Edit tour

Windows Analysis Report
yAbf8Z3qA5.exe

Overview

General Information

Sample Name:	yAbf8Z3qA5.exe
Analysis ID:	557770
MD5:	da3cb7622834a14916d498c1bd8a7827
SHA1:	2179db1ae11496ee06b62dff337986316dd298ea
SHA256:	78dd589c56a6d216f597f149bad69d510a88fb3257b4a643a7250381126d963c
Tags:	exeNanoCoreRAT
Infos:

Detection

Nanocore

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Sigma detected: NanoCore

Yara detected AntiVM3

Detected Nanocore Rat

Multi AV Scanner detection for dropped file

Yara detected Nanocore RAT

Connects to many ports of the same IP (likely port scanning)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Sigma detected: Suspicius Add Task From User AppData Temp

Machine Learning detection for sample

Injects a PE file into a foreign processes

.NET source code contains very large strings

Machine Learning detection for dropped file

Hides that the sample has been downloaded from the Internet (zone.identifier)

Uses schtasks.exe or at.exe to add and modify task schedules

Uses dynamic DNS services

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to call native functions

Contains functionality for execution timing, often used to detect debuggers

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Installs a raw input device (often for capturing keystrokes)

Sample file is different than original file name gathered from version info

PE file contains strange resources

Drops PE files

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Detected TCP or UDP traffic on non-standard ports

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

yAbf8Z3qA5.exe (PID: 6960 cmdline: "C:\Users\user\Desktop\yAbf8Z3qA5.exe" MD5: DA3CB7622834A14916D498C1BD8A7827)

schtasks.exe (PID: 5788 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmpFF62.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 2152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

yAbf8Z3qA5.exe (PID: 6424 cmdline: {path} MD5: DA3CB7622834A14916D498C1BD8A7827)

yAbf8Z3qA5.exe (PID: 5964 cmdline: {path} MD5: DA3CB7622834A14916D498C1BD8A7827)

schtasks.exe (PID: 5884 cmdline: schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp6807.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 1256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

schtasks.exe (PID: 6340 cmdline: schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmp6F7A.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 2320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

yAbf8Z3qA5.exe (PID: 6476 cmdline: C:\Users\user\Desktop\yAbf8Z3qA5.exe 0 MD5: DA3CB7622834A14916D498C1BD8A7827)

schtasks.exe (PID: 5972 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmp41AB.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 6644 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

yAbf8Z3qA5.exe (PID: 6716 cmdline: {path} MD5: DA3CB7622834A14916D498C1BD8A7827)

dhcpmon.exe (PID: 4724 cmdline: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" 0 MD5: DA3CB7622834A14916D498C1BD8A7827)

schtasks.exe (PID: 6708 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmp4BCD.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 7080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

dhcpmon.exe (PID: 3924 cmdline: {path} MD5: DA3CB7622834A14916D498C1BD8A7827)

dhcpmon.exe (PID: 5844 cmdline: {path} MD5: DA3CB7622834A14916D498C1BD8A7827)

dhcpmon.exe (PID: 6956 cmdline: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" MD5: DA3CB7622834A14916D498C1BD8A7827)

schtasks.exe (PID: 240 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmp6E1A.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

dhcpmon.exe (PID: 6332 cmdline: {path} MD5: DA3CB7622834A14916D498C1BD8A7827)

