Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report VCPjXmY0pr

Overview

General Information

Sample Name:VCPjXmY0pr (renamed file extension from none to exe)
Analysis ID:339438
MD5:053ddb3b6e38f9bdbc5fb51fdd44d3ac
SHA1:2f26c6f5a9dbf6bfb7690cb6949536775d1def92
SHA256:2d8151dabf891cf743e67c6f9765ee79884d024b10d265119873b0967a09b20f

Most interesting Screenshot:

Detection

Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Machine Learning detection for sample
Contains long sleeps (>= 3 min)
Detected potential crypto function
Drops PE files
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • VCPjXmY0pr.exe (PID: 4792 cmdline: 'C:\Users\user\Desktop\VCPjXmY0pr.exe' MD5: 053DDB3B6E38F9BDBC5FB51FDD44D3AC)
    • explorer.exe (PID: 3424 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
VCPjXmY0pr.exeapt_RU_Turla_Kazuar_DebugView_peFeaturesTurla mimicking SysInternals Tools- peFeaturesJAG-S
    VCPjXmY0pr.exeAPT_MAL_RU_Turla_Kazuar_May20_1Detects Turla Kazuar malwareFlorian Roth
    • 0x69f62:$s1: Sysinternals
    • 0x69f74:$s1: Sysinternals
    • 0x6b4e4:$s2: Test Copyright
    • 0x69f3c:$op1: 0D 01 00 08 34 2E 38 30 2E 30 2E 30 00 00 13 01

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\7092ee1bf1e386348e9ed2a7b68b7ab2.dllTurla_KazuarRATDetects Turla Kazuar RAT described by DrunkBinaryMarkus Neis / Florian Roth
    • 0x642:$x1: ~1.EXE

    Sigma Overview

    No Sigma rule has matched

    Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Antivirus / Scanner detection for submitted sampleShow sources
    Source: VCPjXmY0pr.exeAvira: detected
    Antivirus detection for dropped fileShow sources
    Source: C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\7092ee1bf1e386348e9ed2a7b68b7ab2.dllAvira: detection malicious, Label: HEUR/AGEN.1126242
    Multi AV Scanner detection for submitted fileShow sources
    Source: VCPjXmY0pr.exeVirustotal: Detection: 76%Perma Link
    Source: VCPjXmY0pr.exeReversingLabs: Detection: 72%
    Machine Learning detection for sampleShow sources
    Source: VCPjXmY0pr.exeJoe Sandbox ML: detected

    Compliance:

    barindex
    Detected unpacking (overwrites its own PE header)Show sources
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeUnpacked PE file: 0.2.VCPjXmY0pr.exe.9b0000.0.unpack
    Source: VCPjXmY0pr.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeFile opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_88df21dd2faf7c49\MSVCR80.dllJump to behavior
    Source: VCPjXmY0pr.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
    Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000001.00000000.674084782.0000000005A00000.00000002.00000001.sdmp
    Source: Binary string: wscui.pdb source: explorer.exe, 00000001.00000000.674084782.0000000005A00000.00000002.00000001.sdmp
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
    Source: VCPjXmY0pr.exe, 00000000.00000002.685997706.0000000000E1A000.00000004.00000020.sdmpString found in binary or memory: http://go.micros
    Source: explorer.exe, 00000001.00000000.666551645.0000000002B50000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
    Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
    Source: VCPjXmY0pr.exe, 00000000.00000002.688799779.0000000003011000.00000004.00000001.sdmpString found in binary or memory: https://jaireve.co/wp-content/languages/index.php
    Source: VCPjXmY0pr.exe, 00000000.00000002.688799779.0000000003011000.00000004.00000001.sdmpString found in binary or memory: https://www.weauthenticate.co.uk/wp-content/languages/index.php
    Source: VCPjXmY0pr.exe, 00000000.00000002.688799779.0000000003011000.00000004.00000001.sdmpString found in binary or memory: https://www.weauthenticate.co.uk/wp-content/languages/index.php1https://jaireve.co/wp-content/langua

    System Summary:

    barindex
    Malicious sample detected (through community Yara rule)Show sources
    Source: C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\7092ee1bf1e386348e9ed2a7b68b7ab2.dll, type: DROPPEDMatched rule: Detects Turla Kazuar RAT described by DrunkBinary Author: Markus Neis / Florian Roth
    Source: 0.2.VCPjXmY0pr.exe.62480000.1.unpack, type: UNPACKEDPEMatched rule: Detects Turla Kazuar RAT described by DrunkBinary Author: Markus Neis / Florian Roth
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeCode function: 0_2_00007FFA35A03A4A0_2_00007FFA35A03A4A
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeCode function: 0_2_00007FFA359F31A00_2_00007FFA359F31A0
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeCode function: 0_2_00007FFA359FDCF00_2_00007FFA359FDCF0
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeCode function: 0_2_00007FFA35A02CD30_2_00007FFA35A02CD3
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeCode function: 0_2_00007FFA359F01300_2_00007FFA359F0130
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeCode function: 0_2_00007FFA359F4B700_2_00007FFA359F4B70
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeCode function: 0_2_00007FFA35A032400_2_00007FFA35A03240
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeCode function: 0_2_00007FFA359F3FA90_2_00007FFA359F3FA9
    Source: VCPjXmY0pr.exe, 00000000.00000002.685997706.0000000000E1A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs VCPjXmY0pr.exe
    Source: VCPjXmY0pr.exe, 00000000.00000002.685885452.0000000000A1E000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameAgent.exeN vs VCPjXmY0pr.exe
    Source: VCPjXmY0pr.exeBinary or memory string: OriginalFilenameAgent.exeN vs VCPjXmY0pr.exe
    Source: VCPjXmY0pr.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
    Source: VCPjXmY0pr.exe, type: SAMPLEMatched rule: apt_RU_Turla_Kazuar_DebugView_peFeatures hash2 = 44cc7f6c2b664f15b499c7d07c78c110861d2cc82787ddaad28a5af8efc3daac, author = JAG-S, description = Turla mimicking SysInternals Tools- peFeatures, version = 2.0, reference = https://www.epicturla.com/blog/sysinturla, score = 1749c96cc1a4beb9ad4d6e037e40902fac31042fa40152f1d3794f49ed1a2b5c
    Source: VCPjXmY0pr.exe, type: SAMPLEMatched rule: APT_MAL_RU_Turla_Kazuar_May20_1 date = 2020-05-28, hash4 = 44cc7f6c2b664f15b499c7d07c78c110861d2cc82787ddaad28a5af8efc3daac, hash3 = 2d8151dabf891cf743e67c6f9765ee79884d024b10d265119873b0967a09b20f, hash2 = 1fca5f41211c800830c5f5c3e355d31a05e4c702401a61f11e25387e25eeb7fa, hash1 = 1749c96cc1a4beb9ad4d6e037e40902fac31042fa40152f1d3794f49ed1a2b5c, author = Florian Roth, description = Detects Turla Kazuar malware, reference = https://www.epicturla.com/blog/sysinturla
    Source: C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\7092ee1bf1e386348e9ed2a7b68b7ab2.dll, type: DROPPEDMatched rule: Turla_KazuarRAT date = 2018-04-08, hash3 = 4e5a86e33e53931afe25a8cb108f53f9c7e6c6a731b0ef4f72ce638d0ea5c198, hash2 = 7594fab1aadc4fb08fb9dbb27c418e8bc7f08dadb2acf5533dc8560241ecfc1d, hash1 = 6b5d9fca6f49a044fd94c816e258bf50b1e90305d7dab2e0480349e80ed2a0fa, author = Markus Neis / Florian Roth, description = Detects Turla Kazuar RAT described by DrunkBinary, reference = https://twitter.com/DrunkBinary/status/982969891975319553
    Source: 0.2.VCPjXmY0pr.exe.62480000.1.unpack, type: UNPACKEDPEMatched rule: Turla_KazuarRAT date = 2018-04-08, hash3 = 4e5a86e33e53931afe25a8cb108f53f9c7e6c6a731b0ef4f72ce638d0ea5c198, hash2 = 7594fab1aadc4fb08fb9dbb27c418e8bc7f08dadb2acf5533dc8560241ecfc1d, hash1 = 6b5d9fca6f49a044fd94c816e258bf50b1e90305d7dab2e0480349e80ed2a0fa, author = Markus Neis / Florian Roth, description = Detects Turla Kazuar RAT described by DrunkBinary, reference = https://twitter.com/DrunkBinary/status/982969891975319553
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, type: UNPACKEDPEMatched rule: apt_RU_Turla_Kazuar_DebugView_peFeatures hash2 = 44cc7f6c2b664f15b499c7d07c78c110861d2cc82787ddaad28a5af8efc3daac, author = JAG-S, description = Turla mimicking SysInternals Tools- peFeatures, version = 2.0, reference = https://www.epicturla.com/blog/sysinturla, score = 1749c96cc1a4beb9ad4d6e037e40902fac31042fa40152f1d3794f49ed1a2b5c
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, type: UNPACKEDPEMatched rule: APT_MAL_RU_Turla_Kazuar_May20_1 date = 2020-05-28, hash4 = 44cc7f6c2b664f15b499c7d07c78c110861d2cc82787ddaad28a5af8efc3daac, hash3 = 2d8151dabf891cf743e67c6f9765ee79884d024b10d265119873b0967a09b20f, hash2 = 1fca5f41211c800830c5f5c3e355d31a05e4c702401a61f11e25387e25eeb7fa, hash1 = 1749c96cc1a4beb9ad4d6e037e40902fac31042fa40152f1d3794f49ed1a2b5c, author = Florian Roth, description = Detects Turla Kazuar malware, reference = https://www.epicturla.com/blog/sysinturla
    Source: 0.2.VCPjXmY0pr.exe.9b0000.0.unpack, type: UNPACKEDPEMatched rule: apt_RU_Turla_Kazuar_DebugView_peFeatures hash2 = 44cc7f6c2b664f15b499c7d07c78c110861d2cc82787ddaad28a5af8efc3daac, author = JAG-S, description = Turla mimicking SysInternals Tools- peFeatures, version = 2.0, reference = https://www.epicturla.com/blog/sysinturla, score = 1749c96cc1a4beb9ad4d6e037e40902fac31042fa40152f1d3794f49ed1a2b5c
    Source: 0.2.VCPjXmY0pr.exe.9b0000.0.unpack, type: UNPACKEDPEMatched rule: APT_MAL_RU_Turla_Kazuar_May20_1 date = 2020-05-28, hash4 = 44cc7f6c2b664f15b499c7d07c78c110861d2cc82787ddaad28a5af8efc3daac, hash3 = 2d8151dabf891cf743e67c6f9765ee79884d024b10d265119873b0967a09b20f, hash2 = 1fca5f41211c800830c5f5c3e355d31a05e4c702401a61f11e25387e25eeb7fa, hash1 = 1749c96cc1a4beb9ad4d6e037e40902fac31042fa40152f1d3794f49ed1a2b5c, author = Florian Roth, description = Detects Turla Kazuar malware, reference = https://www.epicturla.com/blog/sysinturla
    Source: VCPjXmY0pr.exe, JowBOtqcqvVCCqOPQrecpmBhMcCE.csCryptographic APIs: 'CreateDecryptor'
    Source: VCPjXmY0pr.exe, CTriFxnjSzLzysCjWnaasAySZUoH.csCryptographic APIs: 'CreateDecryptor'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, JowBOtqcqvVCCqOPQrecpmBhMcCE.csCryptographic APIs: 'CreateDecryptor'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, CTriFxnjSzLzysCjWnaasAySZUoH.csCryptographic APIs: 'CreateDecryptor'
    Source: VCPjXmY0pr.exe, xaWocZJwXjXdEaUZmSLYfVaHzeiG.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, xaWocZJwXjXdEaUZmSLYfVaHzeiG.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, eThxRpbETWdjxmVpXPSjXHAcevov.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
    Source: VCPjXmY0pr.exe, eThxRpbETWdjxmVpXPSjXHAcevov.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
    Source: classification engineClassification label: mal92.evad.winEXE@1/13@0/0
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeFile created: C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7Jump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{b8a51239-fdc0-6ddc-5b20-97bdafddcb5a}
    Source: VCPjXmY0pr.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\077cf2bd55145d691314f0889d7a1997\mscorlib.ni.dllJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
    Source: C:\Windows\explorer.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\077cf2bd55145d691314f0889d7a1997\mscorlib.ni.dllJump to behavior
    Source: C:\Windows\explorer.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
    Source: C:\Windows\explorer.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: VCPjXmY0pr.exeVirustotal: Detection: 76%
    Source: VCPjXmY0pr.exeReversingLabs: Detection: 72%
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
    Source: VCPjXmY0pr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeFile opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_88df21dd2faf7c49\MSVCR80.dllJump to behavior
    Source: VCPjXmY0pr.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
    Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000001.00000000.674084782.0000000005A00000.00000002.00000001.sdmp
    Source: Binary string: wscui.pdb source: explorer.exe, 00000001.00000000.674084782.0000000005A00000.00000002.00000001.sdmp

    Data Obfuscation:

