.165192.168.2.4
                                  Apr 20, 2024 17:17:37.099806070 CEST117204974218.192.31.165192.168.2.4
                                  Apr 20, 2024 17:17:41.011722088 CEST4974311720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:41.218372107 CEST11720497433.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:41.218499899 CEST4974311720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:41.218897104 CEST4974311720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:41.425506115 CEST11720497433.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:41.425616026 CEST4974311720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:41.632308006 CEST11720497433.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:41.632401943 CEST4974311720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:41.839024067 CEST11720497433.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:41.839119911 CEST4974311720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:42.045908928 CEST11720497433.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:42.046077013 CEST4974311720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:42.252811909 CEST11720497433.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:42.252909899 CEST4974311720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:42.459914923 CEST11720497433.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:42.460236073 CEST4974311720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:42.667160034 CEST11720497433.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:42.667256117 CEST4974311720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:42.779107094 CEST4974311720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:42.875076056 CEST11720497433.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:42.875245094 CEST4974311720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:46.902838945 CEST4974411720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:47.110732079 CEST11720497443.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:47.110836983 CEST4974411720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:47.111129999 CEST4974411720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:47.318983078 CEST11720497443.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:47.319171906 CEST4974411720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:47.527287960 CEST11720497443.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:47.527508020 CEST4974411720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:47.735563040 CEST11720497443.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:47.735771894 CEST4974411720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:47.943685055 CEST11720497443.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:47.943900108 CEST4974411720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:48.151670933 CEST11720497443.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:48.151798010 CEST4974411720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:48.359556913 CEST11720497443.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:48.359618902 CEST4974411720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:48.451021910 CEST4974411720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:48.567563057 CEST11720497443.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:48.567744970 CEST4974411720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:52.573405981 CEST4974611720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:52.784250975 CEST11720497463.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:52.784343958 CEST4974611720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:52.784615993 CEST4974611720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:52.994896889 CEST11720497463.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:52.994997025 CEST4974611720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:53.205286026 CEST11720497463.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:53.205341101 CEST4974611720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:53.415618896 CEST11720497463.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:53.415680885 CEST4974611720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:53.626033068 CEST11720497463.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:53.628329992 CEST4974611720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:53.838639021 CEST11720497463.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:53.838742018 CEST4974611720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:53.872812033 CEST4974611720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:54.049273014 CEST11720497463.125.223.134192.168.2.4
                                  Apr 20, 2024 17:17:54.051420927 CEST4974611720192.168.2.43.125.223.134
                                  Apr 20, 2024 17:17:58.011709929 CEST4974711720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:58.220511913 CEST117204974718.192.31.165192.168.2.4
                                  Apr 20, 2024 17:17:58.220747948 CEST4974711720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:58.221596956 CEST4974711720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:58.430361986 CEST117204974718.192.31.165192.168.2.4
                                  Apr 20, 2024 17:17:58.430466890 CEST4974711720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:58.639251947 CEST117204974718.192.31.165192.168.2.4
                                  Apr 20, 2024 17:17:58.639451027 CEST4974711720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:58.848222017 CEST117204974718.192.31.165192.168.2.4
                                  Apr 20, 2024 17:17:58.848463058 CEST4974711720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:58.997786045 CEST4974711720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:17:59.057056904 CEST117204974718.192.31.165192.168.2.4
                                  Apr 20, 2024 17:17:59.057193995 CEST4974711720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:03.122606039 CEST4974811720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:18:03.331162930 CEST117204974818.158.249.75192.168.2.4
                                  Apr 20, 2024 17:18:03.331401110 CEST4974811720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:18:03.331737041 CEST4974811720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:18:03.540256977 CEST117204974818.158.249.75192.168.2.4
                                  Apr 20, 2024 17:18:03.540395975 CEST4974811720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:18:03.748734951 CEST117204974818.158.249.75192.168.2.4
                                  Apr 20, 2024 17:18:03.749151945 CEST4974811720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:18:03.957561016 CEST117204974818.158.249.75192.168.2.4
                                  Apr 20, 2024 17:18:03.957905054 CEST4974811720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:18:04.060225010 CEST4974811720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:18:04.166557074 CEST117204974818.158.249.75192.168.2.4
                                  Apr 20, 2024 17:18:04.166851044 CEST4974811720192.168.2.418.158.249.75
                                  Apr 20, 2024 17:18:08.186741114 CEST4974911720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:08.393408060 CEST117204974918.192.31.165192.168.2.4
                                  Apr 20, 2024 17:18:08.393534899 CEST4974911720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:08.393773079 CEST4974911720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:08.435225964 CEST4974911720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:08.600117922 CEST117204974918.192.31.165192.168.2.4
                                  Apr 20, 2024 17:18:08.602303982 CEST4974911720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:12.557626009 CEST4975011720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:12.766166925 CEST117204975018.192.31.165192.168.2.4
                                  Apr 20, 2024 17:18:12.766298056 CEST4975011720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:12.766592979 CEST4975011720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:12.794668913 CEST4975011720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:12.974972963 CEST117204975018.192.31.165192.168.2.4
                                  Apr 20, 2024 17:18:12.975065947 CEST4975011720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:16.924803972 CEST4975111720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:17.135847092 CEST117204975118.192.31.165192.168.2.4
                                  Apr 20, 2024 17:18:17.136331081 CEST4975111720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:17.136706114 CEST4975111720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:17.185164928 CEST4975111720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:17.347595930 CEST117204975118.192.31.165192.168.2.4
                                  Apr 20, 2024 17:18:17.348303080 CEST4975111720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:21.308887005 CEST4975211720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:21.515479088 CEST117204975218.192.31.165192.168.2.4
                                  Apr 20, 2024 17:18:21.515620947 CEST4975211720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:21.515892982 CEST4975211720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:21.544557095 CEST4975211720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:21.722425938 CEST117204975218.192.31.165192.168.2.4
                                  Apr 20, 2024 17:18:21.728385925 CEST4975211720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:25.674253941 CEST4975311720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:25.882098913 CEST117204975318.192.31.165192.168.2.4
                                  Apr 20, 2024 17:18:25.882359982 CEST4975311720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:25.882838011 CEST4975311720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:25.904046059 CEST4975311720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:26.090567112 CEST117204975318.192.31.165192.168.2.4
                                  Apr 20, 2024 17:18:26.090740919 CEST4975311720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:30.026487112 CEST4975411720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:30.236013889 CEST117204975418.192.31.165192.168.2.4
                                  Apr 20, 2024 17:18:30.236196995 CEST4975411720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:30.236972094 CEST4975411720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:30.247646093 CEST4975411720192.168.2.418.192.31.165
                                  Apr 20, 2024 17:18:30.446286917 CEST117204975418.192.31.165192.168.2.4
                                  Apr 20, 2024 17:18:30.446495056 CEST4975411720192.168.2.418.192.31.165

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Apr 20, 2024 17:16:56.114391088 CEST6300253192.168.2.48.8.8.8
                                  Apr 20, 2024 17:16:56.221467018 CEST53630028.8.8.8192.168.2.4
                                  Apr 20, 2024 17:17:02.389811993 CEST6075953192.168.2.48.8.8.8
                                  Apr 20, 2024 17:17:02.495512962 CEST53607598.8.8.8192.168.2.4
                                  Apr 20, 2024 17:17:08.547640085 CEST5846753192.168.2.48.8.8.8
                                  Apr 20, 2024 17:17:08.653023958 CEST53584678.8.8.8192.168.2.4
                                  Apr 20, 2024 17:17:16.031946898 CEST6037553192.168.2.48.8.8.8
                                  Apr 20, 2024 17:17:16.138897896 CEST53603758.8.8.8192.168.2.4
                                  Apr 20, 2024 17:17:22.139462948 CEST5178853192.168.2.48.8.8.8
                                  Apr 20, 2024 17:17:22.246814966 CEST53517888.8.8.8192.168.2.4
                                  Apr 20, 2024 17:17:29.025079012 CEST5577553192.168.2.48.8.8.8
                                  Apr 20, 2024 17:17:29.130325079 CEST53557758.8.8.8192.168.2.4
                                  Apr 20, 2024 17:17:35.123785973 CEST5722353192.168.2.48.8.8.8
                                  Apr 20, 2024 17:17:35.231515884 CEST53572238.8.8.8192.168.2.4
                                  Apr 20, 2024 17:17:40.905378103 CEST5491153192.168.2.48.8.8.8
                                  Apr 20, 2024 17:17:41.010709047 CEST53549118.8.8.8192.168.2.4
                                  Apr 20, 2024 17:17:46.797152996 CEST6454053192.168.2.48.8.8.8
                                  Apr 20, 2024 17:17:46.902158022 CEST53645408.8.8.8192.168.2.4
                                  Apr 20, 2024 17:17:52.467348099 CEST6509253192.168.2.48.8.8.8
                                  Apr 20, 2024 17:17:52.572583914 CEST53650928.8.8.8192.168.2.4
                                  Apr 20, 2024 17:17:57.889056921 CEST5023753192.168.2.48.8.8.8
                                  Apr 20, 2024 17:17:58.011102915 CEST53502378.8.8.8192.168.2.4
                                  Apr 20, 2024 17:18:03.014661074 CEST5472553192.168.2.48.8.8.8
                                  Apr 20, 2024 17:18:03.121939898 CEST53547258.8.8.8192.168.2.4
                                  Apr 20, 2024 17:18:08.076833963 CEST5607453192.168.2.48.8.8.8
                                  Apr 20, 2024 17:18:08.182642937 CEST53560748.8.8.8192.168.2.4
                                  Apr 20, 2024 17:18:12.451982021 CEST6101453192.168.2.48.8.8.8
                                  Apr 20, 2024 17:18:12.556866884 CEST53610148.8.8.8192.168.2.4
                                  Apr 20, 2024 17:18:16.813385963 CEST5099353192.168.2.48.8.8.8
                                  Apr 20, 2024 17:18:16.920650005 CEST53509938.8.8.8192.168.2.4
                                  Apr 20, 2024 17:18:21.202725887 CEST5980453192.168.2.48.8.8.8
                                  Apr 20, 2024 17:18:21.307925940 CEST53598048.8.8.8192.168.2.4
                                  Apr 20, 2024 17:18:25.561564922 CEST5206353192.168.2.48.8.8.8
                                  Apr 20, 2024 17:18:25.666897058 CEST53520638.8.8.8192.168.2.4
                                  Apr 20, 2024 17:18:29.920797110 CEST5863153192.168.2.48.8.8.8
                                  Apr 20, 2024 17:18:30.025738001 CEST53586318.8.8.8192.168.2.4

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Apr 20, 2024 17:16:56.114391088 CEST192.168.2.48.8.8.80x7d7cStandard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:02.389811993 CEST192.168.2.48.8.8.80xd84cStandard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:08.547640085 CEST192.168.2.48.8.8.80x3d4aStandard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:16.031946898 CEST192.168.2.48.8.8.80xd51fStandard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:22.139462948 CEST192.168.2.48.8.8.80xdcb2Standard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:29.025079012 CEST192.168.2.48.8.8.80x52fcStandard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:35.123785973 CEST192.168.2.48.8.8.80x959bStandard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:40.905378103 CEST192.168.2.48.8.8.80xe3e4Standard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:46.797152996 CEST192.168.2.48.8.8.80xaa0eStandard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:52.467348099 CEST192.168.2.48.8.8.80xb628Standard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:57.889056921 CEST192.168.2.48.8.8.80xd6ffStandard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:18:03.014661074 CEST192.168.2.48.8.8.80xbd54Standard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:18:08.076833963 CEST192.168.2.48.8.8.80x491dStandard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:18:12.451982021 CEST192.168.2.48.8.8.80xc5fbStandard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:18:16.813385963 CEST192.168.2.48.8.8.80x6ca8Standard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:18:21.202725887 CEST192.168.2.48.8.8.80x75b8Standard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:18:25.561564922 CEST192.168.2.48.8.8.80x7d19Standard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:18:29.920797110 CEST192.168.2.48.8.8.80x20a6Standard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Apr 20, 2024 17:16:56.221467018 CEST8.8.8.8192.168.2.40x7d7cNo error (0)0.tcp.eu.ngrok.io3.125.223.134A (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:02.495512962 CEST8.8.8.8192.168.2.40xd84cNo error (0)0.tcp.eu.ngrok.io3.125.223.134A (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:08.653023958 CEST8.8.8.8192.168.2.40x3d4aNo error (0)0.tcp.eu.ngrok.io3.125.223.134A (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:16.138897896 CEST8.8.8.8192.168.2.40xd51fNo error (0)0.tcp.eu.ngrok.io18.158.249.75A (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:22.246814966 CEST8.8.8.8192.168.2.40xdcb2No error (0)0.tcp.eu.ngrok.io3.125.223.134A (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:29.130325079 CEST8.8.8.8192.168.2.40x52fcNo error (0)0.tcp.eu.ngrok.io3.125.223.134A (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:35.231515884 CEST8.8.8.8192.168.2.40x959bNo error (0)0.tcp.eu.ngrok.io18.192.31.165A (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:41.010709047 CEST8.8.8.8192.168.2.40xe3e4No error (0)0.tcp.eu.ngrok.io3.125.223.134A (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:46.902158022 CEST8.8.8.8192.168.2.40xaa0eNo error (0)0.tcp.eu.ngrok.io3.125.223.134A (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:52.572583914 CEST8.8.8.8192.168.2.40xb628No error (0)0.tcp.eu.ngrok.io3.125.223.134A (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:17:58.011102915 CEST8.8.8.8192.168.2.40xd6ffNo error (0)0.tcp.eu.ngrok.io18.192.31.165A (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:18:03.121939898 CEST8.8.8.8192.168.2.40xbd54No error (0)0.tcp.eu.ngrok.io18.158.249.75A (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:18:08.182642937 CEST8.8.8.8192.168.2.40x491dNo error (0)0.tcp.eu.ngrok.io18.192.31.165A (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:18:12.556866884 CEST8.8.8.8192.168.2.40xc5fbNo error (0)0.tcp.eu.ngrok.io18.192.31.165A (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:18:16.920650005 CEST8.8.8.8192.168.2.40x6ca8No error (0)0.tcp.eu.ngrok.io18.192.31.165A (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:18:21.307925940 CEST8.8.8.8192.168.2.40x75b8No error (0)0.tcp.eu.ngrok.io18.192.31.165A (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:18:25.666897058 CEST8.8.8.8192.168.2.40x7d19No error (0)0.tcp.eu.ngrok.io18.192.31.165A (IP address)IN (0x0001)false
                                  Apr 20, 2024 17:18:30.025738001 CEST8.8.8.8192.168.2.40x20a6No error (0)0.tcp.eu.ngrok.io18.192.31.165A (IP address)IN (0x0001)false

                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:17:16:54
                                  Start date:20/04/2024
                                  Path:C:\Users\user\Desktop\lLX6Po7hFJ.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\lLX6Po7hFJ.exe"
                                  Imagebase:0xe50000
                                  File size:207'872 bytes
                                  MD5 hash:07D9144C3B3CFE44C24F850A74FAAACC
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                  • Rule: NanoCore, Description: unknown, Source: 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmp, Author: Florian Roth
                                  • Rule: Nanocore, Description: detect Nanocore in memory, Source: 00000000.00000000.1637068211.0000000000E52000.00000002.00000001.01000000.00000003.sdmp, Author: JPCERT/CC Incident Response Group
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                  • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.2701373843.0000000006190000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                  • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.2701205255.0000000005F00000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.2701205255.0000000005F00000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                  • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.2701205255.0000000005F00000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                  • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.2698885233.00000000034C1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                  Reputation:low
                                  Has exited:true

                                  General

                                  Target ID:1
                                  Start time:17:16:54
                                  Start date:20/04/2024
                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                  Wow64 process (32bit):true
                                  Commandline:"schtasks.exe" /create /f /tn "DNS Host" /xml "C:\Users\user\AppData\Local\Temp\tmpC905.tmp"
                                  Imagebase:0xa10000
                                  File size:187'904 bytes
                                  MD5 hash:48C2FE20575769DE916F48EF0676A965
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:2
                                  Start time:17:16:55
                                  Start date:20/04/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff7699e0000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:3
                                  Start time:17:16:55
                                  Start date:20/04/2024
                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                  Wow64 process (32bit):true
                                  Commandline:"schtasks.exe" /create /f /tn "DNS Host Task" /xml "C:\Users\user\AppData\Local\Temp\tmpC9F1.tmp"
                                  Imagebase:0xa10000
                                  File size:187'904 bytes
                                  MD5 hash:48C2FE20575769DE916F48EF0676A965
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:4
                                  Start time:17:16:55
                                  Start date:20/04/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff7699e0000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:5
                                  Start time:17:16:57
                                  Start date:20/04/2024
                                  Path:C:\Users\user\Desktop\lLX6Po7hFJ.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Users\user\Desktop\lLX6Po7hFJ.exe 0
                                  Imagebase:0x2f0000
                                  File size:207'872 bytes
                                  MD5 hash:07D9144C3B3CFE44C24F850A74FAAACC
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000002.1722331286.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000005.00000002.1722331286.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                  • Rule: NanoCore, Description: unknown, Source: 00000005.00000002.1722331286.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000002.1722403436.00000000039D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000005.00000002.1722403436.00000000039D1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                  • Rule: NanoCore, Description: unknown, Source: 00000005.00000002.1722403436.00000000039D1000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  Reputation:low
                                  Has exited:true

                                  General

                                  Target ID:6
                                  Start time:17:16:57
                                  Start date:20/04/2024
                                  Path:C:\Program Files (x86)\DNS Host\dnshost.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Program Files (x86)\DNS Host\dnshost.exe" 0
                                  Imagebase:0x320000
                                  File size:207'872 bytes
                                  MD5 hash:07D9144C3B3CFE44C24F850A74FAAACC
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000006.00000002.1722430742.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000006.00000002.1722430742.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                  • Rule: NanoCore, Description: unknown, Source: 00000006.00000002.1722430742.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: C:\Program Files (x86)\DNS Host\dnshost.exe, Author: Joe Security
                                  • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: C:\Program Files (x86)\DNS Host\dnshost.exe, Author: unknown
                                  • Rule: NanoCore, Description: unknown, Source: C:\Program Files (x86)\DNS Host\dnshost.exe, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: C:\Program Files (x86)\DNS Host\dnshost.exe, Author: Florian Roth
                                  • Rule: Nanocore, Description: detect Nanocore in memory, Source: C:\Program Files (x86)\DNS Host\dnshost.exe, Author: JPCERT/CC Incident Response Group
                                  • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: C:\Program Files (x86)\DNS Host\dnshost.exe, Author: ditekSHen
                                  Antivirus matches:
                                  • Detection: 100%, Avira
                                  • Detection: 100%, Joe Sandbox ML
                                  • Detection: 97%, ReversingLabs
                                  • Detection: 90%, Virustotal, Browse
                                  Reputation:low
                                  Has exited:true

                                  General

                                  Target ID:7
                                  Start time:17:17:04
                                  Start date:20/04/2024
                                  Path:C:\Program Files (x86)\DNS Host\dnshost.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Program Files (x86)\DNS Host\dnshost.exe"
                                  Imagebase:0xf50000
                                  File size:207'872 bytes
                                  MD5 hash:07D9144C3B3CFE44C24F850A74FAAACC
                                  Has elevated privileges:false
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:true

                                  General

                                  Target ID:12
                                  Start time:17:18:29
                                  Start date:20/04/2024
                                  Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                  Wow64 process (32bit):true
                                  Commandline:dw20.exe -x -s 1468
                                  Imagebase:0x10000000
                                  File size:36'264 bytes
                                  MD5 hash:89106D4D0BA99F770EAFE946EA81BB65
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:moderate
                                  Has exited:true

                                  Disassembly

                                  Reset < >

                                    Execution Graph

                                    Execution Coverage:18.7%
                                    Dynamic/Decrypted Code Coverage:100%
                                    Signature Coverage:6.6%
                                    Total number of Nodes:211
                                    Total number of Limit Nodes:13
                                    execution_graph 17102 144a546 17103 144a584 DuplicateHandle 17102->17103 17104 144a5bc 17102->17104 17105 144a592 17103->17105 17104->17103 17106 144b746 17107 144b784 CreateIconFromResourceEx 17106->17107 17108 144b7bc 17106->17108 17109 144b792 17107->17109 17108->17107 17177 144b806 17178 144b866 17177->17178 17179 144b83b SendMessageW 17177->17179 17178->17179 17180 144b850 17179->17180 17181 580104a 17183 5801073 CopyFileW 17181->17183 17184 580109a 17183->17184 17185 19cdfd0 17186 19cdfd9 17185->17186 17190 19ce020 17186->17190 17194 19ce011 17186->17194 17187 19ce00a 17191 19ce028 17190->17191 17198 19ce051 17191->17198 17192 19ce041 17192->17187 17195 19ce028 17194->17195 17197 19ce051 2 API calls 17195->17197 17196 19ce041 17196->17187 17197->17196 17199 19ce05d 17198->17199 17200 19ce0ab 17199->17200 17203 19ce178 17199->17203 17208 19ce168 17199->17208 17200->17192 17204 19ce1a1 17203->17204 17205 19ce1dc 17204->17205 17213 580187a 17204->17213 17216 580180c 17204->17216 17205->17199 17209 19ce178 17208->17209 17210 19ce1dc 17209->17210 17211 580187a DnsQuery_A 17209->17211 17212 580180c DnsQuery_A 17209->17212 17210->17199 17211->17210 17212->17210 17214 58018ca DnsQuery_A 17213->17214 17215 58018d8 17214->17215 17215->17205 17217 5801822 DnsQuery_A 17216->17217 17219 58018d8 17217->17219 17219->17205 17110 5800d8e 17112 5800dc6 CreateFileW 17110->17112 17113 5800e15 17112->17113 17114 580260e 17116 5802643 GetProcessTimes 17114->17116 17117 5802675 17116->17117 17220 144a78a 17221 144a7b6 closesocket 17220->17221 17222 144a7ec 17220->17222 17223 144a7c4 17221->17223 17222->17221 17224 5800cce 17225 5800cf4 CreateDirectoryW 17224->17225 17227 5800d1b 17225->17227 17118 5801112 17119 5801147 RegSetValueExW 17118->17119 17121 5801193 17119->17121 17122 5801916 17124 580194e WSASocketW 17122->17124 17125 580198a 17124->17125 17126 144bed2 17127 144bef8 DeleteFileW 17126->17127 17129 144bf14 17127->17129 17228 5802d56 17230 5802d8b WSARecv 17228->17230 17231 5802dce 17230->17231 17130 580289a 17132 58028cf bind 17130->17132 17133 5802903 17132->17133 17134 580169a 17135 58016c6 GetSystemInfo 17134->17135 17136 58016fc 17134->17136 17137 58016d4 17135->17137 17136->17135 17138 580349e 17140 58034ca K32EnumProcesses 17138->17140 17141 58034e6 17140->17141 17232 144af9a 17233 144afea CreateActCtxA 17232->17233 17234 144aff8 17233->17234 17235 58014de 17237 5801513 GetExitCodeProcess 17235->17237 17238 580153c 17237->17238 17239 580365e FormatMessageW 17240 58036b0 17239->17240 17142 5803322 17144 5803351 AdjustTokenPrivileges 17142->17144 17145 5803373 17144->17145 17146 58020a2 17148 58020da MapViewOfFile 17146->17148 17149 5802129 17148->17149 17241 5803562 17242 5803597 NtQuerySystemInformation 17241->17242 17244 58035c2 17241->17244 17243 58035ac 17242->17243 17244->17242 17245 5802c62 17246 5802c97 WSASend 17245->17246 17248 5802cda 17246->17248 17150 5800ea6 17153 5800edb GetFileType 17150->17153 17152 5800f08 17153->17152 17249 5800f66 17250 5800f9b ReadFile 17249->17250 17252 5800fcd 17250->17252 17154 580012a 17156 5800162 CreateMutexW 17154->17156 17157 58001a5 17156->17157 17158 144a8ee 17159 144a920 SetWindowLongW 17158->17159 17161 144a94b 17158->17161 17160 144a935 17159->17160 17161->17159 17162 5800232 17163 580029d 17162->17163 17164 580025e FindCloseChangeNotification 17162->17164 17163->17164 17165 580026c 17164->17165 17257 5801ef2 17258 5801f2a ConvertStringSecurityDescriptorToSecurityDescriptorW 17257->17258 17260 5801f6b 17258->17260 17261 5802a72 17263 5802aa7 setsockopt 17261->17263 17264 5802ae1 17263->17264 17166 58013b6 17168 58013ee DuplicateHandle 17166->17168 17169 580143b 17168->17169 17265 5800776 17266 58007ab GetTokenInformation 17265->17266 17268 58007e8 17266->17268 17269 144aa32 17270 144aa6a RegOpenKeyExW 17269->17270 17272 144aac0 17270->17272 17170 144bb7e 17171 144bbe7 17170->17171 17172 144bbb3 PostMessageW 17170->17172 17171->17172 17173 144bbc8 17172->17173 17273 144be3e 17274 144be93 17273->17274 17275 144be6a DispatchMessageW 17273->17275 17274->17275 17276 144be7f 17275->17276 17277 19c0660 17278 19c0665 17277->17278 17279 19c0674 17278->17279 17281 19c0682 17278->17281 17282 19c069f 17281->17282 17289 19c43d0 17282->17289 17292 19c43c0 17282->17292 17283 19c07e2 17295 19c5d5f 17283->17295 17299 19c5d70 17283->17299 17284 19c0806 17284->17279 17303 19c4510 17289->17303 17290 19c43ed 17290->17283 17293 19c43ed 17292->17293 17294 19c4510 5 API calls 17292->17294 17293->17283 17294->17293 17296 19c5d79 17295->17296 17297 19c5d7d 17296->17297 17354 19c5de8 17296->17354 17297->17284 17301 19c5d79 17299->17301 17300 19c5d7d 17300->17284 17301->17300 17302 19c5de8 2 API calls 17301->17302 17302->17300 17304 19c451f 17303->17304 17305 19c4560 17303->17305 17308 19c45b8 17304->17308 17321 19c45c8 17304->17321 17305->17290 17334 58002ab 17308->17334 17338 58002de 17308->17338 17309 19c45f9 17309->17305 17310 19c45f5 17310->17309 17342 58003ca 17310->17342 17346 5800390 17310->17346 17312 19c4620 17313 19c4677 17312->17313 17316 5800390 RegQueryValueExA 17312->17316 17317 58003ca RegQueryValueExA 17312->17317 17350 144a372 17313->17350 17316->17313 17317->17313 17323 19c45f5 17321->17323 17330 58002ab RegOpenKeyExA 17321->17330 17331 58002de RegOpenKeyExA 17321->17331 17322 19c45f9 17322->17305 17323->17322 17332 5800390 RegQueryValueExA 17323->17332 17333 58003ca RegQueryValueExA 17323->17333 17324 19c4677 17329 144a372 SetErrorMode 17324->17329 17325 19c4685 17325->17305 17326 19c4620 17326->17324 17327 5800390 RegQueryValueExA 17326->17327 17328 58003ca RegQueryValueExA 17326->17328 17327->17324 17328->17324 17329->17325 17330->17323 17331->17323 17332->17326 17333->17326 17337 58002de RegOpenKeyExA 17334->17337 17336 5800362 17336->17310 17337->17336 17341 5800319 RegOpenKeyExA 17338->17341 17340 5800362 17340->17310 17341->17340 17344 5800405 RegQueryValueExA 17342->17344 17345 580046d 17344->17345 17345->17312 17348 58003ca RegQueryValueExA 17346->17348 17349 580046d 17348->17349 17349->17312 17351 144a3c7 17350->17351 17352 144a39e SetErrorMode 17350->17352 17351->17352 17353 144a3b3 17352->17353 17353->17305 17355 19c5e00 17354->17355 17359 5801597 17355->17359 17363 58015ba 17355->17363 17356 19c5e1a 17356->17297 17360 58015ba DeleteFileA 17359->17360 17362 5801632 17360->17362 17362->17356 17365 58015f5 DeleteFileA 17363->17365 17366 5801632 17365->17366 17366->17356 17174 580123e 17175 580128e GetTempFileNameW 17174->17175 17176 5801296 17175->17176 17367 144ab3a 17370 144ab6f RegQueryValueExW 17367->17370 17369 144abc3 17370->17369