cleanup

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
0000001E.00000000.448894082.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000001E.00000000.448894082.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000001E.00000000.448894082.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000012.00000000.419515654.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000012.00000000.419515654.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000012.00000000.419515654.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
0000001E.00000000.447649220.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000001E.00000000.447649220.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000001E.00000000.447649220.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000012.00000002.448108468.0000000003611000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000012.00000002.448108468.0000000003611000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x23747:$a: NanoCore 0x237a0:$a: NanoCore 0x237dd:$a: NanoCore 0x23856:$a: NanoCore 0x2903a:$a: NanoCore 0x29084:$a: NanoCore 0x2926e:$a: NanoCore 0x237a9:$b: ClientPlugin 0x237e6:$b: ClientPlugin 0x240e4:$b: ClientPlugin 0x240f1:$b: ClientPlugin 0x28dd3:$b: ClientPlugin 0x29043:$b: ClientPlugin 0x2908d:$b: ClientPlugin 0x295a5:$c: ProjectData 0x18efb:$e: KeepAlive 0x23c31:$g: LogClientMessage 0x29498:$g: LogClientMessage 0x23bb1:$i: get_Connected 0x18f9f:$j: #=q 0x18fcf:$j: #=q
0000001A.00000000.439620816.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000001A.00000000.439620816.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000001A.00000000.439620816.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000008.00000002.630595587.0000000005BB0000.00000004.00020000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
00000008.00000002.630595587.0000000005BB0000.00000004.00020000.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
00000008.00000002.630595587.0000000005BB0000.00000004.00020000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000012.00000000.422995956.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000012.00000000.422995956.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000012.00000000.422995956.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000008.00000002.630568364.0000000005BA0000.00000004.00020000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1646:$x1: NanoCore.ClientPluginHost
00000008.00000002.630568364.0000000005BA0000.00000004.00020000.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1646:$x2: NanoCore.ClientPluginHost 0x1724:$s4: PipeCreated 0x1660:$s5: IClientLoggingHost
00000012.00000000.420229761.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000012.00000000.420229761.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000012.00000000.420229761.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000008.00000000.380197922.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000008.00000000.380197922.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000008.00000000.380197922.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x8a7d:$a: NanoCore 0x8ad6:$a: NanoCore 0x8b13:$a: NanoCore 0x8b8c:$a: NanoCore 0xe121:$a: NanoCore 0xe16b:$a: NanoCore 0xe355:$a: NanoCore 0x21c74:$a: NanoCore 0x21c89:$a: NanoCore 0x21cbe:$a: NanoCore 0x3ac13:$a: NanoCore 0x3ac28:$a: NanoCore 0x3ac5d:$a: NanoCore 0x8adf:$b: ClientPlugin 0x8b1c:$b: ClientPlugin 0x941a:$b: ClientPlugin 0x9427:$b: ClientPlugin 0xdeba:$b: ClientPlugin 0xe12a:$b: ClientPlugin 0xe174:$b: ClientPlugin 0x21a30:$b: ClientPlugin
0000001A.00000002.460735897.0000000002BF1000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000001A.00000002.460735897.0000000002BF1000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x238a7:$a: NanoCore 0x23900:$a: NanoCore 0x2393d:$a: NanoCore 0x239b6:$a: NanoCore 0x2919a:$a: NanoCore 0x291e4:$a: NanoCore 0x293ce:$a: NanoCore 0x23909:$b: ClientPlugin 0x23946:$b: ClientPlugin 0x24244:$b: ClientPlugin 0x24251:$b: ClientPlugin 0x28f33:$b: ClientPlugin 0x291a3:$b: ClientPlugin 0x291ed:$b: ClientPlugin 0x29705:$c: ProjectData 0x1905b:$e: KeepAlive 0x23d91:$g: LogClientMessage 0x295f8:$g: LogClientMessage 0x23d11:$i: get_Connected 0x190ff:$j: #=q 0x1912f:$j: #=q
00000008.00000000.380861261.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000008.00000000.380861261.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000008.00000000.380861261.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
0000001A.00000002.461004523.0000000003BF1000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000001A.00000002.461004523.0000000003BF1000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x4ea7d:$a: NanoCore 0x4ead6:$a: NanoCore 0x4eb13:$a: NanoCore 0x4eb8c:$a: NanoCore 0x54121:$a: NanoCore 0x5416b:$a: NanoCore 0x54355:$a: NanoCore 0x67c74:$a: NanoCore 0x67c89:$a: NanoCore 0x67cbe:$a: NanoCore 0x80c13:$a: NanoCore 0x80c28:$a: NanoCore 0x80c5d:$a: NanoCore 0x4eadf:$b: ClientPlugin 0x4eb1c:$b: ClientPlugin 0x4f41a:$b: ClientPlugin 0x4f427:$b: ClientPlugin 0x53eba:$b: ClientPlugin 0x5412a:$b: ClientPlugin 0x54174:$b: ClientPlugin 0x67a30:$b: ClientPlugin
0000001A.00000000.437479878.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000001A.00000000.437479878.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000001A.00000000.437479878.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
0000001A.00000002.459203730.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000001A.00000002.459203730.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000001A.00000002.459203730.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
0000001A.00000000.440509698.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000001A.00000000.440509698.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000001A.00000000.440509698.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xada45:$x1: NanoCore.ClientPluginHost 0x22a685:$x1: NanoCore.ClientPluginHost 0xada82:$x2: IClientNetworkHost 0x22a6c2:$x2: IClientNetworkHost 0xb15b5:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x22e1f5:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xad7ad:$a: NanoCore 0xad7bd:$a: NanoCore 0xad9f1:$a: NanoCore 0xada05:$a: NanoCore 0xada45:$a: NanoCore 0x22a3ed:$a: NanoCore 0x22a3fd:$a: NanoCore 0x22a631:$a: NanoCore 0x22a645:$a: NanoCore 0x22a685:$a: NanoCore 0xad80c:$b: ClientPlugin 0xada0e:$b: ClientPlugin 0xada4e:$b: ClientPlugin 0x22a44c:$b: ClientPlugin 0x22a64e:$b: ClientPlugin 0x22a68e:$b: ClientPlugin 0xad933:$c: ProjectData 0x103a65:$c: ProjectData 0x22a573:$c: ProjectData 0xae33a:$d: DESCrypto 0x22af7a:$d: DESCrypto
00000012.00000002.444597183.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000012.00000002.444597183.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000012.00000002.444597183.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000008.00000002.630404786.0000000005900000.00000004.00020000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
00000008.00000002.630404786.0000000005900000.00000004.00020000.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
00000012.00000000.418854563.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000012.00000000.418854563.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000012.00000000.418854563.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
0000001E.00000002.472005093.00000000045F1000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000001E.00000002.472005093.00000000045F1000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x4ea7d:$a: NanoCore 0x4ead6:$a: NanoCore 0x4eb13:$a: NanoCore 0x4eb8c:$a: NanoCore 0x54121:$a: NanoCore 0x5416b:$a: NanoCore 0x54355:$a: NanoCore 0x67c74:$a: NanoCore 0x67c89:$a: NanoCore 0x67cbe:$a: NanoCore 0x80c13:$a: NanoCore 0x80c28:$a: NanoCore 0x80c5d:$a: NanoCore 0x4eadf:$b: ClientPlugin 0x4eb1c:$b: ClientPlugin 0x4f41a:$b: ClientPlugin 0x4f427:$b: ClientPlugin 0x53eba:$b: ClientPlugin 0x5412a:$b: ClientPlugin 0x54174:$b: ClientPlugin 0x67a30:$b: ClientPlugin
00000008.00000002.623546911.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000008.00000002.623546911.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000008.00000002.623546911.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
0000001E.00000002.470493584.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000001E.00000002.470493584.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000001E.00000002.470493584.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
0000001A.00000000.441490337.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000001A.00000000.441490337.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000001A.00000000.441490337.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
0000000C.00000002.440223202.000000000D2E1000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xada45:$x1: NanoCore.ClientPluginHost 0xe2065:$x1: NanoCore.ClientPluginHost 0xada82:$x2: IClientNetworkHost 0xe20a2:$x2: IClientNetworkHost 0xb15b5:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0xe5bd5:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000000C.00000002.440223202.000000000D2E1000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000000C.00000002.440223202.000000000D2E1000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xad7ad:$a: NanoCore 0xad7bd:$a: NanoCore 0xad9f1:$a: NanoCore 0xada05:$a: NanoCore 0xada45:$a: NanoCore 0xe1dcd:$a: NanoCore 0xe1ddd:$a: NanoCore 0xe2011:$a: NanoCore 0xe2025:$a: NanoCore 0xe2065:$a: NanoCore 0xad80c:$b: ClientPlugin 0xada0e:$b: ClientPlugin 0xada4e:$b: ClientPlugin 0xe1e2c:$b: ClientPlugin 0xe202e:$b: ClientPlugin 0xe206e:$b: ClientPlugin 0xad933:$c: ProjectData 0xe1f53:$c: ProjectData 0xae33a:$d: DESCrypto 0xe295a:$d: DESCrypto 0xb5d06:$e: KeepAlive
00000008.00000000.378603204.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000008.00000000.378603204.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000008.00000000.378603204.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
0000001E.00000000.450070713.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000001E.00000000.450070713.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000001E.00000000.450070713.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
0000001E.00000000.451069768.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000001E.00000000.451069768.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000001E.00000000.451069768.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000008.00000000.383163459.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000008.00000000.383163459.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000008.00000000.383163459.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
0000001E.00000002.471934462.00000000035F1000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000001E.00000002.471934462.00000000035F1000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x238a7:$a: NanoCore 0x23900:$a: NanoCore 0x2393d:$a: NanoCore 0x239b6:$a: NanoCore 0x2919a:$a: NanoCore 0x291e4:$a: NanoCore 0x293ce:$a: NanoCore 0x23909:$b: ClientPlugin 0x23946:$b: ClientPlugin 0x24244:$b: ClientPlugin 0x24251:$b: ClientPlugin 0x28f33:$b: ClientPlugin 0x291a3:$b: ClientPlugin 0x291ed:$b: ClientPlugin 0x29705:$c: ProjectData 0x1905b:$e: KeepAlive 0x23d91:$g: LogClientMessage 0x295f8:$g: LogClientMessage 0x23d11:$i: get_Connected 0x190ff:$j: #=q 0x1912f:$j: #=q
00000016.00000002.462617842.000000000C461000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xada45:$x1: NanoCore.ClientPluginHost 0xe2065:$x1: NanoCore.ClientPluginHost 0xada82:$x2: IClientNetworkHost 0xe20a2:$x2: IClientNetworkHost 0xb15b5:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0xe5bd5:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000016.00000002.462617842.000000000C461000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000016.00000002.462617842.000000000C461000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xad7ad:$a: NanoCore 0xad7bd:$a: NanoCore 0xad9f1:$a: NanoCore 0xada05:$a: NanoCore 0xada45:$a: NanoCore 0xe1dcd:$a: NanoCore 0xe1ddd:$a: NanoCore 0xe2011:$a: NanoCore 0xe2025:$a: NanoCore 0xe2065:$a: NanoCore 0xad80c:$b: ClientPlugin 0xada0e:$b: ClientPlugin 0xada4e:$b: ClientPlugin 0xe1e2c:$b: ClientPlugin 0xe202e:$b: ClientPlugin 0xe206e:$b: ClientPlugin 0xad933:$c: ProjectData 0xe1f53:$c: ProjectData 0xae33a:$d: DESCrypto 0xe295a:$d: DESCrypto 0xb5d06:$e: KeepAlive
0000000F.00000002.455188416.000000000CEF1000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xada45:$x1: NanoCore.ClientPluginHost 0xe2065:$x1: NanoCore.ClientPluginHost 0xada82:$x2: IClientNetworkHost 0xe20a2:$x2: IClientNetworkHost 0xb15b5:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0xe5bd5:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000000F.00000002.455188416.000000000CEF1000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000000F.00000002.455188416.000000000CEF1000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xad7ad:$a: NanoCore 0xad7bd:$a: NanoCore 0xad9f1:$a: NanoCore 0xada05:$a: NanoCore 0xada45:$a: NanoCore 0xe1dcd:$a: NanoCore 0xe1ddd:$a: NanoCore 0xe2011:$a: NanoCore 0xe2025:$a: NanoCore 0xe2065:$a: NanoCore 0xad80c:$b: ClientPlugin 0xada0e:$b: ClientPlugin 0xada4e:$b: ClientPlugin 0xe1e2c:$b: ClientPlugin 0xe202e:$b: ClientPlugin 0xe206e:$b: ClientPlugin 0xad933:$c: ProjectData 0xe1f53:$c: ProjectData 0xae33a:$d: DESCrypto 0xe295a:$d: DESCrypto 0xb5d06:$e: KeepAlive
00000012.00000002.448217064.0000000004611000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000012.00000002.448217064.0000000004611000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x4ea7d:$a: NanoCore 0x4ead6:$a: NanoCore 0x4eb13:$a: NanoCore 0x4eb8c:$a: NanoCore 0x54121:$a: NanoCore 0x5416b:$a: NanoCore 0x54355:$a: NanoCore 0x67c74:$a: NanoCore 0x67c89:$a: NanoCore 0x67cbe:$a: NanoCore 0x80c13:$a: NanoCore 0x80c28:$a: NanoCore 0x80c5d:$a: NanoCore 0x4eadf:$b: ClientPlugin 0x4eb1c:$b: ClientPlugin 0x4f41a:$b: ClientPlugin 0x4f427:$b: ClientPlugin 0x53eba:$b: ClientPlugin 0x5412a:$b: ClientPlugin 0x54174:$b: ClientPlugin 0x67a30:$b: ClientPlugin
Process Memory Space: yAbf8Z3qA5.exe PID: 6960	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xbb058:$x1: NanoCore.ClientPluginHost 0xbb095:$x2: IClientNetworkHost 0xbeb86:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0xc9c0c:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0xe61e0:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
Process Memory Space: yAbf8Z3qA5.exe PID: 6960	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: yAbf8Z3qA5.exe PID: 6960	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: yAbf8Z3qA5.exe PID: 6960	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xbad25:$a: NanoCore 0xbad35:$a: NanoCore 0xbadf4:$a: NanoCore 0xbae03:$a: NanoCore 0xbb004:$a: NanoCore 0xbb018:$a: NanoCore 0xbb058:$a: NanoCore 0xc6276:$a: NanoCore 0xc6288:$a: NanoCore 0xc62c4:$a: NanoCore 0xe284a:$a: NanoCore 0xe285c:$a: NanoCore 0xe2898:$a: NanoCore 0xbad84:$b: ClientPlugin 0xbae4d:$b: ClientPlugin 0xbb021:$b: ClientPlugin 0xbb061:$b: ClientPlugin 0xc6291:$b: ClientPlugin 0xc62cd:$b: ClientPlugin 0xe2865:$b: ClientPlugin 0xe28a1:$b: ClientPlugin
Process Memory Space: yAbf8Z3qA5.exe PID: 5964	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x27c35:$x1: NanoCore.ClientPluginHost 0x3fdcb:$x1: NanoCore.ClientPluginHost 0x4bceb:$x1: NanoCore.ClientPluginHost 0x63125:$x1: NanoCore.ClientPluginHost 0x9f883:$x1: NanoCore.ClientPluginHost 0xa902b:$x1: NanoCore.ClientPluginHost 0x27c62:$x2: IClientNetworkHost 0x4bd28:$x2: IClientNetworkHost 0x6313f:$x2: IClientNetworkHost 0x9f89d:$x2: IClientNetworkHost 0xa9045:$x2: IClientNetworkHost 0x4f819:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x5a89f:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
Process Memory Space: yAbf8Z3qA5.exe PID: 5964	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: yAbf8Z3qA5.exe PID: 5964	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x27beb:$a: NanoCore 0x27c00:$a: NanoCore 0x27c35:$a: NanoCore 0x2cdb7:$a: NanoCore 0x2cdca:$a: NanoCore 0x2cdfc:$a: NanoCore 0x3fdcb:$a: NanoCore 0x3fe15:$a: NanoCore 0x3fff5:$a: NanoCore 0x407a7:$a: NanoCore 0x407ed:$a: NanoCore 0x409b4:$a: NanoCore 0x4b9b8:$a: NanoCore 0x4b9c8:$a: NanoCore 0x4ba87:$a: NanoCore 0x4ba96:$a: NanoCore 0x4bc97:$a: NanoCore 0x4bcab:$a: NanoCore 0x4bceb:$a: NanoCore 0x56f09:$a: NanoCore 0x56f1b:$a: NanoCore
Process Memory Space: yAbf8Z3qA5.exe PID: 6476	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: dhcpmon.exe PID: 4724	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 97 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
8.2.yAbf8Z3qA5.exe.5bb4629.9.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost
8.2.yAbf8Z3qA5.exe.5bb4629.9.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost
8.2.yAbf8Z3qA5.exe.5bb4629.9.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.2.yAbf8Z3qA5.exe.3ec9511.6.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
8.2.yAbf8Z3qA5.exe.3ec9511.6.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
8.2.yAbf8Z3qA5.exe.3ec9511.6.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.2.yAbf8Z3qA5.exe.5bb0000.10.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
8.2.yAbf8Z3qA5.exe.5bb0000.10.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
8.2.yAbf8Z3qA5.exe.5bb0000.10.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.2.yAbf8Z3qA5.exe.5ba0000.8.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1646:$x1: NanoCore.ClientPluginHost
8.2.yAbf8Z3qA5.exe.5ba0000.8.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1646:$x2: NanoCore.ClientPluginHost 0x1724:$s4: PipeCreated 0x1660:$s5: IClientLoggingHost
12.2.yAbf8Z3qA5.exe.d37e8b8.7.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe38d:$x1: NanoCore.ClientPluginHost 0xe3ca:$x2: IClientNetworkHost 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
12.2.yAbf8Z3qA5.exe.d37e8b8.7.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe105:$x1: NanoCore Client.exe 0xe38d:$x2: NanoCore.ClientPluginHost 0xf9c6:$s1: PluginCommand 0xf9ba:$s2: FileCommand 0x1086b:$s3: PipeExists 0x16622:$s4: PipeCreated 0xe3b7:$s5: IClientLoggingHost
12.2.yAbf8Z3qA5.exe.d37e8b8.7.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.yAbf8Z3qA5.exe.d37e8b8.7.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xe0f5:$a: NanoCore 0xe105:$a: NanoCore 0xe339:$a: NanoCore 0xe34d:$a: NanoCore 0xe38d:$a: NanoCore 0xe154:$b: ClientPlugin 0xe356:$b: ClientPlugin 0xe396:$b: ClientPlugin 0xe27b:$c: ProjectData 0xec82:$d: DESCrypto 0x1664e:$e: KeepAlive 0x1463c:$g: LogClientMessage 0x10837:$i: get_Connected 0xefb8:$j: #=q 0xefe8:$j: #=q 0xf004:$j: #=q 0xf034:$j: #=q 0xf050:$j: #=q 0xf06c:$j: #=q 0xf09c:$j: #=q 0xf0b8:$j: #=q
8.0.yAbf8Z3qA5.exe.400000.12.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
8.0.yAbf8Z3qA5.exe.400000.12.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
8.0.yAbf8Z3qA5.exe.400000.12.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.0.yAbf8Z3qA5.exe.400000.12.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
8.2.yAbf8Z3qA5.exe.2e81674.3.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x40c2:$x1: NanoCore.ClientPluginHost
8.2.yAbf8Z3qA5.exe.2e81674.3.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x40c2:$x2: NanoCore.ClientPluginHost 0x41a0:$s4: PipeCreated 0x40dc:$s5: IClientLoggingHost
15.2.dhcpmon.exe.cf8e8b8.7.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x447ad:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x447ea:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x4831d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
15.2.dhcpmon.exe.cf8e8b8.7.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x44525:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x447ad:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x45de6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x45dda:$s2: FileCommand 0x1266b:$s3: PipeExists 0x46c8b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x4ca42:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost 0x447d7:$s5: IClientLoggingHost
15.2.dhcpmon.exe.cf8e8b8.7.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
15.2.dhcpmon.exe.cf8e8b8.7.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0x44515:$a: NanoCore 0x44525:$a: NanoCore 0x44759:$a: NanoCore 0x4476d:$a: NanoCore 0x447ad:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x44574:$b: ClientPlugin 0x44776:$b: ClientPlugin 0x447b6:$b: ClientPlugin 0x1007b:$c: ProjectData 0x4469b:$c: ProjectData 0x10a82:$d: DESCrypto 0x450a2:$d: DESCrypto 0x1844e:$e: KeepAlive
0.2.yAbf8Z3qA5.exe.c5ce8b8.7.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe38d:$x1: NanoCore.ClientPluginHost 0xe3ca:$x2: IClientNetworkHost 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.yAbf8Z3qA5.exe.c5ce8b8.7.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe105:$x1: NanoCore Client.exe 0xe38d:$x2: NanoCore.ClientPluginHost 0xf9c6:$s1: PluginCommand 0xf9ba:$s2: FileCommand 0x1086b:$s3: PipeExists 0x16622:$s4: PipeCreated 0xe3b7:$s5: IClientLoggingHost
0.2.yAbf8Z3qA5.exe.c5ce8b8.7.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.yAbf8Z3qA5.exe.c5ce8b8.7.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xe0f5:$a: NanoCore 0xe105:$a: NanoCore 0xe339:$a: NanoCore 0xe34d:$a: NanoCore 0xe38d:$a: NanoCore 0xe154:$b: ClientPlugin 0xe356:$b: ClientPlugin 0xe396:$b: ClientPlugin 0xe27b:$c: ProjectData 0xec82:$d: DESCrypto 0x1664e:$e: KeepAlive 0x1463c:$g: LogClientMessage 0x10837:$i: get_Connected 0xefb8:$j: #=q 0xefe8:$j: #=q 0xf004:$j: #=q 0xf034:$j: #=q 0xf050:$j: #=q 0xf06c:$j: #=q 0xf09c:$j: #=q 0xf0b8:$j: #=q
8.0.yAbf8Z3qA5.exe.400000.8.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
8.0.yAbf8Z3qA5.exe.400000.8.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
8.0.yAbf8Z3qA5.exe.400000.8.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.0.yAbf8Z3qA5.exe.400000.8.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
12.2.yAbf8Z3qA5.exe.d37e8b8.7.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x447ad:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x447ea:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x4831d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
12.2.yAbf8Z3qA5.exe.d37e8b8.7.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x44525:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x447ad:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x45de6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x45dda:$s2: FileCommand 0x1266b:$s3: PipeExists 0x46c8b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x4ca42:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost 0x447d7:$s5: IClientLoggingHost
12.2.yAbf8Z3qA5.exe.d37e8b8.7.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.yAbf8Z3qA5.exe.d37e8b8.7.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0x44515:$a: NanoCore 0x44525:$a: NanoCore 0x44759:$a: NanoCore 0x4476d:$a: NanoCore 0x447ad:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x44574:$b: ClientPlugin 0x44776:$b: ClientPlugin 0x447b6:$b: ClientPlugin 0x1007b:$c: ProjectData 0x4469b:$c: ProjectData 0x10a82:$d: DESCrypto 0x450a2:$d: DESCrypto 0x1844e:$e: KeepAlive
8.2.yAbf8Z3qA5.exe.3ebec9e.5.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x4083:$x1: NanoCore.ClientPluginHost
8.2.yAbf8Z3qA5.exe.3ebec9e.5.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x4083:$x2: NanoCore.ClientPluginHost 0x4161:$s4: PipeCreated 0x409d:$s5: IClientLoggingHost
8.2.yAbf8Z3qA5.exe.2e864f0.2.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1646:$x1: NanoCore.ClientPluginHost
8.2.yAbf8Z3qA5.exe.2e864f0.2.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1646:$x2: NanoCore.ClientPluginHost 0x1724:$s4: PipeCreated 0x1660:$s5: IClientLoggingHost
15.2.dhcpmon.exe.cf8e8b8.7.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe38d:$x1: NanoCore.ClientPluginHost 0xe3ca:$x2: IClientNetworkHost 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
15.2.dhcpmon.exe.cf8e8b8.7.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe105:$x1: NanoCore Client.exe 0xe38d:$x2: NanoCore.ClientPluginHost 0xf9c6:$s1: PluginCommand 0xf9ba:$s2: FileCommand 0x1086b:$s3: PipeExists 0x16622:$s4: PipeCreated 0xe3b7:$s5: IClientLoggingHost
15.2.dhcpmon.exe.cf8e8b8.7.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
15.2.dhcpmon.exe.cf8e8b8.7.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xe0f5:$a: NanoCore 0xe105:$a: NanoCore 0xe339:$a: NanoCore 0xe34d:$a: NanoCore 0xe38d:$a: NanoCore 0xe154:$b: ClientPlugin 0xe356:$b: ClientPlugin 0xe396:$b: ClientPlugin 0xe27b:$c: ProjectData 0xec82:$d: DESCrypto 0x1664e:$e: KeepAlive 0x1463c:$g: LogClientMessage 0x10837:$i: get_Connected 0xefb8:$j: #=q 0xefe8:$j: #=q 0xf004:$j: #=q 0xf034:$j: #=q 0xf050:$j: #=q 0xf06c:$j: #=q 0xf09c:$j: #=q 0xf0b8:$j: #=q
8.2.yAbf8Z3qA5.exe.2e81674.3.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0x64c2:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
8.2.yAbf8Z3qA5.exe.2e81674.3.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x64c2:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0x65a0:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost 0x64dc:$s5: IClientLoggingHost
8.0.yAbf8Z3qA5.exe.400000.6.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
8.0.yAbf8Z3qA5.exe.400000.6.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
8.0.yAbf8Z3qA5.exe.400000.6.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.0.yAbf8Z3qA5.exe.400000.6.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
8.2.yAbf8Z3qA5.exe.400000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
8.2.yAbf8Z3qA5.exe.400000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
8.2.yAbf8Z3qA5.exe.400000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.2.yAbf8Z3qA5.exe.400000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
8.2.yAbf8Z3qA5.exe.3ebec9e.5.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0x6483:$x1: NanoCore.ClientPluginHost 0x1a020:$x1: NanoCore.ClientPluginHost 0x32fbf:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost 0x1a04d:$x2: IClientNetworkHost 0x32fec:$x2: IClientNetworkHost
8.2.yAbf8Z3qA5.exe.3ebec9e.5.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x6483:$x2: NanoCore.ClientPluginHost 0x1a020:$x2: NanoCore.ClientPluginHost 0x32fbf:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0x6561:$s4: PipeCreated 0x1b0fb:$s4: PipeCreated 0x3409a:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost 0x649d:$s5: IClientLoggingHost 0x1a03a:$s5: IClientLoggingHost 0x32fd9:$s5: IClientLoggingHost
8.2.yAbf8Z3qA5.exe.3ebec9e.5.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.2.yAbf8Z3qA5.exe.3ebec9e.5.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xddf:$a: NanoCore 0xe38:$a: NanoCore 0xe75:$a: NanoCore 0xeee:$a: NanoCore 0x6483:$a: NanoCore 0x64cd:$a: NanoCore 0x66b7:$a: NanoCore 0x19fd6:$a: NanoCore 0x19feb:$a: NanoCore 0x1a020:$a: NanoCore 0x32f75:$a: NanoCore 0x32f8a:$a: NanoCore 0x32fbf:$a: NanoCore 0xe41:$b: ClientPlugin 0xe7e:$b: ClientPlugin 0x177c:$b: ClientPlugin 0x1789:$b: ClientPlugin 0x621c:$b: ClientPlugin 0x648c:$b: ClientPlugin 0x64d6:$b: ClientPlugin 0x19d92:$b: ClientPlugin
0.2.yAbf8Z3qA5.exe.c6030d8.8.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1585ad:$x1: NanoCore.ClientPluginHost 0x1585ea:$x2: IClientNetworkHost 0x15c11d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.yAbf8Z3qA5.exe.c6030d8.8.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.yAbf8Z3qA5.exe.c6030d8.8.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x158315:$a: NanoCore 0x158325:$a: NanoCore 0x158559:$a: NanoCore 0x15856d:$a: NanoCore 0x1585ad:$a: NanoCore 0x158374:$b: ClientPlugin 0x158576:$b: ClientPlugin 0x1585b6:$b: ClientPlugin 0x3198d:$c: ProjectData 0x15849b:$c: ProjectData 0x158ea2:$d: DESCrypto 0x16086e:$e: KeepAlive 0x15e85c:$g: LogClientMessage 0x15aa57:$i: get_Connected 0x1591d8:$j: #=q 0x159208:$j: #=q 0x159224:$j: #=q 0x159254:$j: #=q 0x159270:$j: #=q 0x15928c:$j: #=q 0x1592bc:$j: #=q
8.0.yAbf8Z3qA5.exe.400000.4.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
8.0.yAbf8Z3qA5.exe.400000.4.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
8.0.yAbf8Z3qA5.exe.400000.4.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.0.yAbf8Z3qA5.exe.400000.4.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
8.0.yAbf8Z3qA5.exe.400000.10.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
8.0.yAbf8Z3qA5.exe.400000.10.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
8.0.yAbf8Z3qA5.exe.400000.10.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.0.yAbf8Z3qA5.exe.400000.10.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
8.2.yAbf8Z3qA5.exe.5900000.7.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
8.2.yAbf8Z3qA5.exe.5900000.7.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
8.2.yAbf8Z3qA5.exe.3ec3adb.4.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1646:$x1: NanoCore.ClientPluginHost 0x151e3:$x1: NanoCore.ClientPluginHost 0x2e182:$x1: NanoCore.ClientPluginHost 0x15210:$x2: IClientNetworkHost 0x2e1af:$x2: IClientNetworkHost
8.2.yAbf8Z3qA5.exe.3ec3adb.4.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1646:$x2: NanoCore.ClientPluginHost 0x151e3:$x2: NanoCore.ClientPluginHost 0x2e182:$x2: NanoCore.ClientPluginHost 0x1724:$s4: PipeCreated 0x162be:$s4: PipeCreated 0x2f25d:$s4: PipeCreated 0x1660:$s5: IClientLoggingHost 0x151fd:$s5: IClientLoggingHost 0x2e19c:$s5: IClientLoggingHost
8.2.yAbf8Z3qA5.exe.3ec3adb.4.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.2.yAbf8Z3qA5.exe.3ec3adb.4.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1646:$a: NanoCore 0x1690:$a: NanoCore 0x187a:$a: NanoCore 0x15199:$a: NanoCore 0x151ae:$a: NanoCore 0x151e3:$a: NanoCore 0x2e138:$a: NanoCore 0x2e14d:$a: NanoCore 0x2e182:$a: NanoCore 0x13df:$b: ClientPlugin 0x164f:$b: ClientPlugin 0x1699:$b: ClientPlugin 0x14f55:$b: ClientPlugin 0x14f70:$b: ClientPlugin 0x14fa0:$b: ClientPlugin 0x151b7:$b: ClientPlugin 0x151ec:$b: ClientPlugin 0x2def4:$b: ClientPlugin 0x2df0f:$b: ClientPlugin 0x2df3f:$b: ClientPlugin 0x2e156:$b: ClientPlugin
8.2.yAbf8Z3qA5.exe.5bb0000.10.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
8.2.yAbf8Z3qA5.exe.5bb0000.10.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
8.2.yAbf8Z3qA5.exe.5bb0000.10.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.yAbf8Z3qA5.exe.c5ce8b8.7.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x18cdcd:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x18ce0a:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x19093d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.yAbf8Z3qA5.exe.c5ce8b8.7.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.yAbf8Z3qA5.exe.c5ce8b8.7.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0x18cb35:$a: NanoCore 0x18cb45:$a: NanoCore 0x18cd79:$a: NanoCore 0x18cd8d:$a: NanoCore 0x18cdcd:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x18cb94:$b: ClientPlugin 0x18cd96:$b: ClientPlugin 0x18cdd6:$b: ClientPlugin 0x1007b:$c: ProjectData 0x661ad:$c: ProjectData 0x18ccbb:$c: ProjectData 0x10a82:$d: DESCrypto 0x18d6c2:$d: DESCrypto
8.2.yAbf8Z3qA5.exe.3ec9511.6.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0x2874c:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost 0x28779:$x2: IClientNetworkHost
8.2.yAbf8Z3qA5.exe.3ec9511.6.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x2874c:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0x29827:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost 0x28766:$s5: IClientLoggingHost
8.2.yAbf8Z3qA5.exe.3ec9511.6.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Click to see the 80 entries