    barindex
    Detected unpacking (overwrites its own PE header)Show sources
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeUnpacked PE file: 0.2.VCPjXmY0pr.exe.9b0000.0.unpack
    .NET source code contains potential unpackerShow sources
    Source: VCPjXmY0pr.exe, yVJzEUMWFmmqMaPSUNTXuiQpWUAo.cs.Net Code: ????????????????????????????????????????? System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, yVJzEUMWFmmqMaPSUNTXuiQpWUAo.cs.Net Code: ????????????????????????????????????????? System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
    Source: initial sampleStatic PE information: section where entry point is pointing to: .wtf
    Source: 7092ee1bf1e386348e9ed2a7b68b7ab2.dll.0.drStatic PE information: real checksum: 0xc809 should be: 0x5d1d
    Source: VCPjXmY0pr.exeStatic PE information: real checksum: 0x0 should be: 0x75bb3
    Source: 7092ee1bf1e386348e9ed2a7b68b7ab2.dll.0.drStatic PE information: section name: .wtf
    Source: 7092ee1bf1e386348e9ed2a7b68b7ab2.dll.0.drStatic PE information: section name: .xdata
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeCode function: 0_2_00007FFA359FE373 push edx; retf 0_2_00007FFA359FE3B1
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeCode function: 0_2_00007FFA359F6D14 push esi; ret 0_2_00007FFA359F6D17
    Source: VCPjXmY0pr.exe, oKNGvtPGtCTMPpOxDvUHlAChNZGw.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: VCPjXmY0pr.exe, DteHEPsmEtHhhwFTNYpXIIThIgSr.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: VCPjXmY0pr.exe, WAilIsDhwFrPIXiaBQdCthAaCvye.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: VCPjXmY0pr.exe, lwqQYZKBwOXSoyAQtOILpszueCCr.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', 'BESFPzKfKQDDGoimktgzsZJfmaNs', '.ctor'
    Source: VCPjXmY0pr.exe, evwJCBryWduoCpuRjHXVeSRGDCdK.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'mFvlXbOBwYFycNExDwsmdSXAUlTC'
    Source: VCPjXmY0pr.exe, TYOxYFoQUvQOzcgSAXTUIUXtTqP.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'DOAlVtspoVtZsDRYZnvWSgROwMlp'
    Source: VCPjXmY0pr.exe, KhLUrdNneVMqjOpSdoqdyvaLujbj.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: VCPjXmY0pr.exe, PyJJNitSfJqvXbCTYUUrzsymciYX.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: VCPjXmY0pr.exe, VCkDjCCDwbcJkUlwdXTPjBYmzNfQ.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'DOAlVtspoVtZsDRYZnvWSgROwMlp'
    Source: VCPjXmY0pr.exe, qJRFYGcPocAtTrfZlGrAXJMJZBPVA.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'DOAlVtspoVtZsDRYZnvWSgROwMlp'
    Source: VCPjXmY0pr.exe, uOWFlXHpjsOByESGjkAeDXbtVDXrb.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'DOAlVtspoVtZsDRYZnvWSgROwMlp'
    Source: VCPjXmY0pr.exe, OKTUKVPuuDYGxITuxNrCtXxMDJoC.csHigh entropy of concatenated method names: 'uUmriooNvsGiUkwwzaOIlFvigksD', 'eRgbvDPMDOTkRPtLjFuGtoRrFmqv', 'jiImNtLestTpBtUWRnfloXVAaoQI', 'vdaBnoXZUkSrjeHxAmUiONUhcNKBA', 'uNBwbeDbCUukYLXPIhIIZtBypAIy', 'ncUStthzZpcDXiCzYSsPIhYbKNZp', 'lhRlKXDjVxAeXxyIiYlFismCXmMd', 'PvItMHIRZrKVlvCQvYJLgNNSASLM', 'tLilNWMRyDYOKxEKGLOPvKSHkUAF', 'qVnPtdRNMxbSGbuClYFvMgKPhvDHA'
    Source: VCPjXmY0pr.exe, fFukgVjYWaEFDfuLCEaeAIhjACpu.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: VCPjXmY0pr.exe, NTUiRuGNXCALubTLidZuPliWwwtr.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: VCPjXmY0pr.exe, BnlCTyVPPJbeDfVuwxBXIIwSZXSdA.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: VCPjXmY0pr.exe, LKibmMaQProiRHPzDMvgNzgvUwDyA.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: VCPjXmY0pr.exe, vcjGrbxppmxZxAbJTVMNjLbQdDBCA.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: VCPjXmY0pr.exe, putmnFDFHxWOCpnQJeIPFhapTDCvA.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: VCPjXmY0pr.exe, tYJxLndiqFFoadjBRcFjzCKyVPDw.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'VxDEoasEvMyvkTeBHhfKukJmOKoe'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, DteHEPsmEtHhhwFTNYpXIIThIgSr.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, WAilIsDhwFrPIXiaBQdCthAaCvye.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, lwqQYZKBwOXSoyAQtOILpszueCCr.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', 'BESFPzKfKQDDGoimktgzsZJfmaNs', '.ctor'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, KhLUrdNneVMqjOpSdoqdyvaLujbj.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, PyJJNitSfJqvXbCTYUUrzsymciYX.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, oKNGvtPGtCTMPpOxDvUHlAChNZGw.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, OKTUKVPuuDYGxITuxNrCtXxMDJoC.csHigh entropy of concatenated method names: 'uUmriooNvsGiUkwwzaOIlFvigksD', 'eRgbvDPMDOTkRPtLjFuGtoRrFmqv', 'jiImNtLestTpBtUWRnfloXVAaoQI', 'vdaBnoXZUkSrjeHxAmUiONUhcNKBA', 'uNBwbeDbCUukYLXPIhIIZtBypAIy', 'ncUStthzZpcDXiCzYSsPIhYbKNZp', 'lhRlKXDjVxAeXxyIiYlFismCXmMd', 'PvItMHIRZrKVlvCQvYJLgNNSASLM', 'tLilNWMRyDYOKxEKGLOPvKSHkUAF', 'qVnPtdRNMxbSGbuClYFvMgKPhvDHA'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, fFukgVjYWaEFDfuLCEaeAIhjACpu.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, NTUiRuGNXCALubTLidZuPliWwwtr.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, BnlCTyVPPJbeDfVuwxBXIIwSZXSdA.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, VCkDjCCDwbcJkUlwdXTPjBYmzNfQ.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'DOAlVtspoVtZsDRYZnvWSgROwMlp'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, qJRFYGcPocAtTrfZlGrAXJMJZBPVA.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'DOAlVtspoVtZsDRYZnvWSgROwMlp'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, uOWFlXHpjsOByESGjkAeDXbtVDXrb.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'DOAlVtspoVtZsDRYZnvWSgROwMlp'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, evwJCBryWduoCpuRjHXVeSRGDCdK.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'mFvlXbOBwYFycNExDwsmdSXAUlTC'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, TYOxYFoQUvQOzcgSAXTUIUXtTqP.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'DOAlVtspoVtZsDRYZnvWSgROwMlp'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, putmnFDFHxWOCpnQJeIPFhapTDCvA.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, tYJxLndiqFFoadjBRcFjzCKyVPDw.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'VxDEoasEvMyvkTeBHhfKukJmOKoe'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, LKibmMaQProiRHPzDMvgNzgvUwDyA.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, vcjGrbxppmxZxAbJTVMNjLbQdDBCA.csHigh entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor'
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeFile created: C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\7092ee1bf1e386348e9ed2a7b68b7ab2.dllJump to dropped file
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\explorer.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1001Jump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exe TID: 1288Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Windows\explorer.exe TID: 4780Thread sleep count: 64 > 30Jump to behavior
    Source: C:\Windows\explorer.exe TID: 4780Thread sleep time: -128000s >= -30000sJump to behavior
    Source: C:\Windows\explorer.exe TID: 6240Thread sleep count: 1001 > 30Jump to behavior
    Source: C:\Windows\explorer.exe TID: 6240Thread sleep time: -10010000s >= -30000sJump to behavior
    Source: C:\Windows\explorer.exe TID: 6896Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: explorer.exe, 00000001.00000000.677524244.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
    Source: explorer.exe, 00000001.00000000.673659873.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
    Source: explorer.exe, 00000001.00000000.674532575.0000000006650000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
    Source: explorer.exe, 00000001.00000000.677524244.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
    Source: explorer.exe, 00000001.00000000.671223228.0000000004710000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
    Source: explorer.exe, 00000001.00000000.673659873.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
    Source: explorer.exe, 00000001.00000000.677640558.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
    Source: explorer.exe, 00000001.00000000.673659873.00000000058C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
    Source: explorer.exe, 00000001.00000000.677704442.000000000A784000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
    Source: explorer.exe, 00000001.00000000.673659873.00000000058C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\explorer.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\explorer.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeMemory allocated: page read and write | page guardJump to behavior

    HIPS / PFW / Operating System Protection Evasion:

    barindex
    .NET source code references suspicious native API functionsShow sources
    Source: VCPjXmY0pr.exe, OKTUKVPuuDYGxITuxNrCtXxMDJoC.csReference to suspicious API methods: ('FnweNvyxnMVBuRzMZzQEqdtLAPrA', 'GetProcAddress@kernel32'), ('qVnPtdRNMxbSGbuClYFvMgKPhvDHA', 'CreateRemoteThread@kernel32'), ('zdYpViHCCuxgniqqamPpntrZHzZr', 'LoadLibrary@kernel32'), ('tLilNWMRyDYOKxEKGLOPvKSHkUAF', 'OpenProcess@kernel32'), ('wHieHXtQJlXHyVxhONzsxdAXelIaA', 'OpenProcessToken@advapi32')
    Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, OKTUKVPuuDYGxITuxNrCtXxMDJoC.csReference to suspicious API methods: ('FnweNvyxnMVBuRzMZzQEqdtLAPrA', 'GetProcAddress@kernel32'), ('qVnPtdRNMxbSGbuClYFvMgKPhvDHA', 'CreateRemoteThread@kernel32'), ('zdYpViHCCuxgniqqamPpntrZHzZr', 'LoadLibrary@kernel32'), ('tLilNWMRyDYOKxEKGLOPvKSHkUAF', 'OpenProcess@kernel32'), ('wHieHXtQJlXHyVxhONzsxdAXelIaA', 'OpenProcessToken@advapi32')
    Source: explorer.exe, 00000001.00000000.665732018.0000000000AD8000.00000004.00000020.sdmpBinary or memory string: ProgmanMD6
    Source: explorer.exe, 00000001.00000000.665998562.0000000001080000.00000002.00000001.sdmpBinary or memory string: Program Manager
    Source: VCPjXmY0pr.exe, 00000000.00000002.688799779.0000000003011000.00000004.00000001.sdmp, explorer.exe, 00000001.00000000.665998562.0000000001080000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
    Source: explorer.exe, 00000001.00000000.665998562.0000000001080000.00000002.00000001.sdmpBinary or memory string: Progman
    Source: explorer.exe, 00000001.00000000.665998562.0000000001080000.00000002.00000001.sdmpBinary or memory string: Progmanlock
    Source: explorer.exe, 00000001.00000000.677640558.000000000A716000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd5D
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\VCPjXmY0pr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsNative API1Path InterceptionProcess Injection1Masquerading1OS Credential DumpingSecurity Software Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion2LSASS MemoryVirtualization/Sandbox Evasion2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection1NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsSystem Information Discovery12SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
    Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
    External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing2DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    VCPjXmY0pr.exe76%VirustotalBrowse
    VCPjXmY0pr.exe73%ReversingLabsByteCode-MSIL.Trojan.Cassowar
    VCPjXmY0pr.exe100%AviraTR/Crypt.XPACK.Gen
    VCPjXmY0pr.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\7092ee1bf1e386348e9ed2a7b68b7ab2.dll100%AviraHEUR/AGEN.1126242

    Unpacked PE Files

    SourceDetectionScannerLabelLinkDownload
    0.2.VCPjXmY0pr.exe.62480000.1.unpack100%AviraHEUR/AGEN.1126242Download File
    0.0.VCPjXmY0pr.exe.9b0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
    0.2.VCPjXmY0pr.exe.9b0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://www.weauthenticate.co.uk/wp-content/languages/index.php0%Avira URL Cloudsafe
    http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
    http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
    http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
    http://www.tiro.com0%URL Reputationsafe
    http://www.tiro.com0%URL Reputationsafe
    http://www.tiro.com0%URL Reputationsafe
    http://www.goodfont.co.kr0%URL Reputationsafe
    http://www.goodfont.co.kr0%URL Reputationsafe
    http://www.goodfont.co.kr0%URL Reputationsafe
    https://www.weauthenticate.co.uk/wp-content/languages/index.php1https://jaireve.co/wp-content/langua0%Avira URL Cloudsafe
    http://go.micros0%URL Reputationsafe
    http://go.micros0%URL Reputationsafe
    http://go.micros0%URL Reputationsafe
    http://www.carterandcone.coml0%URL Reputationsafe
    http://www.carterandcone.coml0%URL Reputationsafe
    http://www.carterandcone.coml0%URL Reputationsafe
    http://www.sajatypeworks.com0%URL Reputationsafe
    http://www.sajatypeworks.com0%URL Reputationsafe
    http://www.sajatypeworks.com0%URL Reputationsafe
    http://www.typography.netD0%URL Reputationsafe
    http://www.typography.netD0%URL Reputationsafe
    http://www.typography.netD0%URL Reputationsafe
    http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
    http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
    http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
    http://fontfabrik.com0%URL Reputationsafe
    http://fontfabrik.com0%URL Reputationsafe
    http://fontfabrik.com0%URL Reputationsafe
    http://www.founder.com.cn/cn0%URL Reputationsafe
    http://www.founder.com.cn/cn0%URL Reputationsafe
    http://www.founder.com.cn/cn0%URL Reputationsafe
    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
    https://jaireve.co/wp-content/languages/index.php0%Avira URL Cloudsafe
    http://www.%s.comPA0%URL Reputationsafe
    http://www.%s.comPA0%URL Reputationsafe
    http://www.%s.comPA0%URL Reputationsafe
    http://www.sandoll.co.kr0%URL Reputationsafe
    http://www.sandoll.co.kr0%URL Reputationsafe
    http://www.sandoll.co.kr0%URL Reputationsafe
    http://www.urwpp.deDPlease0%URL Reputationsafe
    http://www.urwpp.deDPlease0%URL Reputationsafe
    http://www.urwpp.deDPlease0%URL Reputationsafe
    http://www.zhongyicts.com.cn0%URL Reputationsafe
    http://www.zhongyicts.com.cn0%URL Reputationsafe
    http://www.zhongyicts.com.cn0%URL Reputationsafe
    http://www.sakkal.com0%URL Reputationsafe
    http://www.sakkal.com0%URL Reputationsafe
    http://www.sakkal.com0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
      		high
      http://www.fontbureau.comexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
        		high
        http://www.fontbureau.com/designersGexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
          		high
          https://www.weauthenticate.co.uk/wp-content/languages/index.phpVCPjXmY0pr.exe, 00000000.00000002.688799779.0000000003011000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.fontbureau.com/designers/?explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
            		high
            http://www.founder.com.cn/cn/bTheexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://www.fontbureau.com/designers?explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
              		high
              http://www.tiro.comexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://www.fontbureau.com/designersexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                		high
                http://www.goodfont.co.krexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                https://www.weauthenticate.co.uk/wp-content/languages/index.php1https://jaireve.co/wp-content/languaVCPjXmY0pr.exe, 00000000.00000002.688799779.0000000003011000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://go.microsVCPjXmY0pr.exe, 00000000.00000002.685997706.0000000000E1A000.00000004.00000020.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.carterandcone.comlexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.sajatypeworks.comexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.typography.netDexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                  		high
                  http://www.founder.com.cn/cn/cTheexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://fontfabrik.comexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.founder.com.cn/cnexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designers/frere-user.htmlexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                    		high
                    http://www.jiyu-kobo.co.jp/explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://jaireve.co/wp-content/languages/index.phpVCPjXmY0pr.exe, 00000000.00000002.688799779.0000000003011000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.fontbureau.com/designers8explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                      		high
                      http://www.%s.comPAexplorer.exe, 00000001.00000000.666551645.0000000002B50000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		low
                      http://www.fonts.comexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                        		high
                        http://www.sandoll.co.krexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.urwpp.deDPleaseexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.zhongyicts.com.cnexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.sakkal.comexplorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown

                        Contacted IPs

                        No contacted IP infos

                        General Information

                        Joe Sandbox Version:31.0.0 Red Diamond
                        Analysis ID:339438
                        Start date:14.01.2021
                        Start time:03:08:55
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 6m 36s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Sample file name:VCPjXmY0pr (renamed file extension from none to exe)
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                        Number of analysed new started processes analysed:15
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:1
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • HDC enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal92.evad.winEXE@1/13@0/0
                        EGA Information:
                        • Successful, ratio: 100%
                        HDC Information:
                        • Successful, ratio: 6.3% (good quality ratio 5.5%)
                        • Quality average: 81.8%
                        • Quality standard deviation: 32.1%
                        HCA Information:
                        • Successful, ratio: 91%
                        • Number of executed functions: 106
                        • Number of non-executed functions: 2
                        Cookbook Comments:
                        • Adjust boot time
                        • Enable AMSI
                        Warnings:
                        Show All
                        • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                        • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        03:10:08API Interceptor1099x Sleep call for process: explorer.exe modified