                                    Executed Functions

                                    Function 019C8988 Relevance: 3.0, Strings: 2, Instructions: 505COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 356 19c8988-19c89cd 360 19c89cf-19c89e8 356->360 364 19c8a0c-19c8a13 360->364 365 19c89e6-19c8a0a 360->365 367 19c8a19-19c8aa7 364->367 368 19c8c92 364->368 375 19c90d8-19c90e3 365->375 462 19c8a8a-19c8ab2 367->462 463 19c8ab4 367->463 370 19c8c98-19c8ca2 368->370 372 19c8d09-19c8d3a 370->372 373 19c8ca4-19c8cb9 370->373 380 19c8d3c-19c8d42 372->380 381 19c8d47-19c8d51 372->381 383 19c8cbf-19c8cc9 373->383 384 19c90d3 373->384 392 19c90e4 375->392 385 19c8dc8-19c8de5 380->385 386 19c8d6e 381->386 387 19c8d53-19c8d6c 381->387 383->384 389 19c8ccf-19c8cd9 383->389 384->375 401 19c8e57-19c8e9c 385->401 402 19c8de7-19c8e0b 385->402 393 19c8d70-19c8d72 386->393 387->393 389->384 391 19c8cdf-19c8d04 389->391 391->375 392->392 397 19c8d78-19c8d92 393->397 398 19c8d74-19c8d76 393->398 397->385 406 19c8d94-19c8d97 397->406 398->385 504 19c8e9e call 1850606 401->504 505 19c8e9e call 18505df 401->505 402->384 410 19c8e11-19c8e18 402->410 408 19c8d9a-19c8d9f 406->408 408->384 412 19c8da5-19c8dc6 408->412 410->384 414 19c8e1e-19c8e2a 410->414 411 19c8ea4-19c8ec6 415 19c8ec8-19c8ecc 411->415 416 19c8f1b-19c8f2a 411->416 412->385 412->408 414->384 418 19c8e30-19c8e3c 414->418 415->416 419 19c8ece-19c8ed1 415->419 421 19c8f2c-19c8f31 416->421 422 19c8f33-19c8f37 416->422 418->384 423 19c8e42-19c8e52 418->423 425 19c8ed4-19c8ede 419->425 426 19c8f99-19c8f9d 421->426 422->384 427 19c8f3d-19c8f45 422->427 423->360 425->384 430 19c8ee4-19c8ef9 425->430 428 19c8f9f-19c8fa6 426->428 429 19c8ff2-19c900c 426->429 427->384 431 19c8f4b-19c8f58 427->431 428->429 432 19c8fa8-19c8fba 428->432 446 19c900e-19c9024 429->446 430->384 434 19c8eff-19c8f0c 430->434 431->384 435 19c8f5e-19c8f6b 431->435 443 19c8fbc-19c8fbf 432->443 444 19c8fe5-19c8ff0 432->444 434->384 437 19c8f12-19c8f19 434->437 435->384 438 19c8f71-19c8f8e 435->438 437->416 437->425 438->426 448 19c8fc2-19c8fc7 443->448 444->446 449 19c9058-19c905c 446->449 450 19c9026-19c9056 446->450 448->384 451 19c8fcd-19c8fd5 448->451 455 19c905e-19c9097 449->455 456 19c90bb-19c90d1 449->456 450->449 451->384 457 19c8fdb-19c8fe3 451->457 455->456 467 19c9099-19c90b5 455->467 456->375 457->444 457->448 464 19c8ab6-19c8ac4 462->464 463->464 468 19c8ac6-19c8ad1 464->468 469 19c8ad3-19c8ad5 464->469 467->456 471 19c8adb-19c8add 468->471 469->471 472 19c8adf 471->472 473 19c8ae9-19c8b0b 471->473 472->473 477 19c8b0d-19c8b1c 473->477 478 19c8b28-19c8b2b 473->478 477->478 479 19c8b1e 477->479 480 19c8b2d 478->480 481 19c8b34-19c8b7e 478->481 479->478 480->481 486 19c8b9f-19c8bad 481->486 487 19c8b80-19c8b9d 481->487 490 19c8bb8-19c8bf4 486->490 487->490 493 19c8c05-19c8c1b 490->493 494 19c8bf6-19c8bfd 490->494 497 19c8c1d-19c8c21 493->497 498 19c8c2b-19c8c33 493->498 494->493 497->498 499 19c8c23-19c8c25 497->499 502 19c8c39 call 1850606 498->502 503 19c8c39 call 18505df 498->503 499->498 500 19c8c3f-19c8c84 500->370 501 19c8c86-19c8c90 500->501 501->370 502->500 503->500 504->411 505->411
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: f`k$f`k
                                    • API String ID: 0-3251778840
                                    • Opcode ID: c0ac686beda226002c097d8fd2f28cc3fa0cb70e46e64326af6dc3adf2f158f6
                                    • Instruction ID: 58f83a15a969aa9e4fe28be6cc51f2c6b11f115dd2e23695e3e38b4f38193a27
                                    • Opcode Fuzzy Hash: c0ac686beda226002c097d8fd2f28cc3fa0cb70e46e64326af6dc3adf2f158f6
                                    • Instruction Fuzzy Hash: B812CD30E00615CFDB24CF29C48566EBBF2BF88709F15886EE18A9B651DB759C81CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C23A0 Relevance: 3.0, Strings: 2, Instructions: 505COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 200 19c23a0-19c23d3 201 19c23dc-19c23e5 200->201 202 19c23d5-19c23da 200->202 201->202 204 19c23e7-19c23f0 202->204 348 19c23f2 call 1850606 204->348 349 19c23f2 call 18505df 204->349 205 19c23f8-19c2400 208 19c23fe-19c2422 205->208 209 19c2424-19c242b 205->209 220 19c2af3-19c2afe 208->220 211 19c26aa 209->211 212 19c2431-19c24bf 209->212 214 19c26b0-19c26ba 211->214 305 19c24cc 212->305 306 19c24a2-19c24ca 212->306 216 19c26bc-19c26d1 214->216 217 19c2721-19c2752 214->217 225 19c2aee 216->225 226 19c26d7-19c26e1 216->226 227 19c275f-19c2769 217->227 228 19c2754-19c275a 217->228 234 19c2aff 220->234 225->220 226->225 229 19c26e7-19c26f1 226->229 232 19c276b-19c2784 227->232 233 19c2786 227->233 231 19c27e0-19c27fd 228->231 229->225 235 19c26f7-19c271c 229->235 245 19c286f-19c28de 231->245 246 19c27ff-19c2823 231->246 237 19c2788-19c278a 232->237 233->237 234->234 235->220 238 19c278c-19c278e 237->238 239 19c2790-19c27aa 237->239 238->231 239->231 250 19c27ac-19c27af 239->250 259 19c28e0-19c28e4 245->259 260 19c2933-19c2942 245->260 246->225 254 19c2829-19c2830 246->254 252 19c27b2-19c27b7 250->252 252->225 256 19c27bd-19c27de 252->256 254->225 258 19c2836-19c2842 254->258 256->231 256->252 258->225 262 19c2848-19c2854 258->262 259->260 264 19c28e6-19c28e9 259->264 266 19c294b-19c294f 260->266 267 19c2944-19c2949 260->267 262->225 263 19c285a-19c286a 262->263 263->204 269 19c28ec-19c28f6 264->269 266->225 271 19c2955-19c295d 266->271 270 19c29b1-19c29b5 267->270 269->225 275 19c28fc-19c2911 269->275 273 19c2a0a-19c2a24 270->273 274 19c29b7-19c29be 270->274 271->225 272 19c2963-19c2970 271->272 272->225 276 19c2976-19c2983 272->276 290 19c2a26-19c2a3c 273->290 274->273 277 19c29c0-19c29d2 274->277 275->225 279 19c2917-19c2924 275->279 276->225 280 19c2989-19c29a6 276->280 287 19c29fd-19c2a08 277->287 288 19c29d4-19c29d7 277->288 279->225 282 19c292a-19c2931 279->282 280->270 282->260 282->269 287->290 292 19c29da-19c29df 288->292 294 19c2a3e-19c2a6e 290->294 295 19c2a70-19c2a74 290->295 292->225 296 19c29e5-19c29ed 292->296 294->295 299 19c2ad6-19c2aec 295->299 300 19c2a76-19c2a89 295->300 296->225 301 19c29f3-19c29fb 296->301 299->220 350 19c2a8b call 1850606 300->350 351 19c2a8b call 18505df 300->351 301->287 301->292 310 19c24ce-19c24dc 305->310 306->310 309 19c2a91-19c2ab2 309->299 311 19c2ab4-19c2ad0 309->311 312 19c24de-19c24e9 310->312 313 19c24eb-19c24ed 310->313 311->299 314 19c24f3-19c24f5 312->314 313->314 317 19c24f7 314->317 318 19c2501-19c2523 314->318 317->318 321 19c2525-19c2534 318->321 322 19c2540-19c2543 318->322 321->322 323 19c2536 321->323 324 19c254c-19c256b 322->324 325 19c2545 322->325 323->322 346 19c256d call 1850606 324->346 347 19c256d call 18505df 324->347 325->324 327 19c2573-19c2596 330 19c2598-19c25b5 327->330 331 19c25b7-19c25c5 327->331 334 19c25d0-19c260c 330->334 331->334 337 19c261d-19c2633 334->337 338 19c260e-19c2615 334->338 341 19c2635-19c2639 337->341 342 19c2643-19c264b 337->342 338->337 341->342 343 19c263b-19c263d 341->343 352 19c2651 call 1850606 342->352 353 19c2651 call 19c2fa8 342->353 354 19c2651 call 18505df 342->354 355 19c2651 call 19c2f97 342->355 343->342 344 19c2657-19c269c 344->214 345 19c269e-19c26a8 344->345 345->214 346->327 347->327 348->205 349->205 350->309 351->309 352->344 353->344 354->344 355->344
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: f`k$f`k
                                    • API String ID: 0-3251778840
                                    • Opcode ID: 6ad95f7712bb203425c95578572fea6d46e9e89b48233c526ffff37639ebb514
                                    • Instruction ID: f28b6320272c250f08000ebe43685a2fff07f6eef8e75f8542ddabc7fd11fe18
                                    • Opcode Fuzzy Hash: 6ad95f7712bb203425c95578572fea6d46e9e89b48233c526ffff37639ebb514
                                    • Instruction Fuzzy Hash: DB12CC30A00215CFDB24CF68C5846ADB7F2BF84709F15856ED09AAB2A5DB74DC45CF92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CB028 Relevance: 2.2, Strings: 1, Instructions: 949COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: r
                                    • API String ID: 0-1812594589
                                    • Opcode ID: 9760599e8db4b17b88effb756071d59692bdbb90ffa501af731b8bc1c75ffb1e
                                    • Instruction ID: c1345a88de6f7f66d72a8bd5e207869366ac6c1ac9c39267fad1c56a4d2f960e
                                    • Opcode Fuzzy Hash: 9760599e8db4b17b88effb756071d59692bdbb90ffa501af731b8bc1c75ffb1e
                                    • Instruction Fuzzy Hash: 01927970A00606CFCB15CF68C581AAEFBF2FF88354F148569D49AAB651D730E985CF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05802848 Relevance: 1.6, APIs: 1, Instructions: 94networkCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 825 5802848-58028d7 830 58028d9 825->830 831 58028dc-58028f3 825->831 830->831 833 58028f5-5802915 bind 831->833 834 5802937-580293c 831->834 837 5802917-5802934 833->837 838 580293e-5802943 833->838 834->833 838->837
                                    APIs
                                    • bind.WS2_32(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 058028FB
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: bind
                                    • String ID:
                                    • API String ID: 1187836755-0
                                    • Opcode ID: b0d2e18d3e38d667eceff8bbfa0b3c1906332df8a40bb764945fc577b0a52c40
                                    • Instruction ID: 32c4e90028da2c88614d07cc2a0ef023d5431a2a24329702845409ec4ec6ebd8
                                    • Opcode Fuzzy Hash: b0d2e18d3e38d667eceff8bbfa0b3c1906332df8a40bb764945fc577b0a52c40
                                    • Instruction Fuzzy Hash: 2E318E7560A3C05FD7138B25CC55BA2BFB8AF07214F0984DBE985CF5A3D264A948C772
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 058032EB Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                    Download Yara Rule
                                    APIs
                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0580336B
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: AdjustPrivilegesToken
                                    • String ID:
                                    • API String ID: 2874748243-0
                                    • Opcode ID: 565afd5538d6ec7002e663b2eec52da691acdc1f8ac57ccdfe9d7f6332c58084
                                    • Instruction ID: ead5ec232fe4f8a9fe71cc23079eb46347389e2f15e87da152fc14945783473f
                                    • Opcode Fuzzy Hash: 565afd5538d6ec7002e663b2eec52da691acdc1f8ac57ccdfe9d7f6332c58084
                                    • Instruction Fuzzy Hash: 5D21BF755097809FEB228F25DC80B62BFB4AF06210F09849AE985CB5A3D2309908CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05802D56 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WSARecv.WS2_32(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 05802DC6
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Recv
                                    • String ID:
                                    • API String ID: 4192927123-0
                                    • Opcode ID: 51616ae154e76ff74cff27652369b3e0918dfca7095736bd0928c38be287a328
                                    • Instruction ID: 7d281db392a6d831ef74b43210eb5f71deb3dc5d2168d6c5e00a481eae8d3568
                                    • Opcode Fuzzy Hash: 51616ae154e76ff74cff27652369b3e0918dfca7095736bd0928c38be287a328
                                    • Instruction Fuzzy Hash: 2711AE72500204AFEB218F55CC84FA6BBE8EF04224F04845AEE86CA651D374E5498BB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05803527 Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • NtQuerySystemInformation.NTDLL ref: 0580359D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: InformationQuerySystem
                                    • String ID:
                                    • API String ID: 3562636166-0
                                    • Opcode ID: 86751ccb0bcb529e2fa77648237d940d1bb16fc424ab00e426b74736633a42bf
                                    • Instruction ID: 5e674fef27db2c0e6430e9dcd4377f997b5beee041e9b628829110319bd08830
                                    • Opcode Fuzzy Hash: 86751ccb0bcb529e2fa77648237d940d1bb16fc424ab00e426b74736633a42bf
                                    • Instruction Fuzzy Hash: 9021AE714097C09FDB638B20DC45A62FFB0EF17314F0984CBED848B5A3D265A909DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0580289A Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • bind.WS2_32(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 058028FB
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: bind
                                    • String ID:
                                    • API String ID: 1187836755-0
                                    • Opcode ID: 2764720424e53d1b7e1d3f911e3c2ce559c54b9da9bbd0560ec1aaf902c45d8c
                                    • Instruction ID: c10528b949f80d010875bbf87602b90fec7e59dd8a652478c3dfb5cedb7854c9
                                    • Opcode Fuzzy Hash: 2764720424e53d1b7e1d3f911e3c2ce559c54b9da9bbd0560ec1aaf902c45d8c
                                    • Instruction Fuzzy Hash: 2D119075600204AFEB60CB55DC85FA6F7E8EF04614F08846AED49DB681D374E948CAB6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05803322 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                    Download Yara Rule
                                    APIs
                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0580336B
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: AdjustPrivilegesToken
                                    • String ID:
                                    • API String ID: 2874748243-0
                                    • Opcode ID: bbc8c910c26d6f6b9249c8e097309d50dd994cb59ec65c401ae3c0bd424e64d0
                                    • Instruction ID: 4c77df45ea0fae54b62a2f6e64d60e59f9054e0c45d61569a965b3a5b7a56e83
                                    • Opcode Fuzzy Hash: bbc8c910c26d6f6b9249c8e097309d50dd994cb59ec65c401ae3c0bd424e64d0
                                    • Instruction Fuzzy Hash: BF115E716006049FEB60CF59DC84B66FBE4EF05220F08C86ADD46CBA51DB35E958CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0580169A Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetSystemInfo.KERNELBASE(?), ref: 058016CC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: InfoSystem
                                    • String ID:
                                    • API String ID: 31276548-0
                                    • Opcode ID: c6031b6e258136bfd54f418ff5d6df7fa3960a560bcf8a0e9012dc37a380aaf0
                                    • Instruction ID: c1cb11866c4baac91cf1e86677b918592b933f832e99a6126daad8e6c9375c2d
                                    • Opcode Fuzzy Hash: c6031b6e258136bfd54f418ff5d6df7fa3960a560bcf8a0e9012dc37a380aaf0
                                    • Instruction Fuzzy Hash: 85018B719002449FDB50CF19DC88B65FBE4EF05724F08C4AADD498F696D279E908CAA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05803562 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • NtQuerySystemInformation.NTDLL ref: 0580359D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: InformationQuerySystem
                                    • String ID:
                                    • API String ID: 3562636166-0
                                    • Opcode ID: 4e51e25514081caee89062cc8db7891cec854d7b0a325996a72ff539c140c0c5
                                    • Instruction ID: b0557fe87f5639569a324f018300a5b522e6540936ff9049cf22b5be8a669b05
                                    • Opcode Fuzzy Hash: 4e51e25514081caee89062cc8db7891cec854d7b0a325996a72ff539c140c0c5
                                    • Instruction Fuzzy Hash: F10178355006049FDB60CF05D884B65FBA0EF19725F08889ADE498A6A2C375E818CFA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C3850 Relevance: .8, Instructions: 758COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b731dea542bf10155ffa95e5238215a1c22710605d2960a76b5a48bb5e822415
                                    • Instruction ID: 8af793f06095479d3665f131d7be4468e673a24ba005c0aac57e7912e9b13036
                                    • Opcode Fuzzy Hash: b731dea542bf10155ffa95e5238215a1c22710605d2960a76b5a48bb5e822415
                                    • Instruction Fuzzy Hash: CE52F331A00206CFCB15CF68C4849AABBF6FF85704B19C5AAD59D9F212D731ED45CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C2FA8 Relevance: .2, Instructions: 239COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3ca070264db8b8f53e42279e36fa16b889d3c5172ee35dc9a4a34b81b895dd39
                                    • Instruction ID: aa64eab098da190fda291e0f6da5a03ec7ea8152cbe303c805c3d397f08b6ae6
                                    • Opcode Fuzzy Hash: 3ca070264db8b8f53e42279e36fa16b889d3c5172ee35dc9a4a34b81b895dd39
                                    • Instruction Fuzzy Hash: 9781BF32F111159BD704DB69D880AAEB7E3BFC8614F2AC478E409EB369DF359D018B91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CFB48 Relevance: 7.7, Strings: 6, Instructions: 244COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 19cfb48-19cfb89 4 19cfb84-19cfb8b 0->4 5 19cfb90-19cfb97 0->5 10 19cfd86-19cfd8d 4->10 7 19cfb99-19cfba0 5->7 8 19cfba7-19cfbb1 5->8 7->8 9 19cfba2 7->9 12 19cfbb8-19cfbc7 8->12 13 19cfbb3 8->13 9->10 14 19cfbcd-19cfbd5 12->14 15 19cfd8e 12->15 13->10 20 19cfc3f-19cfc41 14->20 18 19cfd93-19cfda8 15->18 24 19cfdaa-19cfde2 call 19c23a0 call 19c4138 18->24 25 19cfdfb-19cfe3a call 19c23a0 call 19c4138 18->25 22 19cfbd7-19cfbe0 20->22 23 19cfc43-19cfc51 20->23 22->18 26 19cfbe6-19cfbed 22->26 73 19cfc56 call 1850606 23->73 74 19cfc56 call 18505df 23->74 52 19cfde4-19cfde6 24->52 53 19cfdf0-19cfdf5 24->53 55 19cfe3c-19cfe3e 25->55 56 19cfe48-19cfe4d 25->56 26->18 30 19cfbf3-19cfbf8 26->30 28 19cfc5b-19cfc6b 32 19cfc6d-19cfc73 28->32 33 19cfc7a-19cfca7 28->33 35 19cfbfa-19cfc12 30->35 36 19cfc32-19cfc35 30->36 32->33 39 19cfc75 32->39 75 19cfcaa call 1850606 33->75 76 19cfcaa call 18505df 33->76 35->18 45 19cfc18-19cfc2d 35->45 36->15 38 19cfc3b-19cfc3d 36->38 38->20 39->10 42 19cfcaf-19cfcb2 47 19cfccf-19cfcd2 42->47 48 19cfcb4-19cfcbb 42->48 45->10 50 19cfcd4-19cfcde 47->50 51 19cfce1-19cfcf1 47->51 48->18 54 19cfcc1-19cfccd 48->54 50->51 51->10 58 19cfcf7-19cfd00 51->58 52->53 54->51 55->56 58->18 61 19cfd06-19cfd11 58->61 62 19cfd2a-19cfd48 61->62 63 19cfd13-19cfd1b 61->63 65 19cfd4b-19cfd4d 62->65 63->18 64 19cfd1d-19cfd28 63->64 64->65 67 19cfd4f-19cfd54 65->67 68 19cfd56-19cfd69 65->68 67->68 69 19cfd74-19cfd78 67->69 68->69 69->15 72 19cfd7a-19cfd80 69->72 72->10 72->58 73->28 74->28 75->42 76->42
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: \Ol$\Ol$\Ol$\Ol$\Ol$\Ol
                                    • API String ID: 0-1181208007
                                    • Opcode ID: 680aa12b342a52c4610a6161d692aa751af11ceca836879a4248d286230e675d
                                    • Instruction ID: 86e5e97d22e7514fa366c35322ab3d5fe61567a7ce1a1775643cfab3f7585edc
                                    • Opcode Fuzzy Hash: 680aa12b342a52c4610a6161d692aa751af11ceca836879a4248d286230e675d
                                    • Instruction Fuzzy Hash: 9B91D230A041118FDB15DFA8C490AAEB7F7EF85710B19856EE89EDB252DB30DD41CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C0980 Relevance: 5.2, Strings: 4, Instructions: 180COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 77 19c0980-19c0981 78 19c09eb-19c09f1 77->78 79 19c0983-19c0af1 77->79 80 19c0a12-19c0a2c 78->80 81 19c09f3-19c0a06 78->81 90 19c0b00-19c0b39 79->90 131 19c0a2e call 1850606 80->131 132 19c0a2e call 18505df 80->132 133 19c0a2e call 19c12a0 80->133 134 19c0a2e call 19c1292 80->134 87 19c0a0e-19c0a10 81->87 87->80 88 19c0a34-19c0a46 89 19c0a4c-19c0a56 88->89 88->90 91 19c0a58-19c0a5a 89->91 92 19c0a64-19c0a92 89->92 102 19c0b3f-19c0b55 90->102 103 19c0b37-19c0b3d 90->103 91->92 92->90 98 19c0a94-19c0a9e 92->98 100 19c0aac-19c0ad6 98->100 101 19c0aa0-19c0aa2 98->101 127 19c0ad9 call 1850606 100->127 128 19c0ad9 call 18505df 100->128 129 19c0ad9 call 19c3850 100->129 130 19c0ad9 call 19c3840 100->130 101->100 111 19c0b5b-19c0b6e 102->111 112 19c0b53-19c0b59 102->112 107 19c0ba7-19c0bac 103->107 119 19c0b6c-19c0b72 111->119 120 19c0b74-19c0b81 111->120 112->107 116 19c0adf-19c0aeb 119->107 123 19c0b87-19c0ba5 120->123 124 19c0b83-19c0b85 120->124 123->107 124->107 127->116 128->116 129->116 130->116 131->88 132->88 133->88 134->88
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: \Ol$\Ol$\Ol$\Ol
                                    • API String ID: 0-371742063
                                    • Opcode ID: 2cf535be104cb0177ceb1c1e1ff9ffd935a8ecc0f71c10a9873a69816c3865d3
                                    • Instruction ID: 333208253df5bd014f422537da25cfc02aea44932683746f75a55a5fb5051b58
                                    • Opcode Fuzzy Hash: 2cf535be104cb0177ceb1c1e1ff9ffd935a8ecc0f71c10a9873a69816c3865d3
                                    • Instruction Fuzzy Hash: 3C510535B00211DFCB15DFA8D851AAE77A6BF84B04F18496EE59BDF250CB349D05CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C09A9 Relevance: 5.1, Strings: 4, Instructions: 105COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 135 19c09a9-19c09dc 190 19c09de call 19c0baf 135->190 191 19c09de call 19c0bc0 135->191 140 19c09e4-19c09ef 192 19c09f5 call 1850606 140->192 193 19c09f5 call 19c1218 140->193 194 19c09f5 call 19c1209 140->194 195 19c09f5 call 18505df 140->195 142 19c09fb-19c0a2c 186 19c0a2e call 1850606 142->186 187 19c0a2e call 18505df 142->187 188 19c0a2e call 19c12a0 142->188 189 19c0a2e call 19c1292 142->189 147 19c0a34-19c0a46 148 19c0a4c-19c0a56 147->148 149 19c0b00-19c0b39 147->149 150 19c0a58-19c0a5a 148->150 151 19c0a64-19c0a92 148->151 161 19c0b3f-19c0b55 149->161 162 19c0b37-19c0b3d 149->162 150->151 151->149 157 19c0a94-19c0a9e 151->157 159 19c0aac-19c0ad6 157->159 160 19c0aa0-19c0aa2 157->160 196 19c0ad9 call 1850606 159->196 197 19c0ad9 call 18505df 159->197 198 19c0ad9 call 19c3850 159->198 199 19c0ad9 call 19c3840 159->199 160->159 170 19c0b5b-19c0b6e 161->170 171 19c0b53-19c0b59 161->171 166 19c0ba7-19c0bac 162->166 178 19c0b6c-19c0b72 170->178 179 19c0b74-19c0b81 170->179 171->166 175 19c0adf-19c0aeb 178->166 182 19c0b87-19c0ba5 179->182 183 19c0b83-19c0b85 179->183 182->166 183->166 186->147 187->147 188->147 189->147 190->140 191->140 192->142 193->142 194->142 195->142 196->175 197->175 198->175 199->175
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: \Ol$\Ol$\Ol$\Ol
                                    • API String ID: 0-371742063
                                    • Opcode ID: 12b279e7f1326ed0aecb112a14a35930e26b3958764c0fdb1ce74a790511614c
                                    • Instruction ID: 33898d83379aba81e2dce3aa76708bd779450021bdde33cddb6fcbd2b831cde7
                                    • Opcode Fuzzy Hash: 12b279e7f1326ed0aecb112a14a35930e26b3958764c0fdb1ce74a790511614c
                                    • Instruction Fuzzy Hash: 1E419A35B001159FDB05DFA9E468AADB7F2FF98304F158068E51A9B375CB30AC06CB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C02E8 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 506 19c02e8-19c0316 507 19c0318-19c0324 506->507 508 19c032a-19c0337 506->508 507->508 511 19c0506-19c0510 507->511 512 19c0339-19c0353 508->512 513 19c03a5-19c03d0 508->513 516 19c0355 512->516 517 19c0357 512->517 525 19c0373-19c038a 513->525 526 19c03d2-19c03dc 513->526 519 19c035a-19c036d 516->519 517->519 524 19c051c-19c05b5 519->524 519->525 531 19c038c 525->531 532 19c038e 525->532 527 19c03de-19c03e5 526->527 528 19c03ef 526->528 527->528 533 19c03f6-19c04df 528->533 534 19c0391-19c03a3 531->534 532->534 544 19c04e1 533->544 545 19c04e3 533->545 534->526 546 19c04e6-19c04fb 544->546 545->546 546->511
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: :@k$dSl
                                    • API String ID: 0-2366181727
                                    • Opcode ID: 82c2cdacf7470ffc01662e89278a4c97e2f7cb132997866af8267f0b94fd0ad4
                                    • Instruction ID: a4c98d3dca904481b4495932212e001d4e4029c31a26e9b98cc4b533f3aa2c46
                                    • Opcode Fuzzy Hash: 82c2cdacf7470ffc01662e89278a4c97e2f7cb132997866af8267f0b94fd0ad4
                                    • Instruction Fuzzy Hash: 2451C134B04205CFDB04DF68C050AAE7BF2BF89714F18846DE54AAB7A1DB359C45CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CA210 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 554 19ca210-19ca257 call 19ca3ae 560 19ca25e-19ca28a 554->560
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ,)l$;%F
                                    • API String ID: 0-2175992864
                                    • Opcode ID: d9fe727d87290259c58a79ce18bebff2b4fa6dbc00217432e904ac7548f699b9
                                    • Instruction ID: a975ad9b7c8155974663fb755876e1336788d9d1904786d4c60c530401abe063
                                    • Opcode Fuzzy Hash: d9fe727d87290259c58a79ce18bebff2b4fa6dbc00217432e904ac7548f699b9
                                    • Instruction Fuzzy Hash: B4F04C72708135878B0436B88820AFD32CB5BE21743544B6EE12DDF7E5EE628C054363
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CA220 Relevance: 2.5, Strings: 2, Instructions: 40COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 569 19ca220-19ca257 573 19ca25e-19ca28a 569->573
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ,)l$;%F
                                    • API String ID: 0-2175992864
                                    • Opcode ID: fa6996bdad59b62a579051d80a74ee5e2b76aee496aff6833f38968921afc9ae
                                    • Instruction ID: d24771490810471e1b384ab53526ac82b5e110f833d8b1e02f8ee1e1aa984c04
                                    • Opcode Fuzzy Hash: fa6996bdad59b62a579051d80a74ee5e2b76aee496aff6833f38968921afc9ae
                                    • Instruction Fuzzy Hash: 45F02422308025934B0826799850EBE72CB5BE65743544B2DE22ECF7D4DE62CC0543A7
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 058035DC Relevance: 1.6, APIs: 1, Instructions: 101windowCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 794 58035dc-580365b 797 580365e-58036a9 FormatMessageW 794->797 798 58036b0-58036df 797->798
                                    APIs
                                    • FormatMessageW.KERNELBASE(?,00000E24,?,?), ref: 058036A9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: FormatMessage
                                    • String ID:
                                    • API String ID: 1306739567-0
                                    • Opcode ID: 9f0d8545df5e911986d9b6637585787616ef96fd4b359fec83ec638dc14d04d5
                                    • Instruction ID: 7143a8606ec7a00a6264414e19b9f83fae5303b13f9d5c0ce0857c565bf8a509
                                    • Opcode Fuzzy Hash: 9f0d8545df5e911986d9b6637585787616ef96fd4b359fec83ec638dc14d04d5
                                    • Instruction Fuzzy Hash: 31315B7150E3C05FD7038B758C61A95BFB4EF47610B0E84CBD884CF6A3D628695AC7A2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0580180C Relevance: 1.6, APIs: 1, Instructions: 97networkCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 801 580180c-5801823 803 5801845-58018d2 DnsQuery_A 801->803 804 5801825-5801844 801->804 810 58018d8-58018ee 803->810 804->803
                                    APIs
                                    • DnsQuery_A.DNSAPI(?,00000E24,?,?), ref: 058018CA
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Query_
                                    • String ID:
                                    • API String ID: 428220571-0
                                    • Opcode ID: 1a5352adc19baa9542373f656fdfec65a602fc835ed19e7be8820f6b61d1d826
                                    • Instruction ID: 1755b5df55f864a37c218a4a47d1b5ccc34cc9a6133cd164d7421c9e0eb0da9d
                                    • Opcode Fuzzy Hash: 1a5352adc19baa9542373f656fdfec65a602fc835ed19e7be8820f6b61d1d826
                                    • Instruction Fuzzy Hash: 08318F6550E3C06FC31387258C61A61BFB5EF47620F0E41CBE884CB6A3D6296919D7B2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05801394 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 811 5801394-580142b 816 5801483-5801488 811->816 817 580142d-5801435 DuplicateHandle 811->817 816->817 818 580143b-580144d 817->818 820 580148a-580148f 818->820 821 580144f-5801480 818->821 820->821
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,00000E24), ref: 05801433
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: eb50e6b6c0d3226f4ea2476270930a5ce2e6123deeb5931ac56512ca32c8063e
                                    • Instruction ID: 1a781ee9de4d63aa58ce18d4b9b13153f89819eda1c38b0d5b7804c3ad37f511
                                    • Opcode Fuzzy Hash: eb50e6b6c0d3226f4ea2476270930a5ce2e6123deeb5931ac56512ca32c8063e
                                    • Instruction Fuzzy Hash: BE31C471504344AFEB228F65DC44FA7BFBCEF05220F04885AF985CB552D364A949CBB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05800390 Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 841 5800390-5800456 846 5800458-580046b RegQueryValueExA 841->846 847 580049b-58004a0 841->847 848 58004a2-58004a7 846->848 849 580046d-5800498 846->849 847->846 848->849
                                    APIs
                                    • RegQueryValueExA.KERNELBASE(?,00000E24), ref: 0580045E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: 3a920ed6d97e808a36b874750648006a9f526d62738b96f8777c576de0453339
                                    • Instruction ID: 90bd8490e38410cdb53adc9a48322f7665021b15f6da6f08c3bfc4a610627b68
                                    • Opcode Fuzzy Hash: 3a920ed6d97e808a36b874750648006a9f526d62738b96f8777c576de0453339
                                    • Instruction Fuzzy Hash: BF31C471004780AFE7228F51CC55FE6FBB8EF06314F08489EF9858B592D3A5A949CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 058011CC Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 868 58011cc-58012bf GetTempFileNameW
                                    APIs
                                    • GetTempFileNameW.KERNELBASE(?,00000E24,?,?), ref: 0580128E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: FileNameTemp
                                    • String ID:
                                    • API String ID: 745986568-0
                                    • Opcode ID: fb5ec0e514988d8242c4c4b85e7d3679ba4dd1d50e2643bbcb86859d53629362
                                    • Instruction ID: 00b439e23d569490b4329a9556e5f3c60e422c8259c0238ff1f4d61987e80526
                                    • Opcode Fuzzy Hash: fb5ec0e514988d8242c4c4b85e7d3679ba4dd1d50e2643bbcb86859d53629362
                                    • Instruction Fuzzy Hash: 97316B6150E3C05FD3038B258C61BA2BFB4EF47610F0E85DBE8849F5A3D225A919C7A2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05800736 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 854 5800736-58007d8 860 5800825-580082a 854->860 861 58007da-58007e2 GetTokenInformation 854->861 860->861 863 58007e8-58007fa 861->863 864 580082c-5800831 863->864 865 58007fc-5800822 863->865 864->865
                                    APIs
                                    • GetTokenInformation.KERNELBASE(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 058007E0
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: InformationToken
                                    • String ID:
                                    • API String ID: 4114910276-0
                                    • Opcode ID: d7cb43f66f03adef37b083f417a1880065572eebd49481de46da532c0b995149
                                    • Instruction ID: 1a816840a6fc88b34ee2e0aeecec1644453e1e13a48089566d9e3750246dee1d
                                    • Opcode Fuzzy Hash: d7cb43f66f03adef37b083f417a1880065572eebd49481de46da532c0b995149
                                    • Instruction Fuzzy Hash: AC31D171505780AFEB228F24DC55FE6BFB8EF06310F08849AE984CB552D234A948CBB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144AA02 Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 0144AAB1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Open
                                    • String ID:
                                    • API String ID: 71445658-0
                                    • Opcode ID: 339d9821ab1cd5cd67e79072641b7bfcdb1580d9c93bde02745d90c1044511bf
                                    • Instruction ID: aec012d441ba298bb1792d2159bc57769b2ad944491197ee92e1413ccd8a344c
                                    • Opcode Fuzzy Hash: 339d9821ab1cd5cd67e79072641b7bfcdb1580d9c93bde02745d90c1044511bf
                                    • Instruction Fuzzy Hash: EE31C271544380AFE7228B55CC45FA7BFBCEF06210F08849BE9858B652D264E94DCB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05800D68 Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05800E0D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CreateFile
                                    • String ID:
                                    • API String ID: 823142352-0
                                    • Opcode ID: b563c69de9882a56ed4d62648827dd3e9c3a89f7d61eacdacb398b9e150acd3b
                                    • Instruction ID: f2c72ba128eeefc87074482e68064c4e08936c128c0589297fe4be8e0cd260e9
                                    • Opcode Fuzzy Hash: b563c69de9882a56ed4d62648827dd3e9c3a89f7d61eacdacb398b9e150acd3b
                                    • Instruction Fuzzy Hash: 0E3192B1505340AFE722CB65CD44FA6BFE8EF05210F08889AED85CB692D365E809CB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05801491 Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetExitCodeProcess.KERNELBASE(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 05801534
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CodeExitProcess
                                    • String ID:
                                    • API String ID: 3861947596-0
                                    • Opcode ID: 1a5395e9d3f841dfdeae623476e87653e49deacd29767e34c207822fb804c746
                                    • Instruction ID: 5757d9817abd5c2c3acdb1929dd8da1ec23575f014397b147109eac2c72d1b95
                                    • Opcode Fuzzy Hash: 1a5395e9d3f841dfdeae623476e87653e49deacd29767e34c207822fb804c746
                                    • Instruction Fuzzy Hash: FD31C2716097805FE7128B24DC95BA6BFA8EF47320F0884DAE984CF5A3D224A908C761
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144AAF9 Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegQueryValueExW.KERNELBASE(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 0144ABB4
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: 42e54a193533c8d2b07425b998f7c79d48eac1b4fbf9434415ef78736d0293b5
                                    • Instruction ID: be75ae56fb0c49470ef5f222819a7988cc41d0c8bc7122a8333e2ccb8fd8ad5e
                                    • Opcode Fuzzy Hash: 42e54a193533c8d2b07425b998f7c79d48eac1b4fbf9434415ef78736d0293b5
                                    • Instruction Fuzzy Hash: 4C31A1755093805FE722CB25CC44FA3BFB8AF06210F18849AE945CB263D360E548CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 058000F6 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateMutexW.KERNELBASE(?,?), ref: 0580019D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CreateMutex
                                    • String ID:
                                    • API String ID: 1964310414-0
                                    • Opcode ID: 204714a2bd35f79c2a05d9453b4e1fb126f70108507aafcd1353a5bedc3a6fa4
                                    • Instruction ID: 24daf7f49fc590bd07a54901ce5db0cf933a0499f95d003eea31a309d9521876
                                    • Opcode Fuzzy Hash: 204714a2bd35f79c2a05d9453b4e1fb126f70108507aafcd1353a5bedc3a6fa4
                                    • Instruction Fuzzy Hash: 84318F71509380AFE711CB65DD95B96BFF8EF06210F08849AE988CB692D375E908C772
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05801EC6 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                    Download Yara Rule
                                    APIs
                                    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05801F63
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: DescriptorSecurity$ConvertString
                                    • String ID:
                                    • API String ID: 3907675253-0
                                    • Opcode ID: d3ef078f636e7a24c429f57a0886c99403218ef81fa34f0e69cff87358b60c77
                                    • Instruction ID: f4363a7a2ce1089f0329df17fc1cf3dcb2ec19a80b084211a5f644f09d5c70a0
                                    • Opcode Fuzzy Hash: d3ef078f636e7a24c429f57a0886c99403218ef81fa34f0e69cff87358b60c77
                                    • Instruction Fuzzy Hash: 9421C171505344AFE721CB65DC44FABBFB8EF45320F08849AE944DB692D364E908CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 058025D0 Relevance: 1.6, APIs: 1, Instructions: 87timeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetProcessTimes.KERNELBASE(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 0580266D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: ProcessTimes
                                    • String ID:
                                    • API String ID: 1995159646-0
                                    • Opcode ID: 094fa1740d7cc4581817f3e33187a8e17af99f766a1630e4054e560d1959f0c3
                                    • Instruction ID: 5acce1eb11439c944e9b42bc7811758de802c2e6b9a323467f6fe64d7c7473c1
                                    • Opcode Fuzzy Hash: 094fa1740d7cc4581817f3e33187a8e17af99f766a1630e4054e560d1959f0c3
                                    • Instruction Fuzzy Hash: 742106725053806FDB12CF64DC55FA6BFB8EF06310F08849AE985CB592D361A948CBB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05802A33 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                    Download Yara Rule
                                    APIs
                                    • setsockopt.WS2_32(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 05802AD9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: setsockopt
                                    • String ID:
                                    • API String ID: 3981526788-0
                                    • Opcode ID: 4f1e8b089701752e6575fcc592af70d155d699d1b5602b01d5f79593f44f0c9e
                                    • Instruction ID: b02f6956ef394372eba701efdd8d06b86367adc55bfe3113556b530d28603d6d
                                    • Opcode Fuzzy Hash: 4f1e8b089701752e6575fcc592af70d155d699d1b5602b01d5f79593f44f0c9e
                                    • Instruction Fuzzy Hash: EE31B171509380AFD722CF25CC54BA6BFB8EF46210F0884DAE984CB193D365A948C772
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 058004AB Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegQueryValueExW.KERNELBASE(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 0580055C
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: df2a1c700225305152501e124be0fb512e8760036e62ed72b353776c0e1862f6
                                    • Instruction ID: cbfdfd99f1fac52ff84735e39514ae4f62b8aae9d9476c762e4df0d1ef99b396
                                    • Opcode Fuzzy Hash: df2a1c700225305152501e124be0fb512e8760036e62ed72b353776c0e1862f6
                                    • Instruction Fuzzy Hash: BB318475509780AFD722CB65DC54F92BFF8AF06210F0884DAE985DB5A2D364E908CB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 058013B6 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,00000E24), ref: 05801433
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: 4164a6704a32594d0bed1d2282c926705a457fcf5524b25b6a18f738105443f7
                                    • Instruction ID: 1473e3160aa2d5697d016cb3129e80a4705355d90f71efc279ccf705ae1734ee
                                    • Opcode Fuzzy Hash: 4164a6704a32594d0bed1d2282c926705a457fcf5524b25b6a18f738105443f7
                                    • Instruction Fuzzy Hash: 2621B272500604AFEB21CF55DD44FAABBEDEF04324F04885AE945CB651D374E5488BB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05802C3D Relevance: 1.6, APIs: 1, Instructions: 80networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WSASend.WS2_32(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 05802CD2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Send
                                    • String ID:
                                    • API String ID: 121738739-0
                                    • Opcode ID: 334e7e0c75f3a3f85e46b033a5233914f9fa0a89c0f808b30705ed6d365210e3
                                    • Instruction ID: cfc30edf0a46b6e78c2dd950272d92dd08e8d2e64c5a34a5c4e91c08e85dac72
                                    • Opcode Fuzzy Hash: 334e7e0c75f3a3f85e46b033a5233914f9fa0a89c0f808b30705ed6d365210e3
                                    • Instruction Fuzzy Hash: 4C21D171500344AFEB228F55DC44FA7BBBCEF45214F08889AE985DB552D334A909CBB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05800E64 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetFileType.KERNELBASE(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 05800EF9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: FileType
                                    • String ID:
                                    • API String ID: 3081899298-0
                                    • Opcode ID: b16a974479136a90104be61e79b53f576922cd15f8c10c8a69944885fa98f13a
                                    • Instruction ID: d7660627554def34bbdd49b9a9c28efcfb2e2aeaf6bd19915d912baff4b16c8c
                                    • Opcode Fuzzy Hash: b16a974479136a90104be61e79b53f576922cd15f8c10c8a69944885fa98f13a
                                    • Instruction Fuzzy Hash: 092128B55097806FD7128B25DC45BA2BFBCEF47324F0880DAED848B293D264A909C771
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 058002AB Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegOpenKeyExA.KERNELBASE(?,00000E24), ref: 05800353
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Open
                                    • String ID:
                                    • API String ID: 71445658-0
                                    • Opcode ID: 90129fe41b355ebd606887c5ccf4f07a85dc643c1e06fbdc6e54150318f59e1e
                                    • Instruction ID: ec425c6be049aa330edab4ac80c1c9a5f38fe8f0b5c7fc2e4cfd09e796b89e27
                                    • Opcode Fuzzy Hash: 90129fe41b355ebd606887c5ccf4f07a85dc643c1e06fbdc6e54150318f59e1e
                                    • Instruction Fuzzy Hash: 9B21F975409380AFE7228F10CC45FA6FFB4EF06310F0840CAE9848B192D375A949C7B2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144AF50 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateActCtxA.KERNEL32(?,00000E24,?,?), ref: 0144AFEA
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: e53826704863db9ab37db7aed2b269e36f8d264d3c851b91b814b9f656d427ad
                                    • Instruction ID: e454206ae7dc1ec52b4369eaf99abd6a837be7586716e4da894fd0ddde05c460
                                    • Opcode Fuzzy Hash: e53826704863db9ab37db7aed2b269e36f8d264d3c851b91b814b9f656d427ad
                                    • Instruction Fuzzy Hash: 1F21A7715093C06FD3138B259C51B62BFB8EF87610F0A81DBE888DB653D224A919C7B2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05802082 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: FileView
                                    • String ID:
                                    • API String ID: 3314676101-0
                                    • Opcode ID: 186112f3a7c4476e5330db0fb29db7b27bd07ae6a9f0e60c933c2026e3848e0b
                                    • Instruction ID: 93ec8c1466705897a4f77168160e9fb584cce7bdeefbe7086fab7331e0196d87
                                    • Opcode Fuzzy Hash: 186112f3a7c4476e5330db0fb29db7b27bd07ae6a9f0e60c933c2026e3848e0b
                                    • Instruction Fuzzy Hash: 8D219171505340AFE722CB55CC45F96FFF8EF09214F08849EEA898B652D375A548CBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 058018F6 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WSASocketW.WS2_32(?,?,?,?,?), ref: 05801982
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Socket
                                    • String ID:
                                    • API String ID: 38366605-0
                                    • Opcode ID: 10f3245600af29287d478d4828ad4fe4a28b3d4bf26d9a0cc58eb1f35f2f7135
                                    • Instruction ID: 239ca1a6a39e8bc8489e087606315049e02b950223048a0984b13853321a72d4
                                    • Opcode Fuzzy Hash: 10f3245600af29287d478d4828ad4fe4a28b3d4bf26d9a0cc58eb1f35f2f7135
                                    • Instruction Fuzzy Hash: 4E219171505340AFD721CF55CC45FA6FFF8EF05220F08889AE9858B692C375A418CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05802D36 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WSARecv.WS2_32(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 05802DC6
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Recv
                                    • String ID:
                                    • API String ID: 4192927123-0
                                    • Opcode ID: a4b1da2d31e7d2f601cff7de6b523aa4806895a4b1f6cde2783e7a1dff2900d9
                                    • Instruction ID: 779e8181624466d872351cde0308c8cfab03bb3f8fd68701b5a2568f641b50c4
                                    • Opcode Fuzzy Hash: a4b1da2d31e7d2f601cff7de6b523aa4806895a4b1f6cde2783e7a1dff2900d9
                                    • Instruction Fuzzy Hash: 3321AE72504344AFDB228F55CC84FA7BBB8EF45220F08889AEA85CB552D334A548CBB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05800D8E Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05800E0D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CreateFile
                                    • String ID:
                                    • API String ID: 823142352-0
                                    • Opcode ID: 9a93ea82de01da6eb1b993141651d56dc8ad8ede5dbcce627be1a07f108bd92f
                                    • Instruction ID: 4bd8ee10cd2160bef4f781444549bf3041a59f43fb637031fc356b504360bdf3
                                    • Opcode Fuzzy Hash: 9a93ea82de01da6eb1b993141651d56dc8ad8ede5dbcce627be1a07f108bd92f
                                    • Instruction Fuzzy Hash: CB219F71504204AFE721CF65CD45FA6FBE8EF08614F088859ED89DB691D371E808CB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05801EF2 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                    Download Yara Rule
                                    APIs
                                    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05801F63
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: DescriptorSecurity$ConvertString
                                    • String ID:
                                    • API String ID: 3907675253-0
                                    • Opcode ID: 25cdc032afd5aeead24e6f23379e4467dff412388a29800490992ad2bb24ca95
                                    • Instruction ID: 9fbadc3db3a4b5a7876b1ec151739f0eee42c5cb1a7b06640ab3eb3ea46b7048
                                    • Opcode Fuzzy Hash: 25cdc032afd5aeead24e6f23379e4467dff412388a29800490992ad2bb24ca95
                                    • Instruction Fuzzy Hash: 94219271600204AFEB20DE65DD45FAAFBACEF04724F04846AED45DB681D774E948CAB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 058003CA Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegQueryValueExA.KERNELBASE(?,00000E24), ref: 0580045E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: e990c0fa316d3266e21d59d3421aac79efd295e96f032cfb2a47357218f9cc73
                                    • Instruction ID: e2eb8310b1101a7f583952ddac34df0f360d52c79dcd18e356952917cd58e027
                                    • Opcode Fuzzy Hash: e990c0fa316d3266e21d59d3421aac79efd295e96f032cfb2a47357218f9cc73
                                    • Instruction Fuzzy Hash: F121CC72500604AEEB21CF51DC84FB6FBA8EB04714F04885AFA458A691D3B1E9498BB6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 058010ED Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegSetValueExW.KERNELBASE(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 05801184
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Value
                                    • String ID:
                                    • API String ID: 3702945584-0
                                    • Opcode ID: 373f2de3df836595a3210fed8056428317508581b3c5fc99284321c0cab0773e
                                    • Instruction ID: 0008b11507cc6ad7b0735ddba9b58207ab80607725cc345ee327213de5477e5e
                                    • Opcode Fuzzy Hash: 373f2de3df836595a3210fed8056428317508581b3c5fc99284321c0cab0773e
                                    • Instruction Fuzzy Hash: 482190B2504740AFE7218A15DC84FA7BFBCEF05320F08859AE945DB692D364E948CBB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05800F34 Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • ReadFile.KERNELBASE(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 05800FC5
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: FileRead
                                    • String ID:
                                    • API String ID: 2738559852-0
                                    • Opcode ID: 37a9594e7861e32494f62c21a240dba61c16133b023323398c9746bccd217d6a
                                    • Instruction ID: 10ff6db8ca8f47d584712e45fe9f7d18d4c3f6cda54dd338fc1b85850315bebf
                                    • Opcode Fuzzy Hash: 37a9594e7861e32494f62c21a240dba61c16133b023323398c9746bccd217d6a
                                    • Instruction Fuzzy Hash: 3021C4715093806FD7228B55CC44FA6BFB8EF46314F0884DBE984CB553C225A949CB72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144AA32 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 0144AAB1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Open
                                    • String ID:
                                    • API String ID: 71445658-0
                                    • Opcode ID: 8b4d3368d9aac194820adee5e04665a96acc26046b446ded0ec67926987b5dd7
                                    • Instruction ID: 1f815586c4cb6110e4e9882d2cb0d85006be3bfafab67ec99f505e94d4bc6302
                                    • Opcode Fuzzy Hash: 8b4d3368d9aac194820adee5e04665a96acc26046b446ded0ec67926987b5dd7
                                    • Instruction Fuzzy Hash: 4B21FF72500200AFFB21CA55CD44FABFBECEF04214F18841BEA469B652D330E54C8AB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0580012A Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateMutexW.KERNELBASE(?,?), ref: 0580019D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CreateMutex
                                    • String ID:
                                    • API String ID: 1964310414-0
                                    • Opcode ID: 75d48e1057c508e3d142d1b7e4ae1ac5a1b020c8b6d01e712b9219d272b0bc4e
                                    • Instruction ID: cf65fc11a48ecc6c661a936e7996a1cf4b479f826c1290a499eae394709b1715
                                    • Opcode Fuzzy Hash: 75d48e1057c508e3d142d1b7e4ae1ac5a1b020c8b6d01e712b9219d272b0bc4e
                                    • Instruction Fuzzy Hash: 5721C271604240AFE720DF65DD45FAAFBE8EF05214F04846AED49CB781D371E908CA72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05800C97 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateDirectoryW.KERNELBASE(?,?), ref: 05800D13
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CreateDirectory
                                    • String ID:
                                    • API String ID: 4241100979-0
                                    • Opcode ID: 675d3b4ebc5f416526bcf976e64505ebcd87a92a48372fe5ebcc77bc284b87dc
                                    • Instruction ID: a7ee39a2f9d971d5cc50f3d8c12ab5062af3c418c75cf2cb645e6cd21fedc8f4
                                    • Opcode Fuzzy Hash: 675d3b4ebc5f416526bcf976e64505ebcd87a92a48372fe5ebcc77bc284b87dc
                                    • Instruction Fuzzy Hash: 2421A1B55093809FD751CB25CC85B62BFF8EF06210F0984DAED85CF1A2D224E909CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05801597 Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteFileA.KERNELBASE(?,00000E24), ref: 05801623
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID:
                                    • API String ID: 4033686569-0
                                    • Opcode ID: 6e93be3b084b6ab3593825ac44812c3a748ea2d72b6dde4fae1ac03c1481cabc
                                    • Instruction ID: 06cc89b5f300596c6141f742cea62cea99e7c7d7396742e63829ad17f35a9252
                                    • Opcode Fuzzy Hash: 6e93be3b084b6ab3593825ac44812c3a748ea2d72b6dde4fae1ac03c1481cabc
                                    • Instruction Fuzzy Hash: 8221D8715053406FE721CB15DC55FA6FFB8EF45720F08809AFD498B692D364E948C762
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0580100F Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CopyFileW.KERNELBASE(?,?,?), ref: 05801092
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CopyFile
                                    • String ID:
                                    • API String ID: 1304948518-0
                                    • Opcode ID: 28dd3d5a54bd1e20efb290178076ad146da1aa53028292a2aca2deadfa936dab
                                    • Instruction ID: dd9419802dec6ba776cccd77a4d6731006aad228f5d6157d2ff792abed0c08cd
                                    • Opcode Fuzzy Hash: 28dd3d5a54bd1e20efb290178076ad146da1aa53028292a2aca2deadfa936dab
                                    • Instruction Fuzzy Hash: DC2183716093C05FDB52CB25DC55BA3BFE8AF46324F0884DAED85CB693D225D804C761
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144AB3A Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegQueryValueExW.KERNELBASE(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 0144ABB4
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: 35aa5ffc8157ac49ff11f1f63c4750ebc199dfd9a13d736821a155d1f5856d23
                                    • Instruction ID: 4c48ca3035a40b06ff445bc684e24518a952ba3ebb950d3648be8994389b889c
                                    • Opcode Fuzzy Hash: 35aa5ffc8157ac49ff11f1f63c4750ebc199dfd9a13d736821a155d1f5856d23
                                    • Instruction Fuzzy Hash: D0216D75640644AFE721CE19CC84FA7FBECEF04610F18845AEA46CB761D370E548CAB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05800776 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetTokenInformation.KERNELBASE(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 058007E0
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: InformationToken
                                    • String ID:
                                    • API String ID: 4114910276-0
                                    • Opcode ID: ddf900ad069435ee277838d0b5b0254e88969a59ee6b50677377da54f0eaa2fb
                                    • Instruction ID: 46832006d4e4dc4973c41c2ea23e888b174a7aa66d53de9a14ed41ac71754c09
                                    • Opcode Fuzzy Hash: ddf900ad069435ee277838d0b5b0254e88969a59ee6b50677377da54f0eaa2fb
                                    • Instruction Fuzzy Hash: F011C371600204AFEB21CF55DC45FAAB7ACEF04214F04845AE945DB641D734E5488BB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 058001F4 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                    Download Yara Rule
                                    APIs
                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 05800264
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: ChangeCloseFindNotification
                                    • String ID:
                                    • API String ID: 2591292051-0
                                    • Opcode ID: 19c56ec82bbf3fd82cc2780d5bffad6e4ab847198867d95c53f8b11dce99fff5
                                    • Instruction ID: d058de586682977a00d33b82de8b1c193d04c3f240c925cdc0ce9cd93034df52
                                    • Opcode Fuzzy Hash: 19c56ec82bbf3fd82cc2780d5bffad6e4ab847198867d95c53f8b11dce99fff5
                                    • Instruction Fuzzy Hash: A421E7755093809FDB128F25DC85792BFB4FF42320F0884EBDD858B653D2359909DB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 058020A2 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: FileView
                                    • String ID:
                                    • API String ID: 3314676101-0
                                    • Opcode ID: 0cb0529fe0579f4ec1812e9c7f469b99466f45f9a58109e34f37d889704b1605
                                    • Instruction ID: 055594bd9d18ae7a420423efd3d86b4e7f2c56d384e63f204b278d1b2cda9a07
                                    • Opcode Fuzzy Hash: 0cb0529fe0579f4ec1812e9c7f469b99466f45f9a58109e34f37d889704b1605
                                    • Instruction Fuzzy Hash: B1219F71500204AFE721DF59CD85FAAFBE8EF09224F048459EA498B691D375F548CBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05801916 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WSASocketW.WS2_32(?,?,?,?,?), ref: 05801982
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Socket
                                    • String ID:
                                    • API String ID: 38366605-0
                                    • Opcode ID: 9ebda591ff0651bd94af565017fc90e03b1f17d6dd19ab70734fd6c25a9980a6
                                    • Instruction ID: 969c2dfe8a9b573f18d720db5a1f3e7221d128eb7dfcb44871657a7ecd9a8606
                                    • Opcode Fuzzy Hash: 9ebda591ff0651bd94af565017fc90e03b1f17d6dd19ab70734fd6c25a9980a6
                                    • Instruction Fuzzy Hash: 2121D171500200AFEB21CF55DD45FA6FBE8EF09324F04885AED858BA91C375E818CBB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05802C62 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WSASend.WS2_32(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 05802CD2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Send
                                    • String ID:
                                    • API String ID: 121738739-0
                                    • Opcode ID: 51616ae154e76ff74cff27652369b3e0918dfca7095736bd0928c38be287a328
                                    • Instruction ID: e61fbc25bbde37ac27bc3f61a06d67d5a6aade98682c493946e7702a0eec7502
                                    • Opcode Fuzzy Hash: 51616ae154e76ff74cff27652369b3e0918dfca7095736bd0928c38be287a328
                                    • Instruction Fuzzy Hash: 2B11C072500204AFEB21CF55DC44FA6FBE8EF08224F04885AEE46DBA51D374E5488BB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0580346D Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                    Download Yara Rule
                                    APIs
                                    • K32EnumProcesses.KERNEL32(?,?,?,B930CD41,00000000,?,?,?,?,?,?,?,?,6C9C3C58), ref: 058034DE
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: EnumProcesses
                                    • String ID:
                                    • API String ID: 84517404-0
                                    • Opcode ID: bf4ff10182bfedf2df4c1d9fb99c6667f248e466ac41e0cb46107789873af8d8
                                    • Instruction ID: ae849cac096fcdc6ce32a06f29ef22c7c744b5e28c1fd57ea747563c9bf077f9
                                    • Opcode Fuzzy Hash: bf4ff10182bfedf2df4c1d9fb99c6667f248e466ac41e0cb46107789873af8d8
                                    • Instruction Fuzzy Hash: B02162715093809FD752CB65DC85B96BFF4EF06210F0984EBE985CF5A3D234A908CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 058004EA Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegQueryValueExW.KERNELBASE(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 0580055C
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: 3f0bd25f1ae3979898c2e9e9ce7063db1c44d9021b060c1c451e57440b58b4cc
                                    • Instruction ID: b614fa8e136dae74e60ea8adf9d55014bedb89804df1bb964c16dd6f0bd44cc1
                                    • Opcode Fuzzy Hash: 3f0bd25f1ae3979898c2e9e9ce7063db1c44d9021b060c1c451e57440b58b4cc
                                    • Instruction Fuzzy Hash: 6C11AF72600604EFEB60CE15DC85FA6FBE8EF04614F08845AED46DB691D360E948CAB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05801112 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegSetValueExW.KERNELBASE(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 05801184
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Value
                                    • String ID:
                                    • API String ID: 3702945584-0
                                    • Opcode ID: e662967863b4d4c9dfebb7d73f7a04857ee926e1c7115eddbd54ba030c8f6351
                                    • Instruction ID: 636f60fe096dda64c3c1a87f4ba9dabd3a4a535197e5d34db7e550553abd0a08
                                    • Opcode Fuzzy Hash: e662967863b4d4c9dfebb7d73f7a04857ee926e1c7115eddbd54ba030c8f6351
                                    • Instruction Fuzzy Hash: F711AF72600200AFE7619E15CC84FA7FBECEF04724F08945AED45CA791D360E848CAB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0580260E Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetProcessTimes.KERNELBASE(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 0580266D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: ProcessTimes
                                    • String ID:
                                    • API String ID: 1995159646-0
                                    • Opcode ID: 262d09ee3fb8a80d596ef1d8868518181daad29aa0b5de0cc6bbb2bdc2f062ef
                                    • Instruction ID: b72303cca0584cc7e8b01cb8c1488fcbaa504d66983f7ca420aee0f32cd21bb3
                                    • Opcode Fuzzy Hash: 262d09ee3fb8a80d596ef1d8868518181daad29aa0b5de0cc6bbb2bdc2f062ef
                                    • Instruction Fuzzy Hash: B511E675600200AFEB21CF55DC44FA6FBE8EF04314F08845AED46CB691D375E9488BB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05802A72 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                    Download Yara Rule
                                    APIs
                                    • setsockopt.WS2_32(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 05802AD9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: setsockopt
                                    • String ID:
                                    • API String ID: 3981526788-0
                                    • Opcode ID: 7fc6a9a2376b8131fc96fbf4dba681a405b3af85c02e23f35d670d0fb394d8c1
                                    • Instruction ID: dcd9c9df696c20b239272a32e7fc8cc98eca87ce92b607269fcf5a1c0d1f8e48
                                    • Opcode Fuzzy Hash: 7fc6a9a2376b8131fc96fbf4dba681a405b3af85c02e23f35d670d0fb394d8c1
                                    • Instruction Fuzzy Hash: 0D11B175600204AFEB61CF55CC84FA6FBE8EF04614F08845AED4ACB691D774E948CBB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144A51F Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0144A58A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: efc28c9a11b4c77f253004b789a8c0d3627d80f0fe67d42c023322a616a36ab1
                                    • Instruction ID: 178fcf58a8c70ad357c620e8a7d699439716edb69145c75aeee703c870ee94b9
                                    • Opcode Fuzzy Hash: efc28c9a11b4c77f253004b789a8c0d3627d80f0fe67d42c023322a616a36ab1
                                    • Instruction Fuzzy Hash: 59118471449780AFDB228F55DC44B62FFF4EF4A310F0884DAED858B663C275A518DB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144B7CA Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(?,?,?,?), ref: 0144B841
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID:
                                    • API String ID: 3850602802-0
                                    • Opcode ID: e817fc22ee0ac93cadf02fd509361ec9dd5a6586c2f727904f4c92221c69e310
                                    • Instruction ID: e6bbf4e7478ee56df305f949ff2621a76a3179cb27e343dc880c9b833d3ba3cf
                                    • Opcode Fuzzy Hash: e817fc22ee0ac93cadf02fd509361ec9dd5a6586c2f727904f4c92221c69e310
                                    • Instruction Fuzzy Hash: 49219D714097C09FEB138B25DC54AA2BFB0EF07220F0D84CAEDC44F663D265A958DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 058014DE Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetExitCodeProcess.KERNELBASE(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 05801534
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CodeExitProcess
                                    • String ID:
                                    • API String ID: 3861947596-0
                                    • Opcode ID: 92c6c8481312a8c80f32398fb98b4af4495eb04056cb5680b8411814335fb798
                                    • Instruction ID: 9e4b1e342a5666a54a330a9738d79ba2ebc93f8eba7b09846606d0263ea5f85b
                                    • Opcode Fuzzy Hash: 92c6c8481312a8c80f32398fb98b4af4495eb04056cb5680b8411814335fb798
                                    • Instruction Fuzzy Hash: BD11E771600204AFEB50CB15DC45BAAB7A8DF05324F08846AED05CF681D374E948CAB5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 058015BA Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteFileA.KERNELBASE(?,00000E24), ref: 05801623
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID:
                                    • API String ID: 4033686569-0
                                    • Opcode ID: 08760f4440a1402531f38f3d576a67808e7daae65009e5b8015897226e77f22f