Sigma Overview

AV Detection

Sigma detected: NanoCore

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\yAbf8Z3qA5.exe, ProcessId: 5964, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

E-Banking Fraud

Sigma detected: NanoCore

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\yAbf8Z3qA5.exe, ProcessId: 5964, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

System Summary

Sigma detected: Suspicius Add Task From User AppData Temp

Source: Process started

Author: frack113: Data: Command: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmpFF62.tmp, CommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmpFF62.tmp, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\yAbf8Z3qA5.exe" , ParentImage: C:\Users\user\Desktop\yAbf8Z3qA5.exe, ParentProcessId: 6960, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmpFF62.tmp, ProcessId: 5788

Stealing of Sensitive Information

Sigma detected: NanoCore

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\yAbf8Z3qA5.exe, ProcessId: 5964, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

Remote Access Functionality

Sigma detected: NanoCore

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\yAbf8Z3qA5.exe, ProcessId: 5964, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: yAbf8Z3qA5.exe

ReversingLabs: Detection: 39%

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Roaming\BYTkrh.exe	ReversingLabs: Detection: 39%

Yara detected Nanocore RAT

Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.5bb4629.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.3ec9511.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.5bb0000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.dhcpmon.exe.cf8e8b8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yAbf8Z3qA5.exe.c5ce8b8.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.dhcpmon.exe.cf8e8b8.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.3ebec9e.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yAbf8Z3qA5.exe.c6030d8.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.3ec3adb.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.5bb0000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yAbf8Z3qA5.exe.c5ce8b8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.3ec9511.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001E.00000000.448894082.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.419515654.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000000.447649220.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.448108468.0000000003611000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.439620816.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.630595587.0000000005BB0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.422995956.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.420229761.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.380197922.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.460735897.0000000002BF1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.380861261.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.461004523.0000000003BF1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.437479878.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.459203730.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.440509698.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.444597183.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.418854563.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.472005093.00000000045F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.623546911.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.470493584.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.441490337.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.440223202.000000000D2E1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.378603204.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000000.450070713.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000000.451069768.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.383163459.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.471934462.00000000035F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.462617842.000000000C461000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.455188416.000000000CEF1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.448217064.0000000004611000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: yAbf8Z3qA5.exe PID: 6960, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: yAbf8Z3qA5.exe PID: 5964, type: MEMORYSTR

Machine Learning detection for sample

Source: yAbf8Z3qA5.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\BYTkrh.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Joe Sandbox ML: detected

Source: 8.0.yAbf8Z3qA5.exe.400000.12.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 8.0.yAbf8Z3qA5.exe.400000.8.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 8.2.yAbf8Z3qA5.exe.400000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 8.0.yAbf8Z3qA5.exe.400000.6.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 8.0.yAbf8Z3qA5.exe.400000.10.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 8.0.yAbf8Z3qA5.exe.400000.4.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 8.2.yAbf8Z3qA5.exe.5bb0000.10.unpack	Avira: Label: TR/NanoCore.fadte

Source: yAbf8Z3qA5.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: yAbf8Z3qA5.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: C:\Windows\77vrr.pdb source: yAbf8Z3qA5.exe, 00000008.00000002.626720826.0000000002AE5000.00000004.00000040.sdmp
Source:	Binary string: indows\77vrr.pdbpdbvrr.pdb source: yAbf8Z3qA5.exe, 00000008.00000002.626720826.0000000002AE5000.00000004.00000040.sdmp
Source:	Binary string: C:\Users\Administrator\Desktop\Client\Temp\kbdlgKkIwF\src\obj\Debug\77vrr.pdbL source: yAbf8Z3qA5.exe, 00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000000.349004657.0000000000022000.00000002.00020000.sdmp, yAbf8Z3qA5.exe, 00000007.00000000.373054168.0000000000122000.00000002.00020000.sdmp, yAbf8Z3qA5.exe, 00000008.00000000.380229783.0000000000792000.00000002.00020000.sdmp, yAbf8Z3qA5.exe, 0000000C.00000002.430138618.0000000000F32000.00000002.00020000.sdmp
Source:	Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\NanoProtectPlugin\NanoProtectClient\obj\Debug\NanoProtectClient.pdb source: yAbf8Z3qA5.exe, 00000008.00000002.630568364.0000000005BA0000.00000004.00020000.sdmp, yAbf8Z3qA5.exe, 00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000008.00000002.626822295.0000000002E71000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\user\Desktop\77vrr.pdb source: yAbf8Z3qA5.exe, 00000008.00000002.626720826.0000000002AE5000.00000004.00000040.sdmp
Source:	Binary string: C:\Users\Administrator\Desktop\Client\Temp\kbdlgKkIwF\src\obj\Debug\77vrr.pdb source: yAbf8Z3qA5.exe, yAbf8Z3qA5.exe, 0000000C.00000002.430138618.0000000000F32000.00000002.00020000.sdmp, dhcpmon.exe

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_02314930
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_02314920
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 4x nop then mov esp, ebp	8_2_050B8810
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	12_2_032747A8
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	12_2_03274798
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	15_2_018F489F
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	15_2_018F48B0
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	15_2_018F4860

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 185.19.85.175 ports 0,1,2,4,5,50421
Source: global traffic	TCP traffic: 197.210.64.245 ports 0,1,2,4,5,50421

Uses dynamic DNS services

Source: unknown

DNS query: name: strongodss.ddns.net

Source: global traffic	TCP traffic: 192.168.2.6:49755 -> 197.210.64.245:50421
Source: global traffic	TCP traffic: 192.168.2.6:49760 -> 185.19.85.175:50421

Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 185.19.85.175

Source: yAbf8Z3qA5.exe, 00000000.00000003.350523936.0000000004B19000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.354609078.0000000004B15000.00000004.00000001.sdmp	String found in binary or memory: http://en.w
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://fontfabrik.com
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: yAbf8Z3qA5.exe, 00000000.00000003.355947636.0000000004B4D000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.355902260.0000000004B4D000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.356028041.0000000004B4D000.00000004.00000001.sdmp	String found in binary or memory: http://www.ascendercorp.com/typedesigners.html
Source: yAbf8Z3qA5.exe, 00000000.00000003.354635060.0000000004B17000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.354609078.0000000004B15000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.353584518.0000000004B16000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.com
Source: yAbf8Z3qA5.exe, 00000000.00000003.353584518.0000000004B16000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.com)
Source: yAbf8Z3qA5.exe, 00000000.00000003.353584518.0000000004B16000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.comala
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: yAbf8Z3qA5.exe, 00000000.00000003.353584518.0000000004B16000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.comm
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: yAbf8Z3qA5.exe, 00000000.00000003.358953165.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.358983600.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.358928287.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.358873383.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.358901732.0000000004B45000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.html0
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: yAbf8Z3qA5.exe, 00000000.00000003.358506319.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.358477439.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.358532023.0000000004B45000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.fonts.com
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.353065872.0000000004B1B000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: yAbf8Z3qA5.exe, 00000000.00000003.353084236.0000000004B15000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cny4i
Source: yAbf8Z3qA5.exe, 00000000.00000003.360074854.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.360057596.0000000004B45000.00000004.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/2
Source: yAbf8Z3qA5.exe, 00000000.00000003.360074854.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.360057596.0000000004B45000.00000004.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/4
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: yAbf8Z3qA5.exe, 00000000.00000003.355077180.0000000004B18000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: yAbf8Z3qA5.exe, 00000000.00000003.355077180.0000000004B18000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Fm
Source: yAbf8Z3qA5.exe, 00000000.00000003.355077180.0000000004B18000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Negr
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.355930974.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.355896740.0000000004B45000.00000004.00000001.sdmp	String found in binary or memory: http://www.sakkal.com
Source: yAbf8Z3qA5.exe, 00000000.00000003.355896740.0000000004B45000.00000004.00000001.sdmp	String found in binary or memory: http://www.sakkal.comH
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.354609078.0000000004B15000.00000004.00000001.sdmp	String found in binary or memory: http://www.tiro.com
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.typography.netD
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.353584518.0000000004B16000.00000004.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: yAbf8Z3qA5.exe, 00000000.00000003.353584518.0000000004B16000.00000004.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cno.

Source: unknown

DNS traffic detected: queries for: strongodss.ddns.net

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

Code function: 8_2_051D3026 WSARecv,

8_2_051D3026

Source: yAbf8Z3qA5.exe, 00000008.00000002.630595587.0000000005BB0000.00000004.00020000.sdmp

Binary or memory string: RegisterRawInputDevices

E-Banking Fraud

Yara detected Nanocore RAT

Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.5bb4629.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.3ec9511.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.5bb0000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.dhcpmon.exe.cf8e8b8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yAbf8Z3qA5.exe.c5ce8b8.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.dhcpmon.exe.cf8e8b8.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.3ebec9e.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yAbf8Z3qA5.exe.c6030d8.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.3ec3adb.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.5bb0000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yAbf8Z3qA5.exe.c5ce8b8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.3ec9511.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001E.00000000.448894082.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.419515654.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000000.447649220.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.448108468.0000000003611000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.439620816.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.630595587.0000000005BB0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.422995956.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.420229761.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.380197922.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.460735897.0000000002BF1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.380861261.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.461004523.0000000003BF1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.437479878.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.459203730.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.440509698.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.444597183.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.418854563.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.472005093.00000000045F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.623546911.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.470493584.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.441490337.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.440223202.000000000D2E1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.378603204.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000000.450070713.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000000.451069768.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.383163459.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.471934462.00000000035F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.462617842.000000000C461000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.455188416.000000000CEF1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.448217064.0000000004611000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: yAbf8Z3qA5.exe PID: 6960, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: yAbf8Z3qA5.exe PID: 5964, type: MEMORYSTR

System Summary

Malicious sample detected (through community Yara rule)

Source: 8.2.yAbf8Z3qA5.exe.5bb4629.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.yAbf8Z3qA5.exe.3ec9511.6.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.yAbf8Z3qA5.exe.5bb0000.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.yAbf8Z3qA5.exe.5ba0000.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.yAbf8Z3qA5.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.0.yAbf8Z3qA5.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.yAbf8Z3qA5.exe.2e81674.3.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 15.2.dhcpmon.exe.cf8e8b8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 15.2.dhcpmon.exe.cf8e8b8.7.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.yAbf8Z3qA5.exe.c5ce8b8.7.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.yAbf8Z3qA5.exe.c5ce8b8.7.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.yAbf8Z3qA5.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.0.yAbf8Z3qA5.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.yAbf8Z3qA5.exe.3ebec9e.5.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.yAbf8Z3qA5.exe.2e864f0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 15.2.dhcpmon.exe.cf8e8b8.7.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 15.2.dhcpmon.exe.cf8e8b8.7.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.yAbf8Z3qA5.exe.2e81674.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.0.yAbf8Z3qA5.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.0.yAbf8Z3qA5.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.yAbf8Z3qA5.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.yAbf8Z3qA5.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.yAbf8Z3qA5.exe.3ebec9e.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.yAbf8Z3qA5.exe.3ebec9e.5.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.yAbf8Z3qA5.exe.c6030d8.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.yAbf8Z3qA5.exe.c6030d8.8.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.yAbf8Z3qA5.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.0.yAbf8Z3qA5.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.yAbf8Z3qA5.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.0.yAbf8Z3qA5.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.yAbf8Z3qA5.exe.5900000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.yAbf8Z3qA5.exe.3ec3adb.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.yAbf8Z3qA5.exe.3ec3adb.4.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.yAbf8Z3qA5.exe.5bb0000.10.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.yAbf8Z3qA5.exe.c5ce8b8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.yAbf8Z3qA5.exe.c5ce8b8.7.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.yAbf8Z3qA5.exe.3ec9511.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000001E.00000000.448894082.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000001E.00000000.448894082.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000012.00000000.419515654.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000000.419515654.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001E.00000000.447649220.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000001E.00000000.447649220.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000012.00000002.448108468.0000000003611000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001A.00000000.439620816.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000001A.00000000.439620816.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000002.630595587.0000000005BB0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000000.422995956.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000000.422995956.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000002.630568364.0000000005BA0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000000.420229761.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000000.420229761.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000000.380197922.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000008.00000000.380197922.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001A.00000002.460735897.0000000002BF1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000000.380861261.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000008.00000000.380861261.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001A.00000002.461004523.0000000003BF1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001A.00000000.437479878.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000001A.00000000.437479878.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001A.00000002.459203730.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000001A.00000002.459203730.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001A.00000000.440509698.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000001A.00000000.440509698.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000012.00000002.444597183.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000002.444597183.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000002.630404786.0000000005900000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000000.418854563.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000000.418854563.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001E.00000002.472005093.00000000045F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000002.623546911.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000008.00000002.623546911.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001E.00000002.470493584.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000001E.00000002.470493584.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001A.00000000.441490337.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000001A.00000000.441490337.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000C.00000002.440223202.000000000D2E1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.440223202.000000000D2E1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000000.378603204.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000008.00000000.378603204.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001E.00000000.450070713.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000001E.00000000.450070713.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001E.00000000.451069768.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000001E.00000000.451069768.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000000.383163459.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000008.00000000.383163459.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001E.00000002.471934462.00000000035F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000016.00000002.462617842.000000000C461000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000016.00000002.462617842.000000000C461000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000F.00000002.455188416.000000000CEF1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000F.00000002.455188416.000000000CEF1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000012.00000002.448217064.0000000004611000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: yAbf8Z3qA5.exe PID: 6960, type: MEMORYSTR	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: yAbf8Z3qA5.exe PID: 6960, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: yAbf8Z3qA5.exe PID: 5964, type: MEMORYSTR	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: yAbf8Z3qA5.exe PID: 5964, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>

.NET source code contains very large strings

Source: yAbf8Z3qA5.exe, Startup.cs	Long String: Length: 22528
Source: BYTkrh.exe.0.dr, Startup.cs	Long String: Length: 22528
Source: 0.0.yAbf8Z3qA5.exe.20000.0.unpack, Startup.cs	Long String: Length: 22528
Source: 0.2.yAbf8Z3qA5.exe.20000.0.unpack, Startup.cs	Long String: Length: 22528
Source: 7.2.yAbf8Z3qA5.exe.120000.0.unpack, Startup.cs	Long String: Length: 22528
Source: 7.0.yAbf8Z3qA5.exe.120000.3.unpack, Startup.cs	Long String: Length: 22528
Source: 7.0.yAbf8Z3qA5.exe.120000.0.unpack, Startup.cs	Long String: Length: 22528
Source: 7.0.yAbf8Z3qA5.exe.120000.2.unpack, Startup.cs	Long String: Length: 22528