                        Joe Sandbox View / Context

                        IPs

                        No context

                        Domains

                        No context

                        ASN

                        No context

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\7092ee1bf1e386348e9ed2a7b68b7ab2.dll
                        Process:C:\Users\user\Desktop\VCPjXmY0pr.exe
                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                        Category:dropped
                        Size (bytes):8704
                        Entropy (8bit):3.43117265490537
                        Encrypted:false
                        SSDEEP:96:ZfffhRFqx1h0OIs+gJvtYjCT9018zSTJlBLx4ZW5:1ffhRA1dNt+CT9c8+bhx4E
                        MD5:3A73460B3E70A0F3F6F0CBF0C73EFECF
                        SHA1:15FE33F04BA640E818A29E954D2DF5CC29646D05
                        SHA-256:3A948163073EDCD69A47F69EAFBC088C267CDE7AA752866DF516EA948BF62660
                        SHA-512:893E49E9DC3F57B93049BBD5322682EA0875E2A034DB9A74C13C7A6901464932C7C8F16A9EC97F8D4A96C8B839811FC80A41A1589FF4740310436AA33FE2D632
                        Malicious:true
                        Yara Hits:
                        • Rule: Turla_KazuarRAT, Description: Detects Turla Kazuar RAT described by DrunkBinary, Source: C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\7092ee1bf1e386348e9ed2a7b68b7ab2.dll, Author: Markus Neis / Florian Roth
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        Reputation:low
                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...F..V...........".................0........Hb.............................................. ......................................p..V....................P..<.......................................................................H............................text...`........................... .P`.wtf......... ......................`.`..rdata.......@......................@.P@.pdata..<....P......................@.0@.xdata..,....`......................@.0@.edata..V....p......................@.0@.idata............... ..............@.0.........................................................................................................................................................................................................................................................................................................................................
                        C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\c34b132bff0230a28757d24f730ae477\aa898d6f9ffba4432ce9bb2a8b2154f7
                        Process:C:\Windows\explorer.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16
                        Entropy (8bit):3.875
                        Encrypted:false
                        SSDEEP:3:AHGaufVR:faufb
                        MD5:E8AD3C40BB7406C96C34C723E602058E
                        SHA1:54FADCACF2B8CE54A8B600D05CFAF19E4B85C20F
                        SHA-256:908969C5720C3971B4237AAF5C4B6B7FFEA9D01E9326597D7306574479D75DD5
                        SHA-512:3FB9282CD9F116AD9DC814347F096F903C607D8C4E3C6CBD31F3C97414F986BC2216E7CDA33BFBD63E26B66F67AD609B1395B17660E48CC503F719BC58EDC77F
                        Malicious:false
                        Reputation:low
                        Preview: #w...K:2..Y..
                        C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\c34b132bff0230a28757d24f730ae477\aace0a8af5e9a62f21d9da31e5909f00
                        Process:C:\Windows\explorer.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16
                        Entropy (8bit):3.875
                        Encrypted:false
                        SSDEEP:3:h74uK5:h65
                        MD5:2380A415BADE4A821DC65C0FBF0B4502
                        SHA1:D66BBA11FC460C1CF46A1A98AD09505C40709C30
                        SHA-256:BCC90DEDF52059B2CD9275E6214EAA7A274926B1C780D104A645F9FC13E4BFDF
                        SHA-512:437857CD1239F7FD0A701F7963DDA722BDF8D0DB539E33C96BB1FA3ECC60A804459CC0E736EEF4AFA04D466DA763CA4EEF4606E762F00EF44F950B7300DA10F3
                        Malicious:false
                        Reputation:low
                        Preview: .C7.....u.i...
                        C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\c34b132bff0230a28757d24f730ae477\b96aff2c7cf2b4afd20609e7a7ab021c
                        Process:C:\Windows\explorer.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):80
                        Entropy (8bit):5.887492001110317
                        Encrypted:false
                        SSDEEP:3:OK/aggxrF8RzBRnim0DUUxHcBzWQVNz8:laxxB8VBRim4CzM
                        MD5:953D1568BAFDE7852BCD093EC0913C0B
                        SHA1:EC707DC054F1D17E13A167FB18EE3409A9A5F7E6
                        SHA-256:7A4DD0D6823D35E521E3D6757F52A625B3EB5EDF6E113D51556FA49C60408710
                        SHA-512:892E0F92386EA4D060DABBBD0E75950BBFEB964189704DD793581764A49EF6B8EDA75A21D2098DB2A61E18C93BA8242C4BE6CA8FEA4BD768DAD32B7784AE7868
                        Malicious:false
                        Reputation:low
                        Preview: .....[.o.E.~.C.+z@. ...4.Q.........R..gR.Gk|..}\..M_9A&...$.....[.uQ_`h.E..
                        C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\f881b2c16ba8e622f4992b3af2bf31dc\08D8B839D84BA13E
                        Process:C:\Users\user\Desktop\VCPjXmY0pr.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):112
                        Entropy (8bit):6.425614855073995
                        Encrypted:false
                        SSDEEP:3:sXNwEk8Ml+Bu0XoiRz95EPmaQki47a/zBiSaO:kyN8vKys6+8zBiK
                        MD5:04CF6AEB7D2035FF39ACDBBCC8B2527D
                        SHA1:C52200EFE8AA944C568490E82E50D9F75874A694
                        SHA-256:C38B2BAE911E4FF846A7F89568FC9ABFD742A7887AA86DEC321CF87F3D8AAC62
                        SHA-512:AAC78E59645D80658063CCA85585A9D42B8BAE8E748F3673D2A01BEBD53C09961B8C82AE2A85DE402FF791735F68252A741BDDA1E5FAE01903912ECE1B8636A7
                        Malicious:false
                        Reputation:low
                        Preview: /E...$....9B.....k.U.J.....M7b.9..s..'..t{.^A..J..}K...c..x.......-..$5.....C^......t.A%..x-.....E`..K..,.?.
                        C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\f881b2c16ba8e622f4992b3af2bf31dc\08D8B839D871C6B0
                        Process:C:\Users\user\Desktop\VCPjXmY0pr.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):112
                        Entropy (8bit):6.340706149678221
                        Encrypted:false
                        SSDEEP:3:pUtDciGq8DOSt7rUbf1vEFYi:atIicDOiIbpYYi
                        MD5:319E0F44349BF2868F0A52D6F22E7FEF
                        SHA1:A2424982B6D02A3AE491CB1C66AD0315EC7B98D6
                        SHA-256:BDD5918AB0460E88391E6480FB17055B153513C99CE28C2652521870DFF5502A
                        SHA-512:DF1CE6259192E8A6372C271628A0C63555DABD833528D2E640B281AC0C673AC5AE3129DD5F443507622669EAD2CB06C34E6A1F1020E13AA4E71A2EAE35E6B76A
                        Malicious:false
                        Reputation:low
                        Preview: s..+.@..a.....\.[=..w.........n....2....i."(...F...w.: ]....#...&+.1..4..Y6...+0N[.o@...6...p.z....I..
                        C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\f881b2c16ba8e622f4992b3af2bf31dc\08D8B839DB822E39
                        Process:C:\Users\user\Desktop\VCPjXmY0pr.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):48
                        Entropy (8bit):5.45996250072116
                        Encrypted:false
                        SSDEEP:3:6vnfE9eE6p34lDuIKfi05mo:6vfacIQ3a05mo
                        MD5:9D768A2AB59047A57AEF0EAB9E9150B2
                        SHA1:83EEAE11C1D5A20E0E25460EEF81E1082F76DB0D
                        SHA-256:8ABF552B4A6E556BC85B59AE6E9E3FB16C3EC8F854C2AE60CCC4F7AEC1D8851F
                        SHA-512:DE02C768597E92B80F9521F175F157F42EDB93677F4CC3DACD64FE623248233E2B39317264789990833DAE43ED6C5555085528DBC2984FF607EED00262D2C4DF
                        Malicious:false
                        Reputation:low
                        Preview: j.......&..Z/..|.!t.r..].&KBm..."..w...j..\.
                        C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\f881b2c16ba8e622f4992b3af2bf31dc\08D8B839E1CB7D93
                        Process:C:\Users\user\Desktop\VCPjXmY0pr.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):112
                        Entropy (8bit):6.447849006821076
                        Encrypted:false
                        SSDEEP:3:O+TBwCUvplvLspBqgryUrh9MkbfPwNVO4UC/Rt8Dq0n:ODZvplD8bmUckb3s84Uxm0n
                        MD5:0599E47354E7869D17E2F2D371FD9A4D
                        SHA1:7803D02514AB30E1F253E4D84C421C30CE1B11E7
                        SHA-256:55B8ED3B56C23F3D9248BEB993209845144AC3A5C47AD13C61B43469ED98AD42
                        SHA-512:523E40048250FCA70294E8D6772EF01B67892C88234F93F1A09C42CE2429DBF1B1D32C1778F94CE3F6166E843A7E9DBAC8A6CCF2AC0C04EFB374F4ECAC0BC608
                        Malicious:false
                        Reputation:low
                        Preview: 3,.vn6L...g..+...1....Z....jY..:#{*....t.ut.....-..)DX_.E'......n|.E.4.S...Qd....R.;.Z.V..i...$.C...J...
                        C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\f881b2c16ba8e622f4992b3af2bf31dc\08D8B839E2B523CD
                        Process:C:\Windows\explorer.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):240
                        Entropy (8bit):7.0259606872645275
                        Encrypted:false
                        SSDEEP:6:g1BKVEea8HZl9eb98ImCyn3y1wZnMKPbMYFX4B6Y7qsd:8Km85feHmPawlMKznDAld
                        MD5:A1B3A295D26298A2690581AF0F45429A
                        SHA1:8B23E45823F0737A69546206D4FE068BD60247EF
                        SHA-256:8CFAB883110C21EEEA84C7903C06CAA00E3363D8B1D4DC9DEC607572FACB5847
                        SHA-512:C4D34C54AF358FB2CBEAD88E6F7E752DCCFEB2E61FA1307594B20E764BB03AABC27440208E557771C86B5EF7C248C69959E2772956D086B7B45D513CD9B435A0
                        Malicious:false
                        Reputation:low
                        Preview: .i.Q...4U.......!.._....{...5.p........6&.T@EE.'M..O.,.f <_...`.6<.CR.Y....iC.,K|....w...)./..Rm7...\5C..(..Z.../..%.,<..7.F.........D...A..I).l....s..yU.II..0=Z..`..)Y\m.n..........d+......$.}....R..t.e.J".....tL..p'i.d&...
                        C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\f881b2c16ba8e622f4992b3af2bf31dc\08D8B839E2E27076
                        Process:C:\Windows\explorer.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):112
                        Entropy (8bit):6.443471997931137
                        Encrypted:false
                        SSDEEP:3:rrFk2aaAcIDX84Ba8eCrJKe2I53/4PR6SfudY2Z:/FmaAcIDpBAKKe2I5P4Bu5
                        MD5:695E1879159A131D5C0C4B59022ECE8B
                        SHA1:6BF6D3A77BA01036B4E1E46067EDCB03204EE36C
                        SHA-256:AE5EDC93F81ED89E59E0131A65D52F393788CF49E05D1745CCFC52987A61E746
                        SHA-512:6E4B4D8F22ACE43B1D259746C600D00C5A93F59FB37B02DF0D4382444C27E0A5188DC2EE7D0F22789EB8722D3C84EA180B39E9B4CDE6E88C92BA908EDDB95358
                        Malicious:false
                        Reputation:low
                        Preview: .w..,..\..`..ES.M..Px.R0..V.m&.%|V...3SZa.../.....[.wNBa}=...,#..i......l.....jx..W..R.u..z...J..(&.O.=z..h
                        C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\f881b2c16ba8e622f4992b3af2bf31dc\08D8B839E3016F16
                        Process:C:\Windows\explorer.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):240
                        Entropy (8bit):7.145086064205293
                        Encrypted:false
                        SSDEEP:6:a/dFNm6M9v2NxGv40aINKg2E8DEo1PeTuc4yL8ujKSFN4:aFmbh2CFJaPcuQLzjNFC
                        MD5:BE6561A67D1AB00A681AF4CB12642ECC
                        SHA1:56A0615D4CF52D94D4D8A65422431AC27A0220D0
                        SHA-256:D737A8B6845D5FE17E669CA15941817C307070AD0C9780C2E6A5981350F5F147
                        SHA-512:0256E2B6ED67E75FA7BA46C177C9B1945CF1FC693F3FBC50FECEBAFB6F1978AA9B53B8E5B27B7B02C9AB526431376A5E02579A8A0204C8A5FF612BFA1A994AF3
                        Malicious:false
                        Reputation:low
                        Preview: D#.%.....948........O.G..qIT..O...@.]Q..|..`.......8I'.O.....:7.K..9...0.;....|W..fd..a..f.F.......h8>.N...J..3..&.....YHL.6..4...W.~xz.........P..:.3J...HO.r........(y.....q..^.......7zb@.1..S7.<=c.J.6,..\._......;.*.b..1.....dk
                        C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\f881b2c16ba8e622f4992b3af2bf31dc\08D8B839E60385D2
                        Process:C:\Windows\explorer.exe
                        File Type:DOS executable (COM, 0x8C-variant)
                        Category:dropped
                        Size (bytes):240
                        Entropy (8bit):7.132088499710445
                        Encrypted:false
                        SSDEEP:6:iEO5b4sVVXSUZReqGbGODHVbYg0sV6/Id3B:iES/bZLGSObxYD0U+x
                        MD5:A04816CC69F45D2D35B2B17E0825E516
                        SHA1:A39ED2ACB35D964DA48CA471B6C195F3CEE2DCE8
                        SHA-256:CF822EB734FE7C86232D3B73F14F75F20BC04E1D5D8AF273F2AA74009075CEAD
                        SHA-512:57B2F9B5ABA74F6007E522FC155B3AE1858DC2A685C02D4AD44B7B350E85CFB8FBC6B01AC7CF34AE1A6905D8B0FF1A248F17EAF07D87ED576982B559672FCAFB
                        Malicious:false
                        Reputation:low
                        Preview: .bd..Wr'^.)..NHA.'..y....2....Ib....n.C*...D.2.1n3$..pyB..:..b.j./..Q,*.8*yy<..u.. ..-....e...gN..-##})j.......t@.}."La.W./..'d}.0...?....Qf........]..hz.dQo..y].pJ.....S....KN....J..[.....=F.f~E.pP.i...L.'TZ..sx...v......%.~#....$
                        C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\VCPjXmY0pr.exe.log
                        Process:C:\Users\user\Desktop\VCPjXmY0pr.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):799
                        Entropy (8bit):5.2380578532104165
                        Encrypted:false
                        SSDEEP:12:Q3LaJcP0x8FcX8LB0hK9cLK9Vi0kaHYGLi1B01kKVdisk70Hy+/Qav:MLc98iKSKSaYgioQ9+r
                        MD5:E40C5BC96D6AB83BC7FB974CB8E061E8
                        SHA1:3C16DFDC96D788A19EABDA33C7BDD9ED50482741
                        SHA-256:3A40B63B6B44AB0E10C27B379DAC944CE97515D2686C966CB6949D20C1E4AAFD
                        SHA-512:55293DE42130B23FD18E0DC27FD92DC457CDBC5F34FD99C8C1DF8D4E8D15B69679C7B07C8DEDD837D3D1B3DB6DBC11A4DB099B9AEB86122950D060F6A9602DCD
                        Malicious:true
                        Reputation:low
                        Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_64\System\1201f26cb986c93f55044bb4fa22b294\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\5e91b88ac0255894c4e0248b14fc4649\System.ServiceProcess.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\6425e89da7aea5916b90f1899ae542fb\System.Configuration.Install.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b12bbcf27f41d96fe44360ae0b566f9b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\454c09ea87bde1d5f545d60232083b79\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\ae8d6eb6689c9ca2facd0d2924080164\System.Management.ni.dll",0..

                        Static File Info

                        General

                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                        Entropy (8bit):6.084065739720612
                        TrID:
                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                        • Win32 Executable (generic) a (10002005/4) 49.75%
                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                        • Windows Screen Saver (13104/52) 0.07%
                        • Generic Win/DOS Executable (2004/3) 0.01%
                        File name:VCPjXmY0pr.exe
                        File size:441344
                        MD5:053ddb3b6e38f9bdbc5fb51fdd44d3ac
                        SHA1:2f26c6f5a9dbf6bfb7690cb6949536775d1def92
                        SHA256:2d8151dabf891cf743e67c6f9765ee79884d024b10d265119873b0967a09b20f
                        SHA512:27c71d1565a7aa50f653c10e60e9b3316a7fc3817f8b38c6ef368c02b6397d803f3a4a9ec94c31c48d1a6fb24fc165aad1efb97d88a3ef7e8dabc6e3c1fdb4ea
                        SSDEEP:12288:u2xqzEzF/N1XnGuceEvjYRi8XYDfHI240uW+GciFav2zDqlhE:hZF1RK
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....TZ.........."...0.............N.... ........@.. ....................... ............@................................