                                    • Instruction ID: 7b20be813a028950f86fea94e7a658b21bae1eb44f9a2063d87588cac5401a48
                                    • Opcode Fuzzy Hash: 08760f4440a1402531f38f3d576a67808e7daae65009e5b8015897226e77f22f
                                    • Instruction Fuzzy Hash: DE11C671600204AFEB60CB15DD45FB6FBA8DF05724F18805AFD09CA7D1D3B4E948CAA6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 058002DE Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegOpenKeyExA.KERNELBASE(?,00000E24), ref: 05800353
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Open
                                    • String ID:
                                    • API String ID: 71445658-0
                                    • Opcode ID: a7ac1e8c67a5f65accc25ede44164ded5bde84e34f9f18216d148f3ce1021594
                                    • Instruction ID: c3e35442b34dd56b827f7d541f3f5f75cd69288967b5a10d96823339613ec064
                                    • Opcode Fuzzy Hash: a7ac1e8c67a5f65accc25ede44164ded5bde84e34f9f18216d148f3ce1021594
                                    • Instruction Fuzzy Hash: C6110131500300EFEB22CF15CC45FB6FBA8EF04714F08804AEE498A691C371A948CBB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05800F66 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • ReadFile.KERNELBASE(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 05800FC5
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: FileRead
                                    • String ID:
                                    • API String ID: 2738559852-0
                                    • Opcode ID: 705fc17120f60f66094c8d717a5c388c252378eefe8c9264b45b153e06915e95
                                    • Instruction ID: aa61176eb7937479a3ec78a6943aba3bb1e729949c1d15d3785b500fbe726730
                                    • Opcode Fuzzy Hash: 705fc17120f60f66094c8d717a5c388c252378eefe8c9264b45b153e06915e95
                                    • Instruction Fuzzy Hash: AC11BF72500244AFEB61CF55DC44FAAFBA8EF05724F08845AEE49CB691C375A548CBB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144BB4F Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 0144BBB9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 95a86b41d265adbcad8c9ff6090078da17bb49b421c88a6c9738da1796965ce7
                                    • Instruction ID: 8d6947f702bbe918e0ed9ca316849a2cda4949f612651b4b63a550885047a5fb
                                    • Opcode Fuzzy Hash: 95a86b41d265adbcad8c9ff6090078da17bb49b421c88a6c9738da1796965ce7
                                    • Instruction Fuzzy Hash: 7311B1755097C09FDB228F25CC45B52FFB4EF06220F0884DEED858B663D265A458DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144BE05 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DispatchMessageW.USER32(?), ref: 0144BE70
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: DispatchMessage
                                    • String ID:
                                    • API String ID: 2061451462-0
                                    • Opcode ID: 44ce0aa230d2320782ce33905e9804c09a5dabfb82789e223a4e5531c6204390
                                    • Instruction ID: c831b83380d5020a57c47afd3ca18cd2f91e3d73fcd51c8c365e08658518c6ee
                                    • Opcode Fuzzy Hash: 44ce0aa230d2320782ce33905e9804c09a5dabfb82789e223a4e5531c6204390
                                    • Instruction Fuzzy Hash: 88116D754093C09FDB128B259C44762BFB4DF47624F0984DADD854F663D2659808CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144B71E Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 0144B78A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CreateFromIconResource
                                    • String ID:
                                    • API String ID: 3668623891-0
                                    • Opcode ID: 40d65ffb6217c186aa168253ce143f9529883f2ddc7431871b663bf4ee85cc4f
                                    • Instruction ID: f60a204690be5aeada70eef2daaa9bf88eec57ae17433dca0f267e3b3bd8d9a9
                                    • Opcode Fuzzy Hash: 40d65ffb6217c186aa168253ce143f9529883f2ddc7431871b663bf4ee85cc4f
                                    • Instruction Fuzzy Hash: AC11A2315083809FDB22CF54DC84B52FFF4EF4A310F08889EE9858B562C375A418DB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144BEB4 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteFileW.KERNELBASE(?), ref: 0144BF0C
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID:
                                    • API String ID: 4033686569-0
                                    • Opcode ID: 6a0b276e6a68475941ad6da7bcd5ee456160111f04bb5551893a2370f94821e5
                                    • Instruction ID: c0795d37ff0c0f6df6a0a7e0047bc0360060c4898ffb166f0b04f664c18d0e5f
                                    • Opcode Fuzzy Hash: 6a0b276e6a68475941ad6da7bcd5ee456160111f04bb5551893a2370f94821e5
                                    • Instruction Fuzzy Hash: CD1191716053809FD711CF29DC85B57BFE8EF46220F0884AAED49CF662D275E848CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05801667 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetSystemInfo.KERNELBASE(?), ref: 058016CC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: InfoSystem
                                    • String ID:
                                    • API String ID: 31276548-0
                                    • Opcode ID: 9d24fee514f9a4f377214fdcf16c7e9cebb5c364f02aad942948467490327a98
                                    • Instruction ID: bb22dc1b243bca013db255903366ca9de43ecbe49664f88fda07a5d364db4379
                                    • Opcode Fuzzy Hash: 9d24fee514f9a4f377214fdcf16c7e9cebb5c364f02aad942948467490327a98
                                    • Instruction Fuzzy Hash: 9C1190714093C09FD7128B24DC84B92BFB4EF46224F0984DBED84CF563C275A849CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144A75B Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: closesocket
                                    • String ID:
                                    • API String ID: 2781271927-0
                                    • Opcode ID: 76b56f2560d8747e57844db9a1f92a5697be287b29964008e98077159ba30d6e
                                    • Instruction ID: df39ae8837775b7f11128a87da64e534e4bc0dc77bb353f5e0b6cb5dc8c1eebe
                                    • Opcode Fuzzy Hash: 76b56f2560d8747e57844db9a1f92a5697be287b29964008e98077159ba30d6e
                                    • Instruction Fuzzy Hash: FB11BF715493809FDB12CF14DC84B92BFB4EF46220F1884DBED858F693D275A548CBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0580104A Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CopyFileW.KERNELBASE(?,?,?), ref: 05801092
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CopyFile
                                    • String ID:
                                    • API String ID: 1304948518-0
                                    • Opcode ID: 6739e790f787ed01f3e4ad5e7d386df2454b6075b2d4a5d9571908cb92454726
                                    • Instruction ID: 5fab9d905a29466381c2e8f8d71a9b36f1a3f210abba96f9fe2b50c18acf92d9
                                    • Opcode Fuzzy Hash: 6739e790f787ed01f3e4ad5e7d386df2454b6075b2d4a5d9571908cb92454726
                                    • Instruction Fuzzy Hash: C0118271A042409FEB50CF19DC85B67FBE8EF15320F08846ADD85CB681D675D804CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05800EA6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetFileType.KERNELBASE(?,00000E24,B930CD41,00000000,00000000,00000000,00000000), ref: 05800EF9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: FileType
                                    • String ID:
                                    • API String ID: 3081899298-0
                                    • Opcode ID: 81b5e174dd90da9ebd1e5352cdf2fe77db9c1067a3e2a6e397f39a831d89186c
                                    • Instruction ID: ddf8d2437af9d105764502822035be5a7b0da911863cee974d949fb099e8e534
                                    • Opcode Fuzzy Hash: 81b5e174dd90da9ebd1e5352cdf2fe77db9c1067a3e2a6e397f39a831d89186c
                                    • Instruction Fuzzy Hash: 7D01D671500204AFE760CB15DD85FF6FBA8DF05624F188056ED45CB7C1D374E9488AB6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05800CCE Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateDirectoryW.KERNELBASE(?,?), ref: 05800D13
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CreateDirectory
                                    • String ID:
                                    • API String ID: 4241100979-0
                                    • Opcode ID: 9c22a0b887930d033689458aa7c5662299cbb95d75b29da9e6ddcfce65094d7b
                                    • Instruction ID: 2daa9b220e46a24707fafe07404da2d2c5ebc692a94bee8834c9e7d17ac884e5
                                    • Opcode Fuzzy Hash: 9c22a0b887930d033689458aa7c5662299cbb95d75b29da9e6ddcfce65094d7b
                                    • Instruction Fuzzy Hash: CB117C756052048FDB90CF19DC89B66BBE8EF04220F4885AADD49CB682D274E9048A62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0580349E Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • K32EnumProcesses.KERNEL32(?,?,?,B930CD41,00000000,?,?,?,?,?,?,?,?,6C9C3C58), ref: 058034DE
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: EnumProcesses
                                    • String ID:
                                    • API String ID: 84517404-0
                                    • Opcode ID: 583912a8d53cdbe8c6646f4ac80a6211735a306a8cbc0f2c23a3b62412f28d4b
                                    • Instruction ID: 7d4d403bfa65f9bf2cb941c4dfddd088048b70881de94e66b1f7e31c00156b81
                                    • Opcode Fuzzy Hash: 583912a8d53cdbe8c6646f4ac80a6211735a306a8cbc0f2c23a3b62412f28d4b
                                    • Instruction Fuzzy Hash: AB11A1716006049FDB90CF59DC85B66FBE4EF15220F0888AADD49CF691D735E804CF62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144A8CC Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetWindowLongW.USER32(?,?,?), ref: 0144A926
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: LongWindow
                                    • String ID:
                                    • API String ID: 1378638983-0
                                    • Opcode ID: 84eae9eb3d75b7295a5bfb970e3dbdbba1ac6ab9a14c456b498032e46198d8a8
                                    • Instruction ID: 09cc744aefd7756b3a1c5d7b31a1274aef2f25da2397aeee25083d8c621926c7
                                    • Opcode Fuzzy Hash: 84eae9eb3d75b7295a5bfb970e3dbdbba1ac6ab9a14c456b498032e46198d8a8
                                    • Instruction Fuzzy Hash: B211CE354097809FDB228F15DC85B52FFF4EF06220F0984DAEE864B663C275A818CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144BED2 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteFileW.KERNELBASE(?), ref: 0144BF0C
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID:
                                    • API String ID: 4033686569-0
                                    • Opcode ID: b376f0b7e9a126aeb1fc9ae5a73e22ba6d73d1a18978f6dd9f3aabb25fb138ea
                                    • Instruction ID: d4f0148d5ddea2966467a54fcee4d7d6a2975068cb90787b2494808c7fb5bc3e
                                    • Opcode Fuzzy Hash: b376f0b7e9a126aeb1fc9ae5a73e22ba6d73d1a18978f6dd9f3aabb25fb138ea
                                    • Instruction Fuzzy Hash: B901B171A002009FEB60CF29D8857A6FBE8DF15220F08C4ABDD49CF756D275E408CE62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0580123E Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetTempFileNameW.KERNELBASE(?,00000E24,?,?), ref: 0580128E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: FileNameTemp
                                    • String ID:
                                    • API String ID: 745986568-0
                                    • Opcode ID: 6ecb5b1905870a3cb5b75b68788ae667a8f327db68b4c97519b2db5a461f833f
                                    • Instruction ID: 7040e5a910ceddc2ceb1a31873fbb1c2448eb3ce605871db47634bc72750b8b6
                                    • Opcode Fuzzy Hash: 6ecb5b1905870a3cb5b75b68788ae667a8f327db68b4c97519b2db5a461f833f
                                    • Instruction Fuzzy Hash: 4101B171A00200AFD310DF16CD45B66FBE8FB88A20F14811AED089BB41D731B955CBE5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0580365E Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • FormatMessageW.KERNELBASE(?,00000E24,?,?), ref: 058036A9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: FormatMessage
                                    • String ID:
                                    • API String ID: 1306739567-0
                                    • Opcode ID: 221a5e16b9c46ba35e8c7fcf8e1e02df7ee119334ab0b4a0a3149b27c6ae16a1
                                    • Instruction ID: 030bb386ad5265a6bed3b0f91410871a1421864c8c0c94fb199878a55ae81fd7
                                    • Opcode Fuzzy Hash: 221a5e16b9c46ba35e8c7fcf8e1e02df7ee119334ab0b4a0a3149b27c6ae16a1
                                    • Instruction Fuzzy Hash: 3F01B171A00200AFD310DF16CD45B66FBE8FB88A20F14811AED089BB41D731B955CBE5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144B746 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 0144B78A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CreateFromIconResource
                                    • String ID:
                                    • API String ID: 3668623891-0
                                    • Opcode ID: b435b0c25f29edc1339cc1a32e20c803be74b74dcf244972ce7c34686fd829ff
                                    • Instruction ID: b45cb29b3b7f61b8551f7d43581cb77697235e4222e1b2159e8aa4f0ebb73284
                                    • Opcode Fuzzy Hash: b435b0c25f29edc1339cc1a32e20c803be74b74dcf244972ce7c34686fd829ff
                                    • Instruction Fuzzy Hash: 3C0161315006009FEB21CF55D884B66FFF4EF08710F08845ADE854AA22D375E418DF62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144A546 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0144A58A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: 3db19db2f881aa96dfe0685d42e161f89abfabfaba1fb9d335c146eabbb6bb3b
                                    • Instruction ID: d565035f97ec3a801264756e63f36b9d3a99b39818b8d481fce841ff5c1fc729
                                    • Opcode Fuzzy Hash: 3db19db2f881aa96dfe0685d42e161f89abfabfaba1fb9d335c146eabbb6bb3b
                                    • Instruction Fuzzy Hash: 030161315006009FEB218F55D944B56FFF4EF08720F18C85ADE464BA66C375E418DFA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144AF9A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateActCtxA.KERNEL32(?,00000E24,?,?), ref: 0144AFEA
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: 4e750777bbefbbd3eee217e6f1e5079f1787de105ff9300fcedce45d255d4a91
                                    • Instruction ID: da1bd6efaa25ab852aabdd9a06d575a57a3332bd9aa12c4605689f19c2064b10
                                    • Opcode Fuzzy Hash: 4e750777bbefbbd3eee217e6f1e5079f1787de105ff9300fcedce45d255d4a91
                                    • Instruction Fuzzy Hash: 7801D671500200AFD310DF1ACD46B66FBE8FB88A20F14815AED089BB41D731F955CBE5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05800232 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 05800264
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: ChangeCloseFindNotification
                                    • String ID:
                                    • API String ID: 2591292051-0
                                    • Opcode ID: f677fac290ec2318c688ab8105b6926c9317638412c8b0d09db453a6d34cc0b4
                                    • Instruction ID: 1650ebcd97ff2e88f7b031cd9a88a0037012ba407d93fbf6c12d6466b6103691
                                    • Opcode Fuzzy Hash: f677fac290ec2318c688ab8105b6926c9317638412c8b0d09db453a6d34cc0b4
                                    • Instruction Fuzzy Hash: 1F01D471A01200DFEB50CF15DC88765FBE4EF45220F08C4AADD45CF681D275E948CA62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0580187A Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DnsQuery_A.DNSAPI(?,00000E24,?,?), ref: 058018CA
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2700574864.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5800000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Query_
                                    • String ID:
                                    • API String ID: 428220571-0
                                    • Opcode ID: 4aa5d4334b1db10251826ab5681655f08db27a34251a63f71e8b5ad1594db059
                                    • Instruction ID: e010c85ea5d424e753cab90416517e604f3cce6485366ac1a62759ba4839b273
                                    • Opcode Fuzzy Hash: 4aa5d4334b1db10251826ab5681655f08db27a34251a63f71e8b5ad1594db059
                                    • Instruction Fuzzy Hash: 6401A271500200ABD210DF1ACD46B66FBE8FB88A20F14811AED089BB41D771F955CBE5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144BB7E Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 0144BBB9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 813b5785c6c8972b14f37b6e376958937b4dd65ca08bdbe106fb481e445c6a9e
                                    • Instruction ID: cb08ea7f3d82f3ba3581421763b78280ea0b49cf29c8488d9fc8fb74a24c896d
                                    • Opcode Fuzzy Hash: 813b5785c6c8972b14f37b6e376958937b4dd65ca08bdbe106fb481e445c6a9e
                                    • Instruction Fuzzy Hash: 4301B1355046409FEB218F19DC85B66FBE4EF15220F08C09EDD464BB66C271E458CF62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144A78A Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: closesocket
                                    • String ID:
                                    • API String ID: 2781271927-0
                                    • Opcode ID: d6838f82c95e96ee32fefee4f1a3810a9a4950f0a4b74eece577d070b84039a9
                                    • Instruction ID: bc9da549118836131d42a9193b991199c72f745a04db22db2c6450478f45ab4f
                                    • Opcode Fuzzy Hash: d6838f82c95e96ee32fefee4f1a3810a9a4950f0a4b74eece577d070b84039a9
                                    • Instruction Fuzzy Hash: 1D01D6759002409FEB20CF19D884766FFE4EF05220F18C4ABDD4A8F756D279E548CEA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144B806 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(?,?,?,?), ref: 0144B841
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID:
                                    • API String ID: 3850602802-0
                                    • Opcode ID: e335653a4ab70d518132c864258e31b50b9268dcf37d65f78627bdf1bf224681
                                    • Instruction ID: 0bed991ed440a2556d65bd40f17fef477bd11d4e224a311bea9ca3429954506d
                                    • Opcode Fuzzy Hash: e335653a4ab70d518132c864258e31b50b9268dcf37d65f78627bdf1bf224681
                                    • Instruction Fuzzy Hash: 48018F319006409FEB218F15D884B66FBE0EF15620F08C49ADE450B762D375E458CFA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144A8EE Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetWindowLongW.USER32(?,?,?), ref: 0144A926
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: LongWindow
                                    • String ID:
                                    • API String ID: 1378638983-0
                                    • Opcode ID: df0907983d1a4c3e8af5f81d5744776008a80ac8be82d25716ebd3fd69b49e5b
                                    • Instruction ID: 2edf804c651542b2162f67f9203b701c2852bc737f60d06807ee87774f9e83b4
                                    • Opcode Fuzzy Hash: df0907983d1a4c3e8af5f81d5744776008a80ac8be82d25716ebd3fd69b49e5b
                                    • Instruction Fuzzy Hash: 2701A2395006009FEB208F05D885752FFE4EF19620F18C49ADE460B762C375E418CF62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144A372 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetErrorMode.KERNELBASE(?), ref: 0144A3A4
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: ErrorMode
                                    • String ID:
                                    • API String ID: 2340568224-0
                                    • Opcode ID: 4059202b1b5209e9dc01f29e7a03d01306067ba4ec24bd965a5873df8f6e8fcd
                                    • Instruction ID: c8e02ace097e7d37f23bc80327b34c3d7befffd4b6fae8cf15ce72bc9b7f9474
                                    • Opcode Fuzzy Hash: 4059202b1b5209e9dc01f29e7a03d01306067ba4ec24bd965a5873df8f6e8fcd
                                    • Instruction Fuzzy Hash: 98F0A4755402409FEB10CF09D885766FFE4DF05624F18C09BDD464BB62D2B5E458CEA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0144BE3E Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DispatchMessageW.USER32(?), ref: 0144BE70
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697619433.000000000144A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_144a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: DispatchMessage
                                    • String ID:
                                    • API String ID: 2061451462-0
                                    • Opcode ID: 4059202b1b5209e9dc01f29e7a03d01306067ba4ec24bd965a5873df8f6e8fcd
                                    • Instruction ID: e0633141acf81e346ad6291203a3c8a2bd922c0b7e8baffbdaa854096516860b
                                    • Opcode Fuzzy Hash: 4059202b1b5209e9dc01f29e7a03d01306067ba4ec24bd965a5873df8f6e8fcd
                                    • Instruction Fuzzy Hash: 4FF0A9359046409FEB208F09D885762FBE4EF55630F18C0ABDE094B762D3B9E448CEA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C20D0 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: r*+
                                    • API String ID: 0-3221063712
                                    • Opcode ID: 986ab955ba92661adeb7a784334fe29156f7f7e5892050bbb5ca2614d288ced3
                                    • Instruction ID: 79bfd712a0d4c7c4971298f4fd40d83b68d659b109c1ca20d2dbc4be7d5cd100
                                    • Opcode Fuzzy Hash: 986ab955ba92661adeb7a784334fe29156f7f7e5892050bbb5ca2614d288ced3
                                    • Instruction Fuzzy Hash: 84716D30A08209DFDB44DFA8C545ABEBBF2FF85700F10846ED58A9B665D7309D45CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C32BB Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID: 0-3916222277
                                    • Opcode ID: 649250b7773431cd389a251b3954a7075321df3618da9350e7b14c93fbfebba1
                                    • Instruction ID: 9ce2813a7e367e9b882ebf0eb9e2f7d2a8c850eab9272c4cd0240116e8134788
                                    • Opcode Fuzzy Hash: 649250b7773431cd389a251b3954a7075321df3618da9350e7b14c93fbfebba1
                                    • Instruction Fuzzy Hash: 7051ED31B042058FCB55CF68C8445AEBBB2FBC9215755C8BEC14ADB741DB359E068B93
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068502E8 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2702045570.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: \Ol
                                    • API String ID: 0-1319056321
                                    • Opcode ID: 4e3acfeacd14598ae07d0df2820912b7acfa33475e9959ef38a880142c08ed93
                                    • Instruction ID: 55e80b3d3546d36762a20a25aec8fe0fec125eb40e0548f7e110ac59b31ac2f2
                                    • Opcode Fuzzy Hash: 4e3acfeacd14598ae07d0df2820912b7acfa33475e9959ef38a880142c08ed93
                                    • Instruction Fuzzy Hash: 9F51B330A0024ADFDB94DFA9D051AAEBBF2BB84308F55452DD80ADB355DB349949CBC1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C2D58 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID: 0-3916222277
                                    • Opcode ID: f6e36a1f2e7312a3f062932663676c1e4bd4f772e9461d596fb0408019f7ea12
                                    • Instruction ID: 81818fcc8b6f3b76580afde75f0cdb185a042164b59836ed6d47ace5916aec48
                                    • Opcode Fuzzy Hash: f6e36a1f2e7312a3f062932663676c1e4bd4f772e9461d596fb0408019f7ea12
                                    • Instruction Fuzzy Hash: BA41D630F04215CFCB10DF69C8449AE7BA6ABC0615B15C83EC49AEB606D735E942CB93
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C0682 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: -ZEk^
                                    • API String ID: 0-2932953729
                                    • Opcode ID: 1fa3b59f4b01fbf04f0dc3b9be9ab8c0227f5c52affa1ed82407d9fa57b7479f
                                    • Instruction ID: 4dab18d6ce5acc5f7e855381f26aeecd2229c8166c95ba0affa280e5c773565c
                                    • Opcode Fuzzy Hash: 1fa3b59f4b01fbf04f0dc3b9be9ab8c0227f5c52affa1ed82407d9fa57b7479f
                                    • Instruction Fuzzy Hash: FD4170307002018FD7286B78E81D66D3AA6FF9470AB0A456EF412CF278DF758C099BD2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06850007 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2702045570.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: L.l
                                    • API String ID: 0-1469302089
                                    • Opcode ID: 5caed1124557dd27d76605b3fb03e467c1b105a2bc6c79b9e7fa2e2a1da33212
                                    • Instruction ID: 7f66559e05ff794b3201ea7725a9e3cbcaa1aad4823c16babd3fcdb213082370
                                    • Opcode Fuzzy Hash: 5caed1124557dd27d76605b3fb03e467c1b105a2bc6c79b9e7fa2e2a1da33212
                                    • Instruction Fuzzy Hash: 6A31D230A0A3869FDB439F709C126DA7FF1AF47314B0A48ABD481DF192D7259C55C7A2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CD170 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 5>Ek^
                                    • API String ID: 0-1241902742
                                    • Opcode ID: 1121538350ffb5a9ec8a6441eb35244ebde5216dfdf119e0f2cff0b5458c66ea
                                    • Instruction ID: 16f6ade1004df41f67cabe96ab2b6487e3b84e48835631641edae8c4b34e31e1
                                    • Opcode Fuzzy Hash: 1121538350ffb5a9ec8a6441eb35244ebde5216dfdf119e0f2cff0b5458c66ea
                                    • Instruction Fuzzy Hash: 00419F706053448FD7899F79D0140987BE1FB9631C32488AEE18ACF356DB76990BCB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C45C8 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: L.l
                                    • API String ID: 0-1469302089
                                    • Opcode ID: 3039c44faae218d1dfc17ba47e9141e9f089ce1f41237e4b3fa33e21fcb6098c
                                    • Instruction ID: 12c96d989b59b5bfac4fd8a5e36314941d52670799375d5ed3ffc877de46ca5c
                                    • Opcode Fuzzy Hash: 3039c44faae218d1dfc17ba47e9141e9f089ce1f41237e4b3fa33e21fcb6098c
                                    • Instruction Fuzzy Hash: CF219E71B0011ADBDB40DAA9DA91EFFB3FDEB88600F10443AD65DD7245EA7099048BA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C6C92 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: =PEk^
                                    • API String ID: 0-2710316391
                                    • Opcode ID: 053b5cb2d49ff61419315ec7e696e5593bdbc03fc1f894a3e65048441a74e600
                                    • Instruction ID: e132799df4c04645509545bf1869436a0b57ff1160a66f4a85b3a9adfd4cc9cd
                                    • Opcode Fuzzy Hash: 053b5cb2d49ff61419315ec7e696e5593bdbc03fc1f894a3e65048441a74e600
                                    • Instruction Fuzzy Hash: 8B319030600249CBD758AB79E0595AD3BE2FBE4348354852DE286CB751DF76CD49CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C8620 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: }DEk^
                                    • API String ID: 0-637844966
                                    • Opcode ID: 2d49dfaf6a905bebb7e485ecb075488eb3d5d9e8074a1065f767bf862bc14a11
                                    • Instruction ID: bca5756b06caf99b98ded2dfa8769d06decb183669b3de3705e31e1795fce1b7
                                    • Opcode Fuzzy Hash: 2d49dfaf6a905bebb7e485ecb075488eb3d5d9e8074a1065f767bf862bc14a11
                                    • Instruction Fuzzy Hash: 40316D34714204DFC748EB75E45596D3BF2EB8461971688AEE186DB790EF398C018B42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06850469 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2702045570.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: \Ol
                                    • API String ID: 0-1319056321
                                    • Opcode ID: 7bb489a8109b2dfeeed3a522365e9a9fc53d26b7d010995ddd75434e0848423f
                                    • Instruction ID: de0e1cd40dcb49e8b94b14856c5a4a69ba9726e55db8e8db5ac5b1f1a9833bd6
                                    • Opcode Fuzzy Hash: 7bb489a8109b2dfeeed3a522365e9a9fc53d26b7d010995ddd75434e0848423f
                                    • Instruction Fuzzy Hash: D231DF30A002458FEB54DFB9D0507AEB7E2BFC8308F59856DD44ADB395DB34A949CB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0685045D Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2702045570.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: \Ol
                                    • API String ID: 0-1319056321
                                    • Opcode ID: 7bb489a8109b2dfeeed3a522365e9a9fc53d26b7d010995ddd75434e0848423f
                                    • Instruction ID: de0e1cd40dcb49e8b94b14856c5a4a69ba9726e55db8e8db5ac5b1f1a9833bd6
                                    • Opcode Fuzzy Hash: 7bb489a8109b2dfeeed3a522365e9a9fc53d26b7d010995ddd75434e0848423f
                                    • Instruction Fuzzy Hash: D231DF30A002458FEB54DFB9D0507AEB7E2BFC8308F59856DD44ADB395DB34A949CB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C8630 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: }DEk^
                                    • API String ID: 0-637844966
                                    • Opcode ID: 42f03afd01e0df436b33ad2965b4ca44f3cb6aacbb47bdc80c03c32de123089d
                                    • Instruction ID: 8c2bc9ea38a009998551fd0c22cf32f6e0d2c3d2d93366311cd89b1a6864d141
                                    • Opcode Fuzzy Hash: 42f03afd01e0df436b33ad2965b4ca44f3cb6aacbb47bdc80c03c32de123089d
                                    • Instruction Fuzzy Hash: 47215A30B10204DFC748EB79E45986E3BE6EBD4619755886EE18ADB790EF359C018B42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06850070 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2702045570.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: L.l
                                    • API String ID: 0-1469302089
                                    • Opcode ID: b1e6f98ddf4d20c77a5719ddfd5b1c7df51a25b403bcbae9c196430f3f3c503e
                                    • Instruction ID: d782d1d95c01c68d5899ba675e38ae4f78a00719f25cc6a67e1c9b812b4cdab6
                                    • Opcode Fuzzy Hash: b1e6f98ddf4d20c77a5719ddfd5b1c7df51a25b403bcbae9c196430f3f3c503e
                                    • Instruction Fuzzy Hash: B9216234B0421ADFDB54EF75D842AEEB7B6FB88304F014939D502EB240EB31A8458BD1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C6CE6 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: =PEk^
                                    • API String ID: 0-2710316391
                                    • Opcode ID: 879a5ce0b599be115e2906a33245d7ec74ade34bb5b43b013f9340c45eb5e42e
                                    • Instruction ID: 229a625ab16e6ffc52b8d62fec243bb03811552625426ff7b60be7dd2c45123c
                                    • Opcode Fuzzy Hash: 879a5ce0b599be115e2906a33245d7ec74ade34bb5b43b013f9340c45eb5e42e
                                    • Instruction Fuzzy Hash: 87318B3030020ACBD758AF79E05849C37E2EFE4209354896DE2869B751DF769C0ACF82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C25DE Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: f`k
                                    • API String ID: 0-1028176591
                                    • Opcode ID: 2f4339aec365ee466c345c8e3cddf80d8e1c2dd388ef9a16be87f3389015bdc5
                                    • Instruction ID: b2f328227e477064d9e2d9da7c5e7fea9bdb782d65750c65efd65f46fc26315c
                                    • Opcode Fuzzy Hash: 2f4339aec365ee466c345c8e3cddf80d8e1c2dd388ef9a16be87f3389015bdc5
                                    • Instruction Fuzzy Hash: 6E319E30A00209CFDB60DF69C54465AFBF2BF85308F15C52DC058AF269CBB49889DF92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C8BC6 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: f`k
                                    • API String ID: 0-1028176591
                                    • Opcode ID: 2a97f00892fd3fe360d28cedeb2613f0e4b7fc5f0dbd86ad35ac06fb2f0a6af8
                                    • Instruction ID: 0212997f8f96f94941b3be55a060458098b796866dc61f786f2f7eead49ec83d
                                    • Opcode Fuzzy Hash: 2a97f00892fd3fe360d28cedeb2613f0e4b7fc5f0dbd86ad35ac06fb2f0a6af8
                                    • Instruction Fuzzy Hash: B631CA30E10609CFEB20CF66C44565AFBE2BF85308F14C56DD149AB650CFB49889CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CC3D1 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: sE
                                    • API String ID: 0-3859464432
                                    • Opcode ID: 92e5dfdc50236b59eaa49e060b362274703d04219e9c80e5b1e65e51ce35bd79
                                    • Instruction ID: 89b98dabcc6c7d2817641cb440b83d776b6f55eb40f12dc39f3c3dcd7c1519c7
                                    • Opcode Fuzzy Hash: 92e5dfdc50236b59eaa49e060b362274703d04219e9c80e5b1e65e51ce35bd79
                                    • Instruction Fuzzy Hash: 02112271B102109FE3829B39E4417383BE7EB89611F0988A9F54ACB395CE384C45C794
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CC7F8 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: }?Ek^
                                    • API String ID: 0-2587531899
                                    • Opcode ID: 14a2f8ab87593c8105e239827214d0e3f233207a35f1170c0552f00eaf882a6e
                                    • Instruction ID: d4b63abf634ec9b5f6ae4154a1a1c96a4e78fef9bad42ae02570980967b1b0e0
                                    • Opcode Fuzzy Hash: 14a2f8ab87593c8105e239827214d0e3f233207a35f1170c0552f00eaf882a6e
                                    • Instruction Fuzzy Hash: 3E1190303042418BD314A629851086FBAA6ABE96187848C2EA1DE9F781DF72DC068793
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CC7E8 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: }?Ek^
                                    • API String ID: 0-2587531899
                                    • Opcode ID: 8411ed3d1be0c72fb43367e21dd0aa9ea988d1d04fb75d0810efceee752b82b9
                                    • Instruction ID: b35e0e736cd24c1077e0c71ba339b9e03f5ab51b2ee6d5865080e590d8290a78
                                    • Opcode Fuzzy Hash: 8411ed3d1be0c72fb43367e21dd0aa9ea988d1d04fb75d0810efceee752b82b9
                                    • Instruction Fuzzy Hash: 2F1198713042418FD315977885108ABBBEBAFE65143548C5F91DE9F791DE32DC068753
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C61A0 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ]REk^
                                    • API String ID: 0-2461506209
                                    • Opcode ID: 82c2eb3dbb1aac9a660fd2235e8d619cfcfc859f88a69a1a1cfef5641225942f
                                    • Instruction ID: b1becf5c148d97fc20525512b4f52a102affe4f36285437f35f84dbb83b84937
                                    • Opcode Fuzzy Hash: 82c2eb3dbb1aac9a660fd2235e8d619cfcfc859f88a69a1a1cfef5641225942f
                                    • Instruction Fuzzy Hash: 4711DB3164C3818FD31257F858105B87FE9AF8321470944DFD589DB3A2DA5A4C45C3E3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C7560 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ,)l
                                    • API String ID: 0-1778001103
                                    • Opcode ID: 1c61bddb0a6331f8c622e593d1148545df0d30d9ce9924584dc4be8a80381367
                                    • Instruction ID: 2154fc506d8aedc49bd6e04b72e960a93a8481bad1d58ecaa1ad735f2ed50ad4
                                    • Opcode Fuzzy Hash: 1c61bddb0a6331f8c622e593d1148545df0d30d9ce9924584dc4be8a80381367
                                    • Instruction Fuzzy Hash: 45F02831308281CBC70866F85851BBC72D66FA71303554A6ED16D9FBE5CE648C064777
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C4710 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: \Ol
                                    • API String ID: 0-1319056321
                                    • Opcode ID: 76475c054817d35d673e1627cbe343c26332866f8e211396b47f0a401aad20b7
                                    • Instruction ID: e8533fbb96765220057967f3157c73a98f4fadc87e9934094b3e50bc7da3dff9
                                    • Opcode Fuzzy Hash: 76475c054817d35d673e1627cbe343c26332866f8e211396b47f0a401aad20b7
                                    • Instruction Fuzzy Hash: F4F0E032301211DBC62567B5642177D32CA8BCAD65F44043EE24ED7741DD7BDD415792
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C7570 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ,)l
                                    • API String ID: 0-1778001103
                                    • Opcode ID: 5b5b58f83c39b2f8c59e4b3d57c74cde3cf3ea7a779a2db0ca255000c3ad213a
                                    • Instruction ID: 5bbd924f112625fe9dc75ce6f56e211f13c6e3dae1252207cd0110e4d4268360
                                    • Opcode Fuzzy Hash: 5b5b58f83c39b2f8c59e4b3d57c74cde3cf3ea7a779a2db0ca255000c3ad213a
                                    • Instruction Fuzzy Hash: 39F02431308080938B0825B95850FBD72CB6BE65303544B2DE22E8FBD4CE61DC0542A7
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C6100 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: MSEk^
                                    • API String ID: 0-1256942150
                                    • Opcode ID: 048dca35aff6ee49b68f6a08b1b2bf623774801bd422514fc53ceca925060b0f
                                    • Instruction ID: a46f31fdafebf2c0ee747959137a9d47b84fe3eb1aecad4fc95491334ab533f0
                                    • Opcode Fuzzy Hash: 048dca35aff6ee49b68f6a08b1b2bf623774801bd422514fc53ceca925060b0f
                                    • Instruction Fuzzy Hash: 71E07D11B093900FC7025F7A980152E3B9AAF82505B05889EED80CF372DE098C0447D3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C6110 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: MSEk^
                                    • API String ID: 0-1256942150
                                    • Opcode ID: 328a51afcdfb19513d6d6fb586054a666d40b8624e3d0b8a8dc52ec02f5080b6
                                    • Instruction ID: 944fc606c70a5e772e7a5f986b06463768340f74cb6b7ff8cf406308c5ab0be4
                                    • Opcode Fuzzy Hash: 328a51afcdfb19513d6d6fb586054a666d40b8624e3d0b8a8dc52ec02f5080b6
                                    • Instruction Fuzzy Hash: 0BD0A711341265171A14AEBF9801A7F36CEAB81956704882DF945CF350CE548C0003E6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C61B0 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ]REk^
                                    • API String ID: 0-2461506209
                                    • Opcode ID: 435ee71d3585f56211c7ed5bcd06e0048612172d9c2280230f742c9d153181b1
                                    • Instruction ID: 2871bedd78f7986eace7b56e0fe25938c915bb3d3b78f259c2178e882a616a83
                                    • Opcode Fuzzy Hash: 435ee71d3585f56211c7ed5bcd06e0048612172d9c2280230f742c9d153181b1
                                    • Instruction Fuzzy Hash: FED0A7313001241B6604E5B99C51C3973CFFBC5514304885FB909CF351CD739C0283D0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C12A0 Relevance: .5, Instructions: 460COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e44a01a552c83f0ecd3e7a22ebc4e4f819b1a9218d4ca95dca11620c7372b645
                                    • Instruction ID: d50cd0d159048b5c032d9cc5cb0ad2fea45772c17e7160870bb92298afcedd6f
                                    • Opcode Fuzzy Hash: e44a01a552c83f0ecd3e7a22ebc4e4f819b1a9218d4ca95dca11620c7372b645
                                    • Instruction Fuzzy Hash: 4122E338A00605CFDB64DF24C490A6AB7F2FF48704B1489AED89A9B752DB34ED45CF46
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CAB00 Relevance: .3, Instructions: 265COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4c39e2966e5158cf0a637523cedab7fb2d3f2f29c64efa3ea1ecc1c02687e58d
                                    • Instruction ID: 35dc791601f934312cd1046fbba129d1e0129050551415356fe18d11e84e5acf
                                    • Opcode Fuzzy Hash: 4c39e2966e5158cf0a637523cedab7fb2d3f2f29c64efa3ea1ecc1c02687e58d
                                    • Instruction Fuzzy Hash: A19113307005169BD704EB65C555AAEB7E3EFE5208F50852DE20A9BBA4DF719C0ACBC3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C6270 Relevance: .2, Instructions: 241COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6c7415ec4706e1b9a9f44e388055ac82981efe741da08bccc9dc2a68be5900f3
                                    • Instruction ID: 169bfb319e11c6dd97a95b60d9369e894f192d2af49c49cf6b98452feefb9c96
                                    • Opcode Fuzzy Hash: 6c7415ec4706e1b9a9f44e388055ac82981efe741da08bccc9dc2a68be5900f3
                                    • Instruction Fuzzy Hash: EA818E31A00519CFDF15CF14C890A9AB7B2AF85704F0584A9D94EAF356DB71AE8ACF81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C6261 Relevance: .2, Instructions: 191COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0f41e5ea706cffd16a8a90f429bd8eff2bed6c048b3924fabc497032255a2ac1
                                    • Instruction ID: 15de33cd107512cbddc97f29b97fef72394f3a88b384b5f88221c9c81b8e5af0
                                    • Opcode Fuzzy Hash: 0f41e5ea706cffd16a8a90f429bd8eff2bed6c048b3924fabc497032255a2ac1
                                    • Instruction Fuzzy Hash: EB516E31A00619CFDF15CF14C850ADAF7B2EF85700F5584A9D94EAF261DB71AA8ACF81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CE8E0 Relevance: .2, Instructions: 184COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7e7637a1a700218d437326d0beeafa6c51720edc036ed37fa643eb20206360bc
                                    • Instruction ID: c9efa638f0db02f0f4a79aed4e00d9694c4bfaa059d80797b04a1ff08830d61a
                                    • Opcode Fuzzy Hash: 7e7637a1a700218d437326d0beeafa6c51720edc036ed37fa643eb20206360bc
                                    • Instruction Fuzzy Hash: 30713834A00204CFDB15CB69C494AA9BFF1BF88714F14986DE59BA7761CB30E885CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CE178 Relevance: .2, Instructions: 164COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cbefc04483ec68020baf8b71b3b198f0ba0c77d78ff9021c74ceeab54f2d254b
                                    • Instruction ID: 248b438a60511f91927682b06259c4c1b0c9a5b6568b367ca7859e82c857c4bd
                                    • Opcode Fuzzy Hash: cbefc04483ec68020baf8b71b3b198f0ba0c77d78ff9021c74ceeab54f2d254b
                                    • Instruction Fuzzy Hash: 7951A032A001199FDF05DFA4C8419ADBBB7FF84704B148469E94AAF316DB35ED05CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C76D8 Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fce489d6449e63a3015d5b8053c7cefc82c3e6e5f076c4e989828851faf2d084
                                    • Instruction ID: 8d9ff2a25bb734b5096d824c2d9f7326359e38668f2ae21d46486906f4816594
                                    • Opcode Fuzzy Hash: fce489d6449e63a3015d5b8053c7cefc82c3e6e5f076c4e989828851faf2d084
                                    • Instruction Fuzzy Hash: CE313A3190061ACFDF15CF54C854ADAB7B2AF85704F418498D64D7B205DB70AB8ACFD2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C7328 Relevance: .2, Instructions: 159COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6821672d71ef0868bdb63f3f98b3500ad99727dee03f0639117a43982ae63155
                                    • Instruction ID: f27823e58abc66eb3904a0ec52fda473d62d49a836fd0bfcc13afffc2b2a5e57
                                    • Opcode Fuzzy Hash: 6821672d71ef0868bdb63f3f98b3500ad99727dee03f0639117a43982ae63155
                                    • Instruction Fuzzy Hash: 3D516C31B002058BCB08EBB9C5506AEB7F7AFD8B04B25852DC44AAB751DF35ED05CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C7BC0 Relevance: .1, Instructions: 147COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 039446638900b3902bb268e2fcd53b7e5322def0d2c588177a9f2fd884fb3746
                                    • Instruction ID: 1430ae86c6d855963b789bacff039169663e874a89a350debdc64717e575c706
                                    • Opcode Fuzzy Hash: 039446638900b3902bb268e2fcd53b7e5322def0d2c588177a9f2fd884fb3746
                                    • Instruction Fuzzy Hash: F3510375D00619CFCB29DFA8C984AACBBF1FF48710F20856AD89AA7354E7316945CF81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C7E91 Relevance: .1, Instructions: 141COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6a1f4f8e0d0443269e18dac6157461b953b4a52043b990e0af7af0492ce4f20f
                                    • Instruction ID: 8ed7cbe9b52e57cf71d7f1657c070c75ee862b42817bd6e19024913b9e9380b8
                                    • Opcode Fuzzy Hash: 6a1f4f8e0d0443269e18dac6157461b953b4a52043b990e0af7af0492ce4f20f
                                    • Instruction Fuzzy Hash: 26516A34A00219CFDB14DBB4C588AACB7F2BF95205F5486ADD48A9B751DB30DC85CF62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CCBE8 Relevance: .1, Instructions: 137COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f8f4087c7bf055d24efd9d9ad04042860479e5f0ddb4dd11fbd5f3027aa6d237
                                    • Instruction ID: b0c485f787a863261771e8b78636d3448348a7f633d78ff8ec1d9769f00f91f1
                                    • Opcode Fuzzy Hash: f8f4087c7bf055d24efd9d9ad04042860479e5f0ddb4dd11fbd5f3027aa6d237
                                    • Instruction Fuzzy Hash: 8F41F030A006018FE728CF79C4549ABBFE6FB99B14B18C92DD09F97250DB34A8428B52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C0BC0 Relevance: .1, Instructions: 133COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bbe4a1fc6789895a986d19ddd5e889ba9a6b89b8ff1d4dc4403143ac8f8b9ca5
                                    • Instruction ID: ae5a2243a85f559637d1a28703f5ca368bf1bcb14a1a4d502f7b9c5912953277
                                    • Opcode Fuzzy Hash: bbe4a1fc6789895a986d19ddd5e889ba9a6b89b8ff1d4dc4403143ac8f8b9ca5
                                    • Instruction Fuzzy Hash: B241C635B04214CFCB159B68C414AAE77E6AFC6714F05806EF94AEF761CB729C0A8792
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CE8D1 Relevance: .1, Instructions: 130COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 52ee18173a4f6a585018b413261fce244e4349aae0394198b7f0cb504a63fd0f
                                    • Instruction ID: 5d75de1b0099073d5585cd0ccfbe02753cd114eb74666a85266ee2353d93fb7f
                                    • Opcode Fuzzy Hash: 52ee18173a4f6a585018b413261fce244e4349aae0394198b7f0cb504a63fd0f
                                    • Instruction Fuzzy Hash: 6F515930A00604CFEB25CF6DC098BA9BFF1BB48715F14895EE59BA7661C730E885CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CF8A9 Relevance: .1, Instructions: 128COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6b61d03739f3d3bddb416d2222cec9cdf7e4795e8068729b0b836829282eef85
                                    • Instruction ID: 9c0300e280a6abea1608e34fd9651643e9f8e0951d82494f9f689bca7531e5ad
                                    • Opcode Fuzzy Hash: 6b61d03739f3d3bddb416d2222cec9cdf7e4795e8068729b0b836829282eef85
                                    • Instruction Fuzzy Hash: 0E513835A00204DFDB04DFA8C480EEDBBB2BF88724F168598D955AB361DB31EC85CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C5920 Relevance: .1, Instructions: 126COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 546e154cb07b5cebe90dc47d53613a9d9786bac37cf9a861a177d15bcfbff192
                                    • Instruction ID: 15dcd539921f4fee149ab9282e6e7fa17300ed000b1cc76a7781b0f5485aca94
                                    • Opcode Fuzzy Hash: 546e154cb07b5cebe90dc47d53613a9d9786bac37cf9a861a177d15bcfbff192
                                    • Instruction Fuzzy Hash: 1841F2307043018BFB146B7A84187AE369A5F89D55B9A84AED48FCB395EF34EC058793
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C6EA8 Relevance: .1, Instructions: 120COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 204730fa26cd99f49586914d1ba169f37111340339106841d8baffc5d08836ff
                                    • Instruction ID: ea1a8a17ed3bb02ce862ae824c153035584ad12d495f93f77d2172851f838bec
                                    • Opcode Fuzzy Hash: 204730fa26cd99f49586914d1ba169f37111340339106841d8baffc5d08836ff
                                    • Instruction Fuzzy Hash: B541AF34A01201CFD749AFAAE05052D7BE2FFCDA11768407DE94AAB756CF369C01DB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068504D1 Relevance: .1, Instructions: 120COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2702045570.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6bdcab48b8e1598a526d152db01970dae8437f04868f12d33c69809614d759d1
                                    • Instruction ID: 1236e3627babde429377717d22b3e7ffcbc2cffecf7480f01f48594559e10196
                                    • Opcode Fuzzy Hash: 6bdcab48b8e1598a526d152db01970dae8437f04868f12d33c69809614d759d1
                                    • Instruction Fuzzy Hash: EE41E275E00209DFDB94CFA8D180ADDBBF1EB48314F25846AD916EB211D731E946CF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C6EB8 Relevance: .1, Instructions: 115COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8fa83dd67a3f608a013caedd9338b88eede70b13f9de80662c558733f7053d35
                                    • Instruction ID: bce8f09ee42e43869a53dcc7cad8a4cf8cf8b0bfeec363b25915cc0e8a2f7d09
                                    • Opcode Fuzzy Hash: 8fa83dd67a3f608a013caedd9338b88eede70b13f9de80662c558733f7053d35
                                    • Instruction Fuzzy Hash: 4041CE34701200CFD749AFAAE05052D7BE2FF8EA01358006DE94AAB756CF36EC01DB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C91D8 Relevance: .1, Instructions: 109COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8353f97b119f8f7cd48c5d4f688f7320365d69aab3ea75cbd42ee361e03ed931
                                    • Instruction ID: 98f7a3c6c96b236e88beda844ba6b2d9d6ffb0312049d1dcb411911cc7d269ab
                                    • Opcode Fuzzy Hash: 8353f97b119f8f7cd48c5d4f688f7320365d69aab3ea75cbd42ee361e03ed931
                                    • Instruction Fuzzy Hash: 8931F63160D251CFC7018768C498E74BBAAAF8674DB0989AFD4DECB692CB329C44C753
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C84B8 Relevance: .1, Instructions: 109COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a5eeb19a80dabb5f9864c344fbeda4ca77296e1f52494bf01de3bd9d7414bee3
                                    • Instruction ID: fc93cc02e4b3c2e1727e70780a2d79ae3ce8914fd72033dba02465e4241a356d
                                    • Opcode Fuzzy Hash: a5eeb19a80dabb5f9864c344fbeda4ca77296e1f52494bf01de3bd9d7414bee3
                                    • Instruction Fuzzy Hash: 0631DB75A00106CFC700DBA8C484AAEF7F0FB98715F11CABAD55ADB651D730E856CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CE458 Relevance: .1, Instructions: 108COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 58717dd91ddc8b979ae5eb756aa6bb6239f027cf18614ab64015dfd8da340009
                                    • Instruction ID: 569614a67b20ac2f176a360e8d85acd9a0911dd5c0f3f175b9db1adb00d92a70
                                    • Opcode Fuzzy Hash: 58717dd91ddc8b979ae5eb756aa6bb6239f027cf18614ab64015dfd8da340009
                                    • Instruction Fuzzy Hash: F431F272A00004CBDB54DBA8C5409FEFFB9EB48E25B10842EE58BA7641D7359E03CBD2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CE168 Relevance: .1, Instructions: 105COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 707703b0fce3f2cc0f5f7e127eb6e4f869b8a1155d4ec3765d3eddb112e63bca
                                    • Instruction ID: 4a229b713c717ba5e97b78f915653ce885d19185a361d013e220ac2b8e72105a
                                    • Opcode Fuzzy Hash: 707703b0fce3f2cc0f5f7e127eb6e4f869b8a1155d4ec3765d3eddb112e63bca
                                    • Instruction Fuzzy Hash: 2031C132A042199FCF05DFA4D845DEDBFB6FF84704B004469E64BAB262DB31AD15CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C02DA Relevance: .1, Instructions: 105COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 51802c6699bc4f32d31f6686af688520d5db5fc37b571eb48f97d820c065d97a
                                    • Instruction ID: 0d63c304b5b67fa1f16f403d5ff66e415c3bd7fd85d4ba4c2452edae0b8d32ad
                                    • Opcode Fuzzy Hash: 51802c6699bc4f32d31f6686af688520d5db5fc37b571eb48f97d820c065d97a
                                    • Instruction Fuzzy Hash: 51419E34B00204CFDB14CB68C154BAEB7F6BF89B14F18446DE54AAB7A0DB319C44CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CECA8 Relevance: .1, Instructions: 103COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 22d15d4abd22ec2563a7a967e1b55f2d0be6e071b4ea2143f0518a2d0d3bcb50
                                    • Instruction ID: eb833fbb9cd914d7d0f0dc528a9ee14c8bf79a17032f6b6468b9718ef32faa08
                                    • Opcode Fuzzy Hash: 22d15d4abd22ec2563a7a967e1b55f2d0be6e071b4ea2143f0518a2d0d3bcb50
                                    • Instruction Fuzzy Hash: 9C31F936A00115DFDF15DFA8D8448AE7BB2FF88710B060869E54BAB260DF75AD05CBD2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CEC98 Relevance: .1, Instructions: 101COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: be1e3b37238d67351eeb1e363bf71e9e5724f7460916d2cc1cbd4a4acb870a0e
                                    • Instruction ID: ab8ee71cc6160d9cd5cbaebad1275fb3f4d85642024818ba64f75cc506e48adb
                                    • Opcode Fuzzy Hash: be1e3b37238d67351eeb1e363bf71e9e5724f7460916d2cc1cbd4a4acb870a0e
                                    • Instruction Fuzzy Hash: 1631F536A00159DFDF01DBB8D8048EE7FB2EF89710B060869E546AB160DB756909CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C1292 Relevance: .1, Instructions: 100COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 23016f0d7c5feb44cf1a79825ab5fa3eac9563ba2db7cae5b2ceddf2a38282d6
                                    • Instruction ID: bdee007dac9c4950407b8bb36b876372d0f4320c4f95c22c65fc676ea9bfb576
                                    • Opcode Fuzzy Hash: 23016f0d7c5feb44cf1a79825ab5fa3eac9563ba2db7cae5b2ceddf2a38282d6
                                    • Instruction Fuzzy Hash: 01415834A04219CFDB50DF64C854B9DBBB2AF4A604F0044EAD44EAB752CB309D84CF66
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CE051 Relevance: .1, Instructions: 99COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0de16a82ffac106e15fae85c2c8ee3099bb563e2e0e659e04538b218ad78ada1
                                    • Instruction ID: bac7843c300dba781688da0ba6c5fde4f036ed2323d1981dc560d52eb6276d3b
                                    • Opcode Fuzzy Hash: 0de16a82ffac106e15fae85c2c8ee3099bb563e2e0e659e04538b218ad78ada1
                                    • Instruction Fuzzy Hash: 82315A71A04108CFCB54DF68C544AAEBBB5BB88615F14856EE48EA7241DB31DD42CBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C0006 Relevance: .1, Instructions: 97COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 720597c52267acbe079a05f24c3b97a3b7e14f3db5ec9e8f15b59390642fd751
                                    • Instruction ID: ada79ba2e2be3e1a8ac9954706b108d61d4ae4a27d07edc87b25271a933cbeb9
                                    • Opcode Fuzzy Hash: 720597c52267acbe079a05f24c3b97a3b7e14f3db5ec9e8f15b59390642fd751
                                    • Instruction Fuzzy Hash: 10316A7050D381CFC7429F74D8645A97FB1BF52209B0A489FE085CB6A6EB398C19DB93
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CAAEF Relevance: .1, Instructions: 97COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cb2cd571e6708e7071eaaa579ff5a7be60a4a04f589c8ee3f8e0947d9b7bc6f1
                                    • Instruction ID: 24a48300a25e57c1c7e358e1516034166bfa8f7b8c7ac47096d9b07a25fe0848
                                    • Opcode Fuzzy Hash: cb2cd571e6708e7071eaaa579ff5a7be60a4a04f589c8ee3f8e0947d9b7bc6f1
                                    • Instruction Fuzzy Hash: 6A313D31B001168FDB049BB9C859BBEBBF6AFD9604F158079E119DB2A1DE718C058B51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CE5C0 Relevance: .1, Instructions: 95COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0dda46e441cd2abec16e89f747bb2909f649baedf56f88d8b5573c49dec0a48f
                                    • Instruction ID: 5379b6bb9cfda719da23e3f8c8b29ba41cb179d97004e4ae3d029b8eef5dff85
                                    • Opcode Fuzzy Hash: 0dda46e441cd2abec16e89f747bb2909f649baedf56f88d8b5573c49dec0a48f
                                    • Instruction Fuzzy Hash: 4A31AE70B102048FCB54DF75C545AAEBBF2AF88604B50483DE54AAB750DB35D846CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C43C0 Relevance: .1, Instructions: 94COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ffe37e9496119e968036b628f84e2b61a78ca6665e86c6ec876fc87357874042
                                    • Instruction ID: 4ee700bc38d17d124e34fbb829206fe74b8442b22e86e28163364758ffccf1b3
                                    • Opcode Fuzzy Hash: ffe37e9496119e968036b628f84e2b61a78ca6665e86c6ec876fc87357874042
                                    • Instruction Fuzzy Hash: DC31B431600216CFDB51EF68D8688EDBBF2FF853087198469D0065B236CB35AD59DF92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06850198 Relevance: .1, Instructions: 94COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2702045570.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fb3f5b81434a3eaed0d6814d1f650d15bd3829d6262042f95d3ff1d6a7c37dd3
                                    • Instruction ID: 0da5ab403d74b1bd6355650b15cf8c02c8c168b221d272209ab2494ad2ecfe60
                                    • Opcode Fuzzy Hash: fb3f5b81434a3eaed0d6814d1f650d15bd3829d6262042f95d3ff1d6a7c37dd3
                                    • Instruction Fuzzy Hash: C6414E30904B50CFD3B9CB3AC54536ABBF2BF85309F15C86EC59B86A50DBB5A441CB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C50E0 Relevance: .1, Instructions: 92COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1a00e7255f15dd3957b1fade75cb82e5105a238b5dc36e29f0013cee1a6b8750
                                    • Instruction ID: 098565a357fb41cc735e41dcbd672858fd5c9f60901daf95669bb79d559e2076
                                    • Opcode Fuzzy Hash: 1a00e7255f15dd3957b1fade75cb82e5105a238b5dc36e29f0013cee1a6b8750
                                    • Instruction Fuzzy Hash: BC216F70B003099FEB04DFA5C4186AEBBF6BFD9704F124429D40AAF755DB74A949CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C731C Relevance: .1, Instructions: 90COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a37a8835294335522abfa63879a208ac892893a44b919e52835a50a7a34009a1
                                    • Instruction ID: a13013092ccea0f81407d61916a898b2d3c04be8b35686c87020d716443c36f5
                                    • Opcode Fuzzy Hash: a37a8835294335522abfa63879a208ac892893a44b919e52835a50a7a34009a1
                                    • Instruction Fuzzy Hash: 26313C31E002098FDB08DBB5D4509EEF7F3AF98714B15852DC849AB750DB35AD06CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C5B51 Relevance: .1, Instructions: 88COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 398b5b7c7261990170b79173f9086ab4eb58a508b7ad483e19ced29cca1146ea
                                    • Instruction ID: 6535a7c31b601356c3bbd1febd55747d8356ab2ba5686664e9e180f3b33a34c8
                                    • Opcode Fuzzy Hash: 398b5b7c7261990170b79173f9086ab4eb58a508b7ad483e19ced29cca1146ea
                                    • Instruction Fuzzy Hash: 6921D371F041048FDB089BB5C541AFFB6E69B9CA54F12853ED44BEB740EE359D018BA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C43D0 Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 983aae21bee16af37c54e95c7ae0d37404f576e6fadc9095f672353537e3a72e
                                    • Instruction ID: a8cebc4967e0a000b06260c4bf3ac3c4117dace9d5ef87598066636be1b626ad
                                    • Opcode Fuzzy Hash: 983aae21bee16af37c54e95c7ae0d37404f576e6fadc9095f672353537e3a72e
                                    • Instruction Fuzzy Hash: DB31B135600116CFDB50EF68D8688AEB7B2FF897087198468E4065F336CB35AD19DF82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CDE69 Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f523c5372f1d35f40512e2c7c190c9653987f6b9d4210e8a426c5fafa86ad230
                                    • Instruction ID: ece6203d5f0d3faa3f3be34168334feb2637ac4a4b02fb3201bf728205caea5a
                                    • Opcode Fuzzy Hash: f523c5372f1d35f40512e2c7c190c9653987f6b9d4210e8a426c5fafa86ad230
                                    • Instruction Fuzzy Hash: 1031FE313006508BC765EB3994515AE73E3AFE52583545C2CD1464FB94DF7AE80B9B83
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C55E8 Relevance: .1, Instructions: 85COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cd474baa3a29f6f9f5364d2ed5d036f17407adc4f8163172a8dffa24b8d25be9
                                    • Instruction ID: 795fc961bdd34019af7835dd377395d2f9e6e266562cffe181ac49b4157a5f2e
                                    • Opcode Fuzzy Hash: cd474baa3a29f6f9f5364d2ed5d036f17407adc4f8163172a8dffa24b8d25be9
                                    • Instruction Fuzzy Hash: 3E210631B00604CBEB149B78D4547EE7BE6AF88B14F15006EE506EB3D0DFB59C498792
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CEE59 Relevance: .1, Instructions: 85COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eae312c950ad912b11bb257c0d1e783b63f3c4d4216b27ef5220539fd8f97976
                                    • Instruction ID: 3b59b48cdbdc762b9466511f8669aa77ee7151ab75529b416042d955e31bc6fe
                                    • Opcode Fuzzy Hash: eae312c950ad912b11bb257c0d1e783b63f3c4d4216b27ef5220539fd8f97976
                                    • Instruction Fuzzy Hash: ED314875E00109DFDB45CFB8C840AEEBBB2EF9D304F11842AE51AAB251D7369905DF62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CE718 Relevance: .1, Instructions: 81COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e192fba70354e6e0b7b5e750696e6a4cccbda0685db64cf751d9bc5103d997cf
                                    • Instruction ID: ba90e7d5f8f6c94ac8a16d6a9d05d8796d1b10f8b00af65526d470ae47f1ef68
                                    • Opcode Fuzzy Hash: e192fba70354e6e0b7b5e750696e6a4cccbda0685db64cf751d9bc5103d997cf
                                    • Instruction Fuzzy Hash: A821C072A09244CBE73542748050576BFC99B42905B18CDBFD2CFCF942D535C886C793
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C5730 Relevance: .1, Instructions: 81COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3c3aa1ddcf4c959513b70b5ecd5c836d00e3904311569ea9dadf9eb9c5c7d827
                                    • Instruction ID: c24309df7960c5eeef9951b75b1e63625903ab924e52362579066d3e20edcc69
                                    • Opcode Fuzzy Hash: 3c3aa1ddcf4c959513b70b5ecd5c836d00e3904311569ea9dadf9eb9c5c7d827
                                    • Instruction Fuzzy Hash: 0D21C430B04204CFEB44DFB4D941ABE77F1EF84604B21853EC50AAB252EB35AD41CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CDD00 Relevance: .1, Instructions: 79COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d15304075dfb8a999440f310fda5335a5ea3ac421aaa62cf7df91e200b38e8b7
                                    • Instruction ID: 81957d1deededa62f4e70e08a3f4996041b6b78d2f02832fc4ba971527090028
                                    • Opcode Fuzzy Hash: d15304075dfb8a999440f310fda5335a5ea3ac421aaa62cf7df91e200b38e8b7
                                    • Instruction Fuzzy Hash: 3221A131B04214CBDB15DBB4C440BFEB7E5AB88B05F14483ED48A97B41DB32A9468BD2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CEB98 Relevance: .1, Instructions: 77COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a2f3763bd3f34f2ce31c1260a6bde6f9ee4d2211327133b15f6e2f9cdc98fd36
                                    • Instruction ID: 628000c5c9e3dbccea5bcfba35f66a9037785a42bf5852d1a28633d204160094
                                    • Opcode Fuzzy Hash: a2f3763bd3f34f2ce31c1260a6bde6f9ee4d2211327133b15f6e2f9cdc98fd36
                                    • Instruction Fuzzy Hash: 2121AE70E44215CFDB59CF688505AA9BFE1BB89604F1848BDC48E9B241DB369C42CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06850189 Relevance: .1, Instructions: 77COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2702045570.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ee2cc6cb8182c40413c7144db77e7649a1fefc02906a358abf7a1a29d5a9dd65
                                    • Instruction ID: 09cd0896111187b408daaff2b8806a2d0df4712e96a3a3e42f6453b0ad0c13dd
                                    • Opcode Fuzzy Hash: ee2cc6cb8182c40413c7144db77e7649a1fefc02906a358abf7a1a29d5a9dd65
                                    • Instruction Fuzzy Hash: BE312130905B50CFD36ACF76C64135ABBF2BF85305F54886EC58A87A60DBB5E446CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C21E8 Relevance: .1, Instructions: 76COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4fb0e0bf4f204eb90459ac17668eb9ddb188ab97fe7a6133226ac97e2f6bc2fb