Source: yAbf8Z3qA5.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: 8.2.yAbf8Z3qA5.exe.5bb4629.9.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.yAbf8Z3qA5.exe.5bb4629.9.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.yAbf8Z3qA5.exe.3ec9511.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.yAbf8Z3qA5.exe.3ec9511.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.yAbf8Z3qA5.exe.5bb0000.10.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.yAbf8Z3qA5.exe.5bb0000.10.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.yAbf8Z3qA5.exe.5ba0000.8.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.yAbf8Z3qA5.exe.5ba0000.8.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.0.yAbf8Z3qA5.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.0.yAbf8Z3qA5.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.yAbf8Z3qA5.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.2.yAbf8Z3qA5.exe.2e81674.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.yAbf8Z3qA5.exe.2e81674.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 15.2.dhcpmon.exe.cf8e8b8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 15.2.dhcpmon.exe.cf8e8b8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 15.2.dhcpmon.exe.cf8e8b8.7.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.yAbf8Z3qA5.exe.c5ce8b8.7.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.yAbf8Z3qA5.exe.c5ce8b8.7.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.yAbf8Z3qA5.exe.c5ce8b8.7.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.0.yAbf8Z3qA5.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.0.yAbf8Z3qA5.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.yAbf8Z3qA5.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.2.yAbf8Z3qA5.exe.3ebec9e.5.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.yAbf8Z3qA5.exe.3ebec9e.5.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.yAbf8Z3qA5.exe.2e864f0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.yAbf8Z3qA5.exe.2e864f0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 15.2.dhcpmon.exe.cf8e8b8.7.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 15.2.dhcpmon.exe.cf8e8b8.7.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 15.2.dhcpmon.exe.cf8e8b8.7.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.2.yAbf8Z3qA5.exe.2e81674.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.yAbf8Z3qA5.exe.2e81674.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.yAbf8Z3qA5.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.0.yAbf8Z3qA5.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.yAbf8Z3qA5.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.2.yAbf8Z3qA5.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.yAbf8Z3qA5.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.yAbf8Z3qA5.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.2.yAbf8Z3qA5.exe.3ebec9e.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.yAbf8Z3qA5.exe.3ebec9e.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.yAbf8Z3qA5.exe.3ebec9e.5.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.yAbf8Z3qA5.exe.c6030d8.8.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.yAbf8Z3qA5.exe.c6030d8.8.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.0.yAbf8Z3qA5.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.0.yAbf8Z3qA5.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.yAbf8Z3qA5.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.0.yAbf8Z3qA5.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.0.yAbf8Z3qA5.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.yAbf8Z3qA5.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.2.yAbf8Z3qA5.exe.5900000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.yAbf8Z3qA5.exe.5900000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.yAbf8Z3qA5.exe.3ec3adb.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.yAbf8Z3qA5.exe.3ec3adb.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.yAbf8Z3qA5.exe.3ec3adb.4.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.2.yAbf8Z3qA5.exe.5bb0000.10.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.yAbf8Z3qA5.exe.5bb0000.10.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.yAbf8Z3qA5.exe.c5ce8b8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.yAbf8Z3qA5.exe.c5ce8b8.7.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.2.yAbf8Z3qA5.exe.3ec9511.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.yAbf8Z3qA5.exe.3ec9511.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0000001E.00000000.448894082.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000001E.00000000.448894082.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000012.00000000.419515654.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000012.00000000.419515654.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000001E.00000000.447649220.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000001E.00000000.447649220.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000012.00000002.448108468.0000000003611000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000001A.00000000.439620816.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000001A.00000000.439620816.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000008.00000002.630595587.0000000005BB0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000008.00000002.630595587.0000000005BB0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000012.00000000.422995956.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000012.00000000.422995956.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000008.00000002.630568364.0000000005BA0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000008.00000002.630568364.0000000005BA0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000012.00000000.420229761.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000012.00000000.420229761.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000008.00000000.380197922.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000008.00000000.380197922.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000001A.00000002.460735897.0000000002BF1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000008.00000000.380861261.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000008.00000000.380861261.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000001A.00000002.461004523.0000000003BF1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000001A.00000000.437479878.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000001A.00000000.437479878.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000001A.00000002.459203730.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000001A.00000002.459203730.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000001A.00000000.440509698.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000001A.00000000.440509698.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000012.00000002.444597183.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000012.00000002.444597183.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000008.00000002.630404786.0000000005900000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000008.00000002.630404786.0000000005900000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000012.00000000.418854563.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000012.00000000.418854563.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000001E.00000002.472005093.00000000045F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000008.00000002.623546911.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000008.00000002.623546911.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000001E.00000002.470493584.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000001E.00000002.470493584.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000001A.00000000.441490337.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000001A.00000000.441490337.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000000C.00000002.440223202.000000000D2E1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.440223202.000000000D2E1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000008.00000000.378603204.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000008.00000000.378603204.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000001E.00000000.450070713.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000001E.00000000.450070713.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000001E.00000000.451069768.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000001E.00000000.451069768.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000008.00000000.383163459.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000008.00000000.383163459.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000001E.00000002.471934462.00000000035F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000016.00000002.462617842.000000000C461000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000016.00000002.462617842.000000000C461000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000000F.00000002.455188416.000000000CEF1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000F.00000002.455188416.000000000CEF1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000012.00000002.448217064.0000000004611000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: yAbf8Z3qA5.exe PID: 6960, type: MEMORYSTR	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: yAbf8Z3qA5.exe PID: 6960, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: yAbf8Z3qA5.exe PID: 5964, type: MEMORYSTR	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: yAbf8Z3qA5.exe PID: 5964, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_02312E91	0_2_02312E91
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_02311DA0	0_2_02311DA0
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_02312C19	0_2_02312C19
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_02310007	0_2_02310007
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_02310070	0_2_02310070
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_0231447C	0_2_0231447C
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_02312258	0_2_02312258
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_02312248	0_2_02312248
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_023106B0	0_2_023106B0
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_023106A1	0_2_023106A1
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_023116A8	0_2_023116A8
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_02311698	0_2_02311698
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_0231449F	0_2_0231449F
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_023130D0	0_2_023130D0
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_023130C0	0_2_023130C0
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_02311507	0_2_02311507
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_02311D91	0_2_02311D91
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_04928840	0_2_04928840
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_0492B9D8	0_2_0492B9D8
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_049277E8	0_2_049277E8
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_04929700	0_2_04929700
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_04927F30	0_2_04927F30
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_04924B66	0_2_04924B66
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_0492A480	0_2_0492A480
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_0492B439	0_2_0492B439
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_0492C42C	0_2_0492C42C
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_0492B85A	0_2_0492B85A
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_0492B448	0_2_0492B448
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_0492A471	0_2_0492A471
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_0492B868	0_2_0492B868
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_04922112	0_2_04922112
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_04921D50	0_2_04921D50
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_049296FB	0_2_049296FB
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_0492B618	0_2_0492B618
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_0492B608	0_2_0492B608
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_049277CE	0_2_049277CE
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_04929B30	0_2_04929B30
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 8_2_050B8D68	8_2_050B8D68
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 8_2_050B9968	8_2_050B9968
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 8_2_050B3850	8_2_050B3850
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 8_2_050B2FA8	8_2_050B2FA8
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 8_2_050B23A0	8_2_050B23A0
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 8_2_050BB638	8_2_050BB638
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 8_2_050B306F	8_2_050B306F
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 8_2_050B9A2F	8_2_050B9A2F
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_03271D20	12_2_03271D20
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_03272E11	12_2_03272E11
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_03271D0F	12_2_03271D0F
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_03272B98	12_2_03272B98
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_03274398	12_2_03274398
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032721C8	12_2_032721C8
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032721D8	12_2_032721D8
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_03270006	12_2_03270006
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_03270070	12_2_03270070
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_03273040	12_2_03273040
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_03273050	12_2_03273050
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032706A1	12_2_032706A1
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032716A8	12_2_032716A8
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032706B0	12_2_032706B0
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_03271698	12_2_03271698
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_03271CD0	12_2_03271CD0
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032C7F30	12_2_032C7F30
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032C9700	12_2_032C9700
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032C77E8	12_2_032C77E8
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032CB9D8	12_2_032CB9D8
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032C8840	12_2_032C8840
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032C7740	12_2_032C7740
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032C775E	12_2_032C775E
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032CB608	12_2_032CB608
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032CB618	12_2_032CB618
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032C96E1	12_2_032C96E1
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032C76F7	12_2_032C76F7
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032CC427	12_2_032CC427
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032CB439	12_2_032CB439
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032CB868	12_2_032CB868
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032CA47A	12_2_032CA47A
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032CB448	12_2_032CB448
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032CB85A	12_2_032CB85A
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032CA480	12_2_032CA480
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_0172B9D8	15_2_0172B9D8
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_01728840	15_2_01728840
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_017240F2	15_2_017240F2
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_01724B66	15_2_01724B66
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_01727F30	15_2_01727F30
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_01729700	15_2_01729700
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_017277E8	15_2_017277E8
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_0172A470	15_2_0172A470
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_0172B863	15_2_0172B863
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_0172B868	15_2_0172B868
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_0172EC6D	15_2_0172EC6D
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_0172B448	15_2_0172B448
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_0172B439	15_2_0172B439
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_0172C42C	15_2_0172C42C
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_0172A480	15_2_0172A480
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_01727740	15_2_01727740
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_0172771D	15_2_0172771D
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_0172B618	15_2_0172B618
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_0172B608	15_2_0172B608
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_017296EC	15_2_017296EC
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_018F1D20	15_2_018F1D20
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_018F2E11	15_2_018F2E11
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_018F2B98	15_2_018F2B98
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_018F21D8	15_2_018F21D8
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_018F1D0F	15_2_018F1D0F
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_018F1698	15_2_018F1698
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_018F16A8	15_2_018F16A8
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_018F06A1	15_2_018F06A1
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_018F06B0	15_2_018F06B0
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_018F1CD0	15_2_018F1CD0
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_018F0016	15_2_018F0016
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_018F3040	15_2_018F3040
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_018F3050	15_2_018F3050
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_018F0070	15_2_018F0070

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 8_2_051D178E NtQuerySystemInformation,		8_2_051D178E
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 8_2_051D1753 NtQuerySystemInformation,		8_2_051D1753

Source: yAbf8Z3qA5.exe, 00000000.00000002.388705528.0000000000162000.00000002.00020000.sdmp	Binary or memory string: OriginalFilename77vrr.exe6 vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000000.00000002.389586829.00000000027D1000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameBunifu.UI.dll4 vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp	Binary or memory string: OriginalFilename77vrr.exe6 vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000000.00000002.393671522.0000000006B00000.00000004.00020000.sdmp	Binary or memory string: OriginalFilenameMajorRevision.exe< vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000000.00000003.364930637.0000000002CCA000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameMajorRevision.exe< vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000000.00000002.393278734.00000000067D0000.00000004.00020000.sdmp	Binary or memory string: OriginalFilenameBunifu.UI.dll4 vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000000.00000002.390927325.00000000037D1000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameMajorRevision.exe< vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000007.00000000.374768412.0000000000262000.00000002.00020000.sdmp	Binary or memory string: OriginalFilename77vrr.exe6 vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000008.00000000.378275741.00000000008D2000.00000002.00020000.sdmp	Binary or memory string: OriginalFilename77vrr.exe6 vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000008.00000002.630595587.0000000005BB0000.00000004.00020000.sdmp	Binary or memory string: OriginalFilenameLzma#.dll4 vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000008.00000002.630595587.0000000005BB0000.00000004.00020000.sdmp	Binary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000008.00000002.630568364.0000000005BA0000.00000004.00020000.sdmp	Binary or memory string: OriginalFilenameNanoProtectClient.dllT vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameClientPlugin.dll4 vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameNanoProtectClient.dllT vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameLzma#.dll4 vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000008.00000002.630404786.0000000005900000.00000004.00020000.sdmp	Binary or memory string: OriginalFilenameClientPlugin.dll4 vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000008.00000002.626822295.0000000002E71000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameClientPlugin.dll4 vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000008.00000002.626822295.0000000002E71000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameNanoProtectClient.dllT vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 00000008.00000002.630937037.0000000006090000.00000004.00020000.sdmp	Binary or memory string: OriginalFilenameLzma#.dll4 vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 0000000C.00000002.439275846.00000000071D0000.00000004.00020000.sdmp	Binary or memory string: OriginalFilenameBunifu.UI.dll4 vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 0000000C.00000002.431278169.0000000001072000.00000002.00020000.sdmp	Binary or memory string: OriginalFilename77vrr.exe6 vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 0000000C.00000002.435607203.0000000004741000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameMajorRevision.exe< vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 0000000C.00000003.401361631.0000000003C3A000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameMajorRevision.exe< vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 0000000C.00000002.433704504.0000000003741000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameBunifu.UI.dll4 vs yAbf8Z3qA5.exe
Source: yAbf8Z3qA5.exe, 0000000C.00000002.439531181.00000000074F0000.00000004.00020000.sdmp	Binary or memory string: OriginalFilenameMajorRevision.exe< vs yAbf8Z3qA5.exe

Source: yAbf8Z3qA5.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: BYTkrh.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: yAbf8Z3qA5.exe	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: BYTkrh.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: yAbf8Z3qA5.exe

ReversingLabs: Detection: 39%

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

File read: C:\Users\user\Desktop\yAbf8Z3qA5.exe

Jump to behavior

Source: yAbf8Z3qA5.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\yAbf8Z3qA5.exe "C:\Users\user\Desktop\yAbf8Z3qA5.exe"
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmpFF62.tmp
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Users\user\Desktop\yAbf8Z3qA5.exe {path}
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Users\user\Desktop\yAbf8Z3qA5.exe {path}
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp6807.tmp
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmp6F7A.tmp
Source: unknown	Process created: C:\Users\user\Desktop\yAbf8Z3qA5.exe C:\Users\user\Desktop\yAbf8Z3qA5.exe 0
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" 0
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmp41AB.tmp
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Users\user\Desktop\yAbf8Z3qA5.exe {path}
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmp4BCD.tmp
Source: unknown	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmp6E1A.tmp
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmpFF62.tmp	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Users\user\Desktop\yAbf8Z3qA5.exe {path}	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Users\user\Desktop\yAbf8Z3qA5.exe {path}	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp6807.tmp	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmp6F7A.tmp	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmp41AB.tmp	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Users\user\Desktop\yAbf8Z3qA5.exe {path}	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmp4BCD.tmp	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}	Jump to behavior

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_02300F02 AdjustTokenPrivileges,	0_2_02300F02
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_02300ECB AdjustTokenPrivileges,	0_2_02300ECB
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 8_2_051D154E AdjustTokenPrivileges,	8_2_051D154E
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 8_2_051D1517 AdjustTokenPrivileges,	8_2_051D1517
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_018E0E52 AdjustTokenPrivileges,	15_2_018E0E52
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_018E0E1B AdjustTokenPrivileges,	15_2_018E0E1B

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

File created: C:\Users\user\AppData\Roaming\BYTkrh.exe

Jump to behavior

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

File created: C:\Users\user\AppData\Local\Temp\tmpFF62.tmp

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winEXE@32/10@10/2

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2152:120:WilError_01
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{60215651-75f6-4eb5-9240-aa39bd289f88}
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1256:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2320:120:WilError_01

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

File created: C:\Program Files (x86)\DHCP Monitor

Jump to behavior

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: yAbf8Z3qA5.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: yAbf8Z3qA5.exe

Static file information: File size 1345024 > 1048576

Source: yAbf8Z3qA5.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: yAbf8Z3qA5.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x13f000

Source: yAbf8Z3qA5.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source: yAbf8Z3qA5.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Windows\77vrr.pdb source: yAbf8Z3qA5.exe, 00000008.00000002.626720826.0000000002AE5000.00000004.00000040.sdmp
Source:	Binary string: indows\77vrr.pdbpdbvrr.pdb source: yAbf8Z3qA5.exe, 00000008.00000002.626720826.0000000002AE5000.00000004.00000040.sdmp
Source:	Binary string: C:\Users\Administrator\Desktop\Client\Temp\kbdlgKkIwF\src\obj\Debug\77vrr.pdbL source: yAbf8Z3qA5.exe, 00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000000.349004657.0000000000022000.00000002.00020000.sdmp, yAbf8Z3qA5.exe, 00000007.00000000.373054168.0000000000122000.00000002.00020000.sdmp, yAbf8Z3qA5.exe, 00000008.00000000.380229783.0000000000792000.00000002.00020000.sdmp, yAbf8Z3qA5.exe, 0000000C.00000002.430138618.0000000000F32000.00000002.00020000.sdmp
Source:	Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\NanoProtectPlugin\NanoProtectClient\obj\Debug\NanoProtectClient.pdb source: yAbf8Z3qA5.exe, 00000008.00000002.630568364.0000000005BA0000.00000004.00020000.sdmp, yAbf8Z3qA5.exe, 00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000008.00000002.626822295.0000000002E71000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\user\Desktop\77vrr.pdb source: yAbf8Z3qA5.exe, 00000008.00000002.626720826.0000000002AE5000.00000004.00000040.sdmp
Source:	Binary string: C:\Users\Administrator\Desktop\Client\Temp\kbdlgKkIwF\src\obj\Debug\77vrr.pdb source: yAbf8Z3qA5.exe, yAbf8Z3qA5.exe, 0000000C.00000002.430138618.0000000000F32000.00000002.00020000.sdmp, dhcpmon.exe

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_023142AC push ebp; ret	0_2_023142D3
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_0231428F push ebp; ret	0_2_02314293
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 0_2_02310FB7 push edi; ret	0_2_02310FB8
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_03270FB7 push edi; ret	12_2_03270FB8
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 12_2_032C5500 push ebx; ret	12_2_032C5501
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_0172771D pushad ; retf	15_2_01727845
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 15_2_018F0FB7 push edi; ret	15_2_018F0FB8

Source: initial sample	Static PE information: section name: .text entropy: 7.7042659795
Source: initial sample	Static PE information: section name: .text entropy: 7.7042659795

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	File created: C:\Users\user\AppData\Roaming\BYTkrh.exe			Jump to dropped file
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	File created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe			Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmpFF62.tmp