                        File Icon

                        Icon Hash:00828e8e8686b000

                        Static PE Info

                        General

                        Entrypoint:0x46cf4e
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x400000
                        Subsystem:windows gui
                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                        DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                        Time Stamp:0x5A54D3B4 [Tue Jan 9 14:37:40 2018 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:v2.0.50727
                        OS Version Major:4
                        OS Version Minor:0
                        File Version Major:4
                        File Version Minor:0
                        Subsystem Version Major:4
                        Subsystem Version Minor:0
                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                        Entrypoint Preview

                        Instruction
                        jmp dword ptr [00402000h]
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x6cef40x57.text
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x6e0000x638.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x700000xc.reloc
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x20000x6af540x6b000False0.478949145736data6.09544139324IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        .rsrc0x6e0000x6380x800False0.32275390625data3.47697527169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .reloc0x700000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                        Resources

                        NameRVASizeTypeLanguageCountry
                        RT_VERSION0x6e0a00x3a6data
                        RT_MANIFEST0x6e4480x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                        Imports

                        DLLImport
                        mscoree.dll_CorExeMain

                        Version Infos

                        DescriptionData
                        Translation0x0000 0x04b0
                        LegalCopyrightTest Copyright
                        Assembly Version4.80.0.0
                        InternalNameAgent.exe
                        FileVersion4.80.0.0
                        CompanyNameSysinternals
                        LegalTrademarksSysinternals
                        CommentsSysinternals DebugView
                        ProductNameSysinternals DebugView
                        ProductVersion4.80.0.0
                        FileDescriptionSysinternals DebugView
                        OriginalFilenameAgent.exe

                        Network Behavior

                        No network behavior found

                        Code Manipulations

                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        Analysis Process: VCPjXmY0pr.exe PID: 4792 Parent PID: 6024

                        General

                        Start time:03:09:41
                        Start date:14/01/2021
                        Path:C:\Users\user\Desktop\VCPjXmY0pr.exe
                        Wow64 process (32bit):false
                        Commandline:'C:\Users\user\Desktop\VCPjXmY0pr.exe'
                        Imagebase:0x9b0000
                        File size:441344 bytes
                        MD5 hash:053DDB3B6E38F9BDBC5FB51FDD44D3AC
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:.Net C# or VB.NET
                        Reputation:low

                        Chronological Activities

                        Analysis Process: explorer.exe PID: 3424 Parent PID: 4792

                        General

                        Start time:03:09:51
                        Start date:14/01/2021
                        Path:C:\Windows\explorer.exe
                        Wow64 process (32bit):false
                        Commandline:
                        Imagebase:0x7ff6fee60000
                        File size:3933184 bytes
                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:.Net C# or VB.NET
                        Reputation:high

                        Chronological Activities

                        Disassembly

                        Code Analysis

                        Reset < >

                          Analysis Process: VCPjXmY0pr.exe PID: 4792 Parent PID: 6024 VCPjXmY0pr.exeCOMMON

                          Execution Graph

                          Execution Coverage:14%
                          Dynamic/Decrypted Code Coverage:0%
                          Signature Coverage:0%
                          Total number of Nodes:12
                          Total number of Limit Nodes:2

                          Graph

                          execution_graph 5851 624830c4 5852 624830e9 5851->5852 5853 624830cc 5851->5853 5860 62483070 GetModuleFileNameA 5853->5860 5856 624830df 5864 62483000 GetModuleFileNameA 5856->5864 5861 62483092 5860->5861 5862 62483096 PathFindFileNameA 5860->5862 5861->5852 5861->5856 5862->5861 5863 624830a4 lstrcmpiA 5862->5863 5863->5861 5865 6248302a 5864->5865 5866 62483020 LoadLibraryA 5864->5866 5867 62483034 CreateThread 5865->5867 5866->5865 5867->5852

                          Executed Functions

                          Function 00007FFA359F4B70, Relevance: 1.7, Strings: 1, Instructions: 422COMMON
                          Download Yara Rule

                          Control-flow Graph

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID: %&;7
                          • API String ID: 0-241692789
                          • Opcode ID: a040c0475c5e543493ed0c81bf2226c82980a5238794fcd412b6f60581f3c9b6
                          • Instruction ID: 39f66f236e9e26338c7db6ae5494f517d7f1aca861f2ed5d37d625733bb0ef45
                          • Opcode Fuzzy Hash: a040c0475c5e543493ed0c81bf2226c82980a5238794fcd412b6f60581f3c9b6
                          • Instruction Fuzzy Hash: 34C1292060CA4A4FE719AB6C8C99A7577D1FF9A306F1485BEE48FC7193EE19E4068740
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FDCF0, Relevance: .5, Instructions: 506COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 257 7ffa359fdcf0-7ffa359fdd2c 258 7ffa359fdd32-7ffa359fdd36 257->258 259 7ffa359fdec0-7ffa359fdeda 257->259 262 7ffa359fdd38-7ffa359fdd78 258->262 263 7ffa359fdd80-7ffa359fdd83 258->263 260 7ffa359fdfd3-7ffa359fdfe1 259->260 261 7ffa359fdee0-7ffa359fdef0 259->261 272 7ffa359fdfe9-7ffa359fe01b 260->272 273 7ffa359fdfe3-7ffa359fdfe8 260->273 261->260 264 7ffa359fdef6-7ffa359fdf0b 261->264 267 7ffa359fdfc3-7ffa359fdfd1 262->267 266 7ffa359fdd89-7ffa359fdda4 263->266 263->267 264->260 268 7ffa359fdf11-7ffa359fdf25 264->268 266->260 270 7ffa359fddaa-7ffa359fddb9 266->270 268->260 271 7ffa359fdf2b-7ffa359fdf54 268->271 270->260 275 7ffa359fddbf-7ffa359fddd3 270->275 282 7ffa359fdf56-7ffa359fdf7d 271->282 283 7ffa359fdf80-7ffa359fdfbb 271->283 277 7ffa359fe01c-7ffa359fe06c 272->277 273->272 275->260 276 7ffa359fddd9-7ffa359fdded 275->276 276->260 278 7ffa359fddf3-7ffa359fde07 276->278 287 7ffa359fe0d3-7ffa359fe0d6 277->287 288 7ffa359fe06e-7ffa359fe0ce 277->288 278->260 281 7ffa359fde0d-7ffa359fde1d 278->281 281->260 285 7ffa359fde23-7ffa359fde38 281->285 282->283 283->277 304 7ffa359fdfbd-7ffa359fdfbf 283->304 285->260 289 7ffa359fde3e-7ffa359fde52 285->289 290 7ffa359fe0d8-7ffa359fe11f 287->290 291 7ffa359fe125-7ffa359fe164 287->291 288->287 289->260 294 7ffa359fde58-7ffa359fdeb6 289->294 290->291 302 7ffa359fe168-7ffa359fe17c 291->302 294->267 305 7ffa359fe194-7ffa359fe1ce 302->305 306 7ffa359fe17e-7ffa359fe18d 302->306 304->267 314 7ffa359fe1d0-7ffa359fe1d1 305->314 315 7ffa359fe1dc-7ffa359fe1f3 305->315 306->305 314->315
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6df857e0dde9a9c9d70fd5ef7fbfb55de94cace6f89c6159b4babbb6576c4155
                          • Instruction ID: 9d3e5af78938bde5a9d9e6648c57b95a85653e0e74498a2842b3a6532a2e5cc7
                          • Opcode Fuzzy Hash: 6df857e0dde9a9c9d70fd5ef7fbfb55de94cace6f89c6159b4babbb6576c4155
                          • Instruction Fuzzy Hash: E4F13B30A0CA8A4FE769DF6C8C956B477D1EF56305F1484BEE44EC7193EE25D9028781
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F0130, Relevance: .5, Instructions: 460COMMON
                          Download Yara Rule

                          Control-flow Graph

                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5acc9209297eb26d7fbd3a3b711548d100ccc7abdc3ae7bcf8cd53190b8d29ad
                          • Instruction ID: 87d29d32d4df91fb81829ac5c91008a04f06d500b1100967ef343eb32ce144a4
                          • Opcode Fuzzy Hash: 5acc9209297eb26d7fbd3a3b711548d100ccc7abdc3ae7bcf8cd53190b8d29ad
                          • Instruction Fuzzy Hash: D8E1CE30608A0A4FEB5CDF6CC8956B577E1FB5D301B5545BEE80ECB287EE25E8428781
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F31A0, Relevance: .4, Instructions: 408COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 372 7ffa359f31a0-7ffa359f31e0 373 7ffa359f31e6-7ffa359f3201 372->373 374 7ffa359f32a0-7ffa359f32a4 372->374 377 7ffa359f3207-7ffa359f3216 373->377 378 7ffa359f3463-7ffa359f3471 373->378 375 7ffa359f32a6-7ffa359f32b4 374->375 376 7ffa359f3310-7ffa359f3314 374->376 381 7ffa359f32b6-7ffa359f32cf 375->381 382 7ffa359f32d0-7ffa359f330b 375->382 379 7ffa359f3452-7ffa359f3461 376->379 380 7ffa359f331a-7ffa359f3335 376->380 377->378 383 7ffa359f321c-7ffa359f3230 377->383 388 7ffa359f3479-7ffa359f34e5 call 7ffa359f2630 call 7ffa359f3070 378->388 389 7ffa359f3473-7ffa359f3478 378->389 380->378 384 7ffa359f333b-7ffa359f334a 380->384 381->382 382->379 383->378 386 7ffa359f3236-7ffa359f324a 383->386 384->378 387 7ffa359f3350-7ffa359f3364 384->387 386->378 392 7ffa359f3250-7ffa359f3276 386->392 387->378 393 7ffa359f336a-7ffa359f337e 387->393 404 7ffa359f34f0-7ffa359f3512 388->404 389->388 408 7ffa359f327d-7ffa359f329a 392->408 393->378 397 7ffa359f3384-7ffa359f3398 393->397 397->378 399 7ffa359f339e-7ffa359f33ae 397->399 399->378 402 7ffa359f33b4-7ffa359f33c9 399->402 402->378 405 7ffa359f33cf-7ffa359f33e3 402->405 406 7ffa359f3514-7ffa359f357f 404->406 407 7ffa359f3532-7ffa359f3635 call 7ffa359f3070 404->407 405->378 409 7ffa359f33e5-7ffa359f344e 405->409 417 7ffa359f3588-7ffa359f358d 406->417 418 7ffa359f3581-7ffa359f3586 406->418 422 7ffa359f3637-7ffa359f363c 407->422 423 7ffa359f3690-7ffa359f36a6 call 7ffa359f3070 407->423 408->379 409->379 421 7ffa359f3590-7ffa359f3598 417->421 418->421 421->404 426 7ffa359f3640-7ffa359f364b 422->426 423->426 427 7ffa359f3669-7ffa359f36b6 426->427 428 7ffa359f364d-7ffa359f3663 426->428
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 43f26b5cc12ef0f715f6a5058855772eb72dab3cdab6fc9f248e20bb1f2cd663
                          • Instruction ID: 9241d6cab7c201009749174e609766e74fdb466a8a1df098390ed44cd711cabc
                          • Opcode Fuzzy Hash: 43f26b5cc12ef0f715f6a5058855772eb72dab3cdab6fc9f248e20bb1f2cd663
                          • Instruction Fuzzy Hash: AED1193060C94A4FE719EF6C8C996B977D1EF5A306F1485BAE44FCB192EE29E4068740
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A03A4A, Relevance: .4, Instructions: 395COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 434 7ffa35a03a4a-7ffa35a03abe 435 7ffa35a03ac4-7ffa35a03ac7 434->435 436 7ffa35a03c50-7ffa35a03c6a 434->436 437 7ffa35a03ac9-7ffa35a03b0b 435->437 438 7ffa35a03b10-7ffa35a03b14 435->438 439 7ffa35a03d66-7ffa35a03d71 436->439 440 7ffa35a03c70-7ffa35a03c80 436->440 442 7ffa35a03d55-7ffa35a03d64 437->442 438->442 443 7ffa35a03b1a-7ffa35a03b35 438->443 449 7ffa35a03d79-7ffa35a03d89 439->449 450 7ffa35a03d73-7ffa35a03d78 439->450 440->439 444 7ffa35a03c86-7ffa35a03c9b 440->444 443->439 447 7ffa35a03b3b-7ffa35a03b4a 443->447 444->439 445 7ffa35a03ca1-7ffa35a03cb5 444->445 445->439 448 7ffa35a03cbb-7ffa35a03ce4 445->448 447->439 452 7ffa35a03b50-7ffa35a03b64 447->452 459 7ffa35a03ce6-7ffa35a03d0d 448->459 460 7ffa35a03d10-7ffa35a03d2b 448->460 453 7ffa35a03d2f-7ffa35a03d51 449->453 454 7ffa35a03d8a-7ffa35a03ddb 449->454 450->449 452->439 455 7ffa35a03b6a-7ffa35a03b7e 452->455 453->442 471 7ffa35a03de2-7ffa35a03df0 454->471 455->439 458 7ffa35a03b84-7ffa35a03b98 455->458 458->439 463 7ffa35a03b9e-7ffa35a03bae 458->463 459->460 460->453 463->439 464 7ffa35a03bb4-7ffa35a03bc9 463->464 464->439 468 7ffa35a03bcf-7ffa35a03be3 464->468 468->439 469 7ffa35a03be9-7ffa35a03c01 468->469 473 7ffa35a03c03-7ffa35a03c09 469->473 474 7ffa35a03c0d-7ffa35a03c49 469->474 473->474 474->442
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8ff4ab0a9f48757de7556c77139408e0c74ee498e7541cb1e4860172d4bf5d30
                          • Instruction ID: 41fb0f5600f61f8b578780994c967ab03cc9620a51dfb9400075805eb0293b06
                          • Opcode Fuzzy Hash: 8ff4ab0a9f48757de7556c77139408e0c74ee498e7541cb1e4860172d4bf5d30
                          • Instruction Fuzzy Hash: BCC15A20A1CA8A0FE7199B2C8C59574BBD1FF97705F1488BEE48EC7193ED1AE9079350
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A02CD3, Relevance: .1, Instructions: 138COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7c3ab078343a5fe50ed5fff18795f388b0203382b19aa473b7f036db71b3f2e9
                          • Instruction ID: 5f7887df5b229cc242cd2d525b5a36866ef609d64a8e1f4879fef14c140d00a2
                          • Opcode Fuzzy Hash: 7c3ab078343a5fe50ed5fff18795f388b0203382b19aa473b7f036db71b3f2e9
                          • Instruction Fuzzy Hash: 6741623072CA064FEB48AB2CC8557B977D1FF99715F14453EE08EC7292DE29A8418745
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 62483070, Relevance: 4.5, APIs: 3, Instructions: 23stringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.691090151.0000000062482000.00000040.00020000.sdmp, Offset: 62480000, based on PE: true
                          • Associated: 00000000.00000002.691082174.0000000062480000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.691097747.0000000062488000.00000004.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_62480000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID: FileName$FindModulePathlstrcmpi
                          • String ID:
                          • API String ID: 1239673384-0
                          • Opcode ID: f6d453ea646f6f3c922b207b367423bda0b431bb24591ce7258316df45b66201
                          • Instruction ID: 412b494f21fc138008bd43551cbcb2c6bfa5c37818f3d922680c829c8438fb8c
                          • Opcode Fuzzy Hash: f6d453ea646f6f3c922b207b367423bda0b431bb24591ce7258316df45b66201
                          • Instruction Fuzzy Hash: E7E04F60B36A0981EF155B31BC2879657966B4BBC4F588039CD1A82354EE3DC259CE00
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F0998, Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                          Download Yara Rule

                          Control-flow Graph

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID: gfff$gfff
                          • API String ID: 0-3084402119
                          • Opcode ID: 0d349b601e2d1c864f9e9c2a0a149b6960b0a468a743ce09671a038f87b5827e
                          • Instruction ID: 630cec6f89c6b8fd824334c10bf8d4aed06389527777c18dd664d416745e15fb
                          • Opcode Fuzzy Hash: 0d349b601e2d1c864f9e9c2a0a149b6960b0a468a743ce09671a038f87b5827e
                          • Instruction Fuzzy Hash: 60413821A196460FD30D9B7D9C957603BD2EB86201F1882BAE84ACB2D7ED19D842C340
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F755E, Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                          Download Yara Rule

                          Control-flow Graph

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID: #$$
                          • API String ID: 0-144778460
                          • Opcode ID: 281a386faf819db8272a8b1cedac635a4bccfe3c36ec4bd4d9562ab74934a27b
                          • Instruction ID: 449d7575986f97909ea496dca60b04b4dc8438289ba04a0347a5d1d8550185e5
                          • Opcode Fuzzy Hash: 281a386faf819db8272a8b1cedac635a4bccfe3c36ec4bd4d9562ab74934a27b
                          • Instruction Fuzzy Hash: 4B5124A680E7C25FD31387B45C796907FB0AF17218B0E89DBC4C48F0A3E6485A5AD363
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FD350, Relevance: 1.6, Strings: 1, Instructions: 377COMMON
                          Download Yara Rule