                                    • Instruction ID: 650d49b919d85a731429313fc0a936114216fe9105c201ac441b1e5187c83061
                                    • Opcode Fuzzy Hash: 4fb0e0bf4f204eb90459ac17668eb9ddb188ab97fe7a6133226ac97e2f6bc2fb
                                    • Instruction Fuzzy Hash: 33312930A0820ADFDB58DBA4C055ABDBBF2FB45704F10486EC58AAB660D7358E45CB53
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C5830 Relevance: .1, Instructions: 76COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d1e57071df82d64154a7f8dccba2ff7d4c8a5cb8442efd249094ed41c5d71b27
                                    • Instruction ID: cce5e07f4839c35dda4928f0b04439eac05f1cb0cff984b9ad60b2145a6896ce
                                    • Opcode Fuzzy Hash: d1e57071df82d64154a7f8dccba2ff7d4c8a5cb8442efd249094ed41c5d71b27
                                    • Instruction Fuzzy Hash: 0921D4307001059FE708A7B694519BFB7E7DFE9A14B92483ED04B9B751CD75AC0487A3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C48B8 Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c2c0abcc6f5b65a1094466e50e61fed183cba721682dfb8cf822623fca719194
                                    • Instruction ID: 44187e3eaab49de731a108cf3cfe61395763b578b9e72ddfe6859e85b5aec77b
                                    • Opcode Fuzzy Hash: c2c0abcc6f5b65a1094466e50e61fed183cba721682dfb8cf822623fca719194
                                    • Instruction Fuzzy Hash: 9911D632F002259BCB05DA74D860DFE73B6AFC4B24B15442ED54AB7650DE341E0A87A3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C4F10 Relevance: .1, Instructions: 74COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4bdbcafcbddbe220826ff5ce861c505de6fa4ca3041f56404d88f014f050aca9
                                    • Instruction ID: 1b375621282c00792aa5914029c481e79d646fda45078d016ddeb2d51759077a
                                    • Opcode Fuzzy Hash: 4bdbcafcbddbe220826ff5ce861c505de6fa4ca3041f56404d88f014f050aca9
                                    • Instruction Fuzzy Hash: 8521C331314207CBD304EB60E5B8DB973A2EBD5A51748992ED08F87656DF389C16CBA3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C4510 Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ba262ad61a9cf001aa7e4d6385cdf996d2e30f010b167e956840b7b765df6372
                                    • Instruction ID: e40410833c1782a146c90974ee2684ebf3418c1d5d91c10238f8d013cae5c032
                                    • Opcode Fuzzy Hash: ba262ad61a9cf001aa7e4d6385cdf996d2e30f010b167e956840b7b765df6372
                                    • Instruction Fuzzy Hash: 0D113832F042418FCF018A68D4201FF77E29FD2721F05407ED98ADB651DA768C16CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C5840 Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 027fa08679e5385b3e4262814cd85d36af35da908e38cbdd48db53efad4e75fd
                                    • Instruction ID: 00a3c3359b4af863a168c9ef9965922208276551887adfb0cf85ed024bf0f444
                                    • Opcode Fuzzy Hash: 027fa08679e5385b3e4262814cd85d36af35da908e38cbdd48db53efad4e75fd
                                    • Instruction Fuzzy Hash: 64110B307000159BE708A7B6D4509BFB2EBDFE9A18B92453ED04BDB751DD75AC0447A3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CFA0E Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5de71486f4c6ad4f93f2cc14623b681ea198b90c33faed331a92d91984e760c5
                                    • Instruction ID: bd36c3d67aa671ed2c3b43468f6be3b6aab9a3d836aec4ade4fe585348cede04
                                    • Opcode Fuzzy Hash: 5de71486f4c6ad4f93f2cc14623b681ea198b90c33faed331a92d91984e760c5
                                    • Instruction Fuzzy Hash: 8731C435A00204DFDB04DB68C580EE9BBF6BF88324F165198EA45AB366D736EC85CB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C21F8 Relevance: .1, Instructions: 69COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3f98f9534e2a56d6f07137de9f91d59ff293f1717b97cccb1fb171cf0fcdb123
                                    • Instruction ID: 7051e3a590411dfa32fa8acf801236d04f8af07b6288d183036b88b80bc7d963
                                    • Opcode Fuzzy Hash: 3f98f9534e2a56d6f07137de9f91d59ff293f1717b97cccb1fb171cf0fcdb123
                                    • Instruction Fuzzy Hash: 6B212830E0820ADFDB58DFA8C155ABDBBB2BB44704F10456ED54AAB660DB319E44CB93
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CE468 Relevance: .1, Instructions: 68COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5deec9d63d2c21a69aca8d854d5f9244b9671834210f311e1eadc0b8197cff19
                                    • Instruction ID: c78946c8aaa1aca5db3bf511f6482b4045a04c4acd047539d9bbdf8fd74829dc
                                    • Opcode Fuzzy Hash: 5deec9d63d2c21a69aca8d854d5f9244b9671834210f311e1eadc0b8197cff19
                                    • Instruction Fuzzy Hash: 41216F71A04115CFCB54DB59C4449BEFBF5AB48E11B10846EE58FE3600E731AE01CBA3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C7BB0 Relevance: .1, Instructions: 68COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e27789360ada27255078f0b7416c060536752768b5398f817cfd5344aacbb793
                                    • Instruction ID: 551d9ba6a9f3156e93ae97d3ff25616e272e5125f494c2653b760717630163ef
                                    • Opcode Fuzzy Hash: e27789360ada27255078f0b7416c060536752768b5398f817cfd5344aacbb793
                                    • Instruction Fuzzy Hash: 73210232C042099FDB15CBB8C404AEDBBF0EF49701F0545AAD996AB261D7365D06CFA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C5000 Relevance: .1, Instructions: 67COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4ffec0346b61404ab25d790343c8948e27ecf291cf41dd940fea597184065251
                                    • Instruction ID: 22344c64af546f516183825afc6bf4ed2dad8b0fc91932a17bae9b23bb716342
                                    • Opcode Fuzzy Hash: 4ffec0346b61404ab25d790343c8948e27ecf291cf41dd940fea597184065251
                                    • Instruction Fuzzy Hash: FF11B430B001158FEB84EBB8C5506AE76E1EB84A0474A453DC94ED7345DF35BD058BD7
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C50D0 Relevance: .1, Instructions: 66COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 95167d3e8e5974c780289e699b88b4a14e7eaf6c927e9b0a394ae71a6ef3434f
                                    • Instruction ID: b1d9b2a14a56742a0b901feab3b7c7d913112ea98677c95c15303f5753d90895
                                    • Opcode Fuzzy Hash: 95167d3e8e5974c780289e699b88b4a14e7eaf6c927e9b0a394ae71a6ef3434f
                                    • Instruction Fuzzy Hash: 64112B71900309DFEB40CFA5C459ADEBBF6AF89304F514829D409BF255E774A94ACB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C46A7 Relevance: .1, Instructions: 62COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 639f169ab9251df8db1a84ceea24ecd95c9bfe746dfa8fc8c3e31ee7c4b66e1e
                                    • Instruction ID: 57e5f851be8559905982642175f94dd0800c4cf33e1e47d113be7daf600d8754
                                    • Opcode Fuzzy Hash: 639f169ab9251df8db1a84ceea24ecd95c9bfe746dfa8fc8c3e31ee7c4b66e1e
                                    • Instruction Fuzzy Hash: 3B018931700200CFC72206B87021BBE33E49FC6E64F00447EE44ECB641EA1A8C024B83
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CC6C8 Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e2ed15f11bdc715a9b95d17e5e40f17ca06f40d0935389363bcb6cc4c10a51da
                                    • Instruction ID: d88fb10024d043e47229e5a8bfa6c5405ba94f0ecce1c1b9fff5c9b52afd03e2
                                    • Opcode Fuzzy Hash: e2ed15f11bdc715a9b95d17e5e40f17ca06f40d0935389363bcb6cc4c10a51da
                                    • Instruction Fuzzy Hash: 34119E34700001ABC748AB69D454E6E7BEBDFC9A54728816DE40EDB761CF32EC06CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01850854 Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698579171.0000000001850000.00000040.00000020.00020000.00000000.sdmp, Offset: 01850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dd1377829afef51db0a7ebcc7d39f308f6f562ef7a1ca425ee54e185025d435b
                                    • Instruction ID: 0532a27dafb10a3b2107e3aecb34a132c9c8c3b21756474ea2e62c80c51f261e
                                    • Opcode Fuzzy Hash: dd1377829afef51db0a7ebcc7d39f308f6f562ef7a1ca425ee54e185025d435b
                                    • Instruction Fuzzy Hash: 32217C3510A3C08FD703CB24C850B55BFB1AF47718F2986DED8888B6A3C33A9916CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C54F8 Relevance: .1, Instructions: 60COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 95a922696317d42055a4cd4ab729ebafff73ecd313178da791be9eb7a6b9bbdd
                                    • Instruction ID: b4f2255cd7551b6786be818059d1c37e9cae8183e8fb69a7f0acc5c6fe139286
                                    • Opcode Fuzzy Hash: 95a922696317d42055a4cd4ab729ebafff73ecd313178da791be9eb7a6b9bbdd
                                    • Instruction Fuzzy Hash: 91119035B10301CFE794EF78E895AEE77B2FB84759B15402AC10687255EB35AD02CF81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CF7A0 Relevance: .1, Instructions: 60COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 54c522266e2f5d928fe170c7f913a87cce799949b8dc136ca75f19f61260b461
                                    • Instruction ID: e29803acc075027154d784b14a512564b40e41a6d07f20f872a7ebf3fd4359ce
                                    • Opcode Fuzzy Hash: 54c522266e2f5d928fe170c7f913a87cce799949b8dc136ca75f19f61260b461
                                    • Instruction Fuzzy Hash: 0A11BB30E04358CBDB148B64C458BEFBFB2AB88B18F04483EC18BA7641CB755949CB93
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C4FF0 Relevance: .1, Instructions: 60COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 900c64e19aaab3f3996c632a5ae19dc5159aa50f9dedbc656b56e63c1fe650f0
                                    • Instruction ID: fdc145edacf906dd00d9da9c0c0f7aa82b347ad5e8c5c6e19d115ec4340bc014
                                    • Opcode Fuzzy Hash: 900c64e19aaab3f3996c632a5ae19dc5159aa50f9dedbc656b56e63c1fe650f0
                                    • Instruction Fuzzy Hash: FC11E132B00205CBE780EAB498026FE77E5FB94A50B4A452EC50DE3741EB35A9058BD3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CDB70 Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c83bfe4886c64bcc561e8f15c9728c79fd23199e15586ec58126ab119150e1f8
                                    • Instruction ID: 2517f36fe3207cfb807ee418ff87444806472c8667e949468dc683c3f3d9fc9f
                                    • Opcode Fuzzy Hash: c83bfe4886c64bcc561e8f15c9728c79fd23199e15586ec58126ab119150e1f8
                                    • Instruction Fuzzy Hash: 51114830B157508FEB252BB5941557F7BEAAFEE618704087ED44ACB352CE318C0087D2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CCA48 Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c3fa1578cf825563db552b10e3fc26e9e8a5cfa684eec412973a81649de010c6
                                    • Instruction ID: b97d91da7fd9f6719bd2168d6f0b76cdc7f7c749562cab6f90e3fcebf1a057e0
                                    • Opcode Fuzzy Hash: c3fa1578cf825563db552b10e3fc26e9e8a5cfa684eec412973a81649de010c6
                                    • Instruction Fuzzy Hash: 95115635300602AFD724DA58C99496AB7AAFF98B14B14C81ED49E47B50CB31FC42CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0185088C Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698579171.0000000001850000.00000040.00000020.00020000.00000000.sdmp, Offset: 01850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a692aa6008ae7c7f4170ea732c159bd8f15431c326d2707a646b1c66bd7f4c45
                                    • Instruction ID: 3ac2385ca935d363a919d62893394a33b546fcf8e1e51e1339fb045a3d67b0f5
                                    • Opcode Fuzzy Hash: a692aa6008ae7c7f4170ea732c159bd8f15431c326d2707a646b1c66bd7f4c45
                                    • Instruction Fuzzy Hash: 6211E430204684DFE351CB14D940F26BBA1EB89718F28C99CF9498BB57C73BD903CA82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C2390 Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c38300c09401be3bbb73b2834ad63a4755a3cb75d6217708a50ea12bb1c64a3c
                                    • Instruction ID: 50f800129cfd928a5fe25f3694f617a17488417415be46320d5563eb9c2d2b23
                                    • Opcode Fuzzy Hash: c38300c09401be3bbb73b2834ad63a4755a3cb75d6217708a50ea12bb1c64a3c
                                    • Instruction Fuzzy Hash: E5115E70D18219CFDB14DF64C851ABEBBB5EB45B04F00486ED58AAB740DB754C46CF92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C6211 Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 41a08e0a278ff58f25fc47031f1219303180176da1ce2bc1a3c6f50500118cb3
                                    • Instruction ID: 5781cfc5fdf449a04b4b293ed096c42eedfef12accf0929fe0caf2e01ca237e2
                                    • Opcode Fuzzy Hash: 41a08e0a278ff58f25fc47031f1219303180176da1ce2bc1a3c6f50500118cb3
                                    • Instruction Fuzzy Hash: D701D432B14111DBDB1056B8A4106FD73EBDBC8A55F05447ECA8EE7390EB694E0687E3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C4788 Relevance: .1, Instructions: 54COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 886197f1c31619fab69239bde16140c166e1733abb9599cee175ca0c2d23bbec
                                    • Instruction ID: 7d39e0ba762e829e8beeab5c73b3c5284ddedd7444ea868541338eb9836cdf35
                                    • Opcode Fuzzy Hash: 886197f1c31619fab69239bde16140c166e1733abb9599cee175ca0c2d23bbec
                                    • Instruction Fuzzy Hash: 78011B71F002198FCB54EFB894516EE76E2EB89254F20847EC149E7650EB394A068BA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0156AA38 Relevance: .1, Instructions: 52COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697791060.0000000001562000.00000040.00000800.00020000.00000000.sdmp, Offset: 01562000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1562000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 55ba1502c6500e7beda0bbba0d76dcf25a57b01b31bdd646e0040e695450ea8c
                                    • Instruction ID: 577b0b8a754b49022a8e43ed4ba3e77e72867805caf843788d416d7b795e5c00
                                    • Opcode Fuzzy Hash: 55ba1502c6500e7beda0bbba0d76dcf25a57b01b31bdd646e0040e695450ea8c
                                    • Instruction Fuzzy Hash: 0511FEB5608301AFD350CF09DC40E57FBE8EB98660F04895EF95997711D231E9088FA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C7B1A Relevance: .1, Instructions: 51COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f248c11b5fc84df2fcd726c1142b0c72ba133a283b61b0d639c4368b20ad01f0
                                    • Instruction ID: 0633890eee580b85b1aec64944af43b093c33c6d4a13fa0bd0913a33e6e86010
                                    • Opcode Fuzzy Hash: f248c11b5fc84df2fcd726c1142b0c72ba133a283b61b0d639c4368b20ad01f0
                                    • Instruction Fuzzy Hash: C701D230A08204DFCB1C8BA4C515ABE7BF29F85B10F15485DC29AAB780CB719D028F93
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C05BA Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2e3dc8fc21c01816d17cf3ddbf53aa5fccbee9a56cecb1d4136da8ff6d8031a8
                                    • Instruction ID: 5a2ec2b7c622270180e73c8c13917ff52423038cd92aeb142f6bf8cf05891428
                                    • Opcode Fuzzy Hash: 2e3dc8fc21c01816d17cf3ddbf53aa5fccbee9a56cecb1d4136da8ff6d8031a8
                                    • Instruction Fuzzy Hash: 5901F4717001244B8755667858145FF23DBAFCA698729486FE10ACB396CFB98C4347E7
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CDB80 Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a1b431a4479142d458748bbcb06bdcaf8301e7935a1553e763d3c7ce31ef09ac
                                    • Instruction ID: 3712ba1fe4ad4a70b490a8b2186a1403094d3eb5b0392ca4c31acb3b88733bcb
                                    • Opcode Fuzzy Hash: a1b431a4479142d458748bbcb06bdcaf8301e7935a1553e763d3c7ce31ef09ac
                                    • Instruction Fuzzy Hash: CD0126317002149BDB142BB6A81967F76DAEBEDA68711443EE41AC7350CE76CC0087E2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C7B28 Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 95d451f7131bb686ea291ffbc1a7df1cba613dd4857840fbba47fcb0fb294940
                                    • Instruction ID: 06b4a4ade1fec0248e89d8fce72281e9157aeb280f19739f4f996409fddf3ce9
                                    • Opcode Fuzzy Hash: 95d451f7131bb686ea291ffbc1a7df1cba613dd4857840fbba47fcb0fb294940
                                    • Instruction Fuzzy Hash: 8E01B131A081089BDB1CDA94C955ABFBBB69F84A14F14486EC25EA7380CB71AD058FD3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C5740 Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b5f1f184822cd659c9d32c8069527efc66a1cb386649d902b03acb0566c90d7c
                                    • Instruction ID: f903614ae5b3d12c312ff54abcbb1dd427433381b017bb7e3cbe5ea612f35e36
                                    • Opcode Fuzzy Hash: b5f1f184822cd659c9d32c8069527efc66a1cb386649d902b03acb0566c90d7c
                                    • Instruction Fuzzy Hash: C911AD30B00209CFF744DF75D981AAEB7B6EB48604F20402EC509A7242EB3AAD40CF92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CFEF8 Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0504c92e70e0e14bd3a1bbab721edbfeecca6b8c3461c1de1646b725c0615b5e
                                    • Instruction ID: 40933d0174ccd3d99ab86f62f525828b0bb024ed80a9fba9fa3af7c61b29186d
                                    • Opcode Fuzzy Hash: 0504c92e70e0e14bd3a1bbab721edbfeecca6b8c3461c1de1646b725c0615b5e
                                    • Instruction Fuzzy Hash: B201F531A0410A8BDB14DA14C814ABFBBB7DB86B14F14486ED04EA7240CF71AD0A87D3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CFEE8 Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4074b660edf9766d4f5cb180fe30fe5dce4c07783517cf15efb70383248b6559
                                    • Instruction ID: f6ea99d86387dd5bf1ad68d350ac9b7a12d6ee5f0a8ca0fa3753d61912ed60a6
                                    • Opcode Fuzzy Hash: 4074b660edf9766d4f5cb180fe30fe5dce4c07783517cf15efb70383248b6559
                                    • Instruction Fuzzy Hash: 7201B931A141069BDB58DA14C914FBF7BB3DB86F04F14485DD08AA7281CFB19E0A87D3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C1209 Relevance: .0, Instructions: 48COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9a1eec57682d14d975654a19896b6b5335f53817d23d15f35c2e791c2b3a4c6b
                                    • Instruction ID: 9156e1d727f8868e87143f0d560c44b05b1fa0421e1ea3bb9696589a5f50643c
                                    • Opcode Fuzzy Hash: 9a1eec57682d14d975654a19896b6b5335f53817d23d15f35c2e791c2b3a4c6b
                                    • Instruction Fuzzy Hash: 98017134308140CFC7489B28D058D6977E7AFDAA1471544BEE04ACB7B6CF759C098B97
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CA8A0 Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3ab0f11f1648761d899bc18233942cba066f20262a18357a71b226825fd97db1
                                    • Instruction ID: 244848924718404b53cff2b3fccd60bfa9f8bcc1c31fdfe2ee6c96aadc42b6aa
                                    • Opcode Fuzzy Hash: 3ab0f11f1648761d899bc18233942cba066f20262a18357a71b226825fd97db1
                                    • Instruction Fuzzy Hash: 44018F32E002098FDF90DBB9E8157EEBBF4EB84615F11817ADA48D3240EB3459058BD2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 018505DF Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698579171.0000000001850000.00000040.00000020.00020000.00000000.sdmp, Offset: 01850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cc8a202a46fb76de14b9ae455e388a228f7274b59529f188699bebb352fc60b8
                                    • Instruction ID: c2da1b98e29db669146bff54e90c61ecf50e17a13efe7501dbef600285dfccde
                                    • Opcode Fuzzy Hash: cc8a202a46fb76de14b9ae455e388a228f7274b59529f188699bebb352fc60b8
                                    • Instruction Fuzzy Hash: 7401D6B65097806FC701CB15AC45866FFA8EB86620709C4DBEC498B612D225B908CBB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C05C8 Relevance: .0, Instructions: 45COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 00875e70558ef6027531e6338351dde996b9deea793558ae8ef5c055b7db8ee8
                                    • Instruction ID: e7820721011b4c86872ab20c08256a0811f79688afcb65685d1ac41cf278758e
                                    • Opcode Fuzzy Hash: 00875e70558ef6027531e6338351dde996b9deea793558ae8ef5c055b7db8ee8
                                    • Instruction Fuzzy Hash: F0F0B471300028474608767D5914ABF62CFAFDD988B29482FE10ADB396CFB98C4303E7
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C6BE8 Relevance: .0, Instructions: 45COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 13cb8c3151f8c6af1d112644205336d9b8966d6eca9e30ae4019a6153558ff24
                                    • Instruction ID: 767483636582da46a0505ad37c4fc3b33ee9d6da75b6cd9ba19de71c2957902e
                                    • Opcode Fuzzy Hash: 13cb8c3151f8c6af1d112644205336d9b8966d6eca9e30ae4019a6153558ff24
                                    • Instruction Fuzzy Hash: E001AD71F002098FEB90DBB9E9017EEBBF4EB88610F00413AC648D3341EB346A048BD2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CA890 Relevance: .0, Instructions: 44COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e36926bacc0f6040bf76c9e31403468d3e2395507d73ff7555a7c27ac073c5c5
                                    • Instruction ID: 1ce705a4d70f37a8705f33939c1a51ee010438ee37857fc5e99cea9978fd6ce1
                                    • Opcode Fuzzy Hash: e36926bacc0f6040bf76c9e31403468d3e2395507d73ff7555a7c27ac073c5c5
                                    • Instruction Fuzzy Hash: 3E01BC70E0030A8FDB80EBB898167FEB7E0EB44615F11812ADA08E3644EB3459418BD2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C9328 Relevance: .0, Instructions: 44COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 321a093a3e2d6fa644dfa7e5b659de48aa9e311a4671bcb5ff92b08643a27a2d
                                    • Instruction ID: 87a4177c6fa3f681722a3d2f6211e746ab8e0984fbee43e919c51023bdb41df2
                                    • Opcode Fuzzy Hash: 321a093a3e2d6fa644dfa7e5b659de48aa9e311a4671bcb5ff92b08643a27a2d
                                    • Instruction Fuzzy Hash: A3012472E1420ACFCB009BB4D8556EE7BB1EF11315B54456BD0C5C7254EB388804CB93
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CAA10 Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eb6fcb671f412d0edef72779f969cf08125d683901f2780b3171e763393d8c79
                                    • Instruction ID: 7c8d90e3b729cf98db007e8e04111ffe8646100628f466991f3d2876df7a6730
                                    • Opcode Fuzzy Hash: eb6fcb671f412d0edef72779f969cf08125d683901f2780b3171e763393d8c79
                                    • Instruction Fuzzy Hash: 5901A7353042448FC744AB34E5158A97BE2DFD921530988BDE58ADB7A1EF35CD058753
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C1218 Relevance: .0, Instructions: 42COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5cbafa825320c063886508f1fcd8c110952ae79574c60bbae3ad1d273cc84d7a
                                    • Instruction ID: 7d655a64a7c06d0378ba48db8360f3ad22de7d44637f4eb447e2e58e0789e715
                                    • Opcode Fuzzy Hash: 5cbafa825320c063886508f1fcd8c110952ae79574c60bbae3ad1d273cc84d7a
                                    • Instruction Fuzzy Hash: 74011D74304010CBC6489B28D058D6977EBAFD9A1571444BEE54ACB7B6CF71DC098B97
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C6BD8 Relevance: .0, Instructions: 41COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 55d06b1d19be1fc4dc6d5585e0bf9a6f0a294f1097102a77755c3c368a06f2e5
                                    • Instruction ID: a272093840b31b6996934d8dd8e6dd02a9001ee13df9b932433eb57d09c315d2
                                    • Opcode Fuzzy Hash: 55d06b1d19be1fc4dc6d5585e0bf9a6f0a294f1097102a77755c3c368a06f2e5
                                    • Instruction Fuzzy Hash: 8E017C70E002059FEB90DB69D901BEABBF4EB59614F00402DC688E7241E7349904CFD2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CA1A1 Relevance: .0, Instructions: 40COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 728463bd865762a26d1bc2c3880c50bc3150de1893be237b3791ede087eca12f
                                    • Instruction ID: 382e2d0e79a5bdcd7f218cf602efa8a9e6e5b642b1831fc635794ca88ebdeae8
                                    • Opcode Fuzzy Hash: 728463bd865762a26d1bc2c3880c50bc3150de1893be237b3791ede087eca12f
                                    • Instruction Fuzzy Hash: E1F02D72708245DFC3059B7494054A83BF2AFD6125309886ED1C9DB7A1EE3A8C078783
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CFE87 Relevance: .0, Instructions: 39COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2c338605eef32b5c99bcb7f69bd2d53b4d4ebf890d4cfb8e01af96db7ff4ffe4
                                    • Instruction ID: f07d3ad5ca912483d05aa92e41fcb29242f2a53068310c621981f1686d22e2ba
                                    • Opcode Fuzzy Hash: 2c338605eef32b5c99bcb7f69bd2d53b4d4ebf890d4cfb8e01af96db7ff4ffe4
                                    • Instruction Fuzzy Hash: 96018172804258AFCB96DFB488009EEBFF5EF59700B1484ABE489D7162D2358A15DB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C6618 Relevance: .0, Instructions: 38COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eea7c4d354237ddee56b16d02f31c77744d4e4da833eea21deadee54199d7d14
                                    • Instruction ID: a6b4cdf8e63974abf37844135b2d06398ac1199e27464d3f5341ce3d3dfdcd39
                                    • Opcode Fuzzy Hash: eea7c4d354237ddee56b16d02f31c77744d4e4da833eea21deadee54199d7d14
                                    • Instruction Fuzzy Hash: D7F0F030B04305EFC7609A34A9609FE73F4AB85A50F0045BEC54A93341EB394E0687C2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C6628 Relevance: .0, Instructions: 38COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 73cbc57edb9fee26387eef3a96304353f0e2356e80ba8dde70974cea8031d071
                                    • Instruction ID: 5abd1ce5e7c107442121eef604465fb125a4c0fbbb910e781189e6b51773b8c4
                                    • Opcode Fuzzy Hash: 73cbc57edb9fee26387eef3a96304353f0e2356e80ba8dde70974cea8031d071
                                    • Instruction Fuzzy Hash: E0F0E931B04615E78B005275A9209BF76F98BC5E94F40097EC58F93340EF355E0547D3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C84A8 Relevance: .0, Instructions: 37COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7919a8e123748c402bf5893c8729d8d275c165aded1a93af96a5eb1dda804672
                                    • Instruction ID: 7870b71478563b6949227c6e4b9095effaeafa3590ee421bea01a25c9e3be6d0
                                    • Opcode Fuzzy Hash: 7919a8e123748c402bf5893c8729d8d275c165aded1a93af96a5eb1dda804672
                                    • Instruction Fuzzy Hash: C8F06D71A08244DFCB40DBA4E445CBFFBB0FB95A50B0188BFD68AD6651D27148058762
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CE871 Relevance: .0, Instructions: 37COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 653fd9dc74ac3bc041eb21b181f4ec107dd4cbba0ee6ea1877b83665bd67c28c
                                    • Instruction ID: a303b0a136c31aa9ff8d8daeaba8cae459161e1b60f412dbfd780ca0e59600b0
                                    • Opcode Fuzzy Hash: 653fd9dc74ac3bc041eb21b181f4ec107dd4cbba0ee6ea1877b83665bd67c28c
                                    • Instruction Fuzzy Hash: 72F027A3E083909BEB36427C5C48BA77F489B41A11F094CBFD9CFDB583D810484883A3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C5CD1 Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5d6b783fb89692b05974439961a1418405000976933643c0cde4f1b3ac13eb79
                                    • Instruction ID: adc3a4581346207657548e6bb685137131532f24efeff9b24bc9b435b6808187
                                    • Opcode Fuzzy Hash: 5d6b783fb89692b05974439961a1418405000976933643c0cde4f1b3ac13eb79
                                    • Instruction Fuzzy Hash: E6F06271E052158F8B80DFB8A4456FFBBF6EB88614B15016AD408E3301EB3559118BA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C45B8 Relevance: .0, Instructions: 35COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6bb4fba4a51932729ff42addd31ed6ffb572475e88afebcba3d1fac58a93d02d
                                    • Instruction ID: ddc144c675775d138e53abe82eca8e76178b9589e3e7918bd75401e9bd3fae74
                                    • Opcode Fuzzy Hash: 6bb4fba4a51932729ff42addd31ed6ffb572475e88afebcba3d1fac58a93d02d
                                    • Instruction Fuzzy Hash: 8BF0E230E0031AAFDB50CAA89C01AFBBBFCEB85210F10007EE548E7141E2300D0587A1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CC6BA Relevance: .0, Instructions: 35COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e4452ff21bfc3b603bbe36f13e84a2b3314bbd900c0a080b6999526c67e623b3
                                    • Instruction ID: 7c3e4448498d8517dacc0ca39f776836862026348514fdb5954c998abe981520
                                    • Opcode Fuzzy Hash: e4452ff21bfc3b603bbe36f13e84a2b3314bbd900c0a080b6999526c67e623b3
                                    • Instruction Fuzzy Hash: 1DF05CB37051115BC35A236C182076F2BDA8FD6D31319416EE44DEBB52CF224C0293E7
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CDFBF Relevance: .0, Instructions: 34COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3800dcbae972432c49108fe1a0daff4c5e63e48e1f305f95eba246a2106cf9aa
                                    • Instruction ID: 1302eb4123705a6a84a89d08ef6dff848e16ed21c1536d294e57eda2e36b3cb4
                                    • Opcode Fuzzy Hash: 3800dcbae972432c49108fe1a0daff4c5e63e48e1f305f95eba246a2106cf9aa
                                    • Instruction Fuzzy Hash: 4EF0A7313056505F9721D6AC9810DE62BDAEBD552434448AFE0CACB757CE62DD0B87E2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CFA20 Relevance: .0, Instructions: 34COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4fd84aab656885cddf026e7a2a8d27543f7d543d2622a2f3f66b84eb1ed70adb
                                    • Instruction ID: f06be60817df6b5775ca2ba03da61c9bb4750864cd97cc112b65b52ec5423cb3
                                    • Opcode Fuzzy Hash: 4fd84aab656885cddf026e7a2a8d27543f7d543d2622a2f3f66b84eb1ed70adb
                                    • Instruction Fuzzy Hash: 20F0A03210EB41CFD799516886008B2EBA3AB55F443546DAFC4CF8AA11F636ED4B4353
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068506D8 Relevance: .0, Instructions: 34COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2702045570.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c6f3fb340fc9714b900e9a19fc23407a3e394b3b2a19f874d4e9b988eaf3c720
                                    • Instruction ID: b8470fd47f42156d80a739c2a0006ea4e0f3d0c3dadb85ebb251cf03bc0a0066
                                    • Opcode Fuzzy Hash: c6f3fb340fc9714b900e9a19fc23407a3e394b3b2a19f874d4e9b988eaf3c720
                                    • Instruction Fuzzy Hash: 99E092726452145FE78496F86C528F977AAEFC2224309489FF449DB292D9228D028791
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C8748 Relevance: .0, Instructions: 33COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 58f9d375de4859f8aa837e4352ead7883e94ec49b4577fa358646678faabc647
                                    • Instruction ID: 699a2500c12f8888f9d20dd3f4a3108bfed8745f397f8060ccce5d6137be9a09
                                    • Opcode Fuzzy Hash: 58f9d375de4859f8aa837e4352ead7883e94ec49b4577fa358646678faabc647
                                    • Instruction Fuzzy Hash: 18F09E36F051114FC75616B4E81B2703BE1D789662319446ED446C7B55EE348C11CFC3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C55D9 Relevance: .0, Instructions: 32COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0f022d5065cc631637618984b4b22047b7f0bf06f6749c473bb0a4e66fa44be5
                                    • Instruction ID: e6e0bc9dde3a2857b64dc0b5dafb9673ce38c2dd91ecf95366f5f7dd7c0697c1
                                    • Opcode Fuzzy Hash: 0f022d5065cc631637618984b4b22047b7f0bf06f6749c473bb0a4e66fa44be5
                                    • Instruction Fuzzy Hash: A3E06D32B002089BDB465979A8411FFB7E9EBC4271F01427FDA08E7650EA765C268AE1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C4701 Relevance: .0, Instructions: 32COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8e81d610e4d6995df1ad028b502f58bfe635f023a54445c278d32234be4567c8
                                    • Instruction ID: 49592ee90c750aca4cf03a056ab3d8dae551fba805811b3ae62d22408134fd1a
                                    • Opcode Fuzzy Hash: 8e81d610e4d6995df1ad028b502f58bfe635f023a54445c278d32234be4567c8
                                    • Instruction Fuzzy Hash: 40E0ED32344341CFC31642B4A82177933E58BCBA61B1604BFD189DB642E52A4C424B62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CE7F0 Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0be1a1a11ffea148110ef9f30f2250efe43ac5fc645991b76ef045facef34931
                                    • Instruction ID: f0dd7649e18ec6c99c8bb685c10cda22ea197e1682f78158e0efd84da9e97075
                                    • Opcode Fuzzy Hash: 0be1a1a11ffea148110ef9f30f2250efe43ac5fc645991b76ef045facef34931
                                    • Instruction Fuzzy Hash: 69F0E5767046004F9316C2689921AA93B9AEF92824304885FC58FCB742EF22DC0687E3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CFE98 Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fd5ce245d8274adf4c79bded6a7324d1d78c6502e2a74b8115ed41c127ecb6d5
                                    • Instruction ID: 1ca623d5842cac16123f53fa4ac5dd1ffe5b087f2eef70e777bb7e95b6701b6a
                                    • Opcode Fuzzy Hash: fd5ce245d8274adf4c79bded6a7324d1d78c6502e2a74b8115ed41c127ecb6d5
                                    • Instruction Fuzzy Hash: 7AF05431804119EFCB41DFA4C9009EEBFF5EF49710B1084AAE59CD7161D6318A20DF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01850948 Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698579171.0000000001850000.00000040.00000020.00020000.00000000.sdmp, Offset: 01850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e6850d79e688ef7387407e307c00caab001beb49244c143f541758b1d055de9a
                                    • Instruction ID: 2cd0e6d5f648ddfda9844c9b4cf26c15d529ac25b43bce005f9e439958054843
                                    • Opcode Fuzzy Hash: e6850d79e688ef7387407e307c00caab001beb49244c143f541758b1d055de9a
                                    • Instruction Fuzzy Hash: 3AF01D35108644DFC306CB14D940B15FBA2EB89718F24CAADE94907B66C337E913DA81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CC9EE Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6759dd1e0d5a8b8dca69d3aa5bca1b1a896b5770cd87786c85dd914b3f960e26
                                    • Instruction ID: de9cf39f41b9afeefa762dbbd263cdc4cc87793d002dea6442eef75ffc285ae3
                                    • Opcode Fuzzy Hash: 6759dd1e0d5a8b8dca69d3aa5bca1b1a896b5770cd87786c85dd914b3f960e26
                                    • Instruction Fuzzy Hash: 0BE0D1653091C09F8616557C513897D2F9A4FC946130D04EFC1CEDB652DD65CC018353
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C74FF Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6ca586619a49f39674c617f13fc0c96f676f26f578ace388dcccd41f3aae178d
                                    • Instruction ID: 0ff46eb1b33038433e06519d19a5ca05f2c7e7b38391d30687babe76d256f746
                                    • Opcode Fuzzy Hash: 6ca586619a49f39674c617f13fc0c96f676f26f578ace388dcccd41f3aae178d
                                    • Instruction Fuzzy Hash: 91E06530B011518BCB54B3F9942839E62525FE0D19F41013CC55ADF792DF254D0987D3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CD897 Relevance: .0, Instructions: 28COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 08d4ea9163cb67e875d387bd467bae1e9f47a22af1b480f6f3c97184be244c79
                                    • Instruction ID: 89aa8d28d013d846405d952f04f3ebf8f571387d7d1671f08896f17a3055009d
                                    • Opcode Fuzzy Hash: 08d4ea9163cb67e875d387bd467bae1e9f47a22af1b480f6f3c97184be244c79
                                    • Instruction Fuzzy Hash: 1CE092216502B04BC3542EB950253BF6AC64FEA960F1848BEC4CEEBF91DD398D0187E3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01850606 Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698579171.0000000001850000.00000040.00000020.00020000.00000000.sdmp, Offset: 01850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a55524aa52994a98383681263dde7d6fc6b6e4a8945151c74eee94bc7eae6aff
                                    • Instruction ID: e2e315a66ce6f8c0e444c869164f5147151a4f8a3b24a6afba57afb410295706
                                    • Opcode Fuzzy Hash: a55524aa52994a98383681263dde7d6fc6b6e4a8945151c74eee94bc7eae6aff
                                    • Instruction Fuzzy Hash: A5E092B66006004B9750CF0AEC81452FBD8EB84630708C07FDC0D8BB01D235F508CAA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CE800 Relevance: .0, Instructions: 26COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d32122a27bd89e3be1117e71b5dc28d7f2c14921ca1e1b77a7610b7a3eec2293
                                    • Instruction ID: 72d5deab3ae16c0227b9fa4e756a339bd84ab7b4eed9439da52bb3e740780790
                                    • Opcode Fuzzy Hash: d32122a27bd89e3be1117e71b5dc28d7f2c14921ca1e1b77a7610b7a3eec2293
                                    • Instruction Fuzzy Hash: 9BE04F353006105B5725D66AD850CAB77DEEBC6925340882ED54F8B741DF62EC0687E3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CDFD0 Relevance: .0, Instructions: 26COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3725176c84d270dc120042b4da90543a9d9550a08f361503997c5115b48bb550
                                    • Instruction ID: 9b0b26fc637efa92ad2ab0d4908a8518c2b9d06e2c8beaa889f238b389c0935e
                                    • Opcode Fuzzy Hash: 3725176c84d270dc120042b4da90543a9d9550a08f361503997c5115b48bb550
                                    • Instruction Fuzzy Hash: 4DE0DF313146114B5720D6A9D820CAA73DEEBC09243008C2ED54E8B701DFA3DC0287D2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0156AA87 Relevance: .0, Instructions: 26COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697791060.0000000001562000.00000040.00000800.00020000.00000000.sdmp, Offset: 01562000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1562000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e45cdc35e115a35f13656382d2a18152323188ec9a834e3b6db7c9e047809b58
                                    • Instruction ID: 7f8f3bb7defd77ffb3cf4ff27b6b3af71ceb1c4a9a1e264446a821c77279819e
                                    • Opcode Fuzzy Hash: e45cdc35e115a35f13656382d2a18152323188ec9a834e3b6db7c9e047809b58
                                    • Instruction Fuzzy Hash: 09E0D8F254020467D3509F0A9C45F52FB98DB50A30F08C567EE095F701D175B5148AF6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CCA39 Relevance: .0, Instructions: 25COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8894bf13b0dc537d0cf244b5575256613c9a5aff0b131c69613e1fd03f37f515
                                    • Instruction ID: 51ae71f2d130a8fd74f6fec8e113297180921afa6d9410fc343b304e7a75dd00
                                    • Opcode Fuzzy Hash: 8894bf13b0dc537d0cf244b5575256613c9a5aff0b131c69613e1fd03f37f515
                                    • Instruction Fuzzy Hash: 2AE022312083109FC312D76CD554876BBA9EFCA624309C8AFC48E87642CB30AC02D750
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CFA30 Relevance: .0, Instructions: 25COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2c31aeb8a7367a8a2993808323b037f9daa1bab4a0728c57df19885c2b6e08db
                                    • Instruction ID: 920d0109ccd9161fd332fbd19d62c339b6fa8f68d488b15287eb97e2eae766e7
                                    • Opcode Fuzzy Hash: 2c31aeb8a7367a8a2993808323b037f9daa1bab4a0728c57df19885c2b6e08db
                                    • Instruction Fuzzy Hash: 15E04F31109B04CB8625651D9240C73F7AB6B44F543506DAFD8CF47A00F671FD464783
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CCA00 Relevance: .0, Instructions: 24COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4c98f73c617baf07f5ddece701fe3ff13e6a18c6618157977d84b3f9ba298c08
                                    • Instruction ID: 887f34ef5fa35fb78f60fe2a9acf419e071e371ff3389da760ab0ab670c9e239
                                    • Opcode Fuzzy Hash: 4c98f73c617baf07f5ddece701fe3ff13e6a18c6618157977d84b3f9ba298c08
                                    • Instruction Fuzzy Hash: EBE0C2313040509B0918A56E5028CBE7A9F8BC9962309057FD14FCB311EE52DC0283A3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C5DE8 Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 16d29b0970f5504fc352c84a4aab527ddc277da2340f4402f5ea658e917c2380
                                    • Instruction ID: 08bed93a27ee2375e8bdc845fbd1a2138d3e9f4fefebe3349259c8ba3d174ccc
                                    • Opcode Fuzzy Hash: 16d29b0970f5504fc352c84a4aab527ddc277da2340f4402f5ea658e917c2380
                                    • Instruction Fuzzy Hash: 02E0CD3075A3159FDF45637454504BF77D94ED1D24B85457FC0CACB151ED590C028BD2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CE011 Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9fc50815dda9d19357506e04845938f8ced6fef0e21cca7f03d99c3b11cc5c72
                                    • Instruction ID: 2955088aac6fd0667bea1371ce30be3d6679ad6cc01535381537f8f8b9e25190
                                    • Opcode Fuzzy Hash: 9fc50815dda9d19357506e04845938f8ced6fef0e21cca7f03d99c3b11cc5c72
                                    • Instruction Fuzzy Hash: 22E08C7250C250CBD795867092459F57FE0F789E62B090C6EE0CFC6102E92FA84683A3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CFE50 Relevance: .0, Instructions: 21COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2991c322e0253df41051b464c7235df90855b19b7131ccb8fbcb0a79c86f903f
                                    • Instruction ID: 5877a253ecfd1e0f8261b921ca6b77e2512b9180a710c0b3ba0bf656ef3d2bc3
                                    • Opcode Fuzzy Hash: 2991c322e0253df41051b464c7235df90855b19b7131ccb8fbcb0a79c86f903f
                                    • Instruction Fuzzy Hash: 06D0C2C29281500FD389523A7C156C5BB6B4BA6014B1A4386E409871A3E924880542A2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C6220 Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c64c912e1fd4aaf4898f5a1350ee0c174e43de7a44cf7c933649e9a58a8e1bea
                                    • Instruction ID: 0ad36d7c6fc4dfb20d6dc8176ae6b91c6244e8d890f561326cd560b1491f09ab
                                    • Opcode Fuzzy Hash: c64c912e1fd4aaf4898f5a1350ee0c174e43de7a44cf7c933649e9a58a8e1bea
                                    • Instruction Fuzzy Hash: E7D05B3265851583D31025DD5004BB5354E5749965B05042EDB8EC7354CF954D4453FB
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CE020 Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8b16fd5216deb52479e78df93c5b92be34e49385201ccad4dadb1fb62d072f2e
                                    • Instruction ID: 773c4412c173e0b9a8c526ebcfbb316027c38499da700650ff45f4d3eb298a31
                                    • Opcode Fuzzy Hash: 8b16fd5216deb52479e78df93c5b92be34e49385201ccad4dadb1fb62d072f2e
                                    • Instruction Fuzzy Hash: C4D05E3110C220DBC724D6559101DB2BFE8B749E127044D2EF1CF82102EA6BAC4183F3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CE841 Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 071cfc029750971688d8815481e9eb5a89f6ce45a82813bada3eb1f3cfc99f31
                                    • Instruction ID: 913cb126ce809789a0bcf013dea00546be76802ada6d28219dd4a61cb9719ae2
                                    • Opcode Fuzzy Hash: 071cfc029750971688d8815481e9eb5a89f6ce45a82813bada3eb1f3cfc99f31
                                    • Instruction Fuzzy Hash: FFE0C27290A340CFD35546618A114A63F319E82E213054F9FC4FF471D3DA2498458703
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C57F6 Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b79a979ff8c0b6fa283c844d0a5d7bc3d02df88b1a1be3a79c2661403add2133
                                    • Instruction ID: b328f23ec672714a7dee9d3a87569277b8a09603cebcc022a86905d0c07a19db
                                    • Opcode Fuzzy Hash: b79a979ff8c0b6fa283c844d0a5d7bc3d02df88b1a1be3a79c2661403add2133
                                    • Instruction Fuzzy Hash: A9D0C231F08000CB9B00A7F8EA584ED7BB09BD4828746057AC10F97202DF20280583D3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C7698 Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 82ad6666174099225d30101356c967feb5e212f8651ab21001d7e531646a9f6d
                                    • Instruction ID: f367a6f3ca2e6c4864de11b7596b40afd9ded6f3ca34823d630bc9d92d92b90b
                                    • Opcode Fuzzy Hash: 82ad6666174099225d30101356c967feb5e212f8651ab21001d7e531646a9f6d
                                    • Instruction Fuzzy Hash: 29D0C231009B10CAD33D56FD9600EA27AD95B42B14F040C5E81CB056A0C661E1849BA3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C02A1 Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a42035cdaf2baa246ac39e576b34730bf912a039018cec745e9fd6e8d9a57067
                                    • Instruction ID: 27a0243330a3889fe4a531253d2416a9a17b6df1793b5d610a3beeb18ccfd04b
                                    • Opcode Fuzzy Hash: a42035cdaf2baa246ac39e576b34730bf912a039018cec745e9fd6e8d9a57067
                                    • Instruction Fuzzy Hash: 23E01734109710DFC3A18B64E5698E6B7F5FF92A203068C4EE0DA4BD28D734AC46CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068506E8 Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2702045570.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 141d12c9200aef13104c396a99f42470f378e0d13deb15d5923c4fc0affb6d98
                                    • Instruction ID: ff6ad051b9ab25551133cd2e4f237de5508638f9db4c2255fe4d8de0a75211ef
                                    • Opcode Fuzzy Hash: 141d12c9200aef13104c396a99f42470f378e0d13deb15d5923c4fc0affb6d98
                                    • Instruction Fuzzy Hash: B1D05E353001241B6604E5A9985287973CEEB85514304885EB909CB341CD729C0283D0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C016F Relevance: .0, Instructions: 18COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bf6fd5b548d14a2cdc3783746832db15cb403e38db31021b623270f7e9061e29
                                    • Instruction ID: 4cae71e2be30a3516b561c3b173ddda12d6dcfeba8acde157d210ba68beb45a9
                                    • Opcode Fuzzy Hash: bf6fd5b548d14a2cdc3783746832db15cb403e38db31021b623270f7e9061e29
                                    • Instruction Fuzzy Hash: 57E017356423009FDB59AB74E0690A83BA2EFA621A30104BED056CB261EB3AD885DB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06850668 Relevance: .0, Instructions: 18COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2702045570.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d4e093c17094fdc4958768a5274fd71b0676876382dfc32ad31aeeddad2848a4
                                    • Instruction ID: 264551d606e6c1c1b9b349c949f44839a2982abb229b970d88127d0348bbff32
                                    • Opcode Fuzzy Hash: d4e093c17094fdc4958768a5274fd71b0676876382dfc32ad31aeeddad2848a4
                                    • Instruction Fuzzy Hash: 3FD0176440D30DCEF7E00980D02733D32D69BC032DF038666AF1BC8847C62644CA9ACB
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C85D7 Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: accedf603445f6a2d1cb89d0f67bfad83912ea0710a0b4a56f2dbdc90fb39635
                                    • Instruction ID: d0a9d9a305d03e3a5a75b53c16a4759f8b414757868a956d4eb29a1bc442bed9
                                    • Opcode Fuzzy Hash: accedf603445f6a2d1cb89d0f67bfad83912ea0710a0b4a56f2dbdc90fb39635
                                    • Instruction Fuzzy Hash: 95E0EC3122054ECBDB40DF54E644CAD7761FB60608744C81AF4894B61CDF70E9298B43
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C7148 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                                    • Instruction ID: 5b41be9a7478227234cd45a0226e44de6381c7d57163c3598d9b9e76a395d3fb
                                    • Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                                    • Instruction Fuzzy Hash: CED0423AA00004CFD704CB88D5849D9F7F2FB88225F28C1AAD919A7251C732ED56CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CE850 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0bcdcd79e63252f942e3c74e600c75e29cad5d44b7b61d4f8e7bfed03ac3de0d
                                    • Instruction ID: 3e8174ac142467b57a52a00e6910b6987436ce7d873558defe62003ab3c87425
                                    • Opcode Fuzzy Hash: 0bcdcd79e63252f942e3c74e600c75e29cad5d44b7b61d4f8e7bfed03ac3de0d
                                    • Instruction Fuzzy Hash: 25D0A93000A600CB82245642D000CA3BB7EDA41E263004D2ED08F036018F22A8408783
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C9300 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c8f67085cb30cc2416943eb0c284c413b1e14855df7c8da582a40aa7c389124c
                                    • Instruction ID: db932a2ba75794d464cc76f67008c0c559ccbef29d3359cf6ac0e6f708dc64aa
                                    • Opcode Fuzzy Hash: c8f67085cb30cc2416943eb0c284c413b1e14855df7c8da582a40aa7c389124c
                                    • Instruction Fuzzy Hash: C7D0C72105D381DFD34317545D1AF607B645F09B19F1508C9E18D5E4D6E6654D114725
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C0650 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2a3f95d0b2e8c0cf9f56b48c0226ce0be6585e64f70013667d7c4693d37ad000
                                    • Instruction ID: 47e5b89a240c943fde55b48bc156477c5381af536dd22dce80a7879e7328108c
                                    • Opcode Fuzzy Hash: 2a3f95d0b2e8c0cf9f56b48c0226ce0be6585e64f70013667d7c4693d37ad000
                                    • Instruction Fuzzy Hash: 34D0A7B408A380CFD3510FB0A9244A63B329B92315F29497EE0C58B572D63A5882DB13
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06850720 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2702045570.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9353c96efbc87de66b6c3c4781e031884c9fdbc609843b67099c3dd0616f79c6
                                    • Instruction ID: effafde304dd04310130e8563bbd0b79f925b4dbbdebbdce60e73fc770e6efc2
                                    • Opcode Fuzzy Hash: 9353c96efbc87de66b6c3c4781e031884c9fdbc609843b67099c3dd0616f79c6
                                    • Instruction Fuzzy Hash: A7D0A72194C3C01FCB4263F054240DDBFF05D5301930540AFCC858B9E3C6158409C3B3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068506A8 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2702045570.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 36b672e9f417122a32de19fd38861a0836f65fe0f4bff9537ddd5d1ad3f0bbbb
                                    • Instruction ID: 05a870a82638b57d12fc44349f12f8c25c65657d81c12f691a0b45116007d9f6
                                    • Opcode Fuzzy Hash: 36b672e9f417122a32de19fd38861a0836f65fe0f4bff9537ddd5d1ad3f0bbbb
                                    • Instruction Fuzzy Hash: 6ED0A92012D34E8EF380226A680B23D3EC83BE0B0CF020452AF8BC8022CF0484908BB3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 014423F4 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697595423.0000000001442000.00000040.00000800.00020000.00000000.sdmp, Offset: 01442000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1442000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 877ae166d5d2fe8215c7de71e6a475a44f10fc6a2157ab68dcfd6921ce67ab45
                                    • Instruction ID: 5860e0e75ed7602931ae542493f0468d5a6a3387357212261d25e83e0a1c747e
                                    • Opcode Fuzzy Hash: 877ae166d5d2fe8215c7de71e6a475a44f10fc6a2157ab68dcfd6921ce67ab45
                                    • Instruction Fuzzy Hash: 4ED05B752056D14FF3169A1CD158F963BE4AB51715F4644FAA8008B773C768D581D600
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 014423BC Relevance: .0, Instructions: 14COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697595423.0000000001442000.00000040.00000800.00020000.00000000.sdmp, Offset: 01442000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1442000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d8e3a3994e63de083620766c88846d9ef227c28bd1283a475d335aba847aa8ec
                                    • Instruction ID: cd15ef780312c54c0dd000a3116615d91e1d43eceabb2a04514bc83020318375
                                    • Opcode Fuzzy Hash: d8e3a3994e63de083620766c88846d9ef227c28bd1283a475d335aba847aa8ec
                                    • Instruction Fuzzy Hash: 30D05E342002814BE715DA1CD6D4F5A3BE8AB50B14F1A44E9BC108B772C7B4D8C1CA00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C5478 Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 982e3a87a3eb68b2c6e26c7b1610a8e4d191052a1d41258d726a4234a362bb91
                                    • Instruction ID: 54a5b0846aa954428cb15633e62495d96ff418783d132a99a6efec0aa405b251
                                    • Opcode Fuzzy Hash: 982e3a87a3eb68b2c6e26c7b1610a8e4d191052a1d41258d726a4234a362bb91
                                    • Instruction Fuzzy Hash: 5AD0C9203042048BF77117AE640EB68BF5C6704E4BB070189E09E8642ADB21605CE793
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C7E0E Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e305e175c7a4899a3aaa8e9f0834fa5de2e162f7d9de40f3757d563f659ae210
                                    • Instruction ID: bc65ebb09c171e8747dff760de3a50aaae653bfc2ed7d927580605b1f9b73a95
                                    • Opcode Fuzzy Hash: e305e175c7a4899a3aaa8e9f0834fa5de2e162f7d9de40f3757d563f659ae210
                                    • Instruction Fuzzy Hash: F3D05EB8900209CFCB61CFB5D85049C37F0EB086503240B2ED4529B395E3385C04CF61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C0180 Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b0717a24c98d5c9d2f33d31a1618584b5f314943410a27d630aadfb27c9c29e7
                                    • Instruction ID: fc451ab77055d2967333353ffcfe0870a9f99b0c5bd4aca9c206f9673fc64418
                                    • Opcode Fuzzy Hash: b0717a24c98d5c9d2f33d31a1618584b5f314943410a27d630aadfb27c9c29e7
                                    • Instruction Fuzzy Hash: 8ED01234201304CBC7186B74F11D06833A6AB48606341087DD5178B355EF36DC80DB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C5D5F Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d8c125cc8d57d2137b0d7c0874411c5f66902d5bd78fc6c7cb5ea0efd310b6f8
                                    • Instruction ID: 8320c70f98aa54031d409fa18dfc03ac74732ea9213e4d745df8dda0dc49eb94
                                    • Opcode Fuzzy Hash: d8c125cc8d57d2137b0d7c0874411c5f66902d5bd78fc6c7cb5ea0efd310b6f8
                                    • Instruction Fuzzy Hash: 83D0A730188740DFD7508768A098BA437B46B02255B0601AEC44D4B032C5211042D726
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C5D70 Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 96bd7fb456ed16735d2466fbe0ea267486ba2d48dc6b62f8a934d170033a5053
                                    • Instruction ID: d4b94e042ef049cb6d6d68bffda2e5182d88d29d41d1cba80ac673da21209300
                                    • Opcode Fuzzy Hash: 96bd7fb456ed16735d2466fbe0ea267486ba2d48dc6b62f8a934d170033a5053
                                    • Instruction Fuzzy Hash: 6DC08C20340B068BAA2027B8680C529369C8A4488A3820019E01F8B026EE20E40052C3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C860F Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3b8a87c2eb3df1480c74a3942be7331e6bcf3678de1f4c2fd73f0284c66fd8ef
                                    • Instruction ID: ac16e62cf80fe99acc85447dff467288f11830cf89f456d2f6f14a063960f9e6
                                    • Opcode Fuzzy Hash: 3b8a87c2eb3df1480c74a3942be7331e6bcf3678de1f4c2fd73f0284c66fd8ef
                                    • Instruction Fuzzy Hash: 8FD0C93222044ADBDB40DB54F144C9D7765EB6060C704C456F40586518DF74DA188B83
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CC7C9 Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c14330deba3d5d93eff9206439ceef5215fe13d52c1e3a56b0bc6485886596b4
                                    • Instruction ID: 61881c27c9ef8f55ceea9a952cea011bffea721e9ff4889fd9597a947cb1ffa2
                                    • Opcode Fuzzy Hash: c14330deba3d5d93eff9206439ceef5215fe13d52c1e3a56b0bc6485886596b4
                                    • Instruction Fuzzy Hash: 3AC0122041A3C08FDFA7073118180103F70CE8320834D08CFE0C08A2A2CA2AA404C701
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C0660 Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c6214ec055657a06e6601b24296b5d2337f8417cb915b5f3e8ce103c4fdcb9ae
                                    • Instruction ID: e354a5cb5b33b529c2815918b3f7c4629ec271a4b9794ba25660b8c3559491e6
                                    • Opcode Fuzzy Hash: c6214ec055657a06e6601b24296b5d2337f8417cb915b5f3e8ce103c4fdcb9ae
                                    • Instruction Fuzzy Hash: EEC02B38086204CA82241FB45A08C36730957C0B09B24CD3EF045001218F33A4D19553
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CD1A0 Relevance: .0, Instructions: 8COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c5af8a5d4076b7f6eda87989c6e6be05e201913a4e1b4aece597e60b1f506f2f
                                    • Instruction ID: d1b76e92399aeec93a0d877f238861c8cfacf6cda8c6bf5f5101d98bcdd04cd1
                                    • Opcode Fuzzy Hash: c5af8a5d4076b7f6eda87989c6e6be05e201913a4e1b4aece597e60b1f506f2f
                                    • Instruction Fuzzy Hash: 2DB09B30014508D791456696D509C957699F5565153C00525E04A051555B74990446D7
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C61F1 Relevance: .0, Instructions: 8COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2a68bab6168b82378c9239d445d4376362019f333e3f4f77c53e4ea9ce62fe10
                                    • Instruction ID: f969a725eda8b3fb3033eccc3dd2e2c893954d668a556c4838b0ff5e7274a572
                                    • Opcode Fuzzy Hash: 2a68bab6168b82378c9239d445d4376362019f333e3f4f77c53e4ea9ce62fe10
                                    • Instruction Fuzzy Hash: 63B0922404E3811FC74246640C710813EE47C870283AB04C281A48B652F55C5C5587A2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C716C Relevance: .0, Instructions: 8COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                                    • Instruction ID: a277498e71a6dc17cbaf8552224c4f8838bbc30713a3898314b33f1d7425311c
                                    • Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                                    • Instruction Fuzzy Hash: D5B092B7A04008C9DB008AC4B4417EEF721F790225F108027C31452100C23201648B92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C9323 Relevance: .0, Instructions: 8COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e2cc05284cf9ef84b5627323e56ce9a268afa16d04adc40f2bf1b833b48f09fb
                                    • Instruction ID: 7ece8014c4bd03fa46771b1fb5799e2779a27420ac7ab921eeef4314aa618e22
                                    • Opcode Fuzzy Hash: e2cc05284cf9ef84b5627323e56ce9a268afa16d04adc40f2bf1b833b48f09fb
                                    • Instruction Fuzzy Hash: 31B011302E8200E2EA2003802C0EF303A208B8CF0EF203C0EB2CF280EA0BE2C0000233
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C2EC0 Relevance: .0, Instructions: 8COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cb7ad56a9a318cd8d18b2a97e459aa32fad6bf0a75b3d083a770ae127531cf6d
                                    • Instruction ID: 6ad8a7598b5d3cc316f18257fad78167ff8164ba1f8e0607be8009e1ca65bc27
                                    • Opcode Fuzzy Hash: cb7ad56a9a318cd8d18b2a97e459aa32fad6bf0a75b3d083a770ae127531cf6d
                                    • Instruction Fuzzy Hash: 60B012302043080F275057BD2804A13338C450080A7400024D81DC6011F511E0902681
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06850730 Relevance: .0, Instructions: 8COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2702045570.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_6850000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f3aa3db4e9cce42d6ab062dd6ebb94c272402e38d5c5a18f4e7d3c016f98f2fb
                                    • Instruction ID: 97e83000f01cadf92f07518d365993a4b0b14e58a35f3e4a5a9fdf58443b4493
                                    • Opcode Fuzzy Hash: f3aa3db4e9cce42d6ab062dd6ebb94c272402e38d5c5a18f4e7d3c016f98f2fb
                                    • Instruction Fuzzy Hash: 60B01220600708474E0033F4A81C41C73CC4A808293404025D80D47721DD24954881E7
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 019C9588 Relevance: .2, Instructions: 239COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8949b14c21b92ea324c06abe258148642f6d0449131dfb3887e4a986d12759b8
                                    • Instruction ID: 52c5c7966a231f567bc158d8e94654aa065474ab04ababc70077e8c55655b562
                                    • Opcode Fuzzy Hash: 8949b14c21b92ea324c06abe258148642f6d0449131dfb3887e4a986d12759b8
                                    • Instruction Fuzzy Hash: 4F81CE32F011159BD704DB69C890AAEB7E3AFC8718F2A8478E849DB359DF34DC018B91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C306F Relevance: .2, Instructions: 179COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 702c2a4987f4e2408e875492cc27e4ad1a57dab83f4a3b98d0cf832c3900091d
                                    • Instruction ID: 3f6ae35785140c59712da9986d702b0e22f626f32e0b1d8d58b1ff6b18c4ed50
                                    • Opcode Fuzzy Hash: 702c2a4987f4e2408e875492cc27e4ad1a57dab83f4a3b98d0cf832c3900091d
                                    • Instruction Fuzzy Hash: A9518032F111159BD744DB69D840AAEB7E3AFC4614F2AC078E409DB769DE34DD02C791
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C964F Relevance: .2, Instructions: 179COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3cab97fa9b7db95e15e930c56121110cb16bc4bf7758558b92b51144e8904a84
                                    • Instruction ID: a490395c99543490db587c212c0d3f37b2b5d8258c81a2d715940f4838dfa93e
                                    • Opcode Fuzzy Hash: 3cab97fa9b7db95e15e930c56121110cb16bc4bf7758558b92b51144e8904a84
                                    • Instruction Fuzzy Hash: 1D517032F120159BD754DB69C850BAEB7E3AFC8714F2A8078E409EB769DE34DD018791
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CEF60 Relevance: 11.7, Strings: 9, Instructions: 467COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 0Xl$0Xl$4l$4l$:@k$:@k$\Ol$\Ol$f`k
                                    • API String ID: 0-828121884
                                    • Opcode ID: e82971274a30ba1ce1e4c7e495b3306e6d211989d72d822037f0b04b67ce1b9f
                                    • Instruction ID: ac6a1adc3fdd7a1e8a7db12c194748d6ad341a16f6a67b6de23fde64c8cb484f
                                    • Opcode Fuzzy Hash: e82971274a30ba1ce1e4c7e495b3306e6d211989d72d822037f0b04b67ce1b9f
                                    • Instruction Fuzzy Hash: 9C125A34600110CFD758DF28C198EA97BF2EF49B15B2584ACE98A9BB61CB35EC45CF42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 014426AA Relevance: 6.7, Strings: 5, Instructions: 407COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2697595423.0000000001442000.00000040.00000800.00020000.00000000.sdmp, Offset: 01442000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1442000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 2k$Bk$$Ok$$k$k
                                    • API String ID: 0-1651731090
                                    • Opcode ID: 80713c66b12feca072fd51fe0731d0786e9767fc2179b855b05c3ad8c5d16eec
                                    • Instruction ID: ab1984c0b75c2922469403af4a3b1af22a1d96122d75f509b11a80d243ba398b
                                    • Opcode Fuzzy Hash: 80713c66b12feca072fd51fe0731d0786e9767fc2179b855b05c3ad8c5d16eec
                                    • Instruction Fuzzy Hash: C2D1DD7940E7C14FE313CB3498A65867FB5AE1320871A52DBC4C4CF1B3D2689D0ACBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019C0D8C Relevance: 6.5, Strings: 5, Instructions: 252COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 0Xl$4l$:@k$\Ol$f`k
                                    • API String ID: 0-4284705603
                                    • Opcode ID: 816bdc8501faf17da17e829eff6fe22cb8721d143ab4b8c7fcd0e09272d544f4
                                    • Instruction ID: 51cdee814cf17304721f49e52a8c31232e37365e162481a6716f09d09dc08c46
                                    • Opcode Fuzzy Hash: 816bdc8501faf17da17e829eff6fe22cb8721d143ab4b8c7fcd0e09272d544f4
                                    • Instruction Fuzzy Hash: ABB1D474B083448FE3A4DF38C151BAA76E2BB96304F50482DE1498BB91EB75D806DF97
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 019CD700 Relevance: 5.1, Strings: 4, Instructions: 66COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2698779342.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_19c0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: \Ol$\Ol$\Ol$\Ol
                                    • API String ID: 0-371742063
                                    • Opcode ID: e0bbe9541bf1b8c482f050164e3845397ac89a20289e35973aaa92b73dce3a58
                                    • Instruction ID: 55227f9673cd5ecd5bacb9d300deb1f40e0cd646460296dfad4ad6801dbb5847
                                    • Opcode Fuzzy Hash: e0bbe9541bf1b8c482f050164e3845397ac89a20289e35973aaa92b73dce3a58
                                    • Instruction Fuzzy Hash: A411E2306052959BC714AFE8A0216BE77EA9FD1910B00887ED08F9BB51CF31CD059BD3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Execution Graph