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

File opened: C:\Users\user\Desktop\yAbf8Z3qA5.exe:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: yAbf8Z3qA5.exe PID: 6960, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: yAbf8Z3qA5.exe PID: 6476, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dhcpmon.exe PID: 4724, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: yAbf8Z3qA5.exe, 00000000.00000002.393928901.0000000006CAE000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 0000000C.00000002.439873858.000000000769E000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.454848113.000000000752E000.00000004.00000001.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: yAbf8Z3qA5.exe, 00000000.00000002.393928901.0000000006CAE000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 0000000C.00000002.439873858.000000000769E000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.454848113.000000000752E000.00000004.00000001.sdmp	Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe TID: 7004	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe TID: 5540	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe TID: 5352	Thread sleep time: -280000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe TID: 4368	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 3940	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

Code function: 0_2_02311507 rdtsc

0_2_02311507

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

Window / User API: foregroundWindowGot 821

Jump to behavior

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

Code function: 8_2_051D1276 GetSystemInfo,

8_2_051D1276

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: dhcpmon.exe, 0000000F.00000002.454848113.000000000752E000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True
Source: dhcpmon.exe, 0000000F.00000002.454848113.000000000752E000.00000004.00000001.sdmp	Binary or memory string: vmware
Source: dhcpmon.exe, 0000000F.00000002.454848113.000000000752E000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: dhcpmon.exe, 0000000F.00000002.454848113.000000000752E000.00000004.00000001.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: dhcpmon.exe, 0000000F.00000002.454848113.000000000752E000.00000004.00000001.sdmp	Binary or memory string: VMWARE
Source: dhcpmon.exe, 0000000F.00000002.454848113.000000000752E000.00000004.00000001.sdmp	Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: dhcpmon.exe, 0000000F.00000002.454848113.000000000752E000.00000004.00000001.sdmp	Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: dhcpmon.exe, 0000000F.00000002.454848113.000000000752E000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II
Source: dhcpmon.exe, 0000000F.00000002.454848113.000000000752E000.00000004.00000001.sdmp	Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

Code function: 0_2_02311507 rdtsc

0_2_02311507

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Memory written: C:\Users\user\Desktop\yAbf8Z3qA5.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Memory written: C:\Users\user\Desktop\yAbf8Z3qA5.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Memory written: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe base: 400000 value starts with: 4D5A	Jump to behavior

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmpFF62.tmp	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Users\user\Desktop\yAbf8Z3qA5.exe {path}	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Users\user\Desktop\yAbf8Z3qA5.exe {path}	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp6807.tmp	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmp6F7A.tmp	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmp41AB.tmp	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Process created: C:\Users\user\Desktop\yAbf8Z3qA5.exe {path}	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmp4BCD.tmp	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}	Jump to behavior

Source: yAbf8Z3qA5.exe, 00000008.00000002.627891290.00000000030E9000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000008.00000002.627110734.0000000002F06000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000008.00000002.627960850.0000000003100000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000008.00000002.627751384.0000000003088000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000008.00000002.628021533.0000000003115000.00000004.00000001.sdmp	Binary or memory string: Program Manager
Source: yAbf8Z3qA5.exe, 00000008.00000002.626426402.0000000001490000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: yAbf8Z3qA5.exe, 00000008.00000002.626426402.0000000001490000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: yAbf8Z3qA5.exe, 00000008.00000002.626426402.0000000001490000.00000002.00020000.sdmp	Binary or memory string: &Program Manager
Source: yAbf8Z3qA5.exe, 00000008.00000002.626426402.0000000001490000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Nanocore RAT

Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.5bb4629.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.3ec9511.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.5bb0000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.dhcpmon.exe.cf8e8b8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yAbf8Z3qA5.exe.c5ce8b8.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.dhcpmon.exe.cf8e8b8.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.3ebec9e.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yAbf8Z3qA5.exe.c6030d8.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.3ec3adb.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.5bb0000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yAbf8Z3qA5.exe.c5ce8b8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.3ec9511.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001E.00000000.448894082.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.419515654.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000000.447649220.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.448108468.0000000003611000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.439620816.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.630595587.0000000005BB0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.422995956.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.420229761.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.380197922.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.460735897.0000000002BF1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.380861261.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.461004523.0000000003BF1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.437479878.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.459203730.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.440509698.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.444597183.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.418854563.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.472005093.00000000045F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.623546911.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.470493584.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.441490337.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.440223202.000000000D2E1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.378603204.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000000.450070713.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000000.451069768.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.383163459.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.471934462.00000000035F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.462617842.000000000C461000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.455188416.000000000CEF1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.448217064.0000000004611000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: yAbf8Z3qA5.exe PID: 6960, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: yAbf8Z3qA5.exe PID: 5964, type: MEMORYSTR

Remote Access Functionality

Detected Nanocore Rat

Source: yAbf8Z3qA5.exe, 00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: yAbf8Z3qA5.exe, 00000008.00000002.630595587.0000000005BB0000.00000004.00020000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: yAbf8Z3qA5.exe, 00000008.00000002.630568364.0000000005BA0000.00000004.00020000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: yAbf8Z3qA5.exe, 00000008.00000002.630568364.0000000005BA0000.00000004.00020000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoProtectClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoProtectClientClientPluginResourcesNanoProtectClient.My.ResourcesMySettingsMySettingsPropertyFunctionsNanoProtectClient.NanoProtectMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsGetProtectDirectoryGetProtectFileCreateProtectFileKillNanoCoreSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeLogClientMessageSystem.IOFileExistsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedEnvironmentSpecialFolderGetFolderPathPathCombineExceptionDirectoryDirectoryInfoCreateDirectoryFileStreamCreateProjectDataSetProjectErrorClearProjectErrorProcessGetCurrentProcessKillNanoProtectClient.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoProtectClient.dlla[NanoProtect]: Checking for NanoProtect module..
Source: yAbf8Z3qA5.exe, 00000008.00000000.380197922.0000000000402000.00000040.00000001.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: yAbf8Z3qA5.exe, 00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: yAbf8Z3qA5.exe, 00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: yAbf8Z3qA5.exe, 00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoProtectClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoProtectClientClientPluginResourcesNanoProtectClient.My.ResourcesMySettingsMySettingsPropertyFunctionsNanoProtectClient.NanoProtectMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsGetProtectDirectoryGetProtectFileCreateProtectFileKillNanoCoreSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeLogClientMessageSystem.IOFileExistsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedEnvironmentSpecialFolderGetFolderPathPathCombineExceptionDirectoryDirectoryInfoCreateDirectoryFileStreamCreateProjectDataSetProjectErrorClearProjectErrorProcessGetCurrentProcessKillNanoProtectClient.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoProtectClient.dlla[NanoProtect]: Checking for NanoProtect module..
Source: yAbf8Z3qA5.exe, 00000008.00000002.630404786.0000000005900000.00000004.00020000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: yAbf8Z3qA5.exe, 00000008.00000002.630404786.0000000005900000.00000004.00020000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: yAbf8Z3qA5.exe, 00000008.00000002.626822295.0000000002E71000.00000004.00000001.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: yAbf8Z3qA5.exe, 00000008.00000002.626822295.0000000002E71000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: yAbf8Z3qA5.exe, 00000008.00000002.626822295.0000000002E71000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoProtectClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoProtectClientClientPluginResourcesNanoProtectClient.My.ResourcesMySettingsMySettingsPropertyFunctionsNanoProtectClient.NanoProtectMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsGetProtectDirectoryGetProtectFileCreateProtectFileKillNanoCoreSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeLogClientMessageSystem.IOFileExistsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedEnvironmentSpecialFolderGetFolderPathPathCombineExceptionDirectoryDirectoryInfoCreateDirectoryFileStreamCreateProjectDataSetProjectErrorClearProjectErrorProcessGetCurrentProcessKillNanoProtectClient.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoProtectClient.dlla[NanoProtect]: Checking for NanoProtect module..

Yara detected Nanocore RAT

Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.5bb4629.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.3ec9511.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.5bb0000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.dhcpmon.exe.cf8e8b8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yAbf8Z3qA5.exe.c5ce8b8.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yAbf8Z3qA5.exe.d37e8b8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.dhcpmon.exe.cf8e8b8.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.3ebec9e.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yAbf8Z3qA5.exe.c6030d8.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.yAbf8Z3qA5.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.3ec3adb.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.5bb0000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yAbf8Z3qA5.exe.c5ce8b8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.yAbf8Z3qA5.exe.3ec9511.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001E.00000000.448894082.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.419515654.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000000.447649220.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.448108468.0000000003611000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.439620816.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.630595587.0000000005BB0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.422995956.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.420229761.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.380197922.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.460735897.0000000002BF1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.380861261.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.461004523.0000000003BF1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.437479878.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.459203730.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.440509698.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.444597183.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.418854563.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.472005093.00000000045F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.623546911.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.470493584.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.441490337.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.440223202.000000000D2E1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.378603204.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000000.450070713.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000000.451069768.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.383163459.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.471934462.00000000035F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.462617842.000000000C461000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.455188416.000000000CEF1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.448217064.0000000004611000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: yAbf8Z3qA5.exe PID: 6960, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: yAbf8Z3qA5.exe PID: 5964, type: MEMORYSTR

Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 8_2_051D2B6A bind,		8_2_051D2B6A
Source: C:\Users\user\Desktop\yAbf8Z3qA5.exe	Code function: 8_2_051D2B3A bind,		8_2_051D2B3A

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Access Token Manipulation	2 Masquerading	11 Input Capture	211 Security Software Discovery	Remote Services	11 Input Capture	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	112 Process Injection	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	Exfiltration Over Bluetooth	1 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	1 Scheduled Task/Job	21 Virtualization/Sandbox Evasion	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Remote Access Software	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Access Token Manipulation	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	112 Process Injection	LSA Secrets	1 Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	1 Non-Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Hidden Files and Directories	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	11 Application Layer Protocol	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	3 Obfuscated Files or Information	DCSync	13 System Information Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	3 Software Packing	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
yAbf8Z3qA5.exe	40%	ReversingLabs	ByteCode-MSIL.Trojan.AgentTesla
yAbf8Z3qA5.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\BYTkrh.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	40%	ReversingLabs	ByteCode-MSIL.Trojan.AgentTesla
C:\Users\user\AppData\Roaming\BYTkrh.exe	40%	ReversingLabs	ByteCode-MSIL.Trojan.AgentTesla

Unpacked PE Files

Source	Detection	Scanner	Label	Download
8.0.yAbf8Z3qA5.exe.400000.12.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
8.0.yAbf8Z3qA5.exe.400000.8.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
8.2.yAbf8Z3qA5.exe.400000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
8.0.yAbf8Z3qA5.exe.400000.6.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
8.0.yAbf8Z3qA5.exe.400000.10.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
8.0.yAbf8Z3qA5.exe.400000.4.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
8.2.yAbf8Z3qA5.exe.5bb0000.10.unpack	100%	Avira	TR/NanoCore.fadte	Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://www.carterandcone.comala	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.sakkal.comH	0%	Avira URL Cloud	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.carterandcone.com	0%	URL Reputation	safe
http://www.carterandcone.com)	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cny4i	0%	Avira URL Cloud	safe
http://en.w	0%	URL Reputation	safe
http://www.carterandcone.comm	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/Negr	0%	Avira URL Cloud	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/Fm	0%	Avira URL Cloud	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.galapagosdesign.com/2	0%	Avira URL Cloud	safe
http://www.galapagosdesign.com/4	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cno.	0%	URL Reputation	safe
http://www.ascendercorp.com/typedesigners.html	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
strongodss.ddns.net	197.210.64.245	true	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.apache.org/licenses/LICENSE-2.0	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false		high
http://www.fontbureau.com	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false		high
http://www.fontbureau.com/designersG	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false		high
http://www.carterandcone.comala	yAbf8Z3qA5.exe, 00000000.00000003.353584518.0000000004B16000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/?	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false		high
http://www.founder.com.cn/cn/bThe	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.html0	yAbf8Z3qA5.exe, 00000000.00000003.358953165.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.358983600.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.358928287.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.358873383.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.358901732.0000000004B45000.00000004.00000001.sdmp	false		high
http://www.fontbureau.com/designers?	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false		high
http://www.sakkal.comH	yAbf8Z3qA5.exe, 00000000.00000003.355896740.0000000004B45000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.com	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.354609078.0000000004B15000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false		high
http://www.goodfont.co.kr	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.com	yAbf8Z3qA5.exe, 00000000.00000003.354635060.0000000004B17000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.354609078.0000000004B15000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.353584518.0000000004B16000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.com)	yAbf8Z3qA5.exe, 00000000.00000003.353584518.0000000004B16000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.founder.com.cn/cny4i	yAbf8Z3qA5.exe, 00000000.00000003.353084236.0000000004B15000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://en.w	yAbf8Z3qA5.exe, 00000000.00000003.350523936.0000000004B19000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.354609078.0000000004B15000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comm	yAbf8Z3qA5.exe, 00000000.00000003.353584518.0000000004B16000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/Negr	yAbf8Z3qA5.exe, 00000000.00000003.355077180.0000000004B18000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sajatypeworks.com	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/Fm	yAbf8Z3qA5.exe, 00000000.00000003.355077180.0000000004B18000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.typography.netD	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false		high
http://www.founder.com.cn/cn/cThe	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.com	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.353065872.0000000004B1B000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	yAbf8Z3qA5.exe, 00000000.00000003.358506319.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.358477439.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.358532023.0000000004B45000.00000004.00000001.sdmp	false		high
http://www.galapagosdesign.com/2	yAbf8Z3qA5.exe, 00000000.00000003.360074854.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.360057596.0000000004B45000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/4	yAbf8Z3qA5.exe, 00000000.00000003.360074854.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.360057596.0000000004B45000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/	yAbf8Z3qA5.exe, 00000000.00000003.355077180.0000000004B18000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cno.	yAbf8Z3qA5.exe, 00000000.00000003.353584518.0000000004B16000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false		high
http://www.ascendercorp.com/typedesigners.html	yAbf8Z3qA5.exe, 00000000.00000003.355947636.0000000004B4D000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.355902260.0000000004B4D000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.356028041.0000000004B4D000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fonts.com	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false		high
http://www.sandoll.co.kr	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.353584518.0000000004B16000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.sakkal.com	yAbf8Z3qA5.exe, 00000000.00000002.392850274.0000000005DA2000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.355930974.0000000004B45000.00000004.00000001.sdmp, yAbf8Z3qA5.exe, 00000000.00000003.355896740.0000000004B45000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.19.85.175	unknown	Switzerland		48971	DATAWIRE-ASCH	true
197.210.64.245	strongodss.ddns.net	Nigeria		29465	VCG-ASNG	false