                          Control-flow Graph

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID: XA5
                          • API String ID: 0-2566181221
                          • Opcode ID: 4457ff80244d55b8f4c82549e8f9a83c0b0a22550b83cb57498eb1faa60f4587
                          • Instruction ID: 3a14a7b51226ad337f9413a352a3f502ee8bbf5832c5e02c1893c05291723f88
                          • Opcode Fuzzy Hash: 4457ff80244d55b8f4c82549e8f9a83c0b0a22550b83cb57498eb1faa60f4587
                          • Instruction Fuzzy Hash: D0B11A3060CA4A4FE759EB6C889967477D1EF5A306F5589BEE08FC7193EF1AE4068700
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A003D1, Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 137 7ffa35a003d1-7ffa35a00433 138 7ffa35a00439-7ffa35a0043e 137->138 139 7ffa35a004d6-7ffa35a004e5 137->139 140 7ffa35a00440-7ffa35a0046c 138->140 141 7ffa35a004ec-7ffa35a0050b 139->141 144 7ffa35a0046e-7ffa35a004d0 140->144 145 7ffa35a0048a-7ffa35a00610 140->145 141->140 149 7ffa35a004d5-7ffa35a004e5 144->149 149->141
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID: SzY
                          • API String ID: 0-3735863383
                          • Opcode ID: c81ac1a007949cb3c60521eb15fbf00a227812be0a44e7c4fcb3cd1cf5e75b3c
                          • Instruction ID: e524dcf5c87e4ee069bdf8c63f1a75869b2b8de1dd4d97941bf56b322976327e
                          • Opcode Fuzzy Hash: c81ac1a007949cb3c60521eb15fbf00a227812be0a44e7c4fcb3cd1cf5e75b3c
                          • Instruction Fuzzy Hash: 8821BE10A1C2490FE3189B2C9C0A6B677C0EF47311F45817EE0CFC7093ED5AA807A2D0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A004D0, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 150 7ffa35a004d0 151 7ffa35a004d5-7ffa35a004e5 150->151 152 7ffa35a004ec-7ffa35a0050b 151->152 157 7ffa35a0046e-7ffa35a00484 152->157 158 7ffa35a0048a-7ffa35a00610 152->158 157->150
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID: SzY
                          • API String ID: 0-3735863383
                          • Opcode ID: 686f842a33def47b56af2b2f3160c40a799bf595dc45e2566dc9f99a2edfc073
                          • Instruction ID: e57ce8f3c86f0d4fe8e87e1793c3536447b5eb4a9497beb976217fd8bee625f0
                          • Opcode Fuzzy Hash: 686f842a33def47b56af2b2f3160c40a799bf595dc45e2566dc9f99a2edfc073
                          • Instruction Fuzzy Hash: 88017611E2854A0FEB08AB2C88057B931C0FF45700F94853EE04FCB2C3EE29A804A384
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F4A47, Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 160 7ffa359f4a47-7ffa359f4a50 162 7ffa359f4a57-7ffa359f4a9d call 7ffa359f3070 160->162
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID: $ob.
                          • API String ID: 0-3330436994
                          • Opcode ID: 25368fb759048a0bbb657e9d7995d7d5fb4b6ceafbe84de4acea6951a3099051
                          • Instruction ID: 09eb6f5d0f4c15524924e0530cca81429f147b88b6e563b3f20903d0f39f535e
                          • Opcode Fuzzy Hash: 25368fb759048a0bbb657e9d7995d7d5fb4b6ceafbe84de4acea6951a3099051
                          • Instruction Fuzzy Hash: BBF0A740E2CEC60FEB55B37848963B86AF1EF4E201F4085F9E04ECB297DE596804C701
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F0D0C, Relevance: .6, Instructions: 581COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 168 7ffa359f0d0c-7ffa359f0d40 169 7ffa359f0d46 168->169 170 7ffa359f0df3-7ffa359f0e00 168->170 171 7ffa359f0d50-7ffa359f0d5e 169->171 172 7ffa359f0d64-7ffa359f0dac call 7ffa359f08f0 171->172 173 7ffa359f0e02-7ffa359f0e0d 171->173 172->173 180 7ffa359f0dae-7ffa359f0ded call 7ffa359f08f0 172->180 177 7ffa359f0e15-7ffa359f0e71 173->177 178 7ffa359f0e0f-7ffa359f0e14 173->178 185 7ffa359f0e73-7ffa359f0e87 177->185 186 7ffa359f0ed0-7ffa359f0ed3 177->186 178->177 180->170 180->171 187 7ffa359f0e8d-7ffa359f0ecb 185->187 188 7ffa359f124a-7ffa359f1278 185->188 190 7ffa359f0ed9-7ffa359f0eeb 186->190 191 7ffa359f1211-7ffa359f1248 186->191 187->186 192 7ffa359f0ef0-7ffa359f0f0e 190->192 192->188 196 7ffa359f0f14-7ffa359f0f24 192->196 200 7ffa359f0fba-7ffa359f0fcb 196->200 201 7ffa359f0f2a-7ffa359f0f4a 196->201 200->188 202 7ffa359f0fd1-7ffa359f0fe2 200->202 210 7ffa359f0f81-7ffa359f0f91 201->210 211 7ffa359f0f4c-7ffa359f0f78 201->211 208 7ffa359f1108-7ffa359f112c 202->208 209 7ffa359f0fe8-7ffa359f0ff9 202->209 219 7ffa359f1135-7ffa359f1149 208->219 209->188 212 7ffa359f0fff-7ffa359f100f 209->212 216 7ffa359f0f98-7ffa359f0fb5 210->216 222 7ffa359f0f7f 211->222 217 7ffa359f1076-7ffa359f1087 212->217 218 7ffa359f1011-7ffa359f1027 212->218 229 7ffa359f1200-7ffa359f120b 216->229 217->188 221 7ffa359f108d-7ffa359f109d 217->221 218->188 223 7ffa359f102d-7ffa359f103d 218->223 219->188 228 7ffa359f114f-7ffa359f1168 219->228 230 7ffa359f10a3-7ffa359f10b4 221->230 231 7ffa359f109f-7ffa359f10a1 221->231 222->216 232 7ffa359f10e3-7ffa359f10ef 223->232 233 7ffa359f1043-7ffa359f1071 223->233 238 7ffa359f11d0-7ffa359f11d6 228->238 239 7ffa359f116a-7ffa359f1186 228->239 229->191 229->192 230->188 236 7ffa359f10ba-7ffa359f10ca 230->236 235 7ffa359f10db-7ffa359f10e1 231->235 240 7ffa359f10f6-7ffa359f1103 232->240 233->229 235->232 249 7ffa359f10d1-7ffa359f10d4 236->249 250 7ffa359f10cc-7ffa359f10cf 236->250 243 7ffa359f11d8-7ffa359f11de 238->243 244 7ffa359f11e0-7ffa359f11e4 238->244 241 7ffa359f1188-7ffa359f11a4 239->241 242 7ffa359f11a6-7ffa359f11ce 239->242 240->238 241->238 242->238 243->244 248 7ffa359f11e6-7ffa359f11f1 243->248 244->191 244->248 254 7ffa359f11f8-7ffa359f11fe 248->254 251 7ffa359f10d8-7ffa359f10d9 249->251 250->251 251->235 254->229
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9719adadb848a0c08bc89a52137902ecbf982f1659b15d4a2ec0daa559b82a72
                          • Instruction ID: 81906bc297fe01dd4ab6f5fb25b20b48c2c47714723487877aea1f6d8908f317
                          • Opcode Fuzzy Hash: 9719adadb848a0c08bc89a52137902ecbf982f1659b15d4a2ec0daa559b82a72
                          • Instruction Fuzzy Hash: EA02E430A1C64A4FEB44EB6CC881AB977D1FF96700F50857AE44EC7296DE26F8429781
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F127A, Relevance: .3, Instructions: 302COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 479 7ffa359f127a-7ffa359f12df 482 7ffa359f12e3-7ffa359f12e8 479->482 483 7ffa359f1340-7ffa359f1346 482->483 484 7ffa359f12ea-7ffa359f12ff 482->484 486 7ffa359f14d1-7ffa359f1537 483->486 487 7ffa359f134c-7ffa359f1358 483->487 485 7ffa359f1302-7ffa359f1307 484->485 485->486 488 7ffa359f130d-7ffa359f1319 485->488 497 7ffa359f1540-7ffa359f1563 486->497 487->486 489 7ffa359f135e-7ffa359f136a 487->489 488->486 490 7ffa359f131f-7ffa359f1333 488->490 489->486 492 7ffa359f1370-7ffa359f137c 489->492 490->485 493 7ffa359f1335-7ffa359f133f 490->493 492->486 494 7ffa359f1382-7ffa359f139c 492->494 493->483 494->482 496 7ffa359f13a2-7ffa359f13b9 494->496 496->486 500 7ffa359f13bf-7ffa359f13c0 496->500 501 7ffa359f1565-7ffa359f156d 497->501 502 7ffa359f13c8-7ffa359f13d8 500->502 502->486 503 7ffa359f13de-7ffa359f13fc 502->503 503->486 505 7ffa359f1402-7ffa359f1420 503->505 505->486 507 7ffa359f1426-7ffa359f143f 505->507 509 7ffa359f1440-7ffa359f1446 507->509 509->486 510 7ffa359f144c-7ffa359f145e 509->510 510->486 511 7ffa359f1460-7ffa359f1472 510->511 511->486 512 7ffa359f1474-7ffa359f1484 511->512 512->509 513 7ffa359f1486-7ffa359f14bc 512->513 513->486
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f5d116e32d4539a688058d2510b91dae2364884e91a8680799df079ce2a2a36b
                          • Instruction ID: 72ae4b43a24102e21cbf270b963c9046581cde6f130f034bf09ffcbb743bb6c9
                          • Opcode Fuzzy Hash: f5d116e32d4539a688058d2510b91dae2364884e91a8680799df079ce2a2a36b
                          • Instruction Fuzzy Hash: C891E13060CA0A4FEB09EF6CC884A647791FB5A705F2445BDD94EC7297DF25E842DB84
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FBD5E, Relevance: .3, Instructions: 297COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 516 7ffa359fbd5e-7ffa359fbf29 527 7ffa359fbf2c-7ffa359fbf95 516->527 533 7ffa359fbf97-7ffa359fbf98 527->533 534 7ffa359fbfa0-7ffa359fbfa5 527->534 533->534 535 7ffa359fbfa7-7ffa359fbfa8 534->535 536 7ffa359fbfb0-7ffa359fbfb5 534->536 535->536 537 7ffa359fbfb7-7ffa359fbfb8 536->537 538 7ffa359fbfc0-7ffa359fbfc5 536->538 537->538 539 7ffa359fbfc7-7ffa359fbfc8 538->539 540 7ffa359fbfd0-7ffa359fbfd5 538->540 539->540 541 7ffa359fbfd7-7ffa359fbfd8 540->541 542 7ffa359fbfe0-7ffa359fbfe5 540->542 541->542 543 7ffa359fbfe7-7ffa359fbfe8 542->543 544 7ffa359fbff0-7ffa359fbff5 542->544 543->544 545 7ffa359fbff7-7ffa359fc036 544->545 546 7ffa359fc041-7ffa359fc055 544->546 545->546 550 7ffa359fc038-7ffa359fc039 545->550 550->546
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 613e8e5dd83949b3cf0551318f3712d66a9604f00f9c412a2ff414e927f78c2e
                          • Instruction ID: 5c66a2af1d60f16f638b82ebf5a43bcc65c2ee815c2b68518fdb7148e9cb026f
                          • Opcode Fuzzy Hash: 613e8e5dd83949b3cf0551318f3712d66a9604f00f9c412a2ff414e927f78c2e
                          • Instruction Fuzzy Hash: EFA13970518A8D8FEBA4EF68C849BE97BE1FF19305F44816AE90DC7192DB359885CB40
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F374D, Relevance: .3, Instructions: 270COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2b7f8a496075086f4e78f65b4cbc52ea5be4462b631d0332dfdfbb5fc054487e
                          • Instruction ID: 94b42fac234b6e2c2378608034f08316c87a9057e7a33648d49e90a506e30d93
                          • Opcode Fuzzy Hash: 2b7f8a496075086f4e78f65b4cbc52ea5be4462b631d0332dfdfbb5fc054487e
                          • Instruction Fuzzy Hash: 8491AF70518A8D4FDBB5DF589C867E83BE0EF49310F10417AD84DCB296DE38AA858781
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FCE69, Relevance: .3, Instructions: 266COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 779830ebe3f4d12b209f6d1b1e3cd02aeeb4231da642822554daa5e09a1e9ab1
                          • Instruction ID: bff73f7c11f00e77d8729c7581d087c5db75b754a9f69ebda056fd8c2669fa01
                          • Opcode Fuzzy Hash: 779830ebe3f4d12b209f6d1b1e3cd02aeeb4231da642822554daa5e09a1e9ab1
                          • Instruction Fuzzy Hash: CE913970518A4D9FEBA4EF68C889BE93BE0FF59315F94407AE80DC7192DB359884CB40
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A02F85, Relevance: .2, Instructions: 222COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f15835bf670f2809a3f440bd58e9365864649adf2cc8a767264590c4971bdcb5
                          • Instruction ID: 773a36efa10b5b7c03629624d7741f191109fc4d7cd18d6600cb8c266ade6087
                          • Opcode Fuzzy Hash: f15835bf670f2809a3f440bd58e9365864649adf2cc8a767264590c4971bdcb5
                          • Instruction Fuzzy Hash: 8E51C37091CA8D4FEB799F18988A7F47BD0EF4A700F5481BAD84DCB287DE785A458780
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F06C2, Relevance: .2, Instructions: 217COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1be8b67282a54509fe4c9909fd37ba0b32a36065201a6c32e2b23519d489ef93
                          • Instruction ID: 58bc9b4e69ca23cc52404adba0852ba8b1e60e5dee55afcdb8d7375091db8a83
                          • Opcode Fuzzy Hash: 1be8b67282a54509fe4c9909fd37ba0b32a36065201a6c32e2b23519d489ef93
                          • Instruction Fuzzy Hash: 19510820B18A4A4FEB85EB7888857A6B7D1FF99710F50857AE04EC71D3DE38E8458781
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F7761, Relevance: .2, Instructions: 200COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 164cb1d5e14de1764a96cb7020cc9b154c930a9b0d3555ba7d9b0ec05a7f43ba
                          • Instruction ID: f48b7dd5e6bf2f15d6cb9db1fff7adf7b1faeaac16a371eaaf39d15ad2207f2c
                          • Opcode Fuzzy Hash: 164cb1d5e14de1764a96cb7020cc9b154c930a9b0d3555ba7d9b0ec05a7f43ba
                          • Instruction Fuzzy Hash: 65614970508A4D8FEB68EF68C8497E93BE0FB19301F50417BE84EC7152EF3595459B80
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F8D59, Relevance: .2, Instructions: 185COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7524db20096cbde6c1c9c4bd9f5c909ac2513fe70857fa2f3fea5ef0b9fef70a
                          • Instruction ID: aaacdeb4d58003c6ac6e296b4f4a7dbe7c8ec54d5b4c694dd16f05acaa148150
                          • Opcode Fuzzy Hash: 7524db20096cbde6c1c9c4bd9f5c909ac2513fe70857fa2f3fea5ef0b9fef70a
                          • Instruction Fuzzy Hash: 7B518E70518B8D8FEBA4DF18C885BE93BE1FB19310F50816AE44DC7292DF34A645C781
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F0BAD, Relevance: .2, Instructions: 154COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ec4d2e9f80a942b775bb287ead21e3bfc7e3f600150259030b3a9646eb5d90be
                          • Instruction ID: 7527b4e17786ba720acad545828be7f061dc3fc7a699d8b7011c1c5d0ffe50b3
                          • Opcode Fuzzy Hash: ec4d2e9f80a942b775bb287ead21e3bfc7e3f600150259030b3a9646eb5d90be
                          • Instruction Fuzzy Hash: 70411430A086464FDB459B6CCC957623BE5EF42315F0581FAD40ECB287DF2AE8468790
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F78E0, Relevance: .1, Instructions: 122COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8f63e948d1d5ab75e8e52965ae88a7732ee2a04e28e23efab0c3342db27dd225
                          • Instruction ID: 05b7fc0f72bf0c1c69e91def84cdfbb9d4206ce8b9515c18e527869e94f577aa
                          • Opcode Fuzzy Hash: 8f63e948d1d5ab75e8e52965ae88a7732ee2a04e28e23efab0c3342db27dd225
                          • Instruction Fuzzy Hash: CC41903452850B8FEB68AB988C517F937D1FF16702FA0413BE44FC72A6DF2A69059784
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F0581, Relevance: .1, Instructions: 119COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0050a7d52b45731d00da87844e0cfce0cc567d5a7e46adfd12e3c0003088be94
                          • Instruction ID: b008d103341cedff94d5a2f47e001e712dddc5cc4d009d8cdc38aaa78e87fa95
                          • Opcode Fuzzy Hash: 0050a7d52b45731d00da87844e0cfce0cc567d5a7e46adfd12e3c0003088be94
                          • Instruction Fuzzy Hash: 9C31D310F1C90A9FEB55A3789C16BBA67D2EF86610F508679D04EC75C7DE29E80683C1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FFAEC, Relevance: .1, Instructions: 118COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0333f1d8468ced71501389e4f9e2fee327fa81c5a211dd19dd2759f065f5da14
                          • Instruction ID: 430d3ba7f94f0b5c17bfcac2c264a37ebfff2d93b0f0234a3cb2088fc769e7a6
                          • Opcode Fuzzy Hash: 0333f1d8468ced71501389e4f9e2fee327fa81c5a211dd19dd2759f065f5da14
                          • Instruction Fuzzy Hash: AE31F01091D28B0FE712AB788868BB93FA4EF47712F1981FBD48DCB197EE196805D351
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F170F, Relevance: .1, Instructions: 117COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6462082df8537fd4275068a8653cbc871a1cfe4f14eafffb6dc52dad7cf76734
                          • Instruction ID: 40246b13b9754d9e07879ce254fd2bd72f9fea0b7e0ce9dd663652597f816c71