                                    Execution Coverage:15.7%
                                    Dynamic/Decrypted Code Coverage:100%
                                    Signature Coverage:0%
                                    Total number of Nodes:60
                                    Total number of Limit Nodes:6
                                    execution_graph 5746 90af50 5747 90af9a CreateActCtxA 5746->5747 5749 90aff8 5747->5749 5710 90beb4 5712 90bed2 SetCurrentDirectoryW 5710->5712 5713 90bf14 5712->5713 5690 4cc012a 5691 4cc0162 CreateMutexW 5690->5691 5693 4cc01a5 5691->5693 5722 90aaf9 5723 90ab3a RegQueryValueExW 5722->5723 5725 90abc3 5723->5725 5750 90a75b 5751 90a78a OleInitialize 5750->5751 5753 90a7c4 5751->5753 5698 90be3e 5699 90be93 5698->5699 5700 90be6a DispatchMessageW 5698->5700 5699->5700 5701 90be7f 5700->5701 5738 90b71e 5740 90b746 CreateIconFromResourceEx 5738->5740 5741 90b792 5740->5741 5742 90a51f 5743 90a546 DuplicateHandle 5742->5743 5745 90a592 5743->5745 5726 90aa02 5727 90aa32 RegOpenKeyExW 5726->5727 5729 90aac0 5727->5729 5730 90be05 5731 90be3e DispatchMessageW 5730->5731 5733 90be7f 5731->5733 5670 90b806 5671 90b866 5670->5671 5672 90b83b PostMessageW 5670->5672 5671->5672 5673 90b850 5672->5673 5674 90b746 5675 90b784 CreateIconFromResourceEx 5674->5675 5676 90b7bc 5674->5676 5677 90b792 5675->5677 5676->5675 5678 90a546 5679 90a584 DuplicateHandle 5678->5679 5680 90a5bc 5678->5680 5681 90a592 5679->5681 5680->5679 5682 90a78a 5683 90a7b6 OleInitialize 5682->5683 5685 90a7ec 5682->5685 5684 90a7c4 5683->5684 5685->5683 5714 4cc00f6 5717 4cc012a CreateMutexW 5714->5717 5716 4cc01a5 5717->5716 5734 90b7ca 5735 90b806 PostMessageW 5734->5735 5737 90b850 5735->5737 5718 90a8cc 5719 90a8ee SetWindowLongW 5718->5719 5721 90a935 5719->5721 5706 90a8ee 5707 90a920 SetWindowLongW 5706->5707 5708 90a94b 5706->5708 5709 90a935 5707->5709 5708->5707