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	557770
Start date:	21.01.2022
Start time:	16:16:25
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 14m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	yAbf8Z3qA5.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	41
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@32/10@10/2
EGA Information:	Successful, ratio: 80%
HDC Information:	Failed
HCA Information:	Successful, ratio: 98% Number of executed functions: 665 Number of non-executed functions: 34
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
Excluded IPs from analysis (whitelisted): 23.211.6.115
Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, client.wns.windows.com, fs.microsoft.com, store-images.s-microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
Execution Graph export aborted for target yAbf8Z3qA5.exe, PID 6424 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing behavior and disassembly information.
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: yAbf8Z3qA5.exe

Simulations

Behavior and APIs

Time	Type	Description
16:17:32	API Interceptor	809x Sleep call for process: yAbf8Z3qA5.exe modified
16:17:47	Task Scheduler	Run new task: DHCP Monitor path: "C:\Users\user\Desktop\yAbf8Z3qA5.exe" s>$(Arg0)
16:17:47	Autostart	Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
16:17:50	Task Scheduler	Run new task: DHCP Monitor Task path: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" s>$(Arg0)
16:17:52	API Interceptor	4x Sleep call for process: dhcpmon.exe modified

Process:	C:\Users\user\Desktop\yAbf8Z3qA5.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1345024
Entropy (8bit):	7.685633845475471
Encrypted:	false
SSDEEP:	24576:KeZkjA8sCUrevlzuC6+iDUBQ2Kq1gekgwe0+U:lPCUczj/IYtKqq+F0+
MD5:	DA3CB7622834A14916D498C1BD8A7827
SHA1:	2179DB1AE11496EE06B62DFF337986316DD298EA
SHA-256:	78DD589C56A6D216F597F149BAD69D510A88FB3257B4A643A7250381126D963C
SHA-512:	88CA8D27EFB54EEB95278B6D4E92EF04E581362B2E110ABBB5E8F1BC715F0A6C1965AE5B52B567D45752F490B1FFE7188BD51672E8466F0160D7030DBBC4E68F
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 40%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....~.a..............P.............v.... ... ....@.. ....................................@.................................$...O.... ............................................................................... ............... ..H............text...\|.... ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B................X.......H.......l[..p............-...............................................0............(....(..........(.....o..........................(.......( ......(!......("......(#....N..(....o{...($....&..(%.....s&........s'........s(........s)........s............0...........~....o+....+...0...........~....o,....+...0...........~....o-....+...0...........~....o.....+...0...........~....o/....+...0..<........~.....(0.....,!r...p.....(1...o2...s3............~.....+...0......

C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\yAbf8Z3qA5.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log

Download File

Process:	C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9
MD5:	B1DB55991C3DA14E35249AEA1BC357CA
SHA1:	0DD2D91198FDEF296441B12F1A906669B279700C
SHA-256:	34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC
SHA-512:	BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\yAbf8Z3qA5.exe.log

Download File

Process:	C:\Users\user\Desktop\yAbf8Z3qA5.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	664
Entropy (8bit):	5.288448637977022
Encrypted:	false
SSDEEP:	12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9
MD5:	B1DB55991C3DA14E35249AEA1BC357CA
SHA1:	0DD2D91198FDEF296441B12F1A906669B279700C
SHA-256:	34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC
SHA-512:	BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801
Malicious:	true
Reputation:	unknown
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..

C:\Users\user\AppData\Local\Temp\tmp41AB.tmp

Download File

Process:	C:\Users\user\Desktop\yAbf8Z3qA5.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1651
Entropy (8bit):	5.156446005056579
Encrypted:	false
SSDEEP:	24:2dH4+SEqC/S7h2ulNMFp2O/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKB39Jtn:cbha7JlNQV/rydbz9I3YODOLNdq3z
MD5:	1F1ED6DCB0690C7C70883B9C5407E7BA
SHA1:	0BB3A61D72782A9CB28B5761334D05E946179B5D
SHA-256:	327FAC04E79BC23D133642CDB0CAEE81C09FBC95DA0775F37365CCA63F2E74F9
SHA-512:	1E475FF6C405B67871EFC616507777F8B962AAFA9F1DAF5BA309763B884CA9EC5972D483DD04A3CA89F89231A3D3BC8499CDC8DB95DE65A484E49E02FF27CBB2
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvail

C:\Users\user\AppData\Local\Temp\tmp4BCD.tmp

Download File

Process:	C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	24:2dH4+SEqC/S7h2ulNMFp2O/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKB39Jtn:cbha7JlNQV/rydbz9I3YODOLNdq3z
MD5:	1F1ED6DCB0690C7C70883B9C5407E7BA
SHA1:	0BB3A61D72782A9CB28B5761334D05E946179B5D
SHA-256:	327FAC04E79BC23D133642CDB0CAEE81C09FBC95DA0775F37365CCA63F2E74F9
SHA-512:	1E475FF6C405B67871EFC616507777F8B962AAFA9F1DAF5BA309763B884CA9EC5972D483DD04A3CA89F89231A3D3BC8499CDC8DB95DE65A484E49E02FF27CBB2
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvail

C:\Users\user\AppData\Local\Temp\tmp6807.tmp

Download File

Process:	C:\Users\user\Desktop\yAbf8Z3qA5.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1303
Entropy (8bit):	5.115382657290805
Encrypted:	false
SSDEEP:	24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0Vjujxtn:cbk4oL600QydbQxIYODOLedq3lj
MD5:	299E78C1E1B6B7A33638B3585031F313
SHA1:	7ED90F3F1DCA6AFB31BD276F375CCF8F910D396B
SHA-256:	7D7A3F00F200FF08CD721FE52B539E76CB32B61427552C24F478E93A8F856E5C
SHA-512:	D1D04F8AC16483FAC228A618B05C58852A7AE91A18DEB401FCBD270AA9AB6F62FAF687BEF38B0837D77EC61508458E3CBA5C50ADFF903526D80A2C736CFA8578
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak

C:\Users\user\AppData\Local\Temp\tmp6F7A.tmp

Download File

Process:	C:\Users\user\Desktop\yAbf8Z3qA5.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	1310
Entropy (8bit):	5.109425792877704
Encrypted:	false
SSDEEP:	24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R3xtn:cbk4oL600QydbQxIYODOLedq3S3j
MD5:	5C2F41CFC6F988C859DA7D727AC2B62A
SHA1:	68999C85FC7E37BAB9216E0099836D40D4545C1C
SHA-256:	98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B
SHA-512:	B5DA5DA378D038AFBF8A7738E47921ED39F9B726E2CAA2993D915D9291A3322F94EFE8CCA6E7AD678A670DB19926B22B20E5028460FCC89CEA7F6635E7557334
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak

C:\Users\user\AppData\Local\Temp\tmpFF62.tmp

Download File

Process:	C:\Users\user\Desktop\yAbf8Z3qA5.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1651
Entropy (8bit):	5.156446005056579
Encrypted:	false
SSDEEP:	24:2dH4+SEqC/S7h2ulNMFp2O/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKB39Jtn:cbha7JlNQV/rydbz9I3YODOLNdq3z
MD5:	1F1ED6DCB0690C7C70883B9C5407E7BA
SHA1:	0BB3A61D72782A9CB28B5761334D05E946179B5D
SHA-256:	327FAC04E79BC23D133642CDB0CAEE81C09FBC95DA0775F37365CCA63F2E74F9
SHA-512:	1E475FF6C405B67871EFC616507777F8B962AAFA9F1DAF5BA309763B884CA9EC5972D483DD04A3CA89F89231A3D3BC8499CDC8DB95DE65A484E49E02FF27CBB2
Malicious:	true
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvail

C:\Users\user\AppData\Roaming\BYTkrh.exe

Download File

Process:	C:\Users\user\Desktop\yAbf8Z3qA5.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1345024
Entropy (8bit):	7.685633845475471
Encrypted:	false
SSDEEP:	24576:KeZkjA8sCUrevlzuC6+iDUBQ2Kq1gekgwe0+U:lPCUczj/IYtKqq+F0+
MD5:	DA3CB7622834A14916D498C1BD8A7827
SHA1:	2179DB1AE11496EE06B62DFF337986316DD298EA
SHA-256:	78DD589C56A6D216F597F149BAD69D510A88FB3257B4A643A7250381126D963C
SHA-512:	88CA8D27EFB54EEB95278B6D4E92EF04E581362B2E110ABBB5E8F1BC715F0A6C1965AE5B52B567D45752F490B1FFE7188BD51672E8466F0160D7030DBBC4E68F
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 40%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....~.a..............P.............v.... ... ....@.. ....................................@.................................$...O.... ............................................................................... ............... ..H............text...\|.... ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B................X.......H.......l[..p............-...............................................0............(....(..........(.....o..........................(.......( ......(!......("......(#....N..(....o{...($....&..(%.....s&........s'........s(........s)........s............0...........~....o+....+...0...........~....o,....+...0...........~....o-....+...0...........~....o.....+...0...........~....o/....+...0..<........~.....(0.....,!r...p.....(1...o2...s3............~.....+...0......

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

Download File

Process:	C:\Users\user\Desktop\yAbf8Z3qA5.exe
File Type:	Non-ISO extended-ASCII text, with no line terminators
Category:	dropped
Size (bytes):	8
Entropy (8bit):	3.0
Encrypted:	false
SSDEEP:	3:Yn:Y
MD5:	260CF674E1D2A820772E05F5F664454E
SHA1:	5CA7793E2231AC24C380FA1319407CC9E5343F15
SHA-256:	8EE13863FABB31C5847A2261EEAEB206BD218935970C03F99E57B6C1D247A3A9
SHA-512:	FC5BFC372ABBF6C76B6C5F9BDDAB151ED49A266F867EC5CD5E6FF6B68E59C40B8DEDF53676B899E06D68368DEF381215BCC88E5DD6D6A6B90070D6A74D45E519
Malicious:	true
Reputation:	unknown
Preview:	...<..H

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat

Download File

Process:	C:\Users\user\Desktop\yAbf8Z3qA5.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.361768795973195
Encrypted:	false
SSDEEP:	3:oNN2+WckHD9WYAC:oNN2Rcs9+C
MD5:	8504094015EBA61D260077BE38F2111C
SHA1:	5B65E0E790BE98B27BEC8410A30F677BCFF0204A
SHA-256:	A8114F0BC6DA94929300F977D1A9CE21E7D6EBDE2A45DAD38DD24527428E4EB0
SHA-512:	387ADC1C0479B0B4DF2A78D4E791F43C147D60B6B4C1C61E5B1B4013298280F7B29E3DBCF84F140E79433A6EC7957F6887164B95818BEF8E46DC13311F47F1F9
Malicious:	false
Reputation:	unknown
Preview:	C:\Users\user\Desktop\yAbf8Z3qA5.exe

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.685633845475471
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	yAbf8Z3qA5.exe
File size:	1345024
MD5:	da3cb7622834a14916d498c1bd8a7827
SHA1:	2179db1ae11496ee06b62dff337986316dd298ea
SHA256:	78dd589c56a6d216f597f149bad69d510a88fb3257b4a643a7250381126d963c
SHA512:	88ca8d27efb54eeb95278b6d4e92ef04e581362b2e110abbb5e8f1bc715f0a6c1965ae5b52b567d45752f490b1ffe7188bd51672e8466f0160d7030dbbc4e68f
SSDEEP:	24576:KeZkjA8sCUrevlzuC6+iDUBQ2Kq1gekgwe0+U:lPCUczj/IYtKqq+F0+
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....~.a..............P.............v.... ... ....@.. ....................................@................................