                          • Opcode Fuzzy Hash: 6462082df8537fd4275068a8653cbc871a1cfe4f14eafffb6dc52dad7cf76734
                          • Instruction Fuzzy Hash: 4021E12050D6C30FE7065778D8896663FA0EF03705F6848FAC14DCB0D7DA1EA886D381
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F2261, Relevance: .1, Instructions: 110COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 708ee5dacc00d317bb6ae0d0e426d05c51fd13f9f87daffdb76ed624ed55caa9
                          • Instruction ID: 3d84a91c0345656a00ebae9f3cd336193cb0f63b7943b36f63be89e60c35f4bc
                          • Opcode Fuzzy Hash: 708ee5dacc00d317bb6ae0d0e426d05c51fd13f9f87daffdb76ed624ed55caa9
                          • Instruction Fuzzy Hash: 2921D12160D2861FE7169B78C8965B27F90DF47310B0980FAD4CACB157ED0AA90AC382
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A011D9, Relevance: .1, Instructions: 105COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1e4cd9de6559f16f5f4ced2c944a7dacba0f5f413464f055149b2d0ef469697d
                          • Instruction ID: 4c8049777488ae5fa169785de155127dc486d71596687525aaa8aeeb3276512a
                          • Opcode Fuzzy Hash: 1e4cd9de6559f16f5f4ced2c944a7dacba0f5f413464f055149b2d0ef469697d
                          • Instruction Fuzzy Hash: 3E31B22091D7CA5FD7029B384C693E87FA0AF07310F0981FAE48DCB193DA6999459792
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A019BB, Relevance: .1, Instructions: 102COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5f8e02b89647dc20ad10be5abea340e64dc70083f2fd9984b5f2dad3d2e42dc9
                          • Instruction ID: 4c11243e59d4b392ec9efbff0cf5a705b7d403f14279910c4d1963698370690b
                          • Opcode Fuzzy Hash: 5f8e02b89647dc20ad10be5abea340e64dc70083f2fd9984b5f2dad3d2e42dc9
                          • Instruction Fuzzy Hash: 0E212421A2C7860FE311466C6C057F27BE0EF47305F0941BAF488C71D3DA6EC949A352
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A02ED7, Relevance: .1, Instructions: 101COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5bf705fc0cf881a4363be5666822baf164262993938658c4445c52e375da6dbc
                          • Instruction ID: 9af25d5e21d2ec8b2ee4a01c903e5c8fdc6bdb41a7c21945be063a0bb98ee4ab
                          • Opcode Fuzzy Hash: 5bf705fc0cf881a4363be5666822baf164262993938658c4445c52e375da6dbc
                          • Instruction Fuzzy Hash: 29214B21B1C7860FE356936C98956747BD2DFCB661B0881FAD04DC7293DE0A9C069381
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A04289, Relevance: .1, Instructions: 100COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 061a5e9cab52d9e2895dc7647a06b7bec87574bc05e6ea651249689b01d2ee19
                          • Instruction ID: 1315597e29af4f5f7d7ff85f90687fe139b9633ae2c302bab54c205097995e3b
                          • Opcode Fuzzy Hash: 061a5e9cab52d9e2895dc7647a06b7bec87574bc05e6ea651249689b01d2ee19
                          • Instruction Fuzzy Hash: DC21222061C7861FE74697B88846BF53BE0EF57311F0940FEE088CB193E95DD90A93A2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FD8C4, Relevance: .1, Instructions: 97COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 76f728add225741003a9831413f0368adfc1211ad6aac980e190b8821f451933
                          • Instruction ID: 45ffb253b0d559084c8225bca95b6a1cb1ed9e15de410a69b8dd9049675bf7ef
                          • Opcode Fuzzy Hash: 76f728add225741003a9831413f0368adfc1211ad6aac980e190b8821f451933
                          • Instruction Fuzzy Hash: 9421262461CA4B4EE719ABAC8C952F837D0EB16306F55417BC44FCB296EE1AB4469380
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A018C2, Relevance: .1, Instructions: 95COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6e2f9d71c7b9f53f2943398b979bc4c8208b785dfc34cba72b43a3198d49fcca
                          • Instruction ID: 2e93f43d9d267dc9530e050ce6becd63bbb26fd9e13ba1285f28a355873f076d
                          • Opcode Fuzzy Hash: 6e2f9d71c7b9f53f2943398b979bc4c8208b785dfc34cba72b43a3198d49fcca
                          • Instruction Fuzzy Hash: 2021262082C6874FE70AAB388C597B57BE0EF56304F4545BEE08ECB1A3EE199945C341
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F2AEB, Relevance: .1, Instructions: 93COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 40a3e04feeecdd1cfe5993a41cbc18584c353e26a330b9815ea3de762bd30566
                          • Instruction ID: 038e2ccefa1ce86904013d0a94cd3b4eee48369a469446e3856b900552ad3e0e
                          • Opcode Fuzzy Hash: 40a3e04feeecdd1cfe5993a41cbc18584c353e26a330b9815ea3de762bd30566
                          • Instruction Fuzzy Hash: 6A213421A0CA0A0FEB65E7989C867B537D4EB5B312F0400FBD80DCB287EE18AC014392
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FEDC8, Relevance: .1, Instructions: 91COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 961f02beea042e3c9eded5cae737a1a070672bac23709b8053e1ffb534fa3456
                          • Instruction ID: f419264cace2f6db5751c55638f92334621defc340b0a012826bfbe30f97cf07
                          • Opcode Fuzzy Hash: 961f02beea042e3c9eded5cae737a1a070672bac23709b8053e1ffb534fa3456
                          • Instruction Fuzzy Hash: 5321B535A2C54B4EE798AF5CDC521F93381EF56711B50813BE00FC729ADF2A684293C5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A04505, Relevance: .1, Instructions: 90COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5f5081b8c3b308e8c96b89aafa4994eca6776ad3f6fe926e4935c803e9ca7ffb
                          • Instruction ID: 2c56436f2381c7a1fd86f0f67f4aa231e903c9241366be428a27453d20cdeeb9
                          • Opcode Fuzzy Hash: 5f5081b8c3b308e8c96b89aafa4994eca6776ad3f6fe926e4935c803e9ca7ffb
                          • Instruction Fuzzy Hash: 6611AF51D2D7C61FE34693380C2A2A5BFD1AF57510F0885FBE48DC7193DD1968089382
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F2462, Relevance: .1, Instructions: 84COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2620fb13ffdb170c6766638f6c85e415746c096517667f2d517d04e168557c3f
                          • Instruction ID: 354ccf35222957cb3605f7ec9907cd714b75a91db83ec2f7839a15f02b45dad4
                          • Opcode Fuzzy Hash: 2620fb13ffdb170c6766638f6c85e415746c096517667f2d517d04e168557c3f
                          • Instruction Fuzzy Hash: 97116D7150864A9FEB459F28CC4A7A63FA0FF16315F0081ABE40ECB192DF7999458791
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A01C0D, Relevance: .1, Instructions: 83COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 11674759336e39de2e0a23f8af17c5884e6b3b343bda277283a44acded6453a6
                          • Instruction ID: 6500b27b633c8d3aee8c1bde23b70e26e04e6804caa7b4140700cef5df0434a9
                          • Opcode Fuzzy Hash: 11674759336e39de2e0a23f8af17c5884e6b3b343bda277283a44acded6453a6
                          • Instruction Fuzzy Hash: DB11A22086D2C74FE70A577888A86A07FE1EF07724F0A41EAD089CF1A3D9195849D355
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F3A82, Relevance: .1, Instructions: 79COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 602898278eefd6119698762b6a09f35ea892acc6a7bc6e63f34023560cc04b83
                          • Instruction ID: 145702b617c4cb4777e4a65094ea8c96430e860d827d99cde6ef625cc73db057
                          • Opcode Fuzzy Hash: 602898278eefd6119698762b6a09f35ea892acc6a7bc6e63f34023560cc04b83
                          • Instruction Fuzzy Hash: D321AC2041D3C64FD3479B788855AA67FE0EF57211F4A85EFE089CB1A3DE1A8809C752
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FE9AA, Relevance: .1, Instructions: 75COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e6972edbd1bf6ae3dce27cc207b91b2e80194b0c3ebbefd300379291274832e3
                          • Instruction ID: 964886f734f58338836da6181ae63c92ed5112977d36cbd0e55d34552144f59f
                          • Opcode Fuzzy Hash: e6972edbd1bf6ae3dce27cc207b91b2e80194b0c3ebbefd300379291274832e3
                          • Instruction Fuzzy Hash: F9111241B28A460FEBA4B77C0C977BAA2C2EF9A601F94D479E00ED36C7DD1DE8455242
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FE373, Relevance: .1, Instructions: 75COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6f69bfc73de56d2f93cc7058463ca13518b8cfb7a90ee6c252dbf90651ac354d
                          • Instruction ID: cb1f04433263f43b9755699862e0c1b31910eb0c54f14eb02041bc102a7c5c28
                          • Opcode Fuzzy Hash: 6f69bfc73de56d2f93cc7058463ca13518b8cfb7a90ee6c252dbf90651ac354d
                          • Instruction Fuzzy Hash: 97112365C0C6870FEB84976C58592B62BE0EF56606F1481BBE08DDB1A7EF9AAC019341
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FECD6, Relevance: .1, Instructions: 71COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b55163c17cd8e808788c012cce565525e53e97f71982787ea40db2f6cd632b3a
                          • Instruction ID: 06b345447dd7c744c16edfdf0fdd6fc9ea767e000371eccfcd90665f1f3ce226
                          • Opcode Fuzzy Hash: b55163c17cd8e808788c012cce565525e53e97f71982787ea40db2f6cd632b3a
                          • Instruction Fuzzy Hash: 0C112911B28B4A0FEB98AB6C4C967B976D2EF5A601F44807EF40EC72D7DD29EC055381
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F28F4, Relevance: .1, Instructions: 66COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7232fc00fd24c13851130429fc505a1b1f3d6bdb4ac2b9fbc20fe275ba240fd5
                          • Instruction ID: 7e3fc594cafcb4192ba7f22476bcfa6aab3ddf5f6f1a1772baf86a6db052f97c
                          • Opcode Fuzzy Hash: 7232fc00fd24c13851130429fc505a1b1f3d6bdb4ac2b9fbc20fe275ba240fd5
                          • Instruction Fuzzy Hash: F11136A194E7C25FD3034B7408622907FB09F17210B4A40E7D488CF1E3E91A6D8AD362
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F2CB9, Relevance: .1, Instructions: 66COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 111b718a061dc8f7e624ccebd1ece4a3e72320baf454bdc0f3dc347df3b72743
                          • Instruction ID: cc51c62abf42bc67a04a7b810e686eaf014cb3fb1569861660df0211933a7f0f
                          • Opcode Fuzzy Hash: 111b718a061dc8f7e624ccebd1ece4a3e72320baf454bdc0f3dc347df3b72743
                          • Instruction Fuzzy Hash: 51014555A0DA4B1FEB05A36C8C817B427A0EF9B315F5504BBD00ECB1A3EE1DA8869350
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A04463, Relevance: .1, Instructions: 65COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8e5608e580140a17c487416b4d89a73c028f708b7b30499e82e6c94d123c4d07
                          • Instruction ID: ab64b28e6c22c2217127c1755624710a81a405017482133377e2353de095f94a
                          • Opcode Fuzzy Hash: 8e5608e580140a17c487416b4d89a73c028f708b7b30499e82e6c94d123c4d07
                          • Instruction Fuzzy Hash: 3C11A941F1DB860FE395A77C0C6A3B9ABD1EFAA510B1884BBD44EC72D7EC19A8454342
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F2BB5, Relevance: .1, Instructions: 63COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 371d9911dce23283627c74aeb5a4179ca42b6c2d3fc8a4d8a1a8693e1d6b3abb
                          • Instruction ID: 44a0f24774c03a526b4b037b2ad8bf38d32931301997200e99fd389cbd87f5eb
                          • Opcode Fuzzy Hash: 371d9911dce23283627c74aeb5a4179ca42b6c2d3fc8a4d8a1a8693e1d6b3abb
                          • Instruction Fuzzy Hash: 70112156A0DF8F0FEB92D75C0C903B836D0DB6B212B0840BBC40ECB296CD19980A8381
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FECFD, Relevance: .1, Instructions: 59COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a3368bcdac7b1fad0f93c958ee1f425e98f681c53e0fc1382da454231ed77901
                          • Instruction ID: 4909524e2ce3d41a716838d49fc202f51fec5179ddbab3669df668c1c331d68c
                          • Opcode Fuzzy Hash: a3368bcdac7b1fad0f93c958ee1f425e98f681c53e0fc1382da454231ed77901
                          • Instruction Fuzzy Hash: 4C010411B18B4A0FEB98AB7C0C5A77876D2EB9A601F589079E40EC32D3EC28E84543C1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FE2A9, Relevance: .1, Instructions: 55COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ab6a3a5cbb42c11f1f7abea2038d522829af50e5689f14d3c030b07552567a9d
                          • Instruction ID: b99c2046e47254247292070998f0cdd6eb6e98bad2844de48e2542524ac5b6f8
                          • Opcode Fuzzy Hash: ab6a3a5cbb42c11f1f7abea2038d522829af50e5689f14d3c030b07552567a9d
                          • Instruction Fuzzy Hash: C9012615B0CE870EEBA663AC18952BC17C18FA7211F0980BBD90CC61C7EE495C494381
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F2A52, Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 06268807cd2f683d878ffa680c77bda09f875e8bad1e657d7980101788b7c6c6
                          • Instruction ID: 93a8247a60a0cec37f6bf0918d6a60eb271dc19018475569d292148b4293a15f
                          • Opcode Fuzzy Hash: 06268807cd2f683d878ffa680c77bda09f875e8bad1e657d7980101788b7c6c6
                          • Instruction Fuzzy Hash: CFF03A2540D6CB8FDB569B389C196617F71EF07601F0A85E7E04DDB0A3DF1A9804C762
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A0070D, Relevance: .1, Instructions: 51COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2b2f896b89b8cace0776d65ecf6fb824d826f062a300b32b2d1192d4418477d8
                          • Instruction ID: d83837ae9282fdd88ea8dee26cdaa4389894d4f9bad2e8268c9e4f980d4e0076
                          • Opcode Fuzzy Hash: 2b2f896b89b8cace0776d65ecf6fb824d826f062a300b32b2d1192d4418477d8
                          • Instruction Fuzzy Hash: 5EF0595169DE4F1EFB15A32C9C85BF237A0EB6A314F9504BBC00AC7053EC1EA4869390
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A02B30, Relevance: .0, Instructions: 50COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5118102d32373f6eac7fbba878d5620c6666ba644656dc8d0914d1fd86443800
                          • Instruction ID: ddee69b0c13eca5b6dece5df5dc0435f899b7eb89b9a14010299c26a958850d1
                          • Opcode Fuzzy Hash: 5118102d32373f6eac7fbba878d5620c6666ba644656dc8d0914d1fd86443800
                          • Instruction Fuzzy Hash: 36014211928B4B4FE3187B6C48942F537C0EF27310F48007AE04EC32A2ED0EB886A345
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FFFF7, Relevance: .0, Instructions: 49COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 09d8da354ab3ff0e29349ec3477a76d7e8240d341692ee93a9db080d9ebdcec6
                          • Instruction ID: 01632d2b7c18b29072578ce66c3421a8999389cd644a75f2b289c0fb4f27fa55
                          • Opcode Fuzzy Hash: 09d8da354ab3ff0e29349ec3477a76d7e8240d341692ee93a9db080d9ebdcec6
                          • Instruction Fuzzy Hash: 3801A424718E0F4FFA58B77C48992B832C6EB5A701FA0413BD00FC32EAED28B8415384
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A00912, Relevance: .0, Instructions: 48COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f53582205002c4bb7e4edfb6fe0be09ac8e7de8aebba4dd46ce8da5a0449ce03
                          • Instruction ID: 88f100d9723c3ffb759910d7d870512f421cd5724be33f654ba0c2a438ebed6b
                          • Opcode Fuzzy Hash: f53582205002c4bb7e4edfb6fe0be09ac8e7de8aebba4dd46ce8da5a0449ce03