                                    Executed Functions

                                    Function 04AF23A0 Relevance: 3.0, Strings: 2, Instructions: 505COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 145 4af23a0-4af23e5 149 4af23e7-4af23f0 145->149 293 4af23f2 call d805e0 149->293 294 4af23f2 call d80606 149->294 150 4af23f8-4af2400 153 4af23fe-4af2422 150->153 154 4af2424-4af242b 150->154 164 4af2af3-4af2afe 153->164 156 4af26aa 154->156 157 4af2431-4af24bf 154->157 159 4af26b0-4af26ba 156->159 251 4af24cc 157->251 252 4af24a2-4af24ca 157->252 161 4af26bc-4af26d1 159->161 162 4af2721-4af2752 159->162 172 4af2aee 161->172 173 4af26d7-4af26e1 161->173 169 4af275f-4af2769 162->169 170 4af2754-4af275a 162->170 179 4af2aff 164->179 175 4af276b-4af2784 169->175 176 4af2786 169->176 174 4af27e0-4af27fd 170->174 172->164 173->172 177 4af26e7-4af26f1 173->177 188 4af286f-4af28de 174->188 189 4af27ff-4af2823 174->189 180 4af2788-4af278a 175->180 176->180 177->172 181 4af26f7-4af271c 177->181 179->179 185 4af278c-4af278e 180->185 186 4af2790-4af27aa 180->186 181->164 185->174 186->174 196 4af27ac-4af27af 186->196 206 4af2933-4af2942 188->206 207 4af28e0-4af28e4 188->207 189->172 197 4af2829-4af2830 189->197 198 4af27b2-4af27b7 196->198 197->172 201 4af2836-4af2842 197->201 198->172 203 4af27bd-4af27de 198->203 201->172 204 4af2848-4af2854 201->204 203->174 203->198 204->172 212 4af285a-4af286a 204->212 210 4af294b-4af294f 206->210 211 4af2944-4af2949 206->211 207->206 208 4af28e6-4af28e9 207->208 214 4af28ec-4af28f6 208->214 210->172 216 4af2955-4af295d 210->216 215 4af29b1-4af29b5 211->215 212->149 214->172 219 4af28fc-4af2911 214->219 217 4af2a0a-4af2a24 215->217 218 4af29b7-4af29be 215->218 216->172 220 4af2963-4af2970 216->220 235 4af2a26-4af2a3c 217->235 218->217 221 4af29c0-4af29d2 218->221 219->172 223 4af2917-4af2924 219->223 220->172 224 4af2976-4af2983 220->224 230 4af29fd-4af2a08 221->230 231 4af29d4-4af29d7 221->231 223->172 225 4af292a-4af2931 223->225 224->172 226 4af2989-4af29a6 224->226 225->206 225->214 226->215 230->235 237 4af29da-4af29df 231->237 238 4af2a3e-4af2a6e 235->238 239 4af2a70-4af2a74 235->239 237->172 240 4af29e5-4af29ed 237->240 238->239 244 4af2ad6-4af2aec 239->244 245 4af2a76-4af2a89 239->245 240->172 246 4af29f3-4af29fb 240->246 244->164 295 4af2a8b call d805e0 245->295 296 4af2a8b call d80606 245->296 246->230 246->237 253 4af24ce-4af24dc 251->253 252->253 256 4af24de-4af24e9 253->256 257 4af24eb-4af24ed 253->257 255 4af2a91-4af2ab2 255->244 258 4af2ab4-4af2ad0 255->258 260 4af24f3-4af24f5 256->260 257->260 258->244 262 4af24f7 260->262 263 4af2501-4af2523 260->263 262->263 266 4af2525-4af2534 263->266 267 4af2540-4af2543 263->267 266->267 268 4af2536 266->268 269 4af254c-4af256b 267->269 270 4af2545 267->270 268->267 291 4af256d call d805e0 269->291 292 4af256d call d80606 269->292 270->269 272 4af2573-4af2596 275 4af2598-4af25b5 272->275 276 4af25b7-4af25c5 272->276 279 4af25d0-4af260c 275->279 276->279 282 4af260e-4af2615 279->282 283 4af261d-4af2633 279->283 282->283 286 4af2635-4af2639 283->286 287 4af2643-4af264b 283->287 286->287 288 4af263b-4af263d 286->288 297 4af2651 call 4af2fa8 287->297 298 4af2651 call 4af2f97 287->298 299 4af2651 call d805e0 287->299 300 4af2651 call d80606 287->300 288->287 289 4af2657-4af269c 289->159 290 4af269e-4af26a8 289->290 290->159 291->272 292->272 293->150 294->150 295->255 296->255 297->289 298->289 299->289 300->289
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: f`k$f`k
                                    • API String ID: 0-3251778840
                                    • Opcode ID: a3395df8ebd6771df456426e20d8009900fdd269d715402d952d7ba684c7b987
                                    • Instruction ID: 6762f839f915bc77f604e391d73cf309310dc7bed9bf3ddd830edd5a4d9a2508
                                    • Opcode Fuzzy Hash: a3395df8ebd6771df456426e20d8009900fdd269d715402d952d7ba684c7b987
                                    • Instruction Fuzzy Hash: 9E12DE32B04215CFD724EFA9C8843ADB7F2FF84305F14C5A9E5169B265EB76A881DB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF3850 Relevance: .8, Instructions: 760COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 69072cca18257dd9d856e4014221c9004ad8b100b10ddcc566b447c217630994
                                    • Instruction ID: 2dab63eac444d7935f8726f3a777d0858f2cf208a63749e7d0d8768fa002f3e9
                                    • Opcode Fuzzy Hash: 69072cca18257dd9d856e4014221c9004ad8b100b10ddcc566b447c217630994
                                    • Instruction Fuzzy Hash: 7D52F431A04115CFCF15CFA8C8949ADBBF2FF85304B19C5AAEA099F652D731E846CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF2FA8 Relevance: .2, Instructions: 239COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 895515a40e68737ce0e5988f02937e2a71efc23bcdd86134f779e7a980da53f3
                                    • Instruction ID: 8c418882b5e192345c2cc4bde364cac0da8cecd02f851b057493da9b62a2f6d0
                                    • Opcode Fuzzy Hash: 895515a40e68737ce0e5988f02937e2a71efc23bcdd86134f779e7a980da53f3
                                    • Instruction Fuzzy Hash: 5F81AF32F111159BEB14DBA9D880AAEB7F3AFC4314F298475E905DB369DF35AC018790
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF0980 Relevance: 5.2, Strings: 4, Instructions: 176COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 4af0980-4af0981 1 4af09d8 0->1 2 4af0983-4af0990 0->2 5 4af09de 1->5 6 4af09da-4af09dc 1->6 3 4af0999-4af0af1 2->3 4 4af0992-4af0994 2->4 11 4af0b00-4af0b28 3->11 4->3 62 4af09de call 4af0baf 5->62 63 4af09de call 4af0c68 5->63 64 4af09de call 4af0bc0 5->64 6->5 7 4af09e4-4af09ef 54 4af09f5 call 4af1209 7->54 55 4af09f5 call 4af1218 7->55 56 4af09f5 call d805e0 7->56 57 4af09f5 call d80606 7->57 65 4af0b2a call d805e0 11->65 66 4af0b2a call d80606 11->66 12 4af09fb-4af0a2c 58 4af0a2e call d805e0 12->58 59 4af0a2e call d80606 12->59 60 4af0a2e call 4af1291 12->60 61 4af0a2e call 4af12a0 12->61 15 4af0b2f-4af0b39 19 4af0b3f-4af0b55 15->19 20 4af0b37-4af0b3d 15->20 31 4af0b5b-4af0b6e 19->31 32 4af0b53-4af0b59 19->32 23 4af0ba7-4af0bac 20->23 25 4af0a34-4af0a46 25->11 27 4af0a4c-4af0a56 25->27 29 4af0a58-4af0a5a 27->29 30 4af0a64-4af0a92 27->30 29->30 30->11 39 4af0a94-4af0a9e 30->39 42 4af0b6c-4af0b72 31->42 43 4af0b74-4af0b81 31->43 32->23 40 4af0aac-4af0ad6 39->40 41 4af0aa0-4af0aa2 39->41 67 4af0ad9 call 4af3a58 40->67 68 4af0ad9 call 4af3968 40->68 69 4af0ad9 call d805e0 40->69 70 4af0ad9 call d80606 40->70 71 4af0ad9 call 4af38f0 40->71 72 4af0ad9 call 4af3840 40->72 73 4af0ad9 call 4af3850 40->73 41->40 42->23 47 4af0b87-4af0b89 43->47 48 4af0b83-4af0b85 43->48 50 4af0b93-4af0ba5 47->50 48->23 50->23 53 4af0adf-4af0aeb 54->12 55->12 56->12 57->12 58->25 59->25 60->25 61->25 62->7 63->7 64->7 65->15 66->15 67->53 68->53 69->53 70->53 71->53 72->53 73->53
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: \Ol$\Ol$\Ol$\Ol
                                    • API String ID: 0-371742063
                                    • Opcode ID: 7d4130ebbd84e3b1516367823b1020887c7d9faa7708d284a7c90b366689652f
                                    • Instruction ID: 3979ec4184ee6f94b26e00a9ab628accfa87155855149d2fa30d64465945bf15
                                    • Opcode Fuzzy Hash: 7d4130ebbd84e3b1516367823b1020887c7d9faa7708d284a7c90b366689652f
                                    • Instruction Fuzzy Hash: AC51FE30B18210DFCB15ABA4CC557AEB7B2AB95304F108469F657DB792DB70AC06DB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF09A9 Relevance: 5.1, Strings: 4, Instructions: 105COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 74 4af09a9-4af09de 142 4af09de call 4af0baf 74->142 143 4af09de call 4af0c68 74->143 144 4af09de call 4af0bc0 74->144 80 4af09e4-4af09ef 132 4af09f5 call 4af1209 80->132 133 4af09f5 call 4af1218 80->133 134 4af09f5 call d805e0 80->134 135 4af09f5 call d80606 80->135 82 4af09fb-4af0a2c 138 4af0a2e call d805e0 82->138 139 4af0a2e call d80606 82->139 140 4af0a2e call 4af1291 82->140 141 4af0a2e call 4af12a0 82->141 86 4af0a34-4af0a46 87 4af0a4c-4af0a56 86->87 88 4af0b00-4af0b28 86->88 89 4af0a58-4af0a5a 87->89 90 4af0a64-4af0a92 87->90 136 4af0b2a call d805e0 88->136 137 4af0b2a call d80606 88->137 89->90 90->88 97 4af0a94-4af0a9e 90->97 93 4af0b2f-4af0b39 98 4af0b3f-4af0b55 93->98 99 4af0b37-4af0b3d 93->99 100 4af0aac-4af0ad6 97->100 101 4af0aa0-4af0aa2 97->101 109 4af0b5b-4af0b6e 98->109 110 4af0b53-4af0b59 98->110 103 4af0ba7-4af0bac 99->103 125 4af0ad9 call 4af3a58 100->125 126 4af0ad9 call 4af3968 100->126 127 4af0ad9 call d805e0 100->127 128 4af0ad9 call d80606 100->128 129 4af0ad9 call 4af38f0 100->129 130 4af0ad9 call 4af3840 100->130 131 4af0ad9 call 4af3850 100->131 101->100 117 4af0b6c-4af0b72 109->117 118 4af0b74-4af0b81 109->118 110->103 114 4af0adf-4af0aeb 117->103 121 4af0b87-4af0b89 118->121 122 4af0b83-4af0b85 118->122 123 4af0b93-4af0ba5 121->123 122->103 123->103 125->114 126->114 127->114 128->114 129->114 130->114 131->114 132->82 133->82 134->82 135->82 136->93 137->93 138->86 139->86 140->86 141->86 142->80 143->80 144->80
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: \Ol$\Ol$\Ol$\Ol
                                    • API String ID: 0-371742063
                                    • Opcode ID: af8b56f3205f82957c3f57fe6ccb5a47e9d326f8afffe72021185a267bd86204
                                    • Instruction ID: 9851961a5dcb31a9a3433f9087e28fd93683ac1fc4f157d030bc541017ac7026
                                    • Opcode Fuzzy Hash: af8b56f3205f82957c3f57fe6ccb5a47e9d326f8afffe72021185a267bd86204
                                    • Instruction Fuzzy Hash: 2C415C35B001159FCB05AFA4D858AAEF7F2FF88305F158468E51A9B3B5CB31AC06DB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF02E8 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 301 4af02e8-4af0316 302 4af032a-4af0337 301->302 303 4af0318-4af0324 301->303 307 4af0339-4af0353 302->307 308 4af03a5-4af03d0 302->308 303->302 306 4af0506-4af0510 303->306 311 4af0357 307->311 312 4af0355 307->312 320 4af0373-4af038a 308->320 314 4af035a-4af036d 311->314 312->314 319 4af051c-4af05b5 314->319 314->320 323 4af038e 320->323 324 4af038c 320->324 325 4af0391-4af03dc 323->325 324->325 333 4af03ef 325->333 334 4af03de-4af03e5 325->334 336 4af03f6-4af04df 333->336 334->333 343 4af04e3 336->343 344 4af04e1 336->344 345 4af04e6-4af04fa 343->345 344->345 345->306
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: :@k$dSl
                                    • API String ID: 0-2366181727
                                    • Opcode ID: 8ee51aae84bbd8112c4b6cebb0c1fbebd828cd21bf34e15bad49bef0f90169df
                                    • Instruction ID: c650466dee56c2e6515017fb5bbf1094404ec5a18b5307cf037c9657c822c3a8
                                    • Opcode Fuzzy Hash: 8ee51aae84bbd8112c4b6cebb0c1fbebd828cd21bf34e15bad49bef0f90169df
                                    • Instruction Fuzzy Hash: 2351C234B09204CFCB14DF64C9547AD7BF2AF8A314F158069E506AB7A2DB30AC45CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF0681 Relevance: 2.6, Strings: 2, Instructions: 129COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 348 4af0681-4af07c8 408 4af0797 call 4af09a9 348->408 409 4af0797 call 4af0908 348->409 410 4af0797 call 4af0918 348->410 411 4af0797 call 4af0980 348->411 380 4af079d-4af079f 381 4af07ca 380->381 382 4af07a1 380->382 412 4af07ca call d805e0 381->412 413 4af07ca call d80606 381->413 382->381 383 4af07d0 414 4af07d0 call 4af4180 383->414 415 4af07d0 call 4af4190 383->415 384 4af07d6-4af081a 396 4af081c 384->396 397 4af0827-4af0846 384->397 396->397 402 4af0848-4af084e 397->402 403 4af0854-4af0869 397->403 402->403 408->380 409->380 410->380 411->380 412->383 413->383 414->384 415->384
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Zl^$-Zl^
                                    • API String ID: 0-675793873
                                    • Opcode ID: 3b7a2737e4483cb07b95beb6a82ed9787c6869089347b080102a84a23ece81c8
                                    • Instruction ID: 0934d82167c718a099dd556af7b4828e3404e6290505ca22fc667e17ae50d140
                                    • Opcode Fuzzy Hash: 3b7a2737e4483cb07b95beb6a82ed9787c6869089347b080102a84a23ece81c8
                                    • Instruction Fuzzy Hash: 8B416C3072C2068FD7047BB4EC1D2AD7AB6AF8170570484A9F412CB2B6DF749C46EB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090AA02 Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 416 90aa02-90aa8d 420 90aa92-90aaa9 416->420 421 90aa8f 416->421 423 90aaeb-90aaf0 420->423 424 90aaab-90aabe RegOpenKeyExW 420->424 421->420 423->424 425 90aac0-90aae8 424->425 426 90aaf2-90aaf7 424->426 426->425
                                    APIs
                                    • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 0090AAB1
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Open
                                    • String ID:
                                    • API String ID: 71445658-0
                                    • Opcode ID: ec1a44626019d17bff1bb73ae6eb433c8f1b7dc0de7214e4d9138a1715c4a430
                                    • Instruction ID: f5340c667e27fbfd0d83eab583b757b0e293ec627ad0ae611c236eef01c4c78a
                                    • Opcode Fuzzy Hash: ec1a44626019d17bff1bb73ae6eb433c8f1b7dc0de7214e4d9138a1715c4a430
                                    • Instruction Fuzzy Hash: EB31A471504384AFE7228B55CD45FA7BFBCEF06310F08849AE9858B592D364E94DCB72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090AAF9 Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 431 90aaf9-90ab77 434 90ab79 431->434 435 90ab7c-90ab85 431->435 434->435 436 90ab87 435->436 437 90ab8a-90ab90 435->437 436->437 438 90ab92 437->438 439 90ab95-90abac 437->439 438->439 441 90abe3-90abe8 439->441 442 90abae-90abc1 RegQueryValueExW 439->442 441->442 443 90abc3-90abe0 442->443 444 90abea-90abef 442->444 444->443
                                    APIs
                                    • RegQueryValueExW.KERNELBASE(?,00000E24,71D5F9E5,00000000,00000000,00000000,00000000), ref: 0090ABB4
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: ce8b2e5532ccabd4e8d28aac5c0c2d8b530f1dc036409a520601122bded9f7c9
                                    • Instruction ID: fbf43182e7b5e55f3abd46e8b2db709841ae09ca17f30c73af1c6b4a1f317ec1
                                    • Opcode Fuzzy Hash: ce8b2e5532ccabd4e8d28aac5c0c2d8b530f1dc036409a520601122bded9f7c9
                                    • Instruction Fuzzy Hash: B13181755097846FD722CB25CC45FA2BFFCAF06314F08849AE985CB192D364E948CBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04CC00F6 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 448 4cc00f6-4cc0179 452 4cc017e-4cc0187 448->452 453 4cc017b 448->453 454 4cc018c-4cc0195 452->454 455 4cc0189 452->455 453->452 456 4cc01e6-4cc01eb 454->456 457 4cc0197-4cc01bb CreateMutexW 454->457 455->454 456->457 460 4cc01ed-4cc01f2 457->460 461 4cc01bd-4cc01e3 457->461 460->461
                                    APIs
                                    • CreateMutexW.KERNELBASE(?,?), ref: 04CC019D
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722684115.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4cc0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CreateMutex
                                    • String ID:
                                    • API String ID: 1964310414-0
                                    • Opcode ID: 84d9a71d3584e8a4f451a28374771907b6d80546c4b618315cb9f4eea23e1c48
                                    • Instruction ID: fe62df570f268d076b393c79b38f54b6a170f21c89e1da7d5484be344aaaa9c4
                                    • Opcode Fuzzy Hash: 84d9a71d3584e8a4f451a28374771907b6d80546c4b618315cb9f4eea23e1c48
                                    • Instruction Fuzzy Hash: 25317075509780AFE711CF65DD45B96FFF8EF06210F08849AE984CB292D365A908CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090AF50 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 464 90af50-90af97 465 90af9a-90aff2 CreateActCtxA 464->465 467 90aff8-90b00e 465->467
                                    APIs
                                    • CreateActCtxA.KERNEL32(?,00000E24,?,?), ref: 0090AFEA
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: f2b94d7b4934cb7faaa57417dfc8f5c5fee077793cd5a6f6d711059002fe97f2
                                    • Instruction ID: 5f2a3bb958cb82f00b3bd9d840ae0c6fe7cd80a36de3ff79121af7b0d6dbf53f
                                    • Opcode Fuzzy Hash: f2b94d7b4934cb7faaa57417dfc8f5c5fee077793cd5a6f6d711059002fe97f2
                                    • Instruction Fuzzy Hash: 2E21A7715093C06FD3138B259C51B62BFB8EF87610F0A81DBED84DB653D224A919C7B2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090AA32 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 468 90aa32-90aa8d 471 90aa92-90aaa9 468->471 472 90aa8f 468->472 474 90aaeb-90aaf0 471->474 475 90aaab-90aabe RegOpenKeyExW 471->475 472->471 474->475 476 90aac0-90aae8 475->476 477 90aaf2-90aaf7 475->477 477->476
                                    APIs
                                    • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 0090AAB1
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Open
                                    • String ID:
                                    • API String ID: 71445658-0
                                    • Opcode ID: 4863c59ba094b3b01138d055af141156302bd774ee7fc301ca41223834a3697d
                                    • Instruction ID: 6b9325ca5996bbb473b1fa76d2269b6977df6df99f0b2d7d55df458794df2a02
                                    • Opcode Fuzzy Hash: 4863c59ba094b3b01138d055af141156302bd774ee7fc301ca41223834a3697d
                                    • Instruction Fuzzy Hash: 6421CF72600304AEEB219A55CD44FABFBECEF14314F04845AE945CB681D764E94CCAB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04CC012A Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 482 4cc012a-4cc0179 485 4cc017e-4cc0187 482->485 486 4cc017b 482->486 487 4cc018c-4cc0195 485->487 488 4cc0189 485->488 486->485 489 4cc01e6-4cc01eb 487->489 490 4cc0197-4cc019f CreateMutexW 487->490 488->487 489->490 491 4cc01a5-4cc01bb 490->491 493 4cc01ed-4cc01f2 491->493 494 4cc01bd-4cc01e3 491->494 493->494
                                    APIs
                                    • CreateMutexW.KERNELBASE(?,?), ref: 04CC019D
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722684115.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4cc0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CreateMutex
                                    • String ID:
                                    • API String ID: 1964310414-0
                                    • Opcode ID: 1d47edfc135618757d538caad58168512d4d81529c1cdf5969cb77021cb02fae
                                    • Instruction ID: 6ad732d26f73f694d31183e3552dbdea30de30cfeef5a41e76bcd64b58647581
                                    • Opcode Fuzzy Hash: 1d47edfc135618757d538caad58168512d4d81529c1cdf5969cb77021cb02fae
                                    • Instruction Fuzzy Hash: 7D218075600240AFEB20CF66DD45BAAFBE8EF05214F08846EED48CB641D375F608CA76
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090AB3A Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 497 90ab3a-90ab77 499 90ab79 497->499 500 90ab7c-90ab85 497->500 499->500 501 90ab87 500->501 502 90ab8a-90ab90 500->502 501->502 503 90ab92 502->503 504 90ab95-90abac 502->504 503->504 506 90abe3-90abe8 504->506 507 90abae-90abc1 RegQueryValueExW 504->507 506->507 508 90abc3-90abe0 507->508 509 90abea-90abef 507->509 509->508
                                    APIs
                                    • RegQueryValueExW.KERNELBASE(?,00000E24,71D5F9E5,00000000,00000000,00000000,00000000), ref: 0090ABB4
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: 47d0e9b539b2667bd04113bb6e00dd194d56035806716a81e48b0af5497a1e5c
                                    • Instruction ID: 20431c867e16cbe8653dcd6a2f616667af9f3de478e93e9ad44f880732b9c8a4
                                    • Opcode Fuzzy Hash: 47d0e9b539b2667bd04113bb6e00dd194d56035806716a81e48b0af5497a1e5c
                                    • Instruction Fuzzy Hash: 64219D76600704AFE721CF15CC84FA6F7ECEF15720F08845AE945CB691D364E948CAB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090B7CA Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 522 90b7ca-90b839 524 90b866-90b86b 522->524 525 90b83b-90b84e PostMessageW 522->525 524->525 526 90b850-90b863 525->526 527 90b86d-90b872 525->527 527->526
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 0090B841
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: b53c9ce17f397178c9030df250fb03aa33f59e55f52580f1363f69475f172c95
                                    • Instruction ID: b0702560dfb54d6e81b4f96013ba4c42d7a785b4191cd8c1f96db9c7eb3b27ef
                                    • Opcode Fuzzy Hash: b53c9ce17f397178c9030df250fb03aa33f59e55f52580f1363f69475f172c95
                                    • Instruction Fuzzy Hash: 7321CD714097C09FDB128B21DC54AA2BFB4EF17320F0D84DAEDC44F163D265A918DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090A51F Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 513 90a51f-90a582 515 90a584-90a58c DuplicateHandle 513->515 516 90a5bc-90a5c1 513->516 518 90a592-90a5a4 515->518 516->515 519 90a5c3-90a5c8 518->519 520 90a5a6-90a5b9 518->520 519->520
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0090A58A
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: da0a6527aa543a3832304ba3fd5e786cc2562850aaaba039884df5eeb13ddd30
                                    • Instruction ID: ca395daee3958adbe729c826da16973d84f55499fea96f07681b83fa3b77d41c
                                    • Opcode Fuzzy Hash: da0a6527aa543a3832304ba3fd5e786cc2562850aaaba039884df5eeb13ddd30
                                    • Instruction Fuzzy Hash: F211B471409780AFDB228F51DC44B62FFF8EF4A310F0884DAED858F562C235A918DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090BB4F Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 530 90bb4f-90bbb1 532 90bbb3-90bbc6 PostMessageW 530->532 533 90bbe7-90bbec 530->533 534 90bbc8-90bbe4 532->534 535 90bbee-90bbf3 532->535 533->532 535->534
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 0090BBB9
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 800a7ab067c1f3be3c48be43ce16d36a25b66eea78bb54996db1aa12aac3d715
                                    • Instruction ID: e7a262f329ea56fd90e5919ab8a8e8385cf1b4183d36022b02d5e0eab922f463
                                    • Opcode Fuzzy Hash: 800a7ab067c1f3be3c48be43ce16d36a25b66eea78bb54996db1aa12aac3d715
                                    • Instruction Fuzzy Hash: B911D3755097C0AFDB228F21CC45B52FFB4EF06220F0884DEED858B563D265A818DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090BE05 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DispatchMessageW.USER32(?), ref: 0090BE70
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: DispatchMessage
                                    • String ID:
                                    • API String ID: 2061451462-0
                                    • Opcode ID: b487147e4b08ca70a0e6fe52ac343f8c26193c0e97358d012ee31aa2d1dc8bf5
                                    • Instruction ID: 7d6c10b1211a8ea125d3782b87b9ea7ebc217022c96b7cd37ebd28ccf4069750
                                    • Opcode Fuzzy Hash: b487147e4b08ca70a0e6fe52ac343f8c26193c0e97358d012ee31aa2d1dc8bf5
                                    • Instruction Fuzzy Hash: 54118E754093C0AFDB128B25DC44B61BFB4EF47624F0984DAED848F2A3D2656808CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090B71E Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 0090B78A
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CreateFromIconResource
                                    • String ID:
                                    • API String ID: 3668623891-0
                                    • Opcode ID: bd16915c5505310ccf21b92a3d34428d1049a9fae4c7e941783fba5cb3c671b1
                                    • Instruction ID: 62082b1c2a45c8c5423bfe83eb55b7c3c9b50a509db9f36c102c55acfe043ef4
                                    • Opcode Fuzzy Hash: bd16915c5505310ccf21b92a3d34428d1049a9fae4c7e941783fba5cb3c671b1
                                    • Instruction Fuzzy Hash: 0B119031504780AFCB218F51DC44A52FFF4EF4A310F08889EE9858B562C375A418DB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090BEB4 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetCurrentDirectoryW.KERNELBASE(?), ref: 0090BF0C
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CurrentDirectory
                                    • String ID:
                                    • API String ID: 1611563598-0
                                    • Opcode ID: 0a4a884b0675ad2363e091f397baa583b52aab9b3dd10f5639d42a65e7591a86
                                    • Instruction ID: 532e1aa6d2c9a7cd8f909fe9f47123b1360b1b9fd00a68575a86f1231ff1b13d
                                    • Opcode Fuzzy Hash: 0a4a884b0675ad2363e091f397baa583b52aab9b3dd10f5639d42a65e7591a86
                                    • Instruction Fuzzy Hash: A41194716053805FD711CF26DC85B96BFE8EF46220F0884AAED85CF652D374E908CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090A75B Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Initialize
                                    • String ID:
                                    • API String ID: 2538663250-0
                                    • Opcode ID: 77f42d0479a474e47952adbb6ddb1e3b5e3e1a137766b1ec91397424d25069e0
                                    • Instruction ID: 28fb590589b99ce02165f00afe21c82e06a6f157b4a24891a8450b2d391c1dfe
                                    • Opcode Fuzzy Hash: 77f42d0479a474e47952adbb6ddb1e3b5e3e1a137766b1ec91397424d25069e0
                                    • Instruction Fuzzy Hash: 7D11BF719493809FDB11CF11DC45B52BFB4EF46320F0884DAED858F253D279A908CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090A8CC Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetWindowLongW.USER32(?,?,?), ref: 0090A926
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: LongWindow
                                    • String ID:
                                    • API String ID: 1378638983-0
                                    • Opcode ID: c58314076e99b354908a0034086d460b19254f75f937b53116e2fd7004f72c6b
                                    • Instruction ID: 9fd1f060af84e569f7f82d30d32f75a27b25461531c1f440df3c4cb6f6fed9b6
                                    • Opcode Fuzzy Hash: c58314076e99b354908a0034086d460b19254f75f937b53116e2fd7004f72c6b
                                    • Instruction Fuzzy Hash: F31182715057849FC721CF15DC85B52FFF4EF46320F09849AED858B262D375A818CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090BED2 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetCurrentDirectoryW.KERNELBASE(?), ref: 0090BF0C
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CurrentDirectory
                                    • String ID:
                                    • API String ID: 1611563598-0
                                    • Opcode ID: 3fead14a83ca828be71e185134439286119bddb03985aaaf8aa5483c90fda4f3
                                    • Instruction ID: e41c61ef5b3247f3783af9cde6deca772cf0ec918fa05cc4d0dbca53d5d73dba
                                    • Opcode Fuzzy Hash: 3fead14a83ca828be71e185134439286119bddb03985aaaf8aa5483c90fda4f3
                                    • Instruction Fuzzy Hash: 7C0192716002019FDB50DF26DC857A6BBE8DF15320F0884AADE45CF685D774D908CE62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090A546 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0090A58A
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: e20f8d9184dfd52791a6c0d9c87f5a125fc7889ced56537eb19432ade64e9580
                                    • Instruction ID: 4e2131bc6920a1c95bec97e7ab4e369dd1fd7c1f8d7b1ce448ab00f8e2286728
                                    • Opcode Fuzzy Hash: e20f8d9184dfd52791a6c0d9c87f5a125fc7889ced56537eb19432ade64e9580
                                    • Instruction Fuzzy Hash: 66018B325007009FDB208F51D844B66FBE4FF18320F08C89AEE898A651C336E418DFA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090B746 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 0090B78A
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: CreateFromIconResource
                                    • String ID:
                                    • API String ID: 3668623891-0
                                    • Opcode ID: 6025d07d6f51fcae8f161b2319c4d77db6142208c39a0a3c49619c2e30838e63
                                    • Instruction ID: 405028182b843aac60f9956e355728da3951e2c3fc29fb11eef0c9a775d1bde1
                                    • Opcode Fuzzy Hash: 6025d07d6f51fcae8f161b2319c4d77db6142208c39a0a3c49619c2e30838e63
                                    • Instruction Fuzzy Hash: 4101C0325006009FDB218F51D844B66FBF4FF58320F08C89EDE858AA62D376E418DF62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090AF9A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateActCtxA.KERNEL32(?,00000E24,?,?), ref: 0090AFEA
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: 6158a1050439022d53958bf7f7356c7bde2224bb62b33c05a03e6da05afb1195
                                    • Instruction ID: 4253ef1b6b77f7a22915b4477d9704a6e4c9f93bf99c685444cd555113c824cd
                                    • Opcode Fuzzy Hash: 6158a1050439022d53958bf7f7356c7bde2224bb62b33c05a03e6da05afb1195
                                    • Instruction Fuzzy Hash: EC01D671600600ABD310DF16DD46B66FBF8FB88A20F148159ED089BB41D731F959CBE6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090BB7E Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 0090BBB9
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 29cd843b98e13c3543280b85472b80ac7ae9df429c9c03713b7bb0ce4e358da0
                                    • Instruction ID: 7b7f41278dbc5700042d197e6bbfb8a19e106f7c6b2fb2b5777dc2b790735164
                                    • Opcode Fuzzy Hash: 29cd843b98e13c3543280b85472b80ac7ae9df429c9c03713b7bb0ce4e358da0
                                    • Instruction Fuzzy Hash: D101D435600600DFDB608F16D845B65FBE4EF15320F08C49EDD458B6A5D375E818DF62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090A78A Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: Initialize
                                    • String ID:
                                    • API String ID: 2538663250-0
                                    • Opcode ID: 94680c70ae730396a90c03c4472e94df6612d03badf50c2da5f1f70ca49b64e6
                                    • Instruction ID: 9b8d7a52e5617c1f9ff5c4b6c9eed20ffb8e14436ab77aad82a2ef75114058db
                                    • Opcode Fuzzy Hash: 94680c70ae730396a90c03c4472e94df6612d03badf50c2da5f1f70ca49b64e6
                                    • Instruction Fuzzy Hash: F3018B75A002409FDB10CF15D885765FBE8EF15320F08C4AADD488F686D279A908CEA3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090B806 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 0090B841
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: c1c9dd7a156e4e4f8af8e1f8ad1543febb8af33aa42766dc18bc8499707f84a7
                                    • Instruction ID: 0ccfec0f61c747558ff2866dd27c4cbbfeafdd5564086bb64489b82ccfa6ba64
                                    • Opcode Fuzzy Hash: c1c9dd7a156e4e4f8af8e1f8ad1543febb8af33aa42766dc18bc8499707f84a7
                                    • Instruction Fuzzy Hash: 7501A231900640DFDB208F06D885B65FBF8EF15720F08C49ADE454B662D375E518DFA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090A8EE Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetWindowLongW.USER32(?,?,?), ref: 0090A926
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: LongWindow
                                    • String ID:
                                    • API String ID: 1378638983-0
                                    • Opcode ID: 5ef42e9cb805c85c3d255d760a9621f957f1731be9a8326b0d123a568f96aa58
                                    • Instruction ID: 14b6632d39333375061fc23c4a15617ed56b2f941b5dff473c8ad9f2b8015733
                                    • Opcode Fuzzy Hash: 5ef42e9cb805c85c3d255d760a9621f957f1731be9a8326b0d123a568f96aa58
                                    • Instruction Fuzzy Hash: 28016D35A007449FDB608F05D885B61FBE4EF16720F08C49ADE864B692D375E918DFA3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0090BE3E Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DispatchMessageW.USER32(?), ref: 0090BE70
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721794255.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_90a000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID: DispatchMessage
                                    • String ID:
                                    • API String ID: 2061451462-0
                                    • Opcode ID: 76055ac4d2c8b53fe6739f0c925e20198e78eac88a199b30f5211b75c30b20ea
                                    • Instruction ID: dadd9ed2a272e26ee9777df0b226d00692b7d461fdc845763ce4256eaff30f37
                                    • Opcode Fuzzy Hash: 76055ac4d2c8b53fe6739f0c925e20198e78eac88a199b30f5211b75c30b20ea
                                    • Instruction Fuzzy Hash: 48F0AF359046409FDB208F05D8897A5FBE4EF15720F08C4AADE494F792D379E948CEA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF20D0 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: r*+
                                    • API String ID: 0-3221063712
                                    • Opcode ID: 5b1b0341b3188db936c6f521b4748e75b549d8d6c30d605d2ecbdcfdd8491425
                                    • Instruction ID: 0d8ccfd725e17362d8be371a581e08013268c282b99ba97b2da0ce66a2d47e0c
                                    • Opcode Fuzzy Hash: 5b1b0341b3188db936c6f521b4748e75b549d8d6c30d605d2ecbdcfdd8491425
                                    • Instruction Fuzzy Hash: F4719031B09209CFDB44DFE4C9457AEBBB1FF85300F1084AAE6029B661E731AD45DB56
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF32BB Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID: 0-3916222277
                                    • Opcode ID: ec530aba9724a60f34e8de27b2f833890ff7afcd627a6d96a89238a1cc6e92a9
                                    • Instruction ID: 39b420fdf2290df7dd626b8ebffc99a0d297f3ed681d46c318647a3438fc24aa
                                    • Opcode Fuzzy Hash: ec530aba9724a60f34e8de27b2f833890ff7afcd627a6d96a89238a1cc6e92a9
                                    • Instruction Fuzzy Hash: 5451F131F081448FCF15CFB98C541EEBBB2EBC521571485BAEA16DB791EB30A806CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF2D58 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID: 0-3916222277
                                    • Opcode ID: fde1ba6fb797be20d2746bed1283c594241618ee71467a52b56f710a2ec138d1
                                    • Instruction ID: 3be8e1808222ad7e21a9202fc4cf522c12fb640f27ff4f72b3099ac122e586a2
                                    • Opcode Fuzzy Hash: fde1ba6fb797be20d2746bed1283c594241618ee71467a52b56f710a2ec138d1
                                    • Instruction Fuzzy Hash: 2841B532F081158BCB14CFE5CC447AEBBB2ABC1214B24C4B6E616DB641D736F8528B92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF25DE Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: f`k
                                    • API String ID: 0-1028176591
                                    • Opcode ID: 960c65c711f57095eed9202ce6153d0f33314e848e91e2feca5179a1224eecd6
                                    • Instruction ID: ea8f65273b1d26e5948b1147769854e5c6bffcf253d6fc45dc62c7f08c1d6f60
                                    • Opcode Fuzzy Hash: 960c65c711f57095eed9202ce6153d0f33314e848e91e2feca5179a1224eecd6
                                    • Instruction Fuzzy Hash: 79318931B14209CFDB60EFA5C94439AFBF2BF85308F10C569D014AF265DBB9A589DB42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF12A0 Relevance: .5, Instructions: 460COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c7b7b685bd1fc870c58d82cf15a4f5064e9ea2cda0b50993cf7eb730b44923b2
                                    • Instruction ID: 6ad416cd9672f81f43a4944c682a538ee9d1d1e7efdf08de940c7ca0e32604bb
                                    • Opcode Fuzzy Hash: c7b7b685bd1fc870c58d82cf15a4f5064e9ea2cda0b50993cf7eb730b44923b2
                                    • Instruction Fuzzy Hash: 5622F334A04605CFC764DF64C590A6AB7F2FF89304B1089AAE85A9B756DB34FC85CF41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF0BC0 Relevance: .1, Instructions: 133COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a593e15b508e7986584d15a6e1cc04ae9935aade8eff4d26bfc307d3ac0b046e
                                    • Instruction ID: c897cd4ea39321e1dcfed66af3cd038a600fa618aee6752e0c67471208847f8b
                                    • Opcode Fuzzy Hash: a593e15b508e7986584d15a6e1cc04ae9935aade8eff4d26bfc307d3ac0b046e
                                    • Instruction Fuzzy Hash: 6441D731B091148FCB159B68C8147AE77F6AFC6310F15806AF906DF7A2DE71AC0A8792
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF02D9 Relevance: .1, Instructions: 105COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0dd3df90d3e8c6de4323a4d94a6e0f871e30a0975fade0b7011ba160e9b518ef
                                    • Instruction ID: afa404b041360bde0ef69099a1165aa17d84ae3ab2bcd5cbc8081e9e72eb3949
                                    • Opcode Fuzzy Hash: 0dd3df90d3e8c6de4323a4d94a6e0f871e30a0975fade0b7011ba160e9b518ef
                                    • Instruction Fuzzy Hash: C1417E74B052098FDB14CFA4C954BEE77F2AF89315F144069E602AB7A2DB70AC84CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF1291 Relevance: .1, Instructions: 99COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6d7c0fdfcd0d8b789a1578f8e923719d4e543e74f2f39c23eded6ae0f4e65688
                                    • Instruction ID: 05776b212239bf35d28e0b5f857098f6d4139f8ee67bb1465904813ec252553c
                                    • Opcode Fuzzy Hash: 6d7c0fdfcd0d8b789a1578f8e923719d4e543e74f2f39c23eded6ae0f4e65688
                                    • Instruction Fuzzy Hash: DE414C34B08259DFCB54DFA4C854B9DBBB2AF4A304F0045EAE54AAB751DB30AD84CF52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF0C68 Relevance: .1, Instructions: 97COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 91a3463d170bee14c4293a0a08224a99d4ee9b733799ae6b03ddb955815c51cc
                                    • Instruction ID: 1e501196d6c4776ead2a967af991d8c6bce1fad7c1ab40f82c9a4425ef4d3a69
                                    • Opcode Fuzzy Hash: 91a3463d170bee14c4293a0a08224a99d4ee9b733799ae6b03ddb955815c51cc
                                    • Instruction Fuzzy Hash: 2F21D532B050148FCB159F68C8546AE77E6AFC6310B15806AFD06EF762DA72AC079792
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF0006 Relevance: .1, Instructions: 91COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 291c978674ac72bed7c3124fd6ef07df804e4a50e114750dd89e996407702309
                                    • Instruction ID: a967c0ba87e4687b166b1e06cb1b265f745a3f3a90e6fad19a4e7115b39f1998
                                    • Opcode Fuzzy Hash: 291c978674ac72bed7c3124fd6ef07df804e4a50e114750dd89e996407702309
                                    • Instruction Fuzzy Hash: 98316271A0E3C68FC706EB709C694997FB0AE53244705849FE0C2CB1E7EA389859DB53
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF21E8 Relevance: .1, Instructions: 76COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8d23d1774e0d893421f9a79bcb88c6013df283f0f73db163f40674f07fcc4b96
                                    • Instruction ID: ef8373163091e84ca0f24cdb69e3e64ba01024ba392b847d03e9567ea7bff970
                                    • Opcode Fuzzy Hash: 8d23d1774e0d893421f9a79bcb88c6013df283f0f73db163f40674f07fcc4b96
                                    • Instruction Fuzzy Hash: 62316D31F08209DFCB44DBE4C8557EDBBB0BB45304F1088AAE5029B661E736AA44DB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF4190 Relevance: .1, Instructions: 69COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 47c7c450177216aec9cd1d2e21c3239e06f4cd1b74c3d8cba41f1822e88083b3
                                    • Instruction ID: c70781f95ad6f48daac314e66e4e3287334ebe16f1c1b91fb4e5237239fb7171
                                    • Opcode Fuzzy Hash: 47c7c450177216aec9cd1d2e21c3239e06f4cd1b74c3d8cba41f1822e88083b3
                                    • Instruction Fuzzy Hash: 77115631B052158BDB14E7F1DC152FF76FAAFA9204F11813AA6178B680FF30A80497A3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF21F8 Relevance: .1, Instructions: 69COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bbd70ec7dfe158e46a8e441d5e08b2eef47ddf47fcbe9d63728c3827b77a14fa
                                    • Instruction ID: 2b91874bc759231fa4600ef7aa3d3ff75f1764187548a6428ec63ef49d4e7242
                                    • Opcode Fuzzy Hash: bbd70ec7dfe158e46a8e441d5e08b2eef47ddf47fcbe9d63728c3827b77a14fa
                                    • Instruction Fuzzy Hash: D4212E71F08209DFCB44DFE4C9457ADB7B1FB45304F1089A6E6069B650EB32AA40EB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00D80854 Relevance: .1, Instructions: 60COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722212753.0000000000D80000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_d80000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e3997912b17c674af490235b1d856ef73fbf4f9b76fa7b66b6acd0fe977de48b
                                    • Instruction ID: b6edc87d0a90a62ada7b7b98946357c90629fff31e8ff8c37747b0af9ec594e3
                                    • Opcode Fuzzy Hash: e3997912b17c674af490235b1d856ef73fbf4f9b76fa7b66b6acd0fe977de48b
                                    • Instruction Fuzzy Hash: 24212F3410D3C09FD713DB24D860B55BF71AF47314F1D85DAD4858B6A3C23A981ADB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00D8088C Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722212753.0000000000D80000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_d80000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: df7794582f48e10b00665ded8ce5cca4b1b2ef262e4a2c650a45f03793682777
                                    • Instruction ID: f2d854767add25f4402cce6c4b629be0030230c9e71a9365cf304fa6a381f02a
                                    • Opcode Fuzzy Hash: df7794582f48e10b00665ded8ce5cca4b1b2ef262e4a2c650a45f03793682777
                                    • Instruction Fuzzy Hash: 9611D530204684DFD351EB10D540B26BBA5EB99718F28C59CE44947A53C73BD847CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF2390 Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1a62ad349f0b6e6b1992abf1a8fcbfa15fbd1e31d7afd912695d2ec2bf25a655
                                    • Instruction ID: d0a77ec023421ba7c5ddbbca29e8309f3f7793e8a738265d730270590242ce79
                                    • Opcode Fuzzy Hash: 1a62ad349f0b6e6b1992abf1a8fcbfa15fbd1e31d7afd912695d2ec2bf25a655
                                    • Instruction Fuzzy Hash: 29118F72A08259CFC714DFA49C557EEBBB1FB44305F0040AEE642AB240EB726846DF52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF05B9 Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3933f82c21f834dd87426f56819127871ce549fbd916bdc3dcbd3ce5d51036ae
                                    • Instruction ID: f752695e2fe9109140ae4153a446c6b0e958cd9ea16aee5f2920013723cdbeee
                                    • Opcode Fuzzy Hash: 3933f82c21f834dd87426f56819127871ce549fbd916bdc3dcbd3ce5d51036ae
                                    • Instruction Fuzzy Hash: 9501AD713482680B8716667808296BF67EB4FCA688719446FE006DB3D7DEA88C874397
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00D805E0 Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722212753.0000000000D80000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_d80000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0aaf32259ec44986982c07947d0e69e1f7d9a31ea618722680e5240870a0d35e
                                    • Instruction ID: ebb6f0a8374b8176a9a13160f87e92cf41ac4cf2e8da574c4b290bef312553ca
                                    • Opcode Fuzzy Hash: 0aaf32259ec44986982c07947d0e69e1f7d9a31ea618722680e5240870a0d35e
                                    • Instruction Fuzzy Hash: F601D6B65097806FC7118B16AC458A2FFB8EB86530709C4AFEC498B612D225A809CB72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF1209 Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eca2b0337b11790dff6b3df0419ac1b9d0b0c687478b37e34aff0470abd2bc2d
                                    • Instruction ID: dd9893fc13f02b09fa59d186426c56a7d29acb0ca28f9c44b4b20e705742555a
                                    • Opcode Fuzzy Hash: eca2b0337b11790dff6b3df0419ac1b9d0b0c687478b37e34aff0470abd2bc2d
                                    • Instruction Fuzzy Hash: 27012C30309150CFC748ABE8D4589697BF6AFDA20471540FAE506CF7B6DF719C099B52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF0908 Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d7e122cbc7e8341df089698ebb1a664ca3ccbe292443e768a3860e535fe93c0a
                                    • Instruction ID: b188c532ec204b9bd573cfd535dc32c7fcb555db83a226bf3cfe086f7c002eca
                                    • Opcode Fuzzy Hash: d7e122cbc7e8341df089698ebb1a664ca3ccbe292443e768a3860e535fe93c0a
                                    • Instruction Fuzzy Hash: 6D017631B0E2A0DFCB200BF00C711AEBFB48B41200748845BFB829B643EA346802E2C2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF05C8 Relevance: .0, Instructions: 45COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0a7f763c5a273986acf7d95ddf5becf50ad2e3be92528b0a0987e8a0c4998651
                                    • Instruction ID: e9c1f010de062bcc65f465d5281b3d8bb23a6fab4d0e62d730939ac90840fb9d
                                    • Opcode Fuzzy Hash: 0a7f763c5a273986acf7d95ddf5becf50ad2e3be92528b0a0987e8a0c4998651
                                    • Instruction Fuzzy Hash: 7DF0F0713041280B8648367C48192BF63DB8FCA688719442FE006DB387CFB88C8303D7
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF1218 Relevance: .0, Instructions: 42COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6ca7d0d695a6c297352cc106a9eccbb129d6270f36d85e19753620ab79a11b26
                                    • Instruction ID: a29545923a89ed4aaef9c7c4cd931f64c1c60c3e8525cf444324bbd0ba69932f
                                    • Opcode Fuzzy Hash: 6ca7d0d695a6c297352cc106a9eccbb129d6270f36d85e19753620ab79a11b26
                                    • Instruction Fuzzy Hash: E5011D30304010CBC648ABE8D45896977FAAFDA645B5440BAF506CF7A5DF71AC099B92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF4180 Relevance: .0, Instructions: 34COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6442e920a6c299b3acca450fbd8ad1d365ac08fe52eb2b279a1efe8dcce7043b
                                    • Instruction ID: 20c260eff6a6af28bee32c12551abb5d60771b6abcadbab1e4f17c517d634809
                                    • Opcode Fuzzy Hash: 6442e920a6c299b3acca450fbd8ad1d365ac08fe52eb2b279a1efe8dcce7043b
                                    • Instruction Fuzzy Hash: A9F05C30B4E3615ECB2067F42C158FF7F749BA9140701017BEA0AC2192F634401A9696
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF0918 Relevance: .0, Instructions: 33COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 90e191a5c902d848dd9e72a8359cbc5de275a19bf65fa1efdce12e79789b2519
                                    • Instruction ID: 52977dd7e5bb47756f85b4c112f86326ce292769858306c0b7993b884b68478b
                                    • Opcode Fuzzy Hash: 90e191a5c902d848dd9e72a8359cbc5de275a19bf65fa1efdce12e79789b2519
                                    • Instruction Fuzzy Hash: 2CE05532B0D208DA9B1026F09C500AFB7BCC781260F008433AF17A3302FE306802A1D2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00D80948 Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722212753.0000000000D80000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_d80000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e6850d79e688ef7387407e307c00caab001beb49244c143f541758b1d055de9a
                                    • Instruction ID: d73f8e3c25800b61b6e37a1b8ee97473fa47c4bff74e64288e3f81379c13c757
                                    • Opcode Fuzzy Hash: e6850d79e688ef7387407e307c00caab001beb49244c143f541758b1d055de9a
                                    • Instruction Fuzzy Hash: 13F01D35204644DFC305DB00D940B15FBA6EB89718F28CAADE98907B62C337E813DF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00D80606 Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722212753.0000000000D80000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_d80000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 489100e6a402fa049f08d6b8ef70164ad23f585125e5640313235aa3653930b1
                                    • Instruction ID: b40fa48d799e315028a0dd41bd4aecbe8fb6278344b867c936646d7e89ef3339
                                    • Opcode Fuzzy Hash: 489100e6a402fa049f08d6b8ef70164ad23f585125e5640313235aa3653930b1
                                    • Instruction Fuzzy Hash: 64E092B6600A005B9750CF0BEC45452F7E8EB84630708C07FDC4D8B701E235F908CEA6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF0B10 Relevance: .0, Instructions: 25COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 372218af88f25d48f83ca36511ac33cbd162c9ffd3da877a45aa3a8a9722c332
                                    • Instruction ID: a0ea691ab6f2280ba906251d2d83612d3e8ac160718e516d964f80146a0880f8
                                    • Opcode Fuzzy Hash: 372218af88f25d48f83ca36511ac33cbd162c9ffd3da877a45aa3a8a9722c332
                                    • Instruction Fuzzy Hash: 55E08631BDD255AACB2159F01D527FB37208721794F10416AFE879A1C3E591650592C2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF02A1 Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ecfa6db9bd9041fd461a4b6214199f6c7cba7a5c7ca4db7c80a810918ff84bb6
                                    • Instruction ID: 1a8124264e038275d4ff74d35504dbc6e8666425fc3bc18a304b246a85c6d504
                                    • Opcode Fuzzy Hash: ecfa6db9bd9041fd461a4b6214199f6c7cba7a5c7ca4db7c80a810918ff84bb6
                                    • Instruction Fuzzy Hash: BDE0123434D7C08FC31287A8AD664D5BBF05F42210306C89EE1D68B9A6C624AC06C713
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF016F Relevance: .0, Instructions: 18COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 219da758b9608f160d7a9c2200317202564c1e3f4a561ef211a97bb373ae185a
                                    • Instruction ID: 61b82f81b4bad135deef2a5471f9cf64763aa1006a0ec073407a2fbc050ba1b9
                                    • Opcode Fuzzy Hash: 219da758b9608f160d7a9c2200317202564c1e3f4a561ef211a97bb373ae185a
                                    • Instruction Fuzzy Hash: 77E0123578A2408FD7195770E9695AC3B619B5525670044BED046CB6A2DF3AC486EA00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF21B8 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 92798852b8b257651a1b4942404a2a2c907d2a2962d1a11f4d8545adc6f00a36
                                    • Instruction ID: 4f569693e874777f5a2f40be7718421f5d5dfa901dcf325e7fc98cf6e9d17683
                                    • Opcode Fuzzy Hash: 92798852b8b257651a1b4942404a2a2c907d2a2962d1a11f4d8545adc6f00a36
                                    • Instruction Fuzzy Hash: 38D05B7610E686CFC710AFE0DC480DCBF609F49200755099DE9E247555E6612494E70A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF0650 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 27b3480bc1bb8cf31aad48e2f918d37af1ca18687c66513ad5d4dc80b1e42cda
                                    • Instruction ID: 1f0260f3b32ace04b2a11dbe25ca74096571085f1165c87fc3b8afe8091d6fcd
                                    • Opcode Fuzzy Hash: 27b3480bc1bb8cf31aad48e2f918d37af1ca18687c66513ad5d4dc80b1e42cda
                                    • Instruction Fuzzy Hash: C9D05E7028E3C08ED75207F05C340997F324A9220571888ABE0D1960B3DA7A6682E322
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 009023F4 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721782210.0000000000902000.00000040.00000800.00020000.00000000.sdmp, Offset: 00902000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_902000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7050d5fc08b6ebfdc7446457b5c9f3d683a3ea2f63bbf33b720b61f56c691c3a
                                    • Instruction ID: 80ac01f0944f810b237bf03a912a621e2fc14ee09e42d5c5391599e237989a84
                                    • Opcode Fuzzy Hash: 7050d5fc08b6ebfdc7446457b5c9f3d683a3ea2f63bbf33b720b61f56c691c3a
                                    • Instruction Fuzzy Hash: 13D05E792096C14FD3169B1CC1A8B9537DCAB61714F4A44F9AC008B7B3C768D981D600
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 009023BC Relevance: .0, Instructions: 14COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721782210.0000000000902000.00000040.00000800.00020000.00000000.sdmp, Offset: 00902000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_902000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5f97c6f5086257a0705f408a3c40763a8cf9c3fca8532f0f1a6d6d31836196ea
                                    • Instruction ID: 3fb889fb9e75ccf1b9c61f6ed5657d16ae86ffacf9e52fe63dab79ed62558110
                                    • Opcode Fuzzy Hash: 5f97c6f5086257a0705f408a3c40763a8cf9c3fca8532f0f1a6d6d31836196ea
                                    • Instruction Fuzzy Hash: 0BD05E342002818FCB15DB0CD6D9F5937DCAB50B14F1A44E8AC108B7A2C7B8D8C1CA00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF0180 Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eea91d7a7a359b23405af05b2ab75276c93a1ac684d271ead7e764c7627b2508
                                    • Instruction ID: 5bb3f135fc3d6ee3a0d1df8a4975a61c31c29afe5cb9133e6285d247b2b67c2c
                                    • Opcode Fuzzy Hash: eea91d7a7a359b23405af05b2ab75276c93a1ac684d271ead7e764c7627b2508
                                    • Instruction Fuzzy Hash: B4D01234716304CBC7086B74E61D0A833A6AB48606300087DD4074B361DF36D890DA00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF0660 Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ede709516b70716a5fd761fad5442d7ed706dd19ed0bfe8655a42c80565845f6
                                    • Instruction ID: e910eb4541f7fc07e7b47892791aea37bb54d8ca58fd33212f8e8671be4998b0
                                    • Opcode Fuzzy Hash: ede709516b70716a5fd761fad5442d7ed706dd19ed0bfe8655a42c80565845f6
                                    • Instruction Fuzzy Hash: 34C09B7528E215CA829457F15D094B6B73957D0305750C836F61115123EFB3B4D2F555
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04AF2EC0 Relevance: .0, Instructions: 8COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d9cbd406ce7ee68fa37da45b424a22506b85e02bee76a3340cb4aefe7e4719f1
                                    • Instruction ID: 41b477648975c85924be75558192bcf7ba8d99d6333a5b946f8017e39ef20a24
                                    • Opcode Fuzzy Hash: d9cbd406ce7ee68fa37da45b424a22506b85e02bee76a3340cb4aefe7e4719f1
                                    • Instruction Fuzzy Hash: EDB012313182090B17405BF16C04B53378C47009053840460A91CC0010F552E0906141
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 04AF0D93 Relevance: 6.5, Strings: 5, Instructions: 249COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1722592338.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_4af0000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 0Xl$4l$:@k$\Ol$f`k
                                    • API String ID: 0-4284705603
                                    • Opcode ID: 02d40770ab04978b45c65fd5b00093795159b62f69d5b4e062a7000a1c218548
                                    • Instruction ID: 9ce4ac13da49a28a3e14f54aebeb801e876c3d0a6e061c110237694708113bf7
                                    • Opcode Fuzzy Hash: 02d40770ab04978b45c65fd5b00093795159b62f69d5b4e062a7000a1c218548
                                    • Instruction Fuzzy Hash: 9EB10330B093448FD3A4DB7881517AA76E2FB96308F50082DE0498FB85EB71C84ADB53
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 009026AA Relevance: 5.4, Strings: 4, Instructions: 382COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.1721782210.0000000000902000.00000040.00000800.00020000.00000000.sdmp, Offset: 00902000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_902000_lLX6Po7hFJ.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 2k$Bk$$Ok$$k
                                    • API String ID: 0-3284410275
                                    • Opcode ID: f486f08546ffb253ddf02152f6061d8bc42a93f685c51289da2dcc3c4723bf11
                                    • Instruction ID: 4f0aa900f8a1b1ab2242c8a0829073438214b31cafca71ec444c55316dc7bde6
                                    • Opcode Fuzzy Hash: f486f08546ffb253ddf02152f6061d8bc42a93f685c51289da2dcc3c4723bf11
                                    • Instruction Fuzzy Hash: E6C1B06940E7C14FD3038B3489AA585BFB5AE6320470E96CBC4C0CF5F3D6685D0ADBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Execution Graph

                                    Execution Coverage:14.5%
                                    Dynamic/Decrypted Code Coverage:100%
                                    Signature Coverage:0%
                                    Total number of Nodes:60
                                    Total number of Limit Nodes:6
                                    execution_graph 5214 a2aa02 5216 a2aa32 RegOpenKeyExW 5214->5216 5217 a2aac0 5216->5217 5171 a2b806 5172 a2b866 5171->5172 5173 a2b83b PostMessageW 5171->5173 5172->5173 5174 a2b850 5173->5174 5175 a2b746 5176 a2b784 CreateIconFromResourceEx 5175->5176 5177 a2b7bc 5175->5177 5178 a2b792 5176->5178 5177->5176 5179 a2a546 5180 a2a584 DuplicateHandle 5179->5180 5182 a2a5bc 5179->5182 5181 a2a592 5180->5181 5182->5180 5183 4cc012a 5184 4cc0162 CreateMutexW 5183->5184 5186 4cc01a5 5184->5186 5218 a2be05 5219 a2be3e DispatchMessageW 5218->5219 5221 a2be7f 5219->5221 5187 a2a78a 5188 a2a7b6 OleInitialize 5187->5188 5189 a2a7ec 5187->5189 5190 a2a7c4 5188->5190 5189->5188 5222 a2b7ca 5224 a2b806 PostMessageW 5222->5224 5225 a2b850 5224->5225 5151 a2a8ee 5152 a2a920 SetWindowLongW 5151->5152 5153 a2a94b 5151->5153 5154 a2a935 5152->5154 5153->5152 5210 a2a8cc 5211 a2a8ee SetWindowLongW 5210->5211 5213 a2a935 5211->5213 5238 a2af50 5239 a2af9a CreateActCtxA 5238->5239 5241 a2aff8 5239->5241 5198 a2beb4 5201 a2bed2 SetCurrentDirectoryW 5198->5201 5200 a2bf14 5201->5200 5242 a2a75b 5243 a2a78a OleInitialize 5242->5243 5245 a2a7c4 5243->5245 5202 4cc00f6 5203 4cc012a CreateMutexW 5202->5203 5205 4cc01a5 5203->5205 5206 a2aaf9 5207 a2ab3a RegQueryValueExW 5206->5207 5209 a2abc3 5207->5209 5163 a2be3e 5164 a2be93 5163->5164 5165 a2be6a DispatchMessageW 5163->5165 5164->5165 5166 a2be7f 5165->5166 5226 a2b71e 5227 a2b746 CreateIconFromResourceEx 5226->5227 5229 a2b792 5227->5229 5230 a2a51f 5233 a2a546 DuplicateHandle 5230->5233 5232 a2a592 5233->5232