                          • Instruction Fuzzy Hash: 66F06D8181E7C60FE747933888693617FE1AF07254F8A80D6D088CF0E3E94A5949C322
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A0103C, Relevance: .0, Instructions: 46COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fb8efd9a6753606864a98a7bcfc8cc22e57a9f6c2e52a56ba8d5e8cd66077a46
                          • Instruction ID: 1c2c89e00c30b9e64fb154d5284c43ac51887e7ac0ca8d88ae8b2fae587896f5
                          • Opcode Fuzzy Hash: fb8efd9a6753606864a98a7bcfc8cc22e57a9f6c2e52a56ba8d5e8cd66077a46
                          • Instruction Fuzzy Hash: DD01213296D48B4FE71C571899161FBB3D0EF42316BA0107EE04B8B890EE2B6582A340
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FEC80, Relevance: .0, Instructions: 46COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fbbb601351a5e6a25cc87c97c997e09ec1212f96e390aa5f3b8665214f910554
                          • Instruction ID: 90b3de41f2e3c2e1618b558cd6f27c92eaf75b3c8b2b84058400d1836d7bd89b
                          • Opcode Fuzzy Hash: fbbb601351a5e6a25cc87c97c997e09ec1212f96e390aa5f3b8665214f910554
                          • Instruction Fuzzy Hash: 8CF0F45461850F1BEB0DAF7C88521FA3585EB12304F60543EE08BCB2D2FE19E5469688
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A02863, Relevance: .0, Instructions: 44COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8bb144e800da401df5f326d4cabfe2e8e1ea65a661b4237b93a13d5a4eec0627
                          • Instruction ID: bd11718b307d159eb4cbc45143da510b60e7e1a2562161064ef534b93ef2c272
                          • Opcode Fuzzy Hash: 8bb144e800da401df5f326d4cabfe2e8e1ea65a661b4237b93a13d5a4eec0627
                          • Instruction Fuzzy Hash: 5D01F424F285074FFB1CBB6C84A82BA65C5DF86301F94843EC40FCB296DE2DA486A340
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F2F40, Relevance: .0, Instructions: 43COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a3ca4b88f6e0c5303d71c007d025cd2835ccb0181eecf7fbe0353fd0a6f45fa4
                          • Instruction ID: 6fc7970e2b4b3346b2ac9263f5b3e06473eeaa0b874f55b400c3a58fb0dad2f7
                          • Opcode Fuzzy Hash: a3ca4b88f6e0c5303d71c007d025cd2835ccb0181eecf7fbe0353fd0a6f45fa4
                          • Instruction Fuzzy Hash: FB01ADA090CB898FD785EB2888502657BE1FF5E304B1582BB904DCB1A7DE29D8458B42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F48C9, Relevance: .0, Instructions: 42COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a62d2acfc18566e847950fa859b9d015fc9bdb74cb821e10bdfc390e76d38c98
                          • Instruction ID: 65e0a41351bfc2e713fb519af7fbf15b7c8ab1076aa0467ef40a6f398f944f99
                          • Opcode Fuzzy Hash: a62d2acfc18566e847950fa859b9d015fc9bdb74cb821e10bdfc390e76d38c98
                          • Instruction Fuzzy Hash: 1BF0AF2464C80B8FEB2CA7ECA8A51B93680EF16702F50447FD40FCA5E9EF5EA4809740
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FD9D0, Relevance: .0, Instructions: 41COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a17e0676a6110708de1931d7873611846933ff0acc53250901e9ce6440b83dec
                          • Instruction ID: aacdb8f184cdbf9afd4084196dc5452daaafd50afd7fe7b5032ab1a19aa31eb0
                          • Opcode Fuzzy Hash: a17e0676a6110708de1931d7873611846933ff0acc53250901e9ce6440b83dec
                          • Instruction Fuzzy Hash: 18F0F010719A4B8BEB0CAFFC8CA22BA25C4EB16741B60413EC44FCA6D8EE5AF5419340
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F43C0, Relevance: .0, Instructions: 41COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2be97791de7bf714e7ca8a3bed80164cf058478fd5f55cad91e72a9f3aae62f4
                          • Instruction ID: 367e883d45d39a2221c0854a560f05a9ff29f258c3359cdb9f6a3f1d4dd5308e
                          • Opcode Fuzzy Hash: 2be97791de7bf714e7ca8a3bed80164cf058478fd5f55cad91e72a9f3aae62f4
                          • Instruction Fuzzy Hash: 72F0242465D40F8EDB1CA76888D47F932D4FB46306F91053ED44FCB2A5FE2D24818784
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A0457C, Relevance: .0, Instructions: 38COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 23be340ee0f2a8a680ea523b81220850967a0408ff4b6ca75841f41b14b1f405
                          • Instruction ID: 71482add6cb141aa29feb26c1f98c6a1cc6454e613bfc29454078cf1c6ed2208
                          • Opcode Fuzzy Hash: 23be340ee0f2a8a680ea523b81220850967a0408ff4b6ca75841f41b14b1f405
                          • Instruction Fuzzy Hash: 9FF0961562CA464FDA44B77C58521B931D2FF49B01B40457EB08FC3293CE189C049345
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A02100, Relevance: .0, Instructions: 38COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c5ed4d09badde6bb24942b3fed1ab6c9d63cfb8dd9f79e04b01a3f6c6bb48b24
                          • Instruction ID: fb68faa63b2954ac51ca62cc961d1e2335aac2def54e0a3bf2f101b8b06b5f10
                          • Opcode Fuzzy Hash: c5ed4d09badde6bb24942b3fed1ab6c9d63cfb8dd9f79e04b01a3f6c6bb48b24
                          • Instruction Fuzzy Hash: 55F0C8219386064BDB44A76884812EDB3D1BF49704F41463EF05ED7197EE1DAA04D281
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F35A0, Relevance: .0, Instructions: 37COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: dbe79c3b6f3c54f971981a1bd922ddc2cedf43e042a22eec53a3072ede472889
                          • Instruction ID: d2da08fcf698df3c775fb88c93beab6e7ad09c458377982d6bb351c81aa4118e
                          • Opcode Fuzzy Hash: dbe79c3b6f3c54f971981a1bd922ddc2cedf43e042a22eec53a3072ede472889
                          • Instruction Fuzzy Hash: B1F0FF6060C64A0FD75DAB7848662BE7BD1AF5A201F4084BBE48FC72D3DE285508C301
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A01EC0, Relevance: .0, Instructions: 37COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 06f72437466262683bca89642e66f7758e487cc103082ef2425804cf7d847ca6
                          • Instruction ID: feb6af5351cf8d444ba4a60067041ceda09d771558f2b53ef0e23ca05d012db7
                          • Opcode Fuzzy Hash: 06f72437466262683bca89642e66f7758e487cc103082ef2425804cf7d847ca6
                          • Instruction Fuzzy Hash: AEF06210E3C5870FFA5C671D0CA55BA60D26F85A01B44C53FB04ECB2CBDE1DA8097181
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A01E43, Relevance: .0, Instructions: 36COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ce95048612eb10f7d109ba8e54a9aca191d2c6d942b2a0208f0a81f866706268
                          • Instruction ID: 5fac7e0397e2b5f3bd765e03bac5709216258bc7b87908d3dc94fbaa06f6c9bf
                          • Opcode Fuzzy Hash: ce95048612eb10f7d109ba8e54a9aca191d2c6d942b2a0208f0a81f866706268
                          • Instruction Fuzzy Hash: 9EF09710A3860B4EFB447BBC89A12F6A2C0EF16701F608939C00BC7A81FC6EB051A380
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F2341, Relevance: .0, Instructions: 36COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b1e0456916c0b96dd75b1d8d42107ce38349a369291efb0ac5cd93381b969710
                          • Instruction ID: 3849bf776416cd0e0e751e4682a22f33b3d9e3d5efcf27bdded2d2a374e10a55
                          • Opcode Fuzzy Hash: b1e0456916c0b96dd75b1d8d42107ce38349a369291efb0ac5cd93381b969710
                          • Instruction Fuzzy Hash: CAF02080A0EBC20FDB0643780CE12203FA0DF47500B4600EBC14ACA2C3EC4A2C5A8301
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F2EC0, Relevance: .0, Instructions: 35COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4bccc77724776503d21ddc607d509e47730fbb29c99bb813cbc721cf276afda8
                          • Instruction ID: 53a150d596856e38b344613b7ce07e7be76adfbe706e7ec1981539b0d9ecab47
                          • Opcode Fuzzy Hash: 4bccc77724776503d21ddc607d509e47730fbb29c99bb813cbc721cf276afda8
                          • Instruction Fuzzy Hash: EFF0F041A0D78B1EEB1AB3B88C913F525D08F07304FA040BAC00DCB0A3CC1DE4405350
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FFA64, Relevance: .0, Instructions: 34COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1d8f938707a10d78fd2656d0f4695217e3804b0b09f5d164bc72a4577b0c5886
                          • Instruction ID: 7876699e0ac1840d88195e18e98d9e6a79b7cbcffac3caa82074b876c4a55bd3
                          • Opcode Fuzzy Hash: 1d8f938707a10d78fd2656d0f4695217e3804b0b09f5d164bc72a4577b0c5886
                          • Instruction Fuzzy Hash: 38F0E210A58A0B5FDB04A7BC88A12F561C0EF16301F2084BAC10FCB299EE6DA0915344
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FD7BC, Relevance: .0, Instructions: 34COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3c6801154896f30e7307a1f6adc6f67acffe765871ac676028cd3a491ebecdff
                          • Instruction ID: b4564931a6269f34c3a752953b75a9fbbe8587fdeabde85b1eae8f9088bb113d
                          • Opcode Fuzzy Hash: 3c6801154896f30e7307a1f6adc6f67acffe765871ac676028cd3a491ebecdff
                          • Instruction Fuzzy Hash: ABF08221B08A094FE714EB1CD885B76B3D1FB89711F54C5BAD40DC72D6DE69AC418781
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F2F00, Relevance: .0, Instructions: 34COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b38158de771fe0cbb681c693343dd0edcf73533243c9531279337f56b639e30a
                          • Instruction ID: d36bda5b73bc2b2df080a572521db90bf0e3290c6361fdcdd62d81eb984a2d50
                          • Opcode Fuzzy Hash: b38158de771fe0cbb681c693343dd0edcf73533243c9531279337f56b639e30a
                          • Instruction Fuzzy Hash: DEF0972507C68F6EE70897A8CCC26F47290FF1230AF94017FD00BCB1A2CE0EA0455344
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F3B45, Relevance: .0, Instructions: 33COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 20cb923c34243ce5233f7fd617e3c1f9bc10654dd564ac769fff7fe34d024346
                          • Instruction ID: a9827e9b72b2fa8b18d32f118eae2d0c380b29cd6c8c5b624455ab7a678dd77a
                          • Opcode Fuzzy Hash: 20cb923c34243ce5233f7fd617e3c1f9bc10654dd564ac769fff7fe34d024346
                          • Instruction Fuzzy Hash: 46F02430418A898FC784EB1CC0999A6B7F0FFA8305B4002AFF08EC7161DE259944C701
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A01E74, Relevance: .0, Instructions: 32COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8fd0443a7a1a1b3f5bf04fb8c954b636a763f9ed8c4e796e75630a4bc09ef4be
                          • Instruction ID: ac99c7be41e46a0177998a074cb3e5272d46cf743a5a3d6cd28bedea04c12585
                          • Opcode Fuzzy Hash: 8fd0443a7a1a1b3f5bf04fb8c954b636a763f9ed8c4e796e75630a4bc09ef4be
                          • Instruction Fuzzy Hash: FEF0A721A2490B8FE758AB7C88E56F965D4FF16301F50443DD00BC7A91FD5E7891D340
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FFF9C, Relevance: .0, Instructions: 32COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4a2703a1a807d1de818f37a7fcbdf6e358af17ea3397970a3d68337e170bf687
                          • Instruction ID: 51d9277f0072b19d686c3525bdcc0545c5c1c0ad708baad62026b98ec780090a
                          • Opcode Fuzzy Hash: 4a2703a1a807d1de818f37a7fcbdf6e358af17ea3397970a3d68337e170bf687
                          • Instruction Fuzzy Hash: F9F0E22192CB4A4FE348DB2C88511AA36E0FF4C745F400A3FF48DD32A7DF28A9848345
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A014F3, Relevance: .0, Instructions: 30COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e8c5792f16d97b2e75a7e992666b2accd83747a2ebdd4492c6edf4ed5148472d
                          • Instruction ID: 09ec98b41145147ed76783472edb8b204e98f3de4992e59656b04e727b06f3f6
                          • Opcode Fuzzy Hash: e8c5792f16d97b2e75a7e992666b2accd83747a2ebdd4492c6edf4ed5148472d
                          • Instruction Fuzzy Hash: F9E0E544E2DA8B0FF749A3780C121FA25C19F4A600B5480BBE04ECB1E7CD0DA80A6301
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A028D0, Relevance: .0, Instructions: 29COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4d4f439a8e51443337cd5739262af1015da853ede7abbdfe34343234a380e1f7
                          • Instruction ID: dd8ff78afbf34a3fb3c4b069a909abdd2d67d36ce2434097c9b2342fc6fce4f1
                          • Opcode Fuzzy Hash: 4d4f439a8e51443337cd5739262af1015da853ede7abbdfe34343234a380e1f7
                          • Instruction Fuzzy Hash: B9E0ED2072890B5FE71CBBAC84A92B965D8EF0A300F40093EC00BC7A91ED4A64855384
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A028B2, Relevance: .0, Instructions: 29COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 408bc6ce24d94ce6e6ff99bdf31290b3c579fc9ca5e49b22f22a0ddcf7a774fc
                          • Instruction ID: 6acb5be8156dff9f03adf4069648052b23239cb7e327d22eaa3d4d2ee688da0e
                          • Opcode Fuzzy Hash: 408bc6ce24d94ce6e6ff99bdf31290b3c579fc9ca5e49b22f22a0ddcf7a774fc
                          • Instruction Fuzzy Hash: C7E02220B2890B5EE71CBBAC88BA1BA3585DB0A300F50453EC00BC76D0ED5EA086A384
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F067F, Relevance: .0, Instructions: 28COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b6557551e118a1c826404ebf93ec4c8a32c5933317fcbbbc005c4b6b833f0996
                          • Instruction ID: c348b59bdeba53c7fbb79c35e0d1ba9a9def9652eb5b2d4c350f004d5f5b8ac0
                          • Opcode Fuzzy Hash: b6557551e118a1c826404ebf93ec4c8a32c5933317fcbbbc005c4b6b833f0996
                          • Instruction Fuzzy Hash: EEE09296B04E078FEA88E7AC48965F51395FB59600B806239900FC32D7DD29F8095280
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A006CD, Relevance: .0, Instructions: 28COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cda5d0c5ec5f3403a80f87368de2a6dfd9eca431d010364faa0eebe829f66221
                          • Instruction ID: 9f1995f0c91d9185f9a14feaf94b08bf062bb8814ce03a8e81a1fad99be92bae
                          • Opcode Fuzzy Hash: cda5d0c5ec5f3403a80f87368de2a6dfd9eca431d010364faa0eebe829f66221
                          • Instruction Fuzzy Hash: 28E012A051D7414FCB05973898956503BA0EB5A311F8A00E6E449CF1D3E919999A8342
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F2E9A, Relevance: .0, Instructions: 27COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9a9bba32a686bd31749c1280363b7268644cb195a33dbe1f83517fe736864618
                          • Instruction ID: 6c880388e6ee97313da71b2fce7bd649fa86d3f9ba4df12f7025142ab04851a0
                          • Opcode Fuzzy Hash: 9a9bba32a686bd31749c1280363b7268644cb195a33dbe1f83517fe736864618
                          • Instruction Fuzzy Hash: 53E0225565DB4F5EFB2A77A48C813F521D0DF02305F6040BBC00ACA0A2CC2EE0820364
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A00563, Relevance: .0, Instructions: 27COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aad4780e297e997abee6ff5910ffabc9a12e48b4cfc4344be4dfacd282902400
                          • Instruction ID: 1662a25ec986941d763198a97680c8f68d86a2808bb2a0aa7273e1b119208503
                          • Opcode Fuzzy Hash: aad4780e297e997abee6ff5910ffabc9a12e48b4cfc4344be4dfacd282902400
                          • Instruction Fuzzy Hash: 44E09211F28A094FCA94AA6D588263AB2C5EB8D644B50C27E940DE32CAEC14AC065385
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F4429, Relevance: .0, Instructions: 27COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: be8fff8fbc790155b0298affe4312072bb35f731383d99402519252010914c1a
                          • Instruction ID: d16f3642747bb25c9e68e65110b6e609098db5a581cbc6a17f556e1d490b2e02
                          • Opcode Fuzzy Hash: be8fff8fbc790155b0298affe4312072bb35f731383d99402519252010914c1a
                          • Instruction Fuzzy Hash: 4CE0922075C90B9AEB1CBBA889D02F932E6EB51301F50853EC14B861A8EE696195D344
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A00795, Relevance: .0, Instructions: 26COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d0a12ee61718fabd0e0de8bec58d020bc947fb507eafee38ec99c314873bcd8d
                          • Instruction ID: beb3920eabfba112b266e11a62f6319419ee2348a55968bf4bf1396d0470b24f
                          • Opcode Fuzzy Hash: d0a12ee61718fabd0e0de8bec58d020bc947fb507eafee38ec99c314873bcd8d
                          • Instruction Fuzzy Hash: F0E09220668E0A9FEB18AB94C8C87F57390FB25305F50007ED00BDB451CE2DF094AB50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A00E58, Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8b4cd4870d693af8cf5ea197d52a2cc5871a0f091262735b68613dd9a95ca669
                          • Instruction ID: 89a2d6f8a61044f300fefe5caee0f501dc99ccdbf0a5ac34a2c6c9fe4755291e
                          • Opcode Fuzzy Hash: 8b4cd4870d693af8cf5ea197d52a2cc5871a0f091262735b68613dd9a95ca669
                          • Instruction Fuzzy Hash: 78E0D821A2850B9EEB1CBF7C85D52FA7695FB12300F51493EC007C7694DD2DB085A354
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A00E70, Relevance: .0, Instructions: 24COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 26c0b2f1617ddf37d65795db85d55299f8b7d652e3dcd67974c0a11531696820
                          • Instruction ID: 76a760bc276cac72e15076b15144d29588be3f829dbfe3efbc66f1ff1e271130
                          • Opcode Fuzzy Hash: 26c0b2f1617ddf37d65795db85d55299f8b7d652e3dcd67974c0a11531696820
                          • Instruction Fuzzy Hash: 06E0D82092850B4DE718BF6C49D16F57295FB11300F50453EC147C6654DE2EB184A744
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A029C0, Relevance: .0, Instructions: 24COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 53aa3c5e18f6f3baf060f82739795c42629c467041de30e81f428fdc595c8fe9
                          • Instruction ID: a91245c56fb81a06a52b7012b9c7ced1cc869bba8d11121ccb21b6b77eafd5b6
                          • Opcode Fuzzy Hash: 53aa3c5e18f6f3baf060f82739795c42629c467041de30e81f428fdc595c8fe9
                          • Instruction Fuzzy Hash: 96E026115A8A0F0EFB546748C4D13F860C4DF02340F64483FC00BE3160DE4EA4816300
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F4031, Relevance: .0, Instructions: 24COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 61c8149c04d62b35f84a020bf42085f9673cf3293e4daa03db30433bda76f62b
                          • Instruction ID: 601305243b275761ea8912056cc31b6162ad6b37af1bb2046cd8d1078bb4d066
                          • Opcode Fuzzy Hash: 61c8149c04d62b35f84a020bf42085f9673cf3293e4daa03db30433bda76f62b
                          • Instruction Fuzzy Hash: 2CE08625B6CA494FE7D4A37848C93B9A5C6DF8F201FA5C0F5940EC31DBEE7858408200
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A017A6, Relevance: .0, Instructions: 24COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2ab0a56f2b1f60c555495336bc7f711484385d3e7e22e499937c14e7f8f0d377
                          • Instruction ID: 510cdec170cb2228e1189508212fdf0269f309bf443213299a2e2f736a36d925
                          • Opcode Fuzzy Hash: 2ab0a56f2b1f60c555495336bc7f711484385d3e7e22e499937c14e7f8f0d377
                          • Instruction Fuzzy Hash: 76E0202093854B4EE758BF6C8CE42F571C4EF06340F944C3DD007C66A1ED6EB0859744
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A01F4E, Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1ccead6215973c89b714815260581a88ed6447b3fd71975efd048db12b9e6c16
                          • Instruction ID: d53c4f2c42e3f25ca1c6cf266b4acc1f5550636d1e51b25d5491fccc0895407c
                          • Opcode Fuzzy Hash: 1ccead6215973c89b714815260581a88ed6447b3fd71975efd048db12b9e6c16
                          • Instruction Fuzzy Hash: 42E0B604F3C5574EE96C271C1C561B991C15F86B55A91847BF04E8A2C78E1A79093095
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A01EF1, Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6364e13102bbb80a81ebb8dbe6d2d3bcf5b744a85091d59a4a23d167d1f47750
                          • Instruction ID: 3fd1c1f42be1091677ef7b36a5da61632509b979a43f83476c15a2d6638ea26c
                          • Opcode Fuzzy Hash: 6364e13102bbb80a81ebb8dbe6d2d3bcf5b744a85091d59a4a23d167d1f47750
                          • Instruction Fuzzy Hash: 46E09A10F3C9574FE95C672C18652BA50D55F86B54A54843EB00F872C7DE19A8093181
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F3B9B, Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4ae290d375fad03460da16aa45a2508a7929583a5b91f9193f0f7e1b860ce662
                          • Instruction ID: e2b4cf251a834bd70f5db422c0ff4c3b9682c43a8d0cc04159653bd01f6788c1
                          • Opcode Fuzzy Hash: 4ae290d375fad03460da16aa45a2508a7929583a5b91f9193f0f7e1b860ce662
                          • Instruction Fuzzy Hash: 31D09E00B24D0E0BEE94B7FD08D927D41C79BDD552750C479E91DC2393DC5D9845A200
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FE3B2, Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 44a1d525b30d35167f9ba9474c85e5a5a35c358c7b713ea9bab94ee979671482
                          • Instruction ID: ecd0cdac61aa974511f9a5a16d53d912545f5fd719aec5f5beaf74a8fccf1505
                          • Opcode Fuzzy Hash: 44a1d525b30d35167f9ba9474c85e5a5a35c358c7b713ea9bab94ee979671482
                          • Instruction Fuzzy Hash: 84D0A741B4DB4D0FDB55977C1C9116937C28BCB02234590B7DC0DCA2A7DC188C4A4251
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A0262D, Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e10541c65ccdbf3f73255561b0538d21ef6bccc3f4e337ade3209f6a7c8248bb
                          • Instruction ID: f3fe6d1af52040c7826320d17a9296af9b7d82afe0c63deaae3124310592fc44
                          • Opcode Fuzzy Hash: e10541c65ccdbf3f73255561b0538d21ef6bccc3f4e337ade3209f6a7c8248bb
                          • Instruction Fuzzy Hash: BED05E21608E8E4FDB60FBA8D889BE973D0EF99312F044577D55CC3262DA6CE6898741
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F2D60, Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5691ef161386df03e61448de9095d2f41cd5f1d9cfbd2609b245203994fbe837
                          • Instruction ID: 5f93b09b0539d38db0c7aac58de3b5cb2ec16e474c0c5d5f47d7d7632aa2a410
                          • Opcode Fuzzy Hash: 5691ef161386df03e61448de9095d2f41cd5f1d9cfbd2609b245203994fbe837
                          • Instruction Fuzzy Hash: 42E08C1282D80BA9FB04B7A88C413F92251DB42702F71083AC01ED6465CEBEB4826648
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A04064, Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 194710204d09ef5d77137eccbd2a638609bd656a8e25f8f4c46df83076676937
                          • Instruction ID: ba26119f9f9c5d85d36e172c7ca2ed18afc8562d9116958f719ea4fc5fa906ef
                          • Opcode Fuzzy Hash: 194710204d09ef5d77137eccbd2a638609bd656a8e25f8f4c46df83076676937
                          • Instruction Fuzzy Hash: EAE04F10F2C7475FE62E1AA904A603A8AD22F46A40A48483ED14F6F2C2CC8E5C097241
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F2FDB, Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fafb5f4f00d57b4358b71d2c5b15ed22ae05fe3468ca220a51c2a1d14341cbac
                          • Instruction ID: 8b739faca5d6cb1fe35d1b2f49ed5d79f2cc583fa1fcb6536c58c8be51be917e
                          • Opcode Fuzzy Hash: fafb5f4f00d57b4358b71d2c5b15ed22ae05fe3468ca220a51c2a1d14341cbac
                          • Instruction Fuzzy Hash: 05E0DF2080E3C38FEB4A43B84C422A53FA18F0721032581FBD41CCF1A7DD5D68095746
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FE488, Relevance: .0, Instructions: 18COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a694c5a3f0f0ed8d8c0e4c7a540b54e936b49b5a8c1e4188ede3e76d034ab8fc
                          • Instruction ID: b71ff2ffaedc019732e6de40f773cef8782ecdff0b3fce713fc2c99c4e27e703
                          • Opcode Fuzzy Hash: a694c5a3f0f0ed8d8c0e4c7a540b54e936b49b5a8c1e4188ede3e76d034ab8fc
                          • Instruction Fuzzy Hash: BCD0C25952D6C54FE646672858516B52AB0BB0A204F4485BBE05CCB1A3DF099C048341
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F26F7, Relevance: .0, Instructions: 18COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 318f6ae19a507f8b780c05ef42a4154d4ceb59db51b75fe84420f6d79bf29e60
                          • Instruction ID: f6f4bf6bf7d7cc7671a0fa7edebe7fc5dee4bc70f8df6697873c86ed87cc6fa6
                          • Opcode Fuzzy Hash: 318f6ae19a507f8b780c05ef42a4154d4ceb59db51b75fe84420f6d79bf29e60
                          • Instruction Fuzzy Hash: 8AD02B7143C1474FD749939C48620A63B71BF11205744057AF04DC7267CF27241EA3C1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A017C0, Relevance: .0, Instructions: 14COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: caa06d91c3c83c69d4e1dcd3a829df13e5d48d28e9f00829c085b69f768f9de0
                          • Instruction ID: bc04f4ba514f754efbe1e874571f910f420e403782c3b024a7694ec752de81f5
                          • Opcode Fuzzy Hash: caa06d91c3c83c69d4e1dcd3a829df13e5d48d28e9f00829c085b69f768f9de0
                          • Instruction Fuzzy Hash: 3BD05E11A383434AE6186BBC68960F941A11F12A04B008D3FA05E861D3CD0EA5186188
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A01F5C, Relevance: .0, Instructions: 14COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 110f328a9e13e76e9dcc83e5d45b10f3da9b0e34ec18bb02b0eaf759ff681d44
                          • Instruction ID: 7326d4bbc9467f79fe9d6403ad0adee0e93f8c20e8505b64b95948a84a22f488
                          • Opcode Fuzzy Hash: 110f328a9e13e76e9dcc83e5d45b10f3da9b0e34ec18bb02b0eaf759ff681d44
                          • Instruction Fuzzy Hash: BCD0A7D0D6D6420FC34477780E1B4ADA5959F47501704417AD40E1B1E3DC1DB20471D2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A02406, Relevance: .0, Instructions: 12COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a8c51ede047404c19c133a16ea03d7f5f1fcabfcc3e396870e22fbd7883028e9
                          • Instruction ID: 45aaf203ac91443e62569944784ef0cd12a09c333d37e87918af561d1f918d35
                          • Opcode Fuzzy Hash: a8c51ede047404c19c133a16ea03d7f5f1fcabfcc3e396870e22fbd7883028e9
                          • Instruction Fuzzy Hash: 82C01211E2850A0FE9C4DB7C88222BD6182EF9E681B508536D44ED2196DD5D2D057201
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A009E9, Relevance: .0, Instructions: 11COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2ed6ea4a4d5297aa9a2581b837b89bfe1b761daabc0cad800178983006c37b7b
                          • Instruction ID: bd95fa72071eca58e37f2e354baa9ee2580876734120c26c70a6ea026c8fd947
                          • Opcode Fuzzy Hash: 2ed6ea4a4d5297aa9a2581b837b89bfe1b761daabc0cad800178983006c37b7b
                          • Instruction Fuzzy Hash: 62C09B84E5854B06DD4073BC08161A55281DF82611FC5C870D40DC32C6EC9FA5036150
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359FEC30, Relevance: .0, Instructions: 11COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 253a68d849f664fecc9544f2a9d9232334efbd397fac3d789a40d3c24d35f24c
                          • Instruction ID: 3c51ea101f8845d09b96fa61624e7967a8079fc5522c3198aaae186714880ee4
                          • Opcode Fuzzy Hash: 253a68d849f664fecc9544f2a9d9232334efbd397fac3d789a40d3c24d35f24c
                          • Instruction Fuzzy Hash: 32C01231504A0E8F8B80EF2C88002CA77A0FB98330B260723A83CE3284CB30E051CB80
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F518A, Relevance: .0, Instructions: 10COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7896682a70fbeab261913b3dd0e720c0a4e3017b12b75f3550596b4aa730f3fc
                          • Instruction ID: e75ecc8acbd6786bd426e7b10b3a33b56cda137a8f8ac37b7c723c02ffe8fa3e
                          • Opcode Fuzzy Hash: 7896682a70fbeab261913b3dd0e720c0a4e3017b12b75f3550596b4aa730f3fc
                          • Instruction Fuzzy Hash: 2FC08C23A4C8024EE108175D2822128698707CDF10952863AD00D871C68D292401208A
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F2789, Relevance: .0, Instructions: 10COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5c94e37859d0f5e283f53f72229a58e2eef1f586313d684633fb5951ff071d71
                          • Instruction ID: 7a79b9a11c7f51515fd79a9f6d321e7fecd2d7ae9dd459e390413322e93a4a7d
                          • Opcode Fuzzy Hash: 5c94e37859d0f5e283f53f72229a58e2eef1f586313d684633fb5951ff071d71
                          • Instruction Fuzzy Hash: 8BC01248A2D2138AFDAC0B9A0CA133E60824B82A2AA50C03F904F0C1E6EE0A78143985
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA359F2880, Relevance: .0, Instructions: 5COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 004c63c27a4416b04a3c312a885e238308f99c7c85e608d942e97c3c1e90c1f4
                          • Instruction ID: 323064787488e0472aaeed549f31cb6d2a2028e2c0da8e43c9a5db4099b2744a
                          • Opcode Fuzzy Hash: 004c63c27a4416b04a3c312a885e238308f99c7c85e608d942e97c3c1e90c1f4
                          • Instruction Fuzzy Hash: 2AB0120070D1030ADB9C1A28083723C00099B03581540903FF00F2D9D6CD0520003302
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Function 00007FFA359F3FA9, Relevance: 1.7, Strings: 1, Instructions: 402COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID: &w:
                          • API String ID: 0-2849388534
                          • Opcode ID: 998db1203444dfea498a0d53f7150453039536aa0963a66c25be3746cb441666
                          • Instruction ID: 662e7f87ee5ca85ffc63e094263a4b9522ffa0bee67d82d1621f8c1c2c8b2d49
                          • Opcode Fuzzy Hash: 998db1203444dfea498a0d53f7150453039536aa0963a66c25be3746cb441666
                          • Instruction Fuzzy Hash: DFC1F82060CA8A4FE7199B7C8C999747BE1EF56306F1489BEE09ECB193FE59D406C701
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00007FFA35A03240, Relevance: .7, Instructions: 672COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.691425448.00007FFA359F0000.00000040.00000001.sdmp, Offset: 00007FFA359F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffa359f0000_VCPjXmY0pr.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 48603393382e94bdbdb20238e32aa95875e33bad7d57f7cac157f60892148722
                          • Instruction ID: a80c05bc6b8f29dc70ed670fa7b829b4150ca57ab51f8bb42a811969505f29b7
                          • Opcode Fuzzy Hash: 48603393382e94bdbdb20238e32aa95875e33bad7d57f7cac157f60892148722
                          • Instruction Fuzzy Hash: 9D221A20A1CA8A0FE7199B2C8899674BBD1FF96305F5484FED48FC7193ED1AE806D741
                          Uniqueness

                          Uniqueness Score: -1.00%