                                    Executed Functions

                                    Function 04B023A0 Relevance: 3.0, Strings: 2, Instructions: 505COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 139 4b023a0-4b023e5 143 4b023e7-4b023f0 139->143 291 4b023f2 call 7805e0 143->291 292 4b023f2 call 780606 143->292 144 4b023f8-4b02400 147 4b02424-4b0242b 144->147 148 4b023fe-4b02422 144->148 149 4b02431-4b024bf 147->149 150 4b026aa 147->150 159 4b02af3-4b02afe 148->159 245 4b024a2-4b024ca 149->245 246 4b024cc 149->246 152 4b026b0-4b026ba 150->152 155 4b02721-4b02752 152->155 156 4b026bc-4b026d1 152->156 165 4b02754-4b0275a 155->165 166 4b0275f-4b02769 155->166 163 4b026d7-4b026e1 156->163 164 4b02aee 156->164 173 4b02aff 159->173 163->164 168 4b026e7-4b026f1 163->168 164->159 170 4b027e0-4b027fd 165->170 171 4b02786 166->171 172 4b0276b-4b02784 166->172 168->164 175 4b026f7-4b0271c 168->175 184 4b0286f-4b028de 170->184 185 4b027ff-4b02823 170->185 174 4b02788-4b0278a 171->174 172->174 173->173 178 4b02790-4b027aa 174->178 179 4b0278c-4b0278e 174->179 175->159 178->170 190 4b027ac-4b027af 178->190 179->170 199 4b028e0-4b028e4 184->199 200 4b02933-4b02942 184->200 185->164 191 4b02829-4b02830 185->191 192 4b027b2-4b027b7 190->192 191->164 194 4b02836-4b02842 191->194 192->164 196 4b027bd-4b027de 192->196 194->164 198 4b02848-4b02854 194->198 196->170 196->192 198->164 204 4b0285a-4b0286a 198->204 199->200 205 4b028e6-4b028e9 199->205 202 4b02944-4b02949 200->202 203 4b0294b-4b0294f 200->203 207 4b029b1-4b029b5 202->207 203->164 208 4b02955-4b0295d 203->208 204->143 210 4b028ec-4b028f6 205->210 212 4b029b7-4b029be 207->212 213 4b02a0a-4b02a24 207->213 208->164 211 4b02963-4b02970 208->211 210->164 214 4b028fc-4b02911 210->214 211->164 215 4b02976-4b02983 211->215 212->213 216 4b029c0-4b029d2 212->216 230 4b02a26-4b02a3c 213->230 214->164 218 4b02917-4b02924 214->218 215->164 219 4b02989-4b029a6 215->219 227 4b029d4-4b029d7 216->227 228 4b029fd-4b02a08 216->228 218->164 221 4b0292a-4b02931 218->221 219->207 221->200 221->210 229 4b029da-4b029df 227->229 228->230 229->164 232 4b029e5-4b029ed 229->232 235 4b02a70-4b02a74 230->235 236 4b02a3e-4b02a6e 230->236 232->164 237 4b029f3-4b029fb 232->237 238 4b02ad6-4b02aec 235->238 239 4b02a76-4b02a89 235->239 236->235 237->228 237->229 238->159 293 4b02a8b call 7805e0 239->293 294 4b02a8b call 780606 239->294 247 4b024ce-4b024dc 245->247 246->247 250 4b024eb-4b024ed 247->250 251 4b024de-4b024e9 247->251 248 4b02a91-4b02ab2 248->238 252 4b02ab4-4b02ad0 248->252 253 4b024f3-4b024f5 250->253 251->253 252->238 256 4b02501-4b02523 253->256 257 4b024f7 253->257 260 4b02540-4b02543 256->260 261 4b02525-4b02534 256->261 257->256 263 4b02545 260->263 264 4b0254c-4b0256b 260->264 261->260 262 4b02536 261->262 262->260 263->264 289 4b0256d call 7805e0 264->289 290 4b0256d call 780606 264->290 266 4b02573-4b02596 269 4b025b7-4b025c5 266->269 270 4b02598-4b025b5 266->270 273 4b025d0-4b0260c 269->273 270->273 276 4b0261d-4b02633 273->276 277 4b0260e-4b02615 273->277 280 4b02643-4b0264b 276->280 281 4b02635-4b02639 276->281 277->276 285 4b02651 call 4b02f97 280->285 286 4b02651 call 4b02fa8 280->286 287 4b02651 call 7805e0 280->287 288 4b02651 call 780606 280->288 281->280 282 4b0263b-4b0263d 281->282 282->280 283 4b02657-4b0269c 283->152 284 4b0269e-4b026a8 283->284 284->152 285->283 286->283 287->283 288->283 289->266 290->266 291->144 292->144 293->248 294->248
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: f`k$f`k
                                    • API String ID: 0-3251778840
                                    • Opcode ID: bf1eec95142c176073a6c3ef6599f598cc865343dc0bd989c331b4b4c311872e
                                    • Instruction ID: 0ea21512aba22f4c5fccbb379edfd96ac7f8252f4568848f5f4c55790ff4dd90
                                    • Opcode Fuzzy Hash: bf1eec95142c176073a6c3ef6599f598cc865343dc0bd989c331b4b4c311872e
                                    • Instruction Fuzzy Hash: DD129231A04615CFCB28DF64C9886AEBBF2FB54306F14C1E9D4169B2A5DB74ED4ACB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B02FA8 Relevance: .2, Instructions: 239COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0bd7ee3ec0fc577e830ed4bb8fdcf8fbfea52c0a96818dacca6c0892f9b5b7d5
                                    • Instruction ID: d607e6f7c94510f2d19629ef220b2ac4c41b3d114a4750d5293aab402bc49224
                                    • Opcode Fuzzy Hash: 0bd7ee3ec0fc577e830ed4bb8fdcf8fbfea52c0a96818dacca6c0892f9b5b7d5
                                    • Instruction Fuzzy Hash: CA81A032F011159BD714DB69D8546AEBBE3AFC8315F29C0B5E805DB3A9EF34AC018790
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B00980 Relevance: 5.2, Strings: 4, Instructions: 177COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 4b00980-4b00981 1 4b00983-4b00990 0->1 2 4b009d7-4b009dc 0->2 3 4b00992-4b00994 1->3 4 4b00999-4b009a4 1->4 53 4b009de call 4b00bc0 2->53 54 4b009de call 4b00baf 2->54 3->4 4->2 7 4b00af1 4->7 5 4b009e4-4b009ef 66 4b009f5 call 4b01218 5->66 67 4b009f5 call 7805e0 5->67 68 4b009f5 call 4b01209 5->68 69 4b009f5 call 780606 5->69 9 4b00b00-4b00b28 7->9 55 4b00b2a call 7805e0 9->55 56 4b00b2a call 780606 9->56 10 4b009fb-4b00a2c 62 4b00a2e call 4b012a0 10->62 63 4b00a2e call 4b01291 10->63 64 4b00a2e call 7805e0 10->64 65 4b00a2e call 780606 10->65 15 4b00b2f-4b00b39 19 4b00b37-4b00b3d 15->19 20 4b00b3f-4b00b55 15->20 24 4b00ba7-4b00bac 19->24 31 4b00b53-4b00b59 20->31 32 4b00b5b-4b00b66 20->32 21 4b00a34-4b00a46 21->9 23 4b00a4c-4b00a56 21->23 25 4b00a64-4b00a92 23->25 26 4b00a58-4b00a5a 23->26 25->9 35 4b00a94-4b00a9e 25->35 26->25 31->24 39 4b00b68-4b00b6a 32->39 40 4b00b6e 32->40 37 4b00aa0-4b00aa2 35->37 38 4b00aac-4b00ad6 35->38 37->38 57 4b00ad9 call 4b03b10 38->57 58 4b00ad9 call 4b03ab8 38->58 59 4b00ad9 call 7805e0 38->59 60 4b00ad9 call 780606 38->60 61 4b00ad9 call 4b03b0f 38->61 41 4b00b74-4b00b81 39->41 42 4b00b6c-4b00b72 39->42 40->39 46 4b00b83-4b00b85 41->46 47 4b00b87-4b00b89 41->47 42->24 46->24 50 4b00b93-4b00ba5 47->50 50->24 51 4b00adf-4b00aeb 53->5 54->5 55->15 56->15 57->51 58->51 59->51 60->51 61->51 62->21 63->21 64->21 65->21 66->10 67->10 68->10 69->10
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: \Ol$\Ol$\Ol$\Ol
                                    • API String ID: 0-371742063
                                    • Opcode ID: ac321f6bea10a7335d3d1476b648afc91c82e3bbee5f2d22d55f872c3364d912
                                    • Instruction ID: e305d2c52db067d6b7872101bd9ded27aff58151d2bd36fa0abddee3f9aa82ff
                                    • Opcode Fuzzy Hash: ac321f6bea10a7335d3d1476b648afc91c82e3bbee5f2d22d55f872c3364d912
                                    • Instruction Fuzzy Hash: 3A51E431B04150DFCB15ABA4E855BBEBBF2AB85306F1085A9E5079B291DB30AC06DB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B009A9 Relevance: 5.1, Strings: 4, Instructions: 105COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 70 4b009a9-4b009dc 122 4b009de call 4b00bc0 70->122 123 4b009de call 4b00baf 70->123 76 4b009e4-4b009ef 129 4b009f5 call 4b01218 76->129 130 4b009f5 call 7805e0 76->130 131 4b009f5 call 4b01209 76->131 132 4b009f5 call 780606 76->132 78 4b009fb-4b00a2c 135 4b00a2e call 4b012a0 78->135 136 4b00a2e call 4b01291 78->136 137 4b00a2e call 7805e0 78->137 138 4b00a2e call 780606 78->138 82 4b00a34-4b00a46 83 4b00b00-4b00b28 82->83 84 4b00a4c-4b00a56 82->84 133 4b00b2a call 7805e0 83->133 134 4b00b2a call 780606 83->134 85 4b00a64-4b00a92 84->85 86 4b00a58-4b00a5a 84->86 85->83 92 4b00a94-4b00a9e 85->92 86->85 91 4b00b2f-4b00b39 97 4b00b37-4b00b3d 91->97 98 4b00b3f-4b00b55 91->98 95 4b00aa0-4b00aa2 92->95 96 4b00aac-4b00ad6 92->96 95->96 124 4b00ad9 call 4b03b10 96->124 125 4b00ad9 call 4b03ab8 96->125 126 4b00ad9 call 7805e0 96->126 127 4b00ad9 call 780606 96->127 128 4b00ad9 call 4b03b0f 96->128 101 4b00ba7-4b00bac 97->101 107 4b00b53-4b00b59 98->107 108 4b00b5b-4b00b66 98->108 107->101 112 4b00b68-4b00b6a 108->112 113 4b00b6e 108->113 110 4b00adf-4b00aeb 114 4b00b74-4b00b81 112->114 115 4b00b6c-4b00b72 112->115 113->112 118 4b00b83-4b00b85 114->118 119 4b00b87-4b00b89 114->119 115->101 118->101 120 4b00b93-4b00ba5 119->120 120->101 122->76 123->76 124->110 125->110 126->110 127->110 128->110 129->78 130->78 131->78 132->78 133->91 134->91 135->82 136->82 137->82 138->82
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: \Ol$\Ol$\Ol$\Ol
                                    • API String ID: 0-371742063
                                    • Opcode ID: d897b547d2c125070276e2d6864863a366da427cf71dd34c4f186484725c06e0
                                    • Instruction ID: a311be488c48d28303cda7e1e1464d55f4ae0111e5858bb6db0abf0337c1f696
                                    • Opcode Fuzzy Hash: d897b547d2c125070276e2d6864863a366da427cf71dd34c4f186484725c06e0
                                    • Instruction Fuzzy Hash: 72415B35B001159FCB15EFA4E854BADB7F2FF88305F158068E51A9B3A5CB30AC06CB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B002E8 Relevance: 2.7, Strings: 2, Instructions: 174COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 295 4b002e8-4b00316 296 4b00318-4b00324 295->296 297 4b0032a-4b00337 295->297 296->297 300 4b00506-4b00510 296->300 301 4b003a5-4b003d0 297->301 302 4b00339-4b00353 297->302 303 4b0051a-4b0051b 300->303 314 4b00373-4b0038a 301->314 306 4b00355 302->306 307 4b00357 302->307 308 4b0035a-4b0036d 306->308 307->308 308->314 315 4b0051c-4b00575 308->315 318 4b0038c 314->318 319 4b0038e 314->319 315->303 332 4b00577-4b005b5 315->332 320 4b00391-4b003dc 318->320 319->320 328 4b003de-4b003e5 320->328 329 4b003ef 320->329 328->329 331 4b003f6-4b004df 329->331 339 4b004e1 331->339 340 4b004e3 331->340 341 4b004e6-4b004fa 339->341 340->341 341->300
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: :@k$dSl
                                    • API String ID: 0-2366181727
                                    • Opcode ID: 3166483715c82601e4802ff534b6eeadb60c06eff19c2ac5a25997345cf8813a
                                    • Instruction ID: 8e9f3edb89d3e9f9445bc66135b6d894b7e9d6f0c1748faa39687c59ac3883cc
                                    • Opcode Fuzzy Hash: 3166483715c82601e4802ff534b6eeadb60c06eff19c2ac5a25997345cf8813a
                                    • Instruction Fuzzy Hash: 5751CF70B052048FCB05EF24D5907AD7BF2EF8A315F14C0A9D4069B7A1DB30AC45DB42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2AA02 Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 344 a2aa02-a2aa8d 348 a2aa92-a2aaa9 344->348 349 a2aa8f 344->349 351 a2aaeb-a2aaf0 348->351 352 a2aaab-a2aabe RegOpenKeyExW 348->352 349->348 351->352 353 a2aaf2-a2aaf7 352->353 354 a2aac0-a2aae8 352->354 353->354
                                    APIs
                                    • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 00A2AAB1
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: Open
                                    • String ID:
                                    • API String ID: 71445658-0
                                    • Opcode ID: 0a668e2abf55fc9da954b42f572f71702c9ad93d6952d22dceb106c633e1f8a8
                                    • Instruction ID: 2c36016d1955dfbb7ea6597f65667358c67cb0d17c1e6a82f3f8e82737c1f0c2
                                    • Opcode Fuzzy Hash: 0a668e2abf55fc9da954b42f572f71702c9ad93d6952d22dceb106c633e1f8a8
                                    • Instruction Fuzzy Hash: 9231C271504384AFE7228B15DD45FA7BFBCEF06310F0884AAE9848B652D264E94DCB72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04CC00F6 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 376 4cc00f6-4cc0179 380 4cc017e-4cc0187 376->380 381 4cc017b 376->381 382 4cc018c-4cc0195 380->382 383 4cc0189 380->383 381->380 384 4cc01e6-4cc01eb 382->384 385 4cc0197-4cc01bb CreateMutexW 382->385 383->382 384->385 388 4cc01ed-4cc01f2 385->388 389 4cc01bd-4cc01e3 385->389 388->389
                                    APIs
                                    • CreateMutexW.KERNELBASE(?,?), ref: 04CC019D
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722850833.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4cc0000_dnshost.jbxd
                                    Similarity
                                    • API ID: CreateMutex
                                    • String ID:
                                    • API String ID: 1964310414-0
                                    • Opcode ID: c4c5532884f9086de3f39aaa7b74419d7fb928246018e17daeb874e74b05a4ee
                                    • Instruction ID: 0092d55272c8890fcb5919e71600cd7fff652226307f6a9a4e4acdd0f4473690
                                    • Opcode Fuzzy Hash: c4c5532884f9086de3f39aaa7b74419d7fb928246018e17daeb874e74b05a4ee
                                    • Instruction Fuzzy Hash: 8431A175509380AFE711CF65DC45B96FFF8EF06210F08849AE984CB292D375E908CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2AAF9 Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 359 a2aaf9-a2ab77 362 a2ab79 359->362 363 a2ab7c-a2ab85 359->363 362->363 364 a2ab87 363->364 365 a2ab8a-a2ab90 363->365 364->365 366 a2ab92 365->366 367 a2ab95-a2abac 365->367 366->367 369 a2abe3-a2abe8 367->369 370 a2abae-a2abc1 RegQueryValueExW 367->370 369->370 371 a2abc3-a2abe0 370->371 372 a2abea-a2abef 370->372 372->371
                                    APIs
                                    • RegQueryValueExW.KERNELBASE(?,00000E24,344D8B0D,00000000,00000000,00000000,00000000), ref: 00A2ABB4
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: a98e1b657e656460f426ad8c871f3ccc7ab411d05bf2a929eff4cbcaa79564ad
                                    • Instruction ID: 717620fa860cb8dbd6fe384bdcb7bf5214c7c3b62bb3e4b58b9e1188b7df5952
                                    • Opcode Fuzzy Hash: a98e1b657e656460f426ad8c871f3ccc7ab411d05bf2a929eff4cbcaa79564ad
                                    • Instruction Fuzzy Hash: F33193755093845FD722CB25DC54FA2BFB8EF06314F08849AE945CB192D364E948CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2AF50 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 392 a2af50-a2af97 393 a2af9a-a2aff2 CreateActCtxA 392->393 395 a2aff8-a2b00e 393->395
                                    APIs
                                    • CreateActCtxA.KERNEL32(?,00000E24,?,?), ref: 00A2AFEA
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: d837c51cc3fd77df0546c5ace6f8f7a48541e291af3cc699a94d33e23ec3a3aa
                                    • Instruction ID: 29ba1f210e406d656cd1dfc1ce2775f22e3eb1664fd36eac0b6e03df96b90e45
                                    • Opcode Fuzzy Hash: d837c51cc3fd77df0546c5ace6f8f7a48541e291af3cc699a94d33e23ec3a3aa
                                    • Instruction Fuzzy Hash: 6821A7715093C06FD3138B259C51B62BFB8EF87610F0A81DBE984DB693D224A919C7B2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2AA32 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 396 a2aa32-a2aa8d 399 a2aa92-a2aaa9 396->399 400 a2aa8f 396->400 402 a2aaeb-a2aaf0 399->402 403 a2aaab-a2aabe RegOpenKeyExW 399->403 400->399 402->403 404 a2aaf2-a2aaf7 403->404 405 a2aac0-a2aae8 403->405 404->405
                                    APIs
                                    • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 00A2AAB1
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: Open
                                    • String ID:
                                    • API String ID: 71445658-0
                                    • Opcode ID: a7f81df183339b2c73b00d39652ef12c966ffaa6d2e060f9b74775291d67f8bc
                                    • Instruction ID: 928e961f82b8be692bfad639d4fb769f3c8ac1f524db2bbd72564ab4c7c3db96
                                    • Opcode Fuzzy Hash: a7f81df183339b2c73b00d39652ef12c966ffaa6d2e060f9b74775291d67f8bc
                                    • Instruction Fuzzy Hash: CA21CF72500204AFE7219B55DD44FABFBECEF14314F08846AEA45CB652D764E94CCAB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04CC012A Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 410 4cc012a-4cc0179 413 4cc017e-4cc0187 410->413 414 4cc017b 410->414 415 4cc018c-4cc0195 413->415 416 4cc0189 413->416 414->413 417 4cc01e6-4cc01eb 415->417 418 4cc0197-4cc019f CreateMutexW 415->418 416->415 417->418 419 4cc01a5-4cc01bb 418->419 421 4cc01ed-4cc01f2 419->421 422 4cc01bd-4cc01e3 419->422 421->422
                                    APIs
                                    • CreateMutexW.KERNELBASE(?,?), ref: 04CC019D
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722850833.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4cc0000_dnshost.jbxd
                                    Similarity
                                    • API ID: CreateMutex
                                    • String ID:
                                    • API String ID: 1964310414-0
                                    • Opcode ID: 84728a0c37b3aed0ec44a82b77e4263509907d1ceec09d72f1ab989cadf8bf87
                                    • Instruction ID: 46b8f408d2d31bc2d5d6e96c3ab68b8669efa9a8deac0082854124141e1806ea
                                    • Opcode Fuzzy Hash: 84728a0c37b3aed0ec44a82b77e4263509907d1ceec09d72f1ab989cadf8bf87
                                    • Instruction Fuzzy Hash: 1B218375600240AFE720CF66DD45BA6FBE8EF05214F08846EE948CB741D375F508CA75
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2AB3A Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 425 a2ab3a-a2ab77 427 a2ab79 425->427 428 a2ab7c-a2ab85 425->428 427->428 429 a2ab87 428->429 430 a2ab8a-a2ab90 428->430 429->430 431 a2ab92 430->431 432 a2ab95-a2abac 430->432 431->432 434 a2abe3-a2abe8 432->434 435 a2abae-a2abc1 RegQueryValueExW 432->435 434->435 436 a2abc3-a2abe0 435->436 437 a2abea-a2abef 435->437 437->436
                                    APIs
                                    • RegQueryValueExW.KERNELBASE(?,00000E24,344D8B0D,00000000,00000000,00000000,00000000), ref: 00A2ABB4
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: e44a0c317ad9dc49d5c517bd320d4aadf1edd1fc82df43df286e40affa08f2b0
                                    • Instruction ID: 4d54a6279589fbb5d1b7d30d70081cdf0dc68ab4c8130641e1b56a4e7a5f6567
                                    • Opcode Fuzzy Hash: e44a0c317ad9dc49d5c517bd320d4aadf1edd1fc82df43df286e40affa08f2b0
                                    • Instruction Fuzzy Hash: 8D21A276600214AFE720CF19DD44FA6F7ECEF15710F0884AAE945CB651D370E948CAB6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2B7CA Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 450 a2b7ca-a2b839 452 a2b866-a2b86b 450->452 453 a2b83b-a2b84e PostMessageW 450->453 452->453 454 a2b850-a2b863 453->454 455 a2b86d-a2b872 453->455 455->454
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 00A2B841
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: df0887efd01d3e2de030b135ff94a384bf6b6cc70aedd9c679dcf56d1ae70a83
                                    • Instruction ID: 44a716eaa2ad04571dca79c554cdf653a266ecf6dda0890a630af29e18a27201
                                    • Opcode Fuzzy Hash: df0887efd01d3e2de030b135ff94a384bf6b6cc70aedd9c679dcf56d1ae70a83
                                    • Instruction Fuzzy Hash: F5219D714097C09FDB128B25DC54AA2BFB4EF17320F0D84DAEDC44F163D265A958DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2A51F Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 441 a2a51f-a2a582 443 a2a584-a2a58c DuplicateHandle 441->443 444 a2a5bc-a2a5c1 441->444 445 a2a592-a2a5a4 443->445 444->443 447 a2a5c3-a2a5c8 445->447 448 a2a5a6-a2a5b9 445->448 447->448
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A2A58A
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: af32a17d096b89df360d7e80d8b1100632c4827c7c53fb368d936c4fcbe1b678
                                    • Instruction ID: 913a89eea01f0101f353160c52fee9a78186457fb646c9730b81b24d428e38bd
                                    • Opcode Fuzzy Hash: af32a17d096b89df360d7e80d8b1100632c4827c7c53fb368d936c4fcbe1b678
                                    • Instruction Fuzzy Hash: 52118471509780AFDB228F55DC44F62FFF4EF4A310F0888DAED858B562C275A518DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2BB4F Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 458 a2bb4f-a2bbb1 460 a2bbb3-a2bbc6 PostMessageW 458->460 461 a2bbe7-a2bbec 458->461 462 a2bbc8-a2bbe4 460->462 463 a2bbee-a2bbf3 460->463 461->460 463->462
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 00A2BBB9
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 223baff2f7d431037f266351e4ad9e841acb2f7dbb17cf433897661a7409be87
                                    • Instruction ID: b352f05355d831cf0d4fe641a45b3387212a990d089cd68fb038ec7a4fb68cf0
                                    • Opcode Fuzzy Hash: 223baff2f7d431037f266351e4ad9e841acb2f7dbb17cf433897661a7409be87
                                    • Instruction Fuzzy Hash: 0E11D3755097C09FDB228F25DC45B52FFB4EF06320F0884EEED858B563D265A818DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2BE05 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 466 a2be05-a2be68 468 a2be93-a2be98 466->468 469 a2be6a-a2be7d DispatchMessageW 466->469 468->469 470 a2be9a-a2be9f 469->470 471 a2be7f-a2be92 469->471 470->471
                                    APIs
                                    • DispatchMessageW.USER32(?), ref: 00A2BE70
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: DispatchMessage
                                    • String ID:
                                    • API String ID: 2061451462-0
                                    • Opcode ID: db2154b228290018b4563004cee37190baeae7f52a483cdba7099d781874d3ae
                                    • Instruction ID: b216fe849e6351e16f5040be42015e857a6e915f0d061f0b5f320693bd8ee19f
                                    • Opcode Fuzzy Hash: db2154b228290018b4563004cee37190baeae7f52a483cdba7099d781874d3ae
                                    • Instruction Fuzzy Hash: AC115EB54097C0AFDB128B25DC44B61BFB4EF47624F0984DAED858F263D2656808CB72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2B71E Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 00A2B78A
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: CreateFromIconResource
                                    • String ID:
                                    • API String ID: 3668623891-0
                                    • Opcode ID: 7b7e7debd1c56308400c48a0ee88382e39afa19d3ca508f48153c559cf14b2aa
                                    • Instruction ID: ff1b1a1491184490ac3f9bb63830b2973f06acde73f9c276054d3cf64ccd8be2
                                    • Opcode Fuzzy Hash: 7b7e7debd1c56308400c48a0ee88382e39afa19d3ca508f48153c559cf14b2aa
                                    • Instruction Fuzzy Hash: CE1172715057809FDB21CF55DC44E52FFF4EF4A310F0889AEE9858B562C375A418DB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2BEB4 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetCurrentDirectoryW.KERNELBASE(?), ref: 00A2BF0C
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: CurrentDirectory
                                    • String ID:
                                    • API String ID: 1611563598-0
                                    • Opcode ID: 1bf8c25ea86b8ec87f365302406438fe985773b50715a6c038c22da7e63d6880
                                    • Instruction ID: e551d2e51b022319568b4ca25dc96f3eca1daca2b212aec12ad5d9cff70d87d7
                                    • Opcode Fuzzy Hash: 1bf8c25ea86b8ec87f365302406438fe985773b50715a6c038c22da7e63d6880
                                    • Instruction Fuzzy Hash: C0114F716053809FDB11CF29DC85BA6BFE8EF46320F0884AAED45CB656D274E948CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2A75B Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: Initialize
                                    • String ID:
                                    • API String ID: 2538663250-0
                                    • Opcode ID: 3ae4684f28040480c87f027063e42892e41068c2ad6cdda4322eb4c830760939
                                    • Instruction ID: 39905ff9d0e05796e7c3d319184e2fe259ec5ca66af0a64a3fe99f1fb7d19aed
                                    • Opcode Fuzzy Hash: 3ae4684f28040480c87f027063e42892e41068c2ad6cdda4322eb4c830760939
                                    • Instruction Fuzzy Hash: 3D11BF715493849FDB11CF15DC44B52BFB4EF42320F0884EAED458F253C279A808CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2A8CC Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetWindowLongW.USER32(?,?,?), ref: 00A2A926
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: LongWindow
                                    • String ID:
                                    • API String ID: 1378638983-0
                                    • Opcode ID: 1b6ce1842e74bab24a1b72217557666fa1eea124217010bc2049aa6cdb4e1f99
                                    • Instruction ID: e5c904b31ef89013ade6b5f7c1f27886e2f937a2060ec8c043279e7480cd024c
                                    • Opcode Fuzzy Hash: 1b6ce1842e74bab24a1b72217557666fa1eea124217010bc2049aa6cdb4e1f99
                                    • Instruction Fuzzy Hash: 7A11CE714097849FCB21CF15DC85B52FFF4EF06320F0984EAEE854B262C275A818CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2BED2 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetCurrentDirectoryW.KERNELBASE(?), ref: 00A2BF0C
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: CurrentDirectory
                                    • String ID:
                                    • API String ID: 1611563598-0
                                    • Opcode ID: a58d600664e19eed1e55e801fca22c959ca0aaf5950456ec92bf5b5f58f452ac
                                    • Instruction ID: 0ce62fe21d18a20defbbef3401de7607d165dc53cf3fcc01130fd6a4fc789fb3
                                    • Opcode Fuzzy Hash: a58d600664e19eed1e55e801fca22c959ca0aaf5950456ec92bf5b5f58f452ac
                                    • Instruction Fuzzy Hash: C5018C71A002009FDB50CF29E9857A6BBE8DF15320F08C4AAED49CB656D374E808CE72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2A546 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A2A58A
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: 98b5df77e609d171e25e0a3909b52fe5e34da5a3e6d1b8fff69d1b4359c555a4
                                    • Instruction ID: d9d57c1072ca44d8dfcd9feb57683d77433111ca318f03eafaf02c7c9f833a64
                                    • Opcode Fuzzy Hash: 98b5df77e609d171e25e0a3909b52fe5e34da5a3e6d1b8fff69d1b4359c555a4
                                    • Instruction Fuzzy Hash: 030180725006009FDB21CF55E844B66FBF4EF19720F08C9AAEE498A656C376E418DF62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2B746 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 00A2B78A
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: CreateFromIconResource
                                    • String ID:
                                    • API String ID: 3668623891-0
                                    • Opcode ID: a375b68cf9097deb2d41f7c641e257c89a8692f226108a4b43404661ff655f53
                                    • Instruction ID: 81adf920b40ec28c8b97205c25cff42222a5c37ddbfc1da98d653e1446760f99
                                    • Opcode Fuzzy Hash: a375b68cf9097deb2d41f7c641e257c89a8692f226108a4b43404661ff655f53
                                    • Instruction Fuzzy Hash: 0301A1315006009FDB208F55D844B62FBF0EF59310F08C4AAEE454A622C375E418DF72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2AF9A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateActCtxA.KERNEL32(?,00000E24,?,?), ref: 00A2AFEA
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: 8384186baaaa5a9bb760aa489c2ced0a3ddf092a9586ab76af7b3065323a252f
                                    • Instruction ID: 31960a7b991bae17e13cfcd143d37cc844b368cc077ae8fab393e0767e30a7f0
                                    • Opcode Fuzzy Hash: 8384186baaaa5a9bb760aa489c2ced0a3ddf092a9586ab76af7b3065323a252f
                                    • Instruction Fuzzy Hash: DB01A271600600ABD210DF16DD46B66FBE8FB89A20F148159ED089BB41D731F955CBE5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2BB7E Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 00A2BBB9
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: c7d13e27e43cb102967ffa19d60e7b3d0e10b7b7cd45fd564b9cd48099662b64
                                    • Instruction ID: dfedbe67f101585c0d61d256b5e06fd5ead04ce4c5cca40e27e85f004649b004
                                    • Opcode Fuzzy Hash: c7d13e27e43cb102967ffa19d60e7b3d0e10b7b7cd45fd564b9cd48099662b64
                                    • Instruction Fuzzy Hash: BB01B1356006009FDB208F19E845B65FBE4EF15320F08C0AAEE454A666C371E418DF62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2A78A Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: Initialize
                                    • String ID:
                                    • API String ID: 2538663250-0
                                    • Opcode ID: 1760634b16808089ef233a2a2e3f454fd5cc55c21fe5630efecd50739d8d6519
                                    • Instruction ID: 3592e797125244bcc3ef587229ba205f2a31523e9a3153d506d65e774a35b515
                                    • Opcode Fuzzy Hash: 1760634b16808089ef233a2a2e3f454fd5cc55c21fe5630efecd50739d8d6519
                                    • Instruction Fuzzy Hash: BA01AD75A002409FDB10CF19E884B61FBF4EF25720F08C4AADD488F656D279E508CEA7
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2B806 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 00A2B841
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: c55f8c0faa8e9522987474a9d1a07850f4274d272217985d67b00a8d4e869c43
                                    • Instruction ID: 74ca2aff310eae81424b711b791014b44fc9a12016ec3b68a1e1df6c99133b1a
                                    • Opcode Fuzzy Hash: c55f8c0faa8e9522987474a9d1a07850f4274d272217985d67b00a8d4e869c43
                                    • Instruction Fuzzy Hash: 17018F719006449FDB20CF06E884B61FBE4EF15720F08C0AAEE490A662D375E418DFB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2A8EE Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetWindowLongW.USER32(?,?,?), ref: 00A2A926
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: LongWindow
                                    • String ID:
                                    • API String ID: 1378638983-0
                                    • Opcode ID: 4c758424bb3338594903b398513617eade809b49dbb6cdc7f2ac6f35110db96c
                                    • Instruction ID: fb87cd779b031a04d3b1925d936f659c34d096477360ec0eb50f0ef293960708
                                    • Opcode Fuzzy Hash: 4c758424bb3338594903b398513617eade809b49dbb6cdc7f2ac6f35110db96c
                                    • Instruction Fuzzy Hash: 460162755006449FDB208F06E885B61FBF4EF26720F08C4AADE464B752C375E858DEA3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A2BE3E Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DispatchMessageW.USER32(?), ref: 00A2BE70
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722111958.0000000000A2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a2a000_dnshost.jbxd
                                    Similarity
                                    • API ID: DispatchMessage
                                    • String ID:
                                    • API String ID: 2061451462-0
                                    • Opcode ID: 04f20dcd1eaaa47b2aa0fd02798c7b270e01dd3289e188deaefdedb077f97678
                                    • Instruction ID: 1654f6959bd3cb37f31dde4e72402f9b41e7eb2d2af1a4d8062cbd6f1425ba5e
                                    • Opcode Fuzzy Hash: 04f20dcd1eaaa47b2aa0fd02798c7b270e01dd3289e188deaefdedb077f97678
                                    • Instruction Fuzzy Hash: 62F0AF759146449FDB20CF09E985BA1FBE4EF15720F08C0AADE094B752D375E848CEB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B032BB Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID: 0-3916222277
                                    • Opcode ID: 4ed7baf1ebc82d11b6bfeac0c1776bebdcd6c35f1f93222b4ca1d3bb93eebe7d
                                    • Instruction ID: 49c30ec6f24f91aa163faef0f0bc9f3ce4c50991fba0848a3e4dd25864b2f875
                                    • Opcode Fuzzy Hash: 4ed7baf1ebc82d11b6bfeac0c1776bebdcd6c35f1f93222b4ca1d3bb93eebe7d
                                    • Instruction Fuzzy Hash: EC51B071F041058FCB04DFA9D8881AEBBF2FBC5216B15C5BAD906DB791EB31A8078752
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B02D58 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID: 0-3916222277
                                    • Opcode ID: 6285b158ad5edb415b6c0525982fd5cd593f81a0473e739f0841ec058e553f42
                                    • Instruction ID: 9531e223b72def2accad6e42e64f7d1782398afaa25fada516e312afaef0b2c1
                                    • Opcode Fuzzy Hash: 6285b158ad5edb415b6c0525982fd5cd593f81a0473e739f0841ec058e553f42
                                    • Instruction Fuzzy Hash: 5841E430F44105CBDB18CF64C8885AEBFA2EBC0216B14C9F6D416DB681E735FC4A9782
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B021F8 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: r*+
                                    • API String ID: 0-3221063712
                                    • Opcode ID: d5b4f49dedcedd0161cd9a5fd4b3d84fbc4527ac59532e1e6d9b1a075e524221
                                    • Instruction ID: b2a7643e716a3b5278f9f02a37129085ac1e54c302c3ce82cfe9b01c8228bae5
                                    • Opcode Fuzzy Hash: d5b4f49dedcedd0161cd9a5fd4b3d84fbc4527ac59532e1e6d9b1a075e524221
                                    • Instruction Fuzzy Hash: 8341E730E09209DFDF48DBE5C5496AEBBB1FB44305F10C4EAD412A76A0E734AE499F52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B025DE Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: f`k
                                    • API String ID: 0-1028176591
                                    • Opcode ID: d6500cb8c85fc077274d3c95135f46fce3bee7bc17890842efe7995b57a7efae
                                    • Instruction ID: 118dca12dd20137d42a63ae7152708de1d337254989462d70f7973bcf85aa63f
                                    • Opcode Fuzzy Hash: d6500cb8c85fc077274d3c95135f46fce3bee7bc17890842efe7995b57a7efae
                                    • Instruction Fuzzy Hash: 7D317C31A00305CFDB24DFA5C94869ABBE2FF55309F14C1A9D015AB2A5DB74A98ACB42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B04180 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: W
                                    • API String ID: 0-655174618
                                    • Opcode ID: 71fdc6fcb2a110cff6bc480c5726d2b57dadf53bcc05c4f9da29fe2fee02401f
                                    • Instruction ID: 54f4a27b3e000e39dda05dbe6be694552021561a8d27821a4d90055063961c53
                                    • Opcode Fuzzy Hash: 71fdc6fcb2a110cff6bc480c5726d2b57dadf53bcc05c4f9da29fe2fee02401f
                                    • Instruction Fuzzy Hash: 24012631B08160DF9B14667468414EA7FA59FE4257700C5FADB0687281FB34A43B9A41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B03B10 Relevance: .5, Instructions: 487COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cf912b6e469ef17d763803fa5bd4c30a249712653712f6469108465e27e53a20
                                    • Instruction ID: 5dc40ddac1cd3c583a170fcebed6f60fc37f20080de9c218963559ee4f5cfbdd
                                    • Opcode Fuzzy Hash: cf912b6e469ef17d763803fa5bd4c30a249712653712f6469108465e27e53a20
                                    • Instruction Fuzzy Hash: B702AE31A00105CFCB15CF68C9889A9BBF2FF85305B19C9A5E8099F2A6D731FC46CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B012A0 Relevance: .5, Instructions: 460COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 75284fef43ff1f8da643482f1eb2df1e1134a6a49e0cad3bfd29278fde3a11f2
                                    • Instruction ID: 986ce40fb59239776fc6cb69ab0487c346118738ffc9ff082eee312dd45b1aad
                                    • Opcode Fuzzy Hash: 75284fef43ff1f8da643482f1eb2df1e1134a6a49e0cad3bfd29278fde3a11f2
                                    • Instruction Fuzzy Hash: 8B22D334A04A15CFCB24DF28C590AAABBF2FF48304B10C5AAD85A9B756DB35ED45CF41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B00908 Relevance: .1, Instructions: 139COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b771d856e43d7425943742d4dd1ba7807fcbbb1d42af2fb18a6ea239ce4e806c
                                    • Instruction ID: 234f01f97e59dafb37dd462c32c95d6d12a10c7dc7d73c8cb6701da41386a4f7
                                    • Opcode Fuzzy Hash: b771d856e43d7425943742d4dd1ba7807fcbbb1d42af2fb18a6ea239ce4e806c
                                    • Instruction Fuzzy Hash: 884183B16092459FD734BBF4FC4C7AE3FA5EB9030370481AAF9028A5A1DF745847AB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B00681 Relevance: .1, Instructions: 134COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1dea065abd782226f4b57640af7d6430d1a04cf856e9ce6c2f9ce374d4b38957
                                    • Instruction ID: d3d600a7ba2da55efc195f9ae897f4a4d04be7f904538bccc719f3aba65889db
                                    • Opcode Fuzzy Hash: 1dea065abd782226f4b57640af7d6430d1a04cf856e9ce6c2f9ce374d4b38957
                                    • Instruction Fuzzy Hash: D54174717082148BD724BBB4FD0D7AE3B96EB80706B0484B9F402CB6B1DF349C069B92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B00BC0 Relevance: .1, Instructions: 131COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f34bb5ca6efadae6d878833dae8c06ad001f1eb2f268ffa25d85599927914c02
                                    • Instruction ID: 216d9e54262bb9116af2c99204e2957a703af8ecc85481353863d8ba35426940
                                    • Opcode Fuzzy Hash: f34bb5ca6efadae6d878833dae8c06ad001f1eb2f268ffa25d85599927914c02
                                    • Instruction Fuzzy Hash: 3C410931B051148FC715AF28D4147AE7BE6AFC6305F05C0AAE906DF7A1DF71AC0A9792
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B002D9 Relevance: .1, Instructions: 104COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0df099ae0eb2f0dca753c6086db111e67a3bace739c957535bf67e7b3e9c6502
                                    • Instruction ID: 794a530d9250e28bf70e31ec61d2d188ac69bfe65e228cb1814d83748949d08f
                                    • Opcode Fuzzy Hash: 0df099ae0eb2f0dca753c6086db111e67a3bace739c957535bf67e7b3e9c6502
                                    • Instruction Fuzzy Hash: F8418D70B002059FDB15EF28D194BAE7BF2EF89315F1480A9D402AB7A1DB70AC45CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B020D0 Relevance: .1, Instructions: 100COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 846665a4d114afafecb0b1d537ee7fd86ba916a209f530b30bbfda39e03a0f41
                                    • Instruction ID: 4b129fc9b8d6e64caa168fea26952af6f51c8555124682862b94ba556df10fdf
                                    • Opcode Fuzzy Hash: 846665a4d114afafecb0b1d537ee7fd86ba916a209f530b30bbfda39e03a0f41
                                    • Instruction Fuzzy Hash: 5F31D230B08245DFDB08DFA4C9896BE7FB5EF85201B10C4E5D5029B695E730BC69CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B01291 Relevance: .1, Instructions: 98COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b7e73b83b601b82d491c525031f7b827d321cb0242cd6c72e3abe157148a7d35
                                    • Instruction ID: 474a6dcc23d8c8cd1dcb3298f78d99c10bf41b081f59e3385167c3144d074bfe
                                    • Opcode Fuzzy Hash: b7e73b83b601b82d491c525031f7b827d321cb0242cd6c72e3abe157148a7d35
                                    • Instruction Fuzzy Hash: C4411634A04219DFCB64DF68C854B9DBBB1AB4A304F0084E9D44AAB795DB31AD84DF52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B00006 Relevance: .1, Instructions: 91COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ca5317ee07234b90fca47f51627e172495770b3da32da6cb0963e5aed494ef54
                                    • Instruction ID: 2b86ea075dd1c16ca46f81e5c210b04c6ed96223d7f93950155bf4ec5da91000
                                    • Opcode Fuzzy Hash: ca5317ee07234b90fca47f51627e172495770b3da32da6cb0963e5aed494ef54
                                    • Instruction Fuzzy Hash: 2431AC7060D7819FC702EF7499555987FF0AF52205B0988FAE086CB2A7EB349C19DB13
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B021E8 Relevance: .1, Instructions: 76COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0eb87b6a3326c716a1461ee8bf06a1148640166acb25ead6c4f1f87f17e5d351
                                    • Instruction ID: cd59ce03df2ab05f3f796a3df9350e45fc9f54c44b36f07b9706ae1c9d0b7842
                                    • Opcode Fuzzy Hash: 0eb87b6a3326c716a1461ee8bf06a1148640166acb25ead6c4f1f87f17e5d351
                                    • Instruction Fuzzy Hash: B6311A70E08209DFCF48DBE4C5596ADBFB1FB45305F10C9EAD4029B6A1E730AE499B52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B04190 Relevance: .1, Instructions: 69COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ae2b4717aa506f24a1d2f67a36489f441655a0fe04acd5b5282c4a58b5d814d5
                                    • Instruction ID: 3163c3ba060b98189ae66a7f69addde6acc649dc4a2f3c3888fc6e2b12195f86
                                    • Opcode Fuzzy Hash: ae2b4717aa506f24a1d2f67a36489f441655a0fe04acd5b5282c4a58b5d814d5
                                    • Instruction Fuzzy Hash: 04113631B002148BDB14E7F098156FF7EE6EF95206B1181BA961787680EF30A81497A3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B03AB8 Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7b9271ccb83fe6d95e9471eaa7622e6b7e14ba884896144654830cc87f341702
                                    • Instruction ID: b1f9d9885c7034a7000195db016c037c3495b27db2cdeb1a5c18c07b31559f2c
                                    • Opcode Fuzzy Hash: 7b9271ccb83fe6d95e9471eaa7622e6b7e14ba884896144654830cc87f341702
                                    • Instruction Fuzzy Hash: E621CD70B08514CFCB14DF18D5945ADBBE2FF6530871480EAD85A9F78AEB75E805CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0078088C Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1721861822.0000000000780000.00000040.00000020.00020000.00000000.sdmp, Offset: 00780000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_780000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 21199633f513f3af8b933e2370409d20759f6944f0157c3b37ad14e1530502ac
                                    • Instruction ID: a2a5180e4b420f86d123f2a6e8373301a32d204cb5453f544c6b5fab478d2f20
                                    • Opcode Fuzzy Hash: 21199633f513f3af8b933e2370409d20759f6944f0157c3b37ad14e1530502ac
                                    • Instruction Fuzzy Hash: F311D230284684DFE351DB10D940B26BBA5AB99718F28C99CE4494BA53C73BE847CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0078085C Relevance: .1, Instructions: 58COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1721861822.0000000000780000.00000040.00000020.00020000.00000000.sdmp, Offset: 00780000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_780000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ac8dd530778e9b3a4257cea7bd49f3f1a1ee3b28ecd6a6be50632b24813c573c
                                    • Instruction ID: 851e455d964c6547b3c577d087188f7f846ad7f9d7b770a0e523e7b532fa1efd
                                    • Opcode Fuzzy Hash: ac8dd530778e9b3a4257cea7bd49f3f1a1ee3b28ecd6a6be50632b24813c573c
                                    • Instruction Fuzzy Hash: 21218E3564D3C49FD7138B20C950B15BFB1AF47718F1A85DED4898B6A3C23A984ACB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 007805E0 Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1721861822.0000000000780000.00000040.00000020.00020000.00000000.sdmp, Offset: 00780000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_780000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cc06562958cd1ef25f5ab2af8338b6f3f6869d44097104d92d435ead22cc1166
                                    • Instruction ID: 647868c623f08d41d224b86d16f168f13737b7ff2968d0224bbef9c6ba8149ad
                                    • Opcode Fuzzy Hash: cc06562958cd1ef25f5ab2af8338b6f3f6869d44097104d92d435ead22cc1166
                                    • Instruction Fuzzy Hash: E811C8B650D7C06FD7128B15AC55856BFB8EF4322070984EFE848CB653D229A808CBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B02390 Relevance: .1, Instructions: 55COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: aa53499e9330b9d46e018e768b60d1cddb09c3429dc2518548ce574007206345
                                    • Instruction ID: 4b192bb31d2a676b552c155ee66074f635b52e762dd5ad1464826c68017bd7ea
                                    • Opcode Fuzzy Hash: aa53499e9330b9d46e018e768b60d1cddb09c3429dc2518548ce574007206345
                                    • Instruction Fuzzy Hash: 3D118F70A0414ACFCB18CF54D9896ADBFB1EB04306F1080EAC512A6380EB706D4ADB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B005B9 Relevance: .0, Instructions: 48COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 094871460c49e212b90269e77555191bcfe5a819d9959e6f237cb30f3bc44982
                                    • Instruction ID: 161ce04d659d67fe59687d0ca3c0b6c3f305746c3c50601832138217ae9d7dd7
                                    • Opcode Fuzzy Hash: 094871460c49e212b90269e77555191bcfe5a819d9959e6f237cb30f3bc44982
                                    • Instruction Fuzzy Hash: 66016D317041285786047A3D69197BEB2DB9FC9698F19847FE006DB386CF758C435397
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B01209 Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7a0921b6881561787856d25bf7f6c77b205e2cf4220b764aeebd17565e53bc73
                                    • Instruction ID: 03eb4268f2d2a7661ec65d2514992ba329f2e918a5693c64ca867bbd6b749801
                                    • Opcode Fuzzy Hash: 7a0921b6881561787856d25bf7f6c77b205e2cf4220b764aeebd17565e53bc73
                                    • Instruction Fuzzy Hash: 89012C30308550CFCB08E72CD0589A97BE6BF9630671580EAE406CF7A6DF72AC099B52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B005C8 Relevance: .0, Instructions: 45COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 44be9468fa1f9ff94ffa13adbd7a66d52ba9b8ec03c300cd732b5b035727ab7a
                                    • Instruction ID: c7e4ccb6599503f0d5375921b1f740dbc99ed9c40315df2c3e746804eb80e657
                                    • Opcode Fuzzy Hash: 44be9468fa1f9ff94ffa13adbd7a66d52ba9b8ec03c300cd732b5b035727ab7a
                                    • Instruction Fuzzy Hash: 56F0B431300028178608767D69197BF62CB9FC9A98B19443FE006EB386CF799C4313DB
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00780830 Relevance: .0, Instructions: 44COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1721861822.0000000000780000.00000040.00000020.00020000.00000000.sdmp, Offset: 00780000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_780000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1b5f0c2ca6824d8d74320f34b062b5d9545f56671cb11366fef8af647109037a
                                    • Instruction ID: a7a79e991e7f74f5b85184ec63de4330215fe75f71cdb4ddf0b8ad8ac7bf6fb4
                                    • Opcode Fuzzy Hash: 1b5f0c2ca6824d8d74320f34b062b5d9545f56671cb11366fef8af647109037a
                                    • Instruction Fuzzy Hash: 93114F3114D3C09FC303DB10D990A15BFB1EF86314F2986DED4858B6A3C23A9856CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B01218 Relevance: .0, Instructions: 42COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ee4b80d27556ce88890868045e0fc1ef5d1948fa565b768cc05978a005a6295e
                                    • Instruction ID: 61806e83ae4071c404204d261762ffb1317bcaa8aa85e114baf70808923b8abd
                                    • Opcode Fuzzy Hash: ee4b80d27556ce88890868045e0fc1ef5d1948fa565b768cc05978a005a6295e
                                    • Instruction Fuzzy Hash: 04011230304010CBCB0CA72CD0589A97BE6BFD570571580FAE406CB7A5DF72AC099B92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B00918 Relevance: .0, Instructions: 33COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 467c8af6575fef190cb9e55416293f59bba723f177c614c96ad6ac668ed02ca1
                                    • Instruction ID: 5ce726dda710715c8286022a703f25d67030a28e31921034d8241d0addabc592
                                    • Opcode Fuzzy Hash: 467c8af6575fef190cb9e55416293f59bba723f177c614c96ad6ac668ed02ca1
                                    • Instruction Fuzzy Hash: 45E0E532B05218DB9B5076F8AC116AFBFE9D7A5262F00C5B39E07A7280EE7069065192
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00780948 Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1721861822.0000000000780000.00000040.00000020.00020000.00000000.sdmp, Offset: 00780000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_780000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e6850d79e688ef7387407e307c00caab001beb49244c143f541758b1d055de9a
                                    • Instruction ID: 11359e5b7fdefdfc34044f32cd863f094d3aadc45a5fa6e805b4c6878ecc89fe
                                    • Opcode Fuzzy Hash: e6850d79e688ef7387407e307c00caab001beb49244c143f541758b1d055de9a
                                    • Instruction Fuzzy Hash: 1CF01D35244644DFC305DB00D940B15FBA2EB89718F24CAADE94907B62C33BE813DB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00780606 Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1721861822.0000000000780000.00000040.00000020.00020000.00000000.sdmp, Offset: 00780000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_780000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f089962348764b92ee9cec81b9975ce876f312a7240b0a9dd5526ef6b8b2091b
                                    • Instruction ID: 26db0ef095c5c2f11b7f91ae429ad78a502c0e1d1753a60276606616629c5d01
                                    • Opcode Fuzzy Hash: f089962348764b92ee9cec81b9975ce876f312a7240b0a9dd5526ef6b8b2091b
                                    • Instruction Fuzzy Hash: 7EE092B66006044B9750CF0AFC41862F7D8EB84630708C07FEC0D8B711D235F508CEA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B002A1 Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 93653b1f3cea10a88cda83dc57243f6f57d883ca25fb764d008d375a61721957
                                    • Instruction ID: d6c34c9c9eca64751ecb590890443d2768c9f0ceafa57f88e79e01ab2e5c93b6
                                    • Opcode Fuzzy Hash: 93653b1f3cea10a88cda83dc57243f6f57d883ca25fb764d008d375a61721957
                                    • Instruction Fuzzy Hash: 5CD05E78608A018FC350DB64F5959D1BFF0EB81241345C95AE04686A66E730B81B9B01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B0016F Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ab23e2d9d94a96afc3e06ca2a1d7f962aac2537ee18f2a1ed93b354974bce0fd
                                    • Instruction ID: e8676e45e4d540c59d3a23625e45811cc0b21db0c3cd5257915002cfbb946c64
                                    • Opcode Fuzzy Hash: ab23e2d9d94a96afc3e06ca2a1d7f962aac2537ee18f2a1ed93b354974bce0fd
                                    • Instruction Fuzzy Hash: C4D05B35741300CFD7199B70E55916437B1EB5521635044BBE016CB371DF36C446C714
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B00650 Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c454876d545c2ffe82a777079e578d9226983e88c01fdea8dddb7ce81e112ccf
                                    • Instruction ID: e8d8c290a91fee5b05f71fab406efe9db5f4fae1be78d34c39c2ad09a59ce9de
                                    • Opcode Fuzzy Hash: c454876d545c2ffe82a777079e578d9226983e88c01fdea8dddb7ce81e112ccf
                                    • Instruction Fuzzy Hash: 7CD0A7F158E380CFC31197F03D140967F72E69121A745C8BBD04285462EA36258BD621
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A223F4 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722097298.0000000000A22000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A22000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a22000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9e723b9032fff584232f912b8ca0fbe251079569d8dfcbb8deedd927db0f6dbc
                                    • Instruction ID: b4c278c49ccacd8bbecfd5ed6f180e95a9841db9cc28e5d9a5f10e9627d92af7
                                    • Opcode Fuzzy Hash: 9e723b9032fff584232f912b8ca0fbe251079569d8dfcbb8deedd927db0f6dbc
                                    • Instruction Fuzzy Hash: D1D02E792406D04FD312AB0CD1A4B8537D8AB60704F0A00FAAC008B763C768D881C700
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A223BC Relevance: .0, Instructions: 14COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722097298.0000000000A22000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A22000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a22000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ccb9904ff338044e5e5c1ada810abb91bcb40ba1d4965cadb99270b3ccab29bf
                                    • Instruction ID: 3844b22387b5f007608c956378c97213d2aaea1b693b0c47563e3efe48162699
                                    • Opcode Fuzzy Hash: ccb9904ff338044e5e5c1ada810abb91bcb40ba1d4965cadb99270b3ccab29bf
                                    • Instruction Fuzzy Hash: 9CD05E342002814BD719DB0CD6D4F5937D8AF50B14F1A44F8AC108F762C7A8D8C1CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B00180 Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ac571e7dfbb01709d41df651a61b1b6692b8eaefebcca19d221b5298a1f0814e
                                    • Instruction ID: e4d96b4fe0404f716bb9ba0b2ab7112a1e2b3ccb0eff899b9d1c21530fcda635
                                    • Opcode Fuzzy Hash: ac571e7dfbb01709d41df651a61b1b6692b8eaefebcca19d221b5298a1f0814e
                                    • Instruction Fuzzy Hash: 06D01234201304CBC71CABB0E91D06833A6AB48606310087DF40747365DF36D891CA00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B00660 Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 65a99a4d6eafb9d52e558a45389cd8bcc40698637522fa934dececc367544ac7
                                    • Instruction ID: 5d1bbb1a2c8447a5f61717f9d6936af58f19acbaf55fdaafdd2da0da42f064fd
                                    • Opcode Fuzzy Hash: 65a99a4d6eafb9d52e558a45389cd8bcc40698637522fa934dececc367544ac7
                                    • Instruction Fuzzy Hash: 85C02B7018A204CE822477F03C0C57BB70A57C0307300C476E00210021AE33B4D2A411
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04B02EC0 Relevance: .0, Instructions: 8COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: be234de7b86b116fb5439ed6c71654515924bc7fe78465b48c34dc452c4d671c
                                    • Instruction ID: d35ec506550e05b726ddbb2a993633e9985e2d7c16482d09270016a87d89c248
                                    • Opcode Fuzzy Hash: be234de7b86b116fb5439ed6c71654515924bc7fe78465b48c34dc452c4d671c
                                    • Instruction Fuzzy Hash: B8B012302446080B17409BF12C08A53778C860040674004A0AC0CC0110F541E4901140
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 04B00D93 Relevance: 6.5, Strings: 5, Instructions: 249COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722780747.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_4b00000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 0Xl$4l$:@k$\Ol$f`k
                                    • API String ID: 0-4284705603
                                    • Opcode ID: 810ebc07c60c0e4c09adf4eaef8057e826f7cf9ce92c78e34fe7bba50d094850
                                    • Instruction ID: aa35a245bb9a4988a007714e3f4b064a5288b2e36e2c2f3306d400cc2c08f232
                                    • Opcode Fuzzy Hash: 810ebc07c60c0e4c09adf4eaef8057e826f7cf9ce92c78e34fe7bba50d094850
                                    • Instruction Fuzzy Hash: 77B1E574B093448FD364DF38C1517AA77E2BBA6308F50482DE0498BB85EB71D84ADB57
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00A226AA Relevance: 5.4, Strings: 4, Instructions: 387COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1722097298.0000000000A22000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A22000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_a22000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 2k$Bk$$Ok$$k
                                    • API String ID: 0-3284410275
                                    • Opcode ID: 4dba80c32cb8ebc3241f3b4a416abd74138c81d71f0003e4e462f215fada830a
                                    • Instruction ID: 8fd2cf03c993e747f997f88083700881eb1f2db46d2ba3832af3467ee7f47943
                                    • Opcode Fuzzy Hash: 4dba80c32cb8ebc3241f3b4a416abd74138c81d71f0003e4e462f215fada830a
                                    • Instruction Fuzzy Hash: 9BD19D6940E7D15FD3038B3898A5282BFB5AE5320474E82DBC4C4CF5A3D66C5D4EDBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Execution Graph

                                    Execution Coverage:13.9%
                                    Dynamic/Decrypted Code Coverage:100%
                                    Signature Coverage:0%
                                    Total number of Nodes:64
                                    Total number of Limit Nodes:7
                                    execution_graph 5132 59200f6 5133 592012a CreateMutexW 5132->5133 5135 59201a5 5133->5135 5104 176af50 5105 176af9a CreateActCtxA 5104->5105 5107 176aff8 5105->5107 5065 176be3e 5066 176be93 5065->5066 5067 176be6a DispatchMessageW 5065->5067 5066->5067 5068 176be7f 5067->5068 5116 176b71e 5118 176b746 CreateIconFromResourceEx 5116->5118 5119 176b792 5118->5119 5120 176a51f 5122 176a546 DuplicateHandle 5120->5122 5123 176a592 5122->5123 5073 592061e 5074 592064a FindCloseChangeNotification 5073->5074 5075 592068b 5073->5075 5076 5920658 5074->5076 5075->5074 5108 176a75b 5110 176a78a OleInitialize 5108->5110 5111 176a7c4 5110->5111 5144 176aaf9 5145 176ab3a RegQueryValueExW 5144->5145 5147 176abc3 5145->5147 5084 176a546 5085 176a584 DuplicateHandle 5084->5085 5086 176a5bc 5084->5086 5087 176a592 5085->5087 5086->5085 5088 176b746 5089 176b784 CreateIconFromResourceEx 5088->5089 5090 176b7bc 5088->5090 5091 176b792 5089->5091 5090->5089 5092 176b806 5093 176b866 5092->5093 5094 176b83b PostMessageW 5092->5094 5093->5094 5095 176b850 5094->5095 5136 176be05 5139 176be3e DispatchMessageW 5136->5139 5138 176be7f 5139->5138 5140 176aa02 5141 176aa32 RegOpenKeyExW 5140->5141 5143 176aac0 5141->5143 5077 176a8ee 5078 176a920 SetWindowLongW 5077->5078 5079 176a94b 5077->5079 5080 176a935 5078->5080 5079->5078 5096 592012a 5098 5920162 CreateMutexW 5096->5098 5099 59201a5 5098->5099 5148 176a8cc 5150 176a8ee SetWindowLongW 5148->5150 5151 176a935 5150->5151 5100 176a78a 5101 176a7b6 OleInitialize 5100->5101 5102 176a7ec 5100->5102 5103 176a7c4 5101->5103 5102->5101 5128 176b7ca 5129 176b806 PostMessageW 5128->5129 5131 176b850 5129->5131 5124 59205ef 5125 592061e FindCloseChangeNotification 5124->5125 5127 5920658 5125->5127

                                    Executed Functions

                                    Function 057523A0 Relevance: 3.0, Strings: 2, Instructions: 505COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 65 57523a0-57523e5 70 57523e7-57523f0 65->70 220 57523f2 call 1aa05e0 70->220 221 57523f2 call 1aa0606 70->221 71 57523f8-5752400 74 5752424-575242b 71->74 75 57523fe-5752422 71->75 77 5752431-57524bf 74->77 78 57526aa 74->78 86 5752af3-5752afe 75->86 171 57524a2-57524ca 77->171 172 57524cc 77->172 80 57526b0-57526ba 78->80 82 5752721-5752752 80->82 83 57526bc-57526d1 80->83 92 5752754-575275a 82->92 93 575275f-5752769 82->93 90 57526d7-57526e1 83->90 91 5752aee 83->91 100 5752aff 86->100 90->91 96 57526e7-57526f1 90->96 91->86 97 57527e0-57527fd 92->97 98 5752786 93->98 99 575276b-5752784 93->99 96->91 103 57526f7-575271c 96->103 111 575286f-57528de 97->111 112 57527ff-5752823 97->112 101 5752788-575278a 98->101 99->101 100->100 104 5752790-57527aa 101->104 105 575278c-575278e 101->105 103->86 104->97 116 57527ac-57527af 104->116 105->97 126 57528e0-57528e4 111->126 127 5752933-5752942 111->127 112->91 120 5752829-5752830 112->120 118 57527b2-57527b7 116->118 118->91 123 57527bd-57527de 118->123 120->91 121 5752836-5752842 120->121 121->91 125 5752848-5752854 121->125 123->97 123->118 125->91 129 575285a-575286a 125->129 126->127 130 57528e6-57528e9 126->130 132 5752944-5752949 127->132 133 575294b-575294f 127->133 129->70 137 57528ec-57528f6 130->137 134 57529b1-57529b5 132->134 133->91 135 5752955-575295d 133->135 139 57529b7-57529be 134->139 140 5752a0a-5752a24 134->140 135->91 138 5752963-5752970 135->138 137->91 141 57528fc-5752911 137->141 138->91 142 5752976-5752983 138->142 139->140 143 57529c0-57529d2 139->143 156 5752a26-5752a3c 140->156 141->91 145 5752917-5752924 141->145 142->91 146 5752989-57529a6 142->146 153 57529d4-57529d7 143->153 154 57529fd-5752a08 143->154 145->91 148 575292a-5752931 145->148 146->134 148->127 148->137 158 57529da-57529df 153->158 154->156 161 5752a70-5752a74 156->161 162 5752a3e-5752a6e 156->162 158->91 163 57529e5-57529ed 158->163 164 5752ad6-5752aec 161->164 165 5752a76-5752a89 161->165 162->161 163->91 166 57529f3-57529fb 163->166 164->86 212 5752a8b call 1aa05e0 165->212 213 5752a8b call 1aa0606 165->213 166->154 166->158 176 57524ce-57524dc 171->176 172->176 174 5752a91-5752ab2 174->164 179 5752ab4-5752ad0 174->179 177 57524de-57524e9 176->177 178 57524eb-57524ed 176->178 180 57524f3-57524f5 177->180 178->180 179->164 183 57524f7 180->183 184 5752501-5752523 180->184 183->184 187 5752525-5752534 184->187 188 5752540-5752543 184->188 187->188 189 5752536 187->189 190 5752545 188->190 191 575254c-575256b 188->191 189->188 190->191 218 575256d call 1aa05e0 191->218 219 575256d call 1aa0606 191->219 193 5752573-5752596 196 57525b7-57525c5 193->196 197 5752598-57525b5 193->197 200 57525d0-575260c 196->200 197->200 203 575261d-5752633 200->203 204 575260e-5752615 200->204 207 5752635-5752639 203->207 208 5752643-575264b 203->208 204->203 207->208 209 575263b-575263d 207->209 214 5752651 call 5752f97 208->214 215 5752651 call 1aa05e0 208->215 216 5752651 call 1aa0606 208->216 217 5752651 call 5752fa8 208->217 209->208 210 5752657-575269c 210->80 211 575269e-57526a8 210->211 211->80 212->174 213->174 214->210 215->210 216->210 217->210 218->193 219->193 220->71 221->71
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: f`k$f`k
                                    • API String ID: 0-3251778840
                                    • Opcode ID: adc88cda5db6b0e57b1e1957f0fe54baa5e363dbf4dbbe1b402e61554653a9c8
                                    • Instruction ID: 0622d5ef5168fb2a268f2132b4d6aa5411568c1b2c64bd097a558cf1103503c8
                                    • Opcode Fuzzy Hash: adc88cda5db6b0e57b1e1957f0fe54baa5e363dbf4dbbe1b402e61554653a9c8
                                    • Instruction Fuzzy Hash: 9712BA39A04215CFCB24CF24C4846AEB7F3FF85324F14C569D806AB256EBB59C86EB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05753850 Relevance: .7, Instructions: 742COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8b82c41bf6980e91c213361e0870bc830d756f27c5c2d1f102e30bbc53f59e47
                                    • Instruction ID: 102c788f8abda44a8ecc7448220e35c99ddf4a537c590f52e4c9fcd9cf5d7773
                                    • Opcode Fuzzy Hash: 8b82c41bf6980e91c213361e0870bc830d756f27c5c2d1f102e30bbc53f59e47
                                    • Instruction Fuzzy Hash: 62421471A00215CFCB14CF58C8849AAFBF6FF44364B15C9AAE8099F262C7B1EC45DB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05752FA8 Relevance: .2, Instructions: 239COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 823af8355e048efb721a201351604145bd1a8d06932c9cac57cac41b45d6fedc
                                    • Instruction ID: cdfee3e34c38ef1b062762e5cb0e8d9aa42e96c1194a94745e84d41fe5afb3b4
                                    • Opcode Fuzzy Hash: 823af8355e048efb721a201351604145bd1a8d06932c9cac57cac41b45d6fedc
                                    • Instruction Fuzzy Hash: BA81C132F111159BDB04DF68D844AAEB7E3AFC8364F298474E809DB369DF759C018790
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 057509A0 Relevance: 5.2, Strings: 4, Instructions: 177COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 57509a0-57509dc 51 57509de call 5750bc0 0->51 52 57509de call 5750baf 0->52 4 57509e4-57509ef 57 57509f5 call 1aa05e0 4->57 58 57509f5 call 5751209 4->58 59 57509f5 call 1aa0606 4->59 60 57509f5 call 5751218 4->60 6 57509fb-5750a2c 61 5750a2e call 5751291 6->61 62 5750a2e call 57512a0 6->62 63 5750a2e call 1aa05e0 6->63 64 5750a2e call 1aa0606 6->64 10 5750a34-5750a46 11 5750b00-5750b16 10->11 12 5750a4c-5750a56 10->12 17 5750b19-5750b39 11->17 18 5750b18 11->18 13 5750a64-5750a92 12->13 14 5750a58-5750a5a 12->14 13->11 21 5750a94-5750a9e 13->21 14->13 26 5750b37-5750b3d 17->26 27 5750b3f-5750b55 17->27 18->17 24 5750aa0-5750aa2 21->24 25 5750aac-5750ad6 21->25 24->25 53 5750ad9 call 5753850 25->53 54 5750ad9 call 5753840 25->54 55 5750ad9 call 1aa05e0 25->55 56 5750ad9 call 1aa0606 25->56 30 5750ba7-5750bac 26->30 36 5750b53-5750b59 27->36 37 5750b5b-5750b6e 27->37 36->30 43 5750b74-5750b81 37->43 44 5750b6c-5750b72 37->44 39 5750adf-5750aeb 47 5750b87-5750ba5 43->47 48 5750b83-5750b85 43->48 44->30 47->30 48->30 51->4 52->4 53->39 54->39 55->39 56->39 57->6 58->6 59->6 60->6 61->10 62->10 63->10 64->10
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: \Ol$\Ol$\Ol$\Ol
                                    • API String ID: 0-371742063
                                    • Opcode ID: 07bab1856ac61b368397e4ba6e0156d02600b38fda31e9518eb7543088bdd2f4
                                    • Instruction ID: ef3fec9f6d42abb37614e32ffbf4fcf369e86cbe22206e64daf29a793773aec6
                                    • Opcode Fuzzy Hash: 07bab1856ac61b368397e4ba6e0156d02600b38fda31e9518eb7543088bdd2f4
                                    • Instruction Fuzzy Hash: 4951AE31B00255EFCB15DBA4D898AAEB3E7FF44328F108469E9169B254DBB19C06DB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 057502E8 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 222 57502e8-5750316 224 5750318-5750324 222->224 225 575032a-5750337 222->225 224->225 228 5750506-5750510 224->228 229 57503a5-57503d0 225->229 230 5750339-5750353 225->230 241 5750373-575038a 229->241 233 5750355 230->233 234 5750357 230->234 235 575035a-575036d 233->235 234->235 235->241 242 575051c-5750595 235->242 245 575038c 241->245 246 575038e 241->246 259 5750597-575059a 242->259 260 575059b-57505b5 242->260 248 5750391-57503dc 245->248 246->248 255 57503ef 248->255 256 57503de-57503e5 248->256 258 57503f6-5750413 255->258 256->255 262 57504c2-57504df 258->262 263 57503f8-575040b 258->263 260->259 265 57504e1 262->265 266 57504e3 262->266 263->262 267 57504e6-57504fb 265->267 266->267 267->228
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: :@k$dSl
                                    • API String ID: 0-2366181727
                                    • Opcode ID: 7fa2b0e5ba017dcf29b2e7eed30df940c207ae60d7dd4459f527bc8504e5ded1
                                    • Instruction ID: f664dd77ce67970eed0206e6b2900fbcb14d51ba754aae508bd6e123aaa59e74
                                    • Opcode Fuzzy Hash: 7fa2b0e5ba017dcf29b2e7eed30df940c207ae60d7dd4459f527bc8504e5ded1
                                    • Instruction Fuzzy Hash: 3D519D70A04205CFDB04DB64C158BADBBF3BF89324F24806DD906AB764EB75AC45DB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05750681 Relevance: 2.6, Strings: 2, Instructions: 129COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 271 5750681-57507c8 call 57509a0 304 57507a1 271->304 305 57507ca 271->305 304->305 334 57507ca call 1aa05e0 305->334 335 57507ca call 1aa0606 305->335 306 57507d0 331 57507d0 call 5754190 306->331 332 57507d0 call 5754180 306->332 307 57507d6-575081a 319 5750827-5750846 307->319 320 575081c 307->320 325 5750854-5750869 319->325 326 5750848-575084e 319->326 320->319 326->325 331->307 332->307 334->306 335->306
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Z$k^$-Z$k^
                                    • API String ID: 0-2381196185
                                    • Opcode ID: 03085dd1548026bfd57cd55e26dcb6993a203313dc8d06326b8af8a124d7a440
                                    • Instruction ID: 9e311179925e36a8a82a6f3eb4ac83e67292be29fb99c818b6ab041526e05e25
                                    • Opcode Fuzzy Hash: 03085dd1548026bfd57cd55e26dcb6993a203313dc8d06326b8af8a124d7a440
                                    • Instruction Fuzzy Hash: 6A416D307042418FDB286B74E81D6AD3BA7BF91365F05C479E803CB6A8EF748C458B92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176AA02 Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 336 176aa02-176aa8d 340 176aa92-176aaa9 336->340 341 176aa8f 336->341 343 176aaeb-176aaf0 340->343 344 176aaab-176aabe RegOpenKeyExW 340->344 341->340 343->344 345 176aaf2-176aaf7 344->345 346 176aac0-176aae8 344->346 345->346
                                    APIs
                                    • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 0176AAB1
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: Open
                                    • String ID:
                                    • API String ID: 71445658-0
                                    • Opcode ID: dc94ff593f6ba5095eb02924f5eb6dfd98a0a5000490c31673d6f4130847775f
                                    • Instruction ID: 8c7d09f3a3b94ce6e40899d944e02bd72c97ee5af4fa286af70fedbb5c076a22
                                    • Opcode Fuzzy Hash: dc94ff593f6ba5095eb02924f5eb6dfd98a0a5000490c31673d6f4130847775f
                                    • Instruction Fuzzy Hash: B631C072504380AFE7228B65CD45FA7BFBCEF06610F08849BE9858B652D364E94DCB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 059200F6 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 368 59200f6-5920179 372 592017b 368->372 373 592017e-5920187 368->373 372->373 374 5920189 373->374 375 592018c-5920195 373->375 374->375 376 59201e6-59201eb 375->376 377 5920197-59201bb CreateMutexW 375->377 376->377 380 59201ed-59201f2 377->380 381 59201bd-59201e3 377->381 380->381
                                    APIs
                                    • CreateMutexW.KERNELBASE(?,?), ref: 0592019D
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805401055.0000000005920000.00000040.00000800.00020000.00000000.sdmp, Offset: 05920000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5920000_dnshost.jbxd
                                    Similarity
                                    • API ID: CreateMutex
                                    • String ID:
                                    • API String ID: 1964310414-0
                                    • Opcode ID: 93836650a4d309f6e73d6092241538d95070725cb9e0b7d865fd6596a98ba6e5
                                    • Instruction ID: 864f5e9da73cc8fdcec3ab96e0bb9c91d844b360ca139eb34b15a78fb1cbb385
                                    • Opcode Fuzzy Hash: 93836650a4d309f6e73d6092241538d95070725cb9e0b7d865fd6596a98ba6e5
                                    • Instruction Fuzzy Hash: C7318F715093806FE711CB65DD85B96BFF8EF06210F08849AE988CB293D375E908C772
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176AAF9 Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 351 176aaf9-176ab77 354 176ab7c-176ab85 351->354 355 176ab79 351->355 356 176ab87 354->356 357 176ab8a-176ab90 354->357 355->354 356->357 358 176ab95-176abac 357->358 359 176ab92 357->359 361 176abe3-176abe8 358->361 362 176abae-176abc1 RegQueryValueExW 358->362 359->358 361->362 363 176abc3-176abe0 362->363 364 176abea-176abef 362->364 364->363
                                    APIs
                                    • RegQueryValueExW.KERNELBASE(?,00000E24,0B9321B1,00000000,00000000,00000000,00000000), ref: 0176ABB4
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: b1accaf3a27b50638e342e8786b9f074a665fc43a60fdca9d30b2701c2f8009e
                                    • Instruction ID: e30b7867cdf752af31cef55fbea303ee49ce3386c4bff97d619950203733e7cc
                                    • Opcode Fuzzy Hash: b1accaf3a27b50638e342e8786b9f074a665fc43a60fdca9d30b2701c2f8009e
                                    • Instruction Fuzzy Hash: 0931A1755093805FE722CB25CC44FA2FFBCAF06610F08849AE949DB192D360E548CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176AF50 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 384 176af50-176af97 385 176af9a-176aff2 CreateActCtxA 384->385 387 176aff8-176b00e 385->387
                                    APIs
                                    • CreateActCtxA.KERNEL32(?,00000E24,?,?), ref: 0176AFEA
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: 88da161e4d9f4c3310347f757fc1ac06037ced1df8c4a89d8be1e9c2a193104b
                                    • Instruction ID: beb9f859be8e5b7858446a1c08a6436c7632639d51f97479a8b4a4c55e866b98
                                    • Opcode Fuzzy Hash: 88da161e4d9f4c3310347f757fc1ac06037ced1df8c4a89d8be1e9c2a193104b
                                    • Instruction Fuzzy Hash: 042195715093C06FD3138B259C51B62BFB8EF87A10F0A81DBE984DB653D224A919C7B2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176AA32 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 388 176aa32-176aa8d 391 176aa92-176aaa9 388->391 392 176aa8f 388->392 394 176aaeb-176aaf0 391->394 395 176aaab-176aabe RegOpenKeyExW 391->395 392->391 394->395 396 176aaf2-176aaf7 395->396 397 176aac0-176aae8 395->397 396->397
                                    APIs
                                    • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 0176AAB1
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: Open
                                    • String ID:
                                    • API String ID: 71445658-0
                                    • Opcode ID: 9f11b66d98c030345162cd98242ae384e4d2b0217169db5dabd8618ec84d1fd5
                                    • Instruction ID: a76299883007fde47deef69f1c8b4baf5395f8299a20711f892dbce2c05f30a4
                                    • Opcode Fuzzy Hash: 9f11b66d98c030345162cd98242ae384e4d2b0217169db5dabd8618ec84d1fd5
                                    • Instruction Fuzzy Hash: C721CF72500204AEE7219F55CD44FABFBECEF04614F08855BEE459B642D764E94C8AB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0592012A Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 402 592012a-5920179 405 592017b 402->405 406 592017e-5920187 402->406 405->406 407 5920189 406->407 408 592018c-5920195 406->408 407->408 409 59201e6-59201eb 408->409 410 5920197-592019f CreateMutexW 408->410 409->410 412 59201a5-59201bb 410->412 413 59201ed-59201f2 412->413 414 59201bd-59201e3 412->414 413->414
                                    APIs
                                    • CreateMutexW.KERNELBASE(?,?), ref: 0592019D
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805401055.0000000005920000.00000040.00000800.00020000.00000000.sdmp, Offset: 05920000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5920000_dnshost.jbxd
                                    Similarity
                                    • API ID: CreateMutex
                                    • String ID:
                                    • API String ID: 1964310414-0
                                    • Opcode ID: 677280d1bf0aa4ca2d7e1b66802d4079faca7c91cd9b7e93eb2effe4ba2ed577
                                    • Instruction ID: ea324c008b99a67b1706768bfe886a159556d5451157e015b4c4fa41e1c69a2a
                                    • Opcode Fuzzy Hash: 677280d1bf0aa4ca2d7e1b66802d4079faca7c91cd9b7e93eb2effe4ba2ed577
                                    • Instruction Fuzzy Hash: B521B071604200AFE720CB66DE45BAAFBE8EF05610F04846AED49CB646D371E508CA72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176AB3A Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 417 176ab3a-176ab77 419 176ab7c-176ab85 417->419 420 176ab79 417->420 421 176ab87 419->421 422 176ab8a-176ab90 419->422 420->419 421->422 423 176ab95-176abac 422->423 424 176ab92 422->424 426 176abe3-176abe8 423->426 427 176abae-176abc1 RegQueryValueExW 423->427 424->423 426->427 428 176abc3-176abe0 427->428 429 176abea-176abef 427->429 429->428
                                    APIs
                                    • RegQueryValueExW.KERNELBASE(?,00000E24,0B9321B1,00000000,00000000,00000000,00000000), ref: 0176ABB4
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: f7dfa78e7f6dfb524f16fb6408b476b15a816f7af4c5b39df9da65b646f0e04c
                                    • Instruction ID: 109012cead0b91f60ac375775410f27e3dc9f12009a83f1090868ad0f98773d1
                                    • Opcode Fuzzy Hash: f7dfa78e7f6dfb524f16fb6408b476b15a816f7af4c5b39df9da65b646f0e04c
                                    • Instruction Fuzzy Hash: 6221A275600204AFE721CF19CC84FA6F7ECEF15610F08845AEE49DB651D370E548CAB5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176A51F Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 433 176a51f-176a582 435 176a584-176a58c DuplicateHandle 433->435 436 176a5bc-176a5c1 433->436 437 176a592-176a5a4 435->437 436->435 439 176a5a6-176a5b9 437->439 440 176a5c3-176a5c8 437->440 440->439
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0176A58A
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: 938c5d929ccfcbecbf2b62b02728c52bfe59bbd05d02ddb98ebc8d0bffe75cb1
                                    • Instruction ID: 6bad43012fd564259a4e000719a682a6c4ecaea52c47cd23ab6ebaa7c43a5d2d
                                    • Opcode Fuzzy Hash: 938c5d929ccfcbecbf2b62b02728c52bfe59bbd05d02ddb98ebc8d0bffe75cb1
                                    • Instruction Fuzzy Hash: 2111A271509380AFDB228F54DC44B62FFF8EF4A610F08849AED858B563C375A418DB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176B7CA Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 442 176b7ca-176b839 444 176b866-176b86b 442->444 445 176b83b-176b84e PostMessageW 442->445 444->445 446 176b850-176b863 445->446 447 176b86d-176b872 445->447 447->446
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 0176B841
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: e57aecf3adfe879c6cb724a2441c5e6efcbe0f1e2892ab9d18f23046af0e0f00
                                    • Instruction ID: 6a541a6cc631c76c81e4cf95dae238ebd76bd9b4ffe1225b6f0a5ac61a3eebf5
                                    • Opcode Fuzzy Hash: e57aecf3adfe879c6cb724a2441c5e6efcbe0f1e2892ab9d18f23046af0e0f00
                                    • Instruction Fuzzy Hash: BB21AC715497C09FDB128B21DC50AA2BFB4EF0B220F0D84CAED844F163D265A918DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176BB4F Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 450 176bb4f-176bbb1 452 176bbe7-176bbec 450->452 453 176bbb3-176bbc6 PostMessageW 450->453 452->453 454 176bbee-176bbf3 453->454 455 176bbc8-176bbe4 453->455 454->455
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 0176BBB9
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 01390e99a7f0a80cc14c9885c6734c3a65a5bae24438c8fd195e6a6419d4f18f
                                    • Instruction ID: e47e02d35da9d2ee98d9774ba51cae47c525ebd1792d8afb04b6a80957b221c2
                                    • Opcode Fuzzy Hash: 01390e99a7f0a80cc14c9885c6734c3a65a5bae24438c8fd195e6a6419d4f18f
                                    • Instruction Fuzzy Hash: 0511E2755097C0AFDB228F25CC85B52FFB4EF07220F0884DEED858B563D265A818DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 059205EF Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                    Download Yara Rule
                                    APIs
                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 05920650
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805401055.0000000005920000.00000040.00000800.00020000.00000000.sdmp, Offset: 05920000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5920000_dnshost.jbxd
                                    Similarity
                                    • API ID: ChangeCloseFindNotification
                                    • String ID:
                                    • API String ID: 2591292051-0
                                    • Opcode ID: 3cb86a67ae001f7ce89a78ae956e44cad8720cb32332a61d64518b360416942d
                                    • Instruction ID: 73e3ef59ce70d7b5970b36e5b8832525821599fdda18bbc310d0f3d9b3805c74
                                    • Opcode Fuzzy Hash: 3cb86a67ae001f7ce89a78ae956e44cad8720cb32332a61d64518b360416942d
                                    • Instruction Fuzzy Hash: 7011D0715493809FDB128B25DC85B52BFB8EF42224F0884DBED858B653D275A818CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176BE05 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 458 176be05-176be68 460 176be93-176be98 458->460 461 176be6a-176be7d DispatchMessageW 458->461 460->461 462 176be7f-176be92 461->462 463 176be9a-176be9f 461->463 463->462
                                    APIs
                                    • DispatchMessageW.USER32(?), ref: 0176BE70
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: DispatchMessage
                                    • String ID:
                                    • API String ID: 2061451462-0
                                    • Opcode ID: bd491db7ed8d2179808b474309e3bc14c365ed097e14d848f692ae2b86e523cb
                                    • Instruction ID: 6e0de090aacaac1a7c1fd9502c33ed4b2859bdb023c4cecadaecb9b687b4f6a3
                                    • Opcode Fuzzy Hash: bd491db7ed8d2179808b474309e3bc14c365ed097e14d848f692ae2b86e523cb
                                    • Instruction Fuzzy Hash: 30118E759093C0AFDB138B25DC84B61BFB4EF47624F0984DAED858F263D2656808CB72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176B71E Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 0176B78A
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: CreateFromIconResource
                                    • String ID:
                                    • API String ID: 3668623891-0
                                    • Opcode ID: 8e71c5f944960303fd9dab46915c9b0f8e09403629727b6704c094cf4129a423
                                    • Instruction ID: 5820a5fdf54b0774f0ec684a3884ab5a2265953bc7baeb0c38cc5896fcdf4159
                                    • Opcode Fuzzy Hash: 8e71c5f944960303fd9dab46915c9b0f8e09403629727b6704c094cf4129a423
                                    • Instruction Fuzzy Hash: 80117F71508780AFDB228F55DC84B52FFF4EF4A720F09889EEE858B562C375A418DB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176A75B Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: Initialize
                                    • String ID:
                                    • API String ID: 2538663250-0
                                    • Opcode ID: 36b3d2f7c8ce3743bd72cbe79ed7528b13f4b2872c5bc4281e1fa4fa82a44e64
                                    • Instruction ID: 7fa19265c6c2c719af463b2042cb5010e4c3970bafc5be826337910dd2add313
                                    • Opcode Fuzzy Hash: 36b3d2f7c8ce3743bd72cbe79ed7528b13f4b2872c5bc4281e1fa4fa82a44e64
                                    • Instruction Fuzzy Hash: 6211BF715493809FDB12CF15DC85B52FFB4EF42220F0984DAED458F253C279A808CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176A8CC Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetWindowLongW.USER32(?,?,?), ref: 0176A926
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: LongWindow
                                    • String ID:
                                    • API String ID: 1378638983-0
                                    • Opcode ID: da08112f5b240e58755a06431d5e6e5ccb9bbb20d7561f1234c9727e05646bbb
                                    • Instruction ID: 89aa2e5d1e945325b0f1e85584ac18c7e154e9c3b39569cd24b2b0119e5a70e8
                                    • Opcode Fuzzy Hash: da08112f5b240e58755a06431d5e6e5ccb9bbb20d7561f1234c9727e05646bbb
                                    • Instruction Fuzzy Hash: 8611AC355097809FCB228F15DC85B52FFF4EF46620F09C49AEE854B262C275A818CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176A546 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0176A58A
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: a11d500a12955a1e0e23aee62bec209810ec62db17e9c96aa482d8c0277b466c
                                    • Instruction ID: 47cc31286fa3af533b104b25c35e24d94faca0b480c1928b0b7c84b1e22105a3
                                    • Opcode Fuzzy Hash: a11d500a12955a1e0e23aee62bec209810ec62db17e9c96aa482d8c0277b466c
                                    • Instruction Fuzzy Hash: 3C015B325007009FDB21CF55D944B66FBE4EF48620F18C89ADE499BA56C376E418DF62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176B746 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 0176B78A
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: CreateFromIconResource
                                    • String ID:
                                    • API String ID: 3668623891-0
                                    • Opcode ID: 533c9f786fc7d7879b7d96a18b4b984323971355543b3dfd60316802ac46b38d
                                    • Instruction ID: ccfc7a14bc2c98a4e1f1eff8a50042d9d795ff26d43246703f4ca6e490b4bc1d
                                    • Opcode Fuzzy Hash: 533c9f786fc7d7879b7d96a18b4b984323971355543b3dfd60316802ac46b38d
                                    • Instruction Fuzzy Hash: A30184316006009FDB218F55D844B66FBF4EF19720F08C49EDE458B612D375E518DF62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0592061E Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 05920650
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805401055.0000000005920000.00000040.00000800.00020000.00000000.sdmp, Offset: 05920000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5920000_dnshost.jbxd
                                    Similarity
                                    • API ID: ChangeCloseFindNotification
                                    • String ID:
                                    • API String ID: 2591292051-0
                                    • Opcode ID: fc887992af9a62c47c40b4d1f1a27ee1ec89a0451e1dd9bae14e649094ec840c
                                    • Instruction ID: ea63db93e6f7e80c31a1cd65a24cbc818e58a1b88d7fc8fdb4674b865606197f
                                    • Opcode Fuzzy Hash: fc887992af9a62c47c40b4d1f1a27ee1ec89a0451e1dd9bae14e649094ec840c
                                    • Instruction Fuzzy Hash: CF01F2716006008FDB50CF16D989B66FBE8EF85620F08C4AADD4A8F746D275E408CFB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176AF9A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateActCtxA.KERNEL32(?,00000E24,?,?), ref: 0176AFEA
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: a42c94995ba615a4a5e4a502756d864fee42d59633a26d75d85fc503d4be0244
                                    • Instruction ID: a784dd1802465fbc080b2bf3e5594447c1da7f4f23048ccda2d7545f669bf574
                                    • Opcode Fuzzy Hash: a42c94995ba615a4a5e4a502756d864fee42d59633a26d75d85fc503d4be0244
                                    • Instruction Fuzzy Hash: 9901A271600200AFD210DF16CD86B66FBE8FB88A20F148159ED089BB41D771F955CBE5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176BB7E Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 0176BBB9
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 5da5efd322cc5ef41638639a90c9fec8a961db948d910442b348c7862cfdb039
                                    • Instruction ID: 7af0e8557bf4330edd60d13798ac4fb215a35f94b05dc19b99e191874bfc2589
                                    • Opcode Fuzzy Hash: 5da5efd322cc5ef41638639a90c9fec8a961db948d910442b348c7862cfdb039
                                    • Instruction Fuzzy Hash: 2E01D4356007009FDB218F55D885B65FBE4EF15620F08C09EDD4A8B666C371E418CF62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176A78A Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: Initialize
                                    • String ID:
                                    • API String ID: 2538663250-0
                                    • Opcode ID: c16c30581bdfca05f0463f9463f5c9395ba9121e514a1c4a68c2aa6b567e94b5
                                    • Instruction ID: 99bcf3ba62d36111445fea2d0590ca9506a18c6e27c68b2265e39ebf3e173bf4
                                    • Opcode Fuzzy Hash: c16c30581bdfca05f0463f9463f5c9395ba9121e514a1c4a68c2aa6b567e94b5
                                    • Instruction Fuzzy Hash: 9B01D175A002409FDB10CF15D885761FBF8EF55620F08C4AADD4A9F746D379E508CEA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176B806 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 0176B841
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 08f71390a4c432c5d4edea8da136f6b6adca37572958594bfb44c9465e5ec6c4
                                    • Instruction ID: ef4cc51cfc560fd6e17b4fe49f3de2a7d9d5f0b17a83e202fe0aa65fad913e6b
                                    • Opcode Fuzzy Hash: 08f71390a4c432c5d4edea8da136f6b6adca37572958594bfb44c9465e5ec6c4
                                    • Instruction Fuzzy Hash: 9801AD32A40740DFDB218F46D885B61FBE4EF1A720F08C09ADE494B662D375E418CFA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176A8EE Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetWindowLongW.USER32(?,?,?), ref: 0176A926
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: LongWindow
                                    • String ID:
                                    • API String ID: 1378638983-0
                                    • Opcode ID: 0c822a46312b9c38b99b8ebf418e4a0bf7803acd7276d16afb0a28c6456051c5
                                    • Instruction ID: 2c3dc9cc86b5dc3ee90d0de703fa5ebee8cefd874c9bf0580c021e7e2d6eed9b
                                    • Opcode Fuzzy Hash: 0c822a46312b9c38b99b8ebf418e4a0bf7803acd7276d16afb0a28c6456051c5
                                    • Instruction Fuzzy Hash: FF01AD359007009FDB208F05D885B61FBF8EF15620F18C09ADE460B652C375E418CE62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0176BE3E Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DispatchMessageW.USER32(?), ref: 0176BE70
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804518934.000000000176A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176A000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_176a000_dnshost.jbxd
                                    Similarity
                                    • API ID: DispatchMessage
                                    • String ID:
                                    • API String ID: 2061451462-0
                                    • Opcode ID: f6ecc657c37858abdd41588ce8c7ae23fe2125b7ded5437e12253ada60f4cc75
                                    • Instruction ID: 7abe3fbfa0de68d6105340fbb696cd16796a46bd3ab357bd81ee369c669f510e
                                    • Opcode Fuzzy Hash: f6ecc657c37858abdd41588ce8c7ae23fe2125b7ded5437e12253ada60f4cc75
                                    • Instruction Fuzzy Hash: F0F0A435A046409FDB208F15DC85761FBE4DF1A620F08C09ADE094B752D375E408CEA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 057520D0 Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: r*+
                                    • API String ID: 0-3221063712
                                    • Opcode ID: 112ba9dbee1e07e08edf1fe7f1fa0b0df5ec3a3a951f2f5076be64fcfbfd1354
                                    • Instruction ID: 71691e09217a69179ad83b6d65c2154b7d2e2f0858a0dde06b41210dec89b60b
                                    • Opcode Fuzzy Hash: 112ba9dbee1e07e08edf1fe7f1fa0b0df5ec3a3a951f2f5076be64fcfbfd1354
                                    • Instruction Fuzzy Hash: 2B719038A08209DFCB44DFA4C545ABEBBF2FF45320F50806AD9029B656DBB09D41DF92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 057532BB Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID: 0-3916222277
                                    • Opcode ID: 50e050bf30f472c9ae2138e55245079b8b805c2d2009aad78441c4c9812983e0
                                    • Instruction ID: 229481b7ec170f86c7d130f2487a908d877a8bbc9acf400fd1c2be99c29b05ce
                                    • Opcode Fuzzy Hash: 50e050bf30f472c9ae2138e55245079b8b805c2d2009aad78441c4c9812983e0
                                    • Instruction Fuzzy Hash: 0A51DF31F051498FCB14CF69C8445BEBBA3FBC4364B24887ADA06DB761DB7598428B92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 057525DE Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: f`k
                                    • API String ID: 0-1028176591
                                    • Opcode ID: 55cfa7930fb9c2e55179bbc6537d33eab3f4f38fa93166782349f5c053f1010c
                                    • Instruction ID: 5d2d16022805e7f421d5eed0ed94661c8a93e3875059d6531c57327b63b0905e
                                    • Opcode Fuzzy Hash: 55cfa7930fb9c2e55179bbc6537d33eab3f4f38fa93166782349f5c053f1010c
                                    • Instruction Fuzzy Hash: C5316D35E10209CFD724DF61C54465AFBF2FF45328F14C529C805AB26ADBB49889EF82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 057512A0 Relevance: .5, Instructions: 460COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 02554c14b44e34205035e10da0610c60a59bccc20d86cea1285869885a2967ba
                                    • Instruction ID: 6fc8540fe3a90f0aae84d89b2d9f54aa4bbb03cff8f1e95bb255c70ee4e55b66
                                    • Opcode Fuzzy Hash: 02554c14b44e34205035e10da0610c60a59bccc20d86cea1285869885a2967ba
                                    • Instruction Fuzzy Hash: 4D22F178A00605CFCB24DF24C490AAAB7F2FF49314F5489AAD89A9B751DB35EC85CF41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05750BC0 Relevance: .1, Instructions: 131COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 21b9385de87008669d534c4ef4b1f9d5222712cc515237f6e48ba8ac6bc80626
                                    • Instruction ID: 1d4e1fcb3181e289b37b49b784b67ae146f1757afb11a5bf185628175e9edc59
                                    • Opcode Fuzzy Hash: 21b9385de87008669d534c4ef4b1f9d5222712cc515237f6e48ba8ac6bc80626
                                    • Instruction Fuzzy Hash: 66418231B041148FCB15DB68C4187EE77E7AF86324F15806AED06EF761DEB29C0A9792
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 057502D9 Relevance: .1, Instructions: 105COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bf95b03af30ca612403b83c611133ae05819dc789153bc9005a823e93076020e
                                    • Instruction ID: 53045e1682c32784566a591506fa8d3b7716de2e111cef5a58dcc73cb13b4c76
                                    • Opcode Fuzzy Hash: bf95b03af30ca612403b83c611133ae05819dc789153bc9005a823e93076020e
                                    • Instruction Fuzzy Hash: E6415C70B016088FDB14DF64C158BAE77B3FF89324F25406DE902AB7A0DBB5AC459B91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05751291 Relevance: .1, Instructions: 101COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f4c6c0878c6f11e886a826e65548941cce33374a4d310faaca38aa5fea19ffab
                                    • Instruction ID: 82dad35c9fb2ae396beead23d5c8a8b3c664ed86b1bce0db10fa8bb764d7cb3c
                                    • Opcode Fuzzy Hash: f4c6c0878c6f11e886a826e65548941cce33374a4d310faaca38aa5fea19ffab
                                    • Instruction Fuzzy Hash: 8E414534E04219DFCB50DF64C894B9EBBF2AB4A314F4040AAD84AAB751DB759D84CF52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0575003F Relevance: .1, Instructions: 91COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7eebcd22caf1bfe4d7130c28a8bd23cdd608a447e70b35ac84a3770ec42e39ad
                                    • Instruction ID: c2655d443bc1c05c5dc8136a5776e7f762e79a5a81c2b2e225eb0af5efcbaf99
                                    • Opcode Fuzzy Hash: 7eebcd22caf1bfe4d7130c28a8bd23cdd608a447e70b35ac84a3770ec42e39ad
                                    • Instruction Fuzzy Hash: CF21A070608785CFDB01EF74D41C1ADBBA2BB92324F44446AE44AC729AFBB6C8049B43
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 057521E8 Relevance: .1, Instructions: 73COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1e5b9758f3f311af953ec65624f2a92adcfa5e8e0605a7579a4156fc1d67c89b
                                    • Instruction ID: 45f7714bb3d1a78915560031b552889eabf87aee78d42f5057f1a67201f0f286
                                    • Opcode Fuzzy Hash: 1e5b9758f3f311af953ec65624f2a92adcfa5e8e0605a7579a4156fc1d67c89b
                                    • Instruction Fuzzy Hash: C7214F38E08209DFCB44DFA4C044BADBBB2FB45314F51406AD8029B756DBB19A45DB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05754190 Relevance: .1, Instructions: 69COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 590e6592e7e5fbbb7a146cd94d31e18b1076e98039e6abeda6fa62a67d33fef0
                                    • Instruction ID: b0839865614db749b2bf9f3ffbb8a66395f9a9fd931db6144550fdb4803f905c
                                    • Opcode Fuzzy Hash: 590e6592e7e5fbbb7a146cd94d31e18b1076e98039e6abeda6fa62a67d33fef0
                                    • Instruction Fuzzy Hash: D1110631B041158BDF24E7B1D8189FF76EBAB95364F51813A890797644EFB0884497A3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01AA0856 Relevance: .1, Instructions: 60COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804876292.0000000001AA0000.00000040.00000020.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_1aa0000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 44a0101ec0d0b60ea781c8f8bb324b41dffc41a012c7b25fbfcab3643f414275
                                    • Instruction ID: 1e2e513176352edc10bc557bca035afd9b69ad7e76cb548e2de1ce73e676f055
                                    • Opcode Fuzzy Hash: 44a0101ec0d0b60ea781c8f8bb324b41dffc41a012c7b25fbfcab3643f414275
                                    • Instruction Fuzzy Hash: D3215E3520D3C08FD713CB24D950711BFB1AB47314F1985EEE4898B6A3C33A990ACB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01AA088C Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804876292.0000000001AA0000.00000040.00000020.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_1aa0000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 55e9349169ac736ee06d9690ba831c49fd6a962b5d573d24258fc6e42c7fe172
                                    • Instruction ID: 34a367a64967ed3d7559f86a743ba9bca10460a58deb973677ef641ebf1404da
                                    • Opcode Fuzzy Hash: 55e9349169ac736ee06d9690ba831c49fd6a962b5d573d24258fc6e42c7fe172
                                    • Instruction Fuzzy Hash: A711B730204284DFE716CB24D680B26BBA5EB99718F68C59CF54947B53C777D803CA86
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05752390 Relevance: .1, Instructions: 51COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dc4561a61ebd895e1b73366981773920ddb93741dc844928c3ddb8c8b2546bac
                                    • Instruction ID: 3ce1f04db4e11ce60a98f5d85e7962b95d454231178c23cf52b625ac10814f18
                                    • Opcode Fuzzy Hash: dc4561a61ebd895e1b73366981773920ddb93741dc844928c3ddb8c8b2546bac
                                    • Instruction Fuzzy Hash: E2115E78908249DFCB15DF65C8446AEBBB2EB09324F00406ED906AB342EBB14846EF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 057505B9 Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 13106ac81085f2acd14d1f1116d11859011a9e0a5a7eecd8b7bf236020b4e46a
                                    • Instruction ID: 6ad4bfb648b19d83f6b599b19445e4293b753b7e27abbdf2815a8f125193ed97
                                    • Opcode Fuzzy Hash: 13106ac81085f2acd14d1f1116d11859011a9e0a5a7eecd8b7bf236020b4e46a
                                    • Instruction Fuzzy Hash: 4B01F4717041154B8605667958182BFB3DBAFCA6A8719047FD006CB38ACFB98C8703E7
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05751209 Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7a6c7acaba2f4df45d8efcb00d183ffb915a2b983f14b4e1c70af600fa4427c7
                                    • Instruction ID: 9418eee2a951c73c97c3c519d7be7f4dd585a56ba8011b86ec96a7de6e7fa18d
                                    • Opcode Fuzzy Hash: 7a6c7acaba2f4df45d8efcb00d183ffb915a2b983f14b4e1c70af600fa4427c7
                                    • Instruction Fuzzy Hash: 9E012130304150CBC708DB28D058E6977E6AFD6715B9540AAE846CB7A4CFB29C49DB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 057505C8 Relevance: .0, Instructions: 45COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b40ef9a2648c78a6aec56cbd1b3a325fc44e44a71278c0852f34aeec0d9a8493
                                    • Instruction ID: a1a393a7dc5107ed0a36bd1c6ebc293b569dc3c5019dbb1fd9f0400a7af6a2bc
                                    • Opcode Fuzzy Hash: b40ef9a2648c78a6aec56cbd1b3a325fc44e44a71278c0852f34aeec0d9a8493
                                    • Instruction Fuzzy Hash: BBF09071700029074649667958186BFA3CF9FCD698B29443FD006DB386CFB98C4713D7
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01AA05E0 Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804876292.0000000001AA0000.00000040.00000020.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_1aa0000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b31657150d3f26aceee1789a476cae8e2b1d0db9ec4f2c0f1d61a1ce7956f278
                                    • Instruction ID: 33df0bf83769a7e5c619ef2525ffadcc74116fa07502967221e4d1ad94c64280
                                    • Opcode Fuzzy Hash: b31657150d3f26aceee1789a476cae8e2b1d0db9ec4f2c0f1d61a1ce7956f278
                                    • Instruction Fuzzy Hash: 8DF0A9B69497805FD7118B16EC41862FFFCDF86520709C49FEC4D8B652D225B908CBB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05751218 Relevance: .0, Instructions: 42COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 25d041a3feb256b2cf83483d05c0641235b72868ccb9b28bcfdc0ec5d41d63ca
                                    • Instruction ID: 2261166c5406be1b04b5399163217fdde942757c3e3f425f464a0da731c56f27
                                    • Opcode Fuzzy Hash: 25d041a3feb256b2cf83483d05c0641235b72868ccb9b28bcfdc0ec5d41d63ca
                                    • Instruction Fuzzy Hash: C9011230304010CBC708D768D058EAD77EBAFD671579540AAE846CB7A4DFB19C49DB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05754180 Relevance: .0, Instructions: 32COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 55b8a52679f4e040c25b6e56b773a683906289c1cf9d172c28c54d339ba53dd4
                                    • Instruction ID: e579221500fe994cf24a60b82bf00be5ed421e699ae9c4bf55f1cb6a68ebb05b
                                    • Opcode Fuzzy Hash: 55b8a52679f4e040c25b6e56b773a683906289c1cf9d172c28c54d339ba53dd4
                                    • Instruction Fuzzy Hash: ECE02B32A593449BCF24AB75AC0D8EF7FABDB952B4B410437DD0AC2100FEB5405887D2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01AA0948 Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804876292.0000000001AA0000.00000040.00000020.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_1aa0000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e6850d79e688ef7387407e307c00caab001beb49244c143f541758b1d055de9a
                                    • Instruction ID: 92781b8be2015c86179c7cc7e12c29b3157f25c9fa0d2713e5469a740caa68c3
                                    • Opcode Fuzzy Hash: e6850d79e688ef7387407e307c00caab001beb49244c143f541758b1d055de9a
                                    • Instruction Fuzzy Hash: 3BF01D35104644DFC306CB14DA80B15FBA2EB89718F24CAADE94907B62C337E813DA81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 01AA0606 Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804876292.0000000001AA0000.00000040.00000020.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_1aa0000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 94894c668105fd74fd70db8bfcbe6e6375f1c76210be83b53fd025fe0ff0f3e0
                                    • Instruction ID: 00ac75b3353da867b3253617186dd3b0b14098724a37ee14dc0f89d74543ba90
                                    • Opcode Fuzzy Hash: 94894c668105fd74fd70db8bfcbe6e6375f1c76210be83b53fd025fe0ff0f3e0
                                    • Instruction Fuzzy Hash: B0E092B66006004B9750CF0AEC81452F7E8EB84A30708C07FDC0D8B701D275F508CAA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0575016F Relevance: .0, Instructions: 18COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ed65dd6956ac10bae43f9d205eb9818b802de527de15a5a258732ccf39a6dc68
                                    • Instruction ID: d45f65144b16e80eb50d0708169ea5d5c34978b16cc5112a517fb4e95bb6af38
                                    • Opcode Fuzzy Hash: ed65dd6956ac10bae43f9d205eb9818b802de527de15a5a258732ccf39a6dc68
                                    • Instruction Fuzzy Hash: D4D02E3AA023008FFB292770E05C0A833E5EF4632670804BAE40687384EF3BD882CB05
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 017623F4 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804502214.0000000001762000.00000040.00000800.00020000.00000000.sdmp, Offset: 01762000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_1762000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d0fc5db715550f352a6b4ce5a8ac7abba2da755b2f693d75144275363fe829e8
                                    • Instruction ID: d992b8cfd0dba7e8147c36a228a3414676e3d178952c95259ba55585946028e3
                                    • Opcode Fuzzy Hash: d0fc5db715550f352a6b4ce5a8ac7abba2da755b2f693d75144275363fe829e8
                                    • Instruction Fuzzy Hash: F3D05E793056C14FE3179A1CC1A8BA57FE8AF61714F5A44F9AC008BB63CB68D985D600
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05750650 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cb5b6d38258ae8a37267ad21c5e7b8d39b4a2ac870d75d01ab5e635658678134
                                    • Instruction ID: 12e87d9c7e5f8c3d73f2c42f79e50191509f6a4dbed096cdb27b73204ed34e7d
                                    • Opcode Fuzzy Hash: cb5b6d38258ae8a37267ad21c5e7b8d39b4a2ac870d75d01ab5e635658678134
                                    • Instruction Fuzzy Hash: D5D0A77408E380DFC3554FB0A81C0A53B73DB92325B0584BAD44181431D67B5896D722
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 017623BC Relevance: .0, Instructions: 14COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804502214.0000000001762000.00000040.00000800.00020000.00000000.sdmp, Offset: 01762000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_1762000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5ceb5305a9e34f6d34f54a1a1153aca3e4baf286757cd9e335dee6b30b54140b
                                    • Instruction ID: 98338aeabf1e80ee4c20c690366859052a2443a32986feb1a3f7bdf76a761913
                                    • Opcode Fuzzy Hash: 5ceb5305a9e34f6d34f54a1a1153aca3e4baf286757cd9e335dee6b30b54140b
                                    • Instruction Fuzzy Hash: 13D05E342002814BD715DB0DC6D4F597BD8AB50B14F1A44E9AC108B762C7A4D8C1CA00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 057502AC Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 27372ffb7cedbddb0d8935b3c79861f63aae770627b37297ddfc4f3099aaabb9
                                    • Instruction ID: 4558dacde49420fdceaefc1cca0c8528fb425d8784028d2e42089a21c5e34f46
                                    • Opcode Fuzzy Hash: 27372ffb7cedbddb0d8935b3c79861f63aae770627b37297ddfc4f3099aaabb9
                                    • Instruction Fuzzy Hash: 15D09235618A459B9B64DB64E15C89AB7E2BB91720740982EE89706E1DCB70B8848B02
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05750180 Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fe7101218b0ec8701c27ab8382409bd327c5cc1eb723d266345eede7acb871c6
                                    • Instruction ID: ab4b0dde9b45d9e44daa97f6eccb7e9f715cd124456ba8e699f3c606b087b0b6
                                    • Opcode Fuzzy Hash: fe7101218b0ec8701c27ab8382409bd327c5cc1eb723d266345eede7acb871c6
                                    • Instruction Fuzzy Hash: 56D01234201304CBD7196B70E11C06833A6AB4971A750087DE50787348EF37D880CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05752EC0 Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f34fad0b806d46f9103ca5cb1b15218e90b3a5bdd7cbb7fddb6a6b359fab0bf3
                                    • Instruction ID: 90b0a984dccf07199f8f829daa816e589bc78558da5928b818530b3a701c40be
                                    • Opcode Fuzzy Hash: f34fad0b806d46f9103ca5cb1b15218e90b3a5bdd7cbb7fddb6a6b359fab0bf3
                                    • Instruction Fuzzy Hash: 3FB092312582080BEBA0A6B97848B66338C9740639F480075B90CC5901E986E4E02240
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 05750660 Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6aa9898e664cdbf1f7f9ebedc067b1ae1d9c8e6ddd3f922f27f767c80f80991f
                                    • Instruction ID: f90f800dd1329023b337b6cfb39f2d83e5e9ce398e422e670e4093fc5a19032c
                                    • Opcode Fuzzy Hash: 6aa9898e664cdbf1f7f9ebedc067b1ae1d9c8e6ddd3f922f27f767c80f80991f
                                    • Instruction Fuzzy Hash: 14C09B7518A354CAC2689EB2590D476732AD7D0325750C476D91100125DEB3B4D5A565
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 05750D7F Relevance: 6.5, Strings: 5, Instructions: 255COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1805274038.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_5750000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 0Xl$4l$:@k$\Ol$f`k
                                    • API String ID: 0-4284705603
                                    • Opcode ID: 959e24f269f4021ba1ba6bfe76df4f3006164feff0413f3242aa3bed441c3e8e
                                    • Instruction ID: 7da7049e94c2101768d5baac3aff00ec66727804d33b4661aafa1e048a160822
                                    • Opcode Fuzzy Hash: 959e24f269f4021ba1ba6bfe76df4f3006164feff0413f3242aa3bed441c3e8e
                                    • Instruction Fuzzy Hash: 1EB1F474B09344CFD364DF3881517AA77E2BB96308F50482DE0898BB80EF76984ADB57
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 017626AA Relevance: 5.4, Strings: 4, Instructions: 387COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.1804502214.0000000001762000.00000040.00000800.00020000.00000000.sdmp, Offset: 01762000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_1762000_dnshost.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 2k$Bk$$Ok$$k
                                    • API String ID: 0-3284410275
                                    • Opcode ID: 59f0dc494e1692ef90de5a4f5e87c2eea23c88ac8c76474d432ccc9d75735ae4
                                    • Instruction ID: 9c560665fe0aa4d9b5a303696c68b6a16185a66fe761b8a98f232251b250ed27
                                    • Opcode Fuzzy Hash: 59f0dc494e1692ef90de5a4f5e87c2eea23c88ac8c76474d432ccc9d75735ae4
                                    • Instruction Fuzzy Hash: 08D1C06980E7C24FD7078B3489A5586BFB9AE6324470E46CBC4C4CF5B3D22C5D09DBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%