File Icon


Icon Hash:	6e6a42e0b0a4a90d

Static PE Info

General

Entrypoint:	0x540f76
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x61EA7EFF [Fri Jan 21 09:38:07 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:	v2.0.50727
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x140f24	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x142000	0x9010	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x14c000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x140dec	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x13ef7c	0x13f000	False	0.818539993143	data	7.7042659795	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0x142000	0x9010	0x9200	False	0.611515410959	data	6.45284679846	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x14c000	0xc	0x200	False	0.044921875	data	0.0815394123432	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_ICON	0x142160	0x468	GLS_BINARY_LSB_FIRST
RT_ICON	0x1425d8	0x10a8	data
RT_ICON	0x143690	0x25a8	data
RT_ICON	0x145c48	0x4228	dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0
RT_GROUP_ICON	0x149e80	0x3e	data
RT_VERSION	0x149ed0	0x314	data
RT_MANIFEST	0x14a1f4	0xe15	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright	Copyright 2013
Assembly Version	1.0.0.0
InternalName	77vrr.exe
FileVersion	1.0.0.0
CompanyName
LegalTrademarks
Comments
ProductName	BattleShip
ProductVersion	1.0.0.0
FileDescription	BattleShip
OriginalFilename	77vrr.exe

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
01/21/22-16:17:50.971618	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	62044	8.8.8.8	192.168.2.6
01/21/22-16:17:57.271132	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	64267	8.8.8.8	192.168.2.6
01/21/22-16:18:03.701058	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	49448	8.8.8.8	192.168.2.6
01/21/22-16:18:39.178099	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	56061	8.8.8.8	192.168.2.6
01/21/22-16:19:04.301739	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	49694	8.8.8.8	192.168.2.6
01/21/22-16:19:10.447228	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	50010	8.8.8.8	192.168.2.6
01/21/22-16:19:16.524506	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	63718	8.8.8.8	192.168.2.6

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 21, 2022 16:17:51.072984934 CET	49755	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:17:51.218764067 CET	50421	49755	197.210.64.245	192.168.2.6
Jan 21, 2022 16:17:51.218902111 CET	49755	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:17:51.733867884 CET	49755	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:17:52.171371937 CET	49755	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:17:53.140212059 CET	49755	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:17:53.157457113 CET	49755	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:17:57.274210930 CET	49758	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:17:57.421838999 CET	50421	49758	197.210.64.245	192.168.2.6
Jan 21, 2022 16:17:57.424499989 CET	49758	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:17:57.921921968 CET	49758	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:17:58.466593981 CET	49758	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:17:59.391395092 CET	49758	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:03.815294027 CET	49759	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:03.961352110 CET	50421	49759	197.210.64.245	192.168.2.6
Jan 21, 2022 16:18:03.961550951 CET	49759	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:04.422511101 CET	49759	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:04.922487974 CET	49759	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:05.861016989 CET	49759	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:09.878415108 CET	49760	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:09.946851969 CET	50421	49760	185.19.85.175	192.168.2.6
Jan 21, 2022 16:18:10.454190969 CET	49760	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:10.532551050 CET	50421	49760	185.19.85.175	192.168.2.6
Jan 21, 2022 16:18:11.047961950 CET	49760	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:11.140558004 CET	50421	49760	185.19.85.175	192.168.2.6
Jan 21, 2022 16:18:15.174679041 CET	49765	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:15.267647028 CET	50421	49765	185.19.85.175	192.168.2.6
Jan 21, 2022 16:18:15.869158983 CET	49765	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:15.949668884 CET	50421	49765	185.19.85.175	192.168.2.6
Jan 21, 2022 16:18:16.626976013 CET	49765	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:16.710320950 CET	50421	49765	185.19.85.175	192.168.2.6
Jan 21, 2022 16:18:20.809263945 CET	49767	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:20.868350029 CET	50421	49767	185.19.85.175	192.168.2.6
Jan 21, 2022 16:18:21.470772982 CET	49767	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:21.547738075 CET	50421	49767	185.19.85.175	192.168.2.6
Jan 21, 2022 16:18:22.174002886 CET	49767	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:22.268377066 CET	50421	49767	185.19.85.175	192.168.2.6
Jan 21, 2022 16:18:26.466319084 CET	49774	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:26.611617088 CET	50421	49774	197.210.64.245	192.168.2.6
Jan 21, 2022 16:18:26.612207890 CET	49774	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:27.315038919 CET	49774	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:27.815181017 CET	49774	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:28.705729008 CET	49774	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:28.721959114 CET	49774	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:32.912208080 CET	49776	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:33.057452917 CET	50421	49776	197.210.64.245	192.168.2.6
Jan 21, 2022 16:18:33.058423996 CET	49776	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:33.492155075 CET	49776	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:33.909244061 CET	49776	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:34.768690109 CET	49776	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:34.865149021 CET	49776	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:39.183901072 CET	49782	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:39.329766989 CET	50421	49782	197.210.64.245	192.168.2.6
Jan 21, 2022 16:18:39.333028078 CET	49782	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:39.769150019 CET	49782	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:40.187252998 CET	49782	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:41.050555944 CET	49782	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:42.816245079 CET	49782	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:43.254746914 CET	49782	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:18:47.275649071 CET	49789	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:47.389262915 CET	50421	49789	185.19.85.175	192.168.2.6
Jan 21, 2022 16:18:48.004471064 CET	49789	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:48.055279016 CET	50421	49789	185.19.85.175	192.168.2.6
Jan 21, 2022 16:18:48.613648891 CET	49789	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:48.655435085 CET	50421	49789	185.19.85.175	192.168.2.6
Jan 21, 2022 16:18:52.663012028 CET	49793	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:52.736879110 CET	50421	49793	185.19.85.175	192.168.2.6
Jan 21, 2022 16:18:53.317142010 CET	49793	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:53.379509926 CET	50421	49793	185.19.85.175	192.168.2.6
Jan 21, 2022 16:18:54.004715919 CET	49793	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:54.073517084 CET	50421	49793	185.19.85.175	192.168.2.6
Jan 21, 2022 16:18:58.302335024 CET	49810	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:58.388991117 CET	50421	49810	185.19.85.175	192.168.2.6
Jan 21, 2022 16:18:59.036577940 CET	49810	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:59.087620974 CET	50421	49810	185.19.85.175	192.168.2.6
Jan 21, 2022 16:18:59.640844107 CET	49810	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:18:59.742108107 CET	50421	49810	185.19.85.175	192.168.2.6
Jan 21, 2022 16:19:04.303606033 CET	49823	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:04.448939085 CET	50421	49823	197.210.64.245	192.168.2.6
Jan 21, 2022 16:19:04.451667070 CET	49823	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:04.945883989 CET	49823	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:05.445226908 CET	49823	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:06.327164888 CET	49823	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:06.358948946 CET	49823	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:10.448999882 CET	49832	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:10.594268084 CET	50421	49832	197.210.64.245	192.168.2.6
Jan 21, 2022 16:19:10.597939968 CET	49832	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:11.030746937 CET	49832	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:11.452538967 CET	49832	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:12.311923027 CET	49832	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:12.452961922 CET	49832	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:16.526200056 CET	49833	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:16.672190905 CET	50421	49833	197.210.64.245	192.168.2.6
Jan 21, 2022 16:19:16.672384024 CET	49833	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:17.152721882 CET	49833	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:17.577976942 CET	49833	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:18.452989101 CET	49833	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:19.204643011 CET	49833	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:23.220956087 CET	49834	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:19:23.331912994 CET	50421	49834	185.19.85.175	192.168.2.6
Jan 21, 2022 16:19:23.844088078 CET	49834	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:19:23.921349049 CET	50421	49834	185.19.85.175	192.168.2.6
Jan 21, 2022 16:19:24.422244072 CET	49834	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:19:24.486074924 CET	50421	49834	185.19.85.175	192.168.2.6
Jan 21, 2022 16:19:28.506753922 CET	49851	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:19:28.598594904 CET	50421	49851	185.19.85.175	192.168.2.6
Jan 21, 2022 16:19:29.110166073 CET	49851	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:19:29.148544073 CET	50421	49851	185.19.85.175	192.168.2.6
Jan 21, 2022 16:19:29.657135010 CET	49851	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:19:29.702578068 CET	50421	49851	185.19.85.175	192.168.2.6
Jan 21, 2022 16:19:33.705530882 CET	49858	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:19:33.748503923 CET	50421	49858	185.19.85.175	192.168.2.6
Jan 21, 2022 16:19:34.251215935 CET	49858	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:19:34.321345091 CET	50421	49858	185.19.85.175	192.168.2.6
Jan 21, 2022 16:19:34.829428911 CET	49858	50421	192.168.2.6	185.19.85.175
Jan 21, 2022 16:19:34.864142895 CET	50421	49858	185.19.85.175	192.168.2.6
Jan 21, 2022 16:19:38.908469915 CET	49859	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:39.054651022 CET	50421	49859	197.210.64.245	192.168.2.6
Jan 21, 2022 16:19:39.054820061 CET	49859	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:39.486107111 CET	49859	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:39.908021927 CET	49859	50421	192.168.2.6	197.210.64.245
Jan 21, 2022 16:19:40.923680067 CET	49859	50421	192.168.2.6	197.210.64.245

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 21, 2022 16:17:50.858752966 CET	62044	53	192.168.2.6	8.8.8.8
Jan 21, 2022 16:17:50.971617937 CET	53	62044	8.8.8.8	192.168.2.6
Jan 21, 2022 16:17:57.240945101 CET	64267	53	192.168.2.6	8.8.8.8
Jan 21, 2022 16:17:57.271131992 CET	53	64267	8.8.8.8	192.168.2.6
Jan 21, 2022 16:18:03.679944992 CET	49448	53	192.168.2.6	8.8.8.8
Jan 21, 2022 16:18:03.701057911 CET	53	49448	8.8.8.8	192.168.2.6
Jan 21, 2022 16:18:26.446173906 CET	58384	53	192.168.2.6	8.8.8.8
Jan 21, 2022 16:18:26.463682890 CET	53	58384	8.8.8.8	192.168.2.6
Jan 21, 2022 16:18:32.849071026 CET	60261	53	192.168.2.6	8.8.8.8
Jan 21, 2022 16:18:32.866501093 CET	53	60261	8.8.8.8	192.168.2.6
Jan 21, 2022 16:18:39.156146049 CET	56061	53	192.168.2.6	8.8.8.8
Jan 21, 2022 16:18:39.178098917 CET	53	56061	8.8.8.8	192.168.2.6
Jan 21, 2022 16:19:04.282772064 CET	49694	53	192.168.2.6	8.8.8.8
Jan 21, 2022 16:19:04.301738977 CET	53	49694	8.8.8.8	192.168.2.6
Jan 21, 2022 16:19:10.426218987 CET	50010	53	192.168.2.6	8.8.8.8
Jan 21, 2022 16:19:10.447227955 CET	53	50010	8.8.8.8	192.168.2.6
Jan 21, 2022 16:19:16.503427982 CET	63718	53	192.168.2.6	8.8.8.8
Jan 21, 2022 16:19:16.524506092 CET	53	63718	8.8.8.8	192.168.2.6
Jan 21, 2022 16:19:38.879863977 CET	62116	53	192.168.2.6	8.8.8.8
Jan 21, 2022 16:19:38.897433996 CET	53	62116	8.8.8.8	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 21, 2022 16:17:50.858752966 CET	192.168.2.6	8.8.8.8	0xa512	Standard query (0)	strongodss.ddns.net	A (IP address)	IN (0x0001)
Jan 21, 2022 16:17:57.240945101 CET	192.168.2.6	8.8.8.8	0x2ed4	Standard query (0)	strongodss.ddns.net	A (IP address)	IN (0x0001)
Jan 21, 2022 16:18:03.679944992 CET	192.168.2.6	8.8.8.8	0x2acb	Standard query (0)	strongodss.ddns.net	A (IP address)	IN (0x0001)
Jan 21, 2022 16:18:26.446173906 CET	192.168.2.6	8.8.8.8	0x65f4	Standard query (0)	strongodss.ddns.net	A (IP address)	IN (0x0001)
Jan 21, 2022 16:18:32.849071026 CET	192.168.2.6	8.8.8.8	0xf095	Standard query (0)	strongodss.ddns.net	A (IP address)	IN (0x0001)
Jan 21, 2022 16:18:39.156146049 CET	192.168.2.6	8.8.8.8	0x9947	Standard query (0)	strongodss.ddns.net	A (IP address)	IN (0x0001)
Jan 21, 2022 16:19:04.282772064 CET	192.168.2.6	8.8.8.8	0xee39	Standard query (0)	strongodss.ddns.net	A (IP address)	IN (0x0001)
Jan 21, 2022 16:19:10.426218987 CET	192.168.2.6	8.8.8.8	0xc57b	Standard query (0)	strongodss.ddns.net	A (IP address)	IN (0x0001)
Jan 21, 2022 16:19:16.503427982 CET	192.168.2.6	8.8.8.8	0x53eb	Standard query (0)	strongodss.ddns.net	A (IP address)	IN (0x0001)
Jan 21, 2022 16:19:38.879863977 CET	192.168.2.6	8.8.8.8	0xbd07	Standard query (0)	strongodss.ddns.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Jan 21, 2022 16:17:50.971617937 CET	8.8.8.8	192.168.2.6	0xa512	No error (0)	strongodss.ddns.net	197.210.64.245	A (IP address)	IN (0x0001)
Jan 21, 2022 16:17:57.271131992 CET	8.8.8.8	192.168.2.6	0x2ed4	No error (0)	strongodss.ddns.net	197.210.64.245	A (IP address)	IN (0x0001)
Jan 21, 2022 16:18:03.701057911 CET	8.8.8.8	192.168.2.6	0x2acb	No error (0)	strongodss.ddns.net	197.210.64.245	A (IP address)	IN (0x0001)
Jan 21, 2022 16:18:26.463682890 CET	8.8.8.8	192.168.2.6	0x65f4	No error (0)	strongodss.ddns.net	197.210.64.245	A (IP address)	IN (0x0001)
Jan 21, 2022 16:18:32.866501093 CET	8.8.8.8	192.168.2.6	0xf095	No error (0)	strongodss.ddns.net	197.210.64.245	A (IP address)	IN (0x0001)
Jan 21, 2022 16:18:39.178098917 CET	8.8.8.8	192.168.2.6	0x9947	No error (0)	strongodss.ddns.net	197.210.64.245	A (IP address)	IN (0x0001)
Jan 21, 2022 16:19:04.301738977 CET	8.8.8.8	192.168.2.6	0xee39	No error (0)	strongodss.ddns.net	197.210.64.245	A (IP address)	IN (0x0001)
Jan 21, 2022 16:19:10.447227955 CET	8.8.8.8	192.168.2.6	0xc57b	No error (0)	strongodss.ddns.net	197.210.64.245	A (IP address)	IN (0x0001)
Jan 21, 2022 16:19:16.524506092 CET	8.8.8.8	192.168.2.6	0x53eb	No error (0)	strongodss.ddns.net	197.210.64.245	A (IP address)	IN (0x0001)
Jan 21, 2022 16:19:38.897433996 CET	8.8.8.8	192.168.2.6	0xbd07	No error (0)	strongodss.ddns.net	197.210.64.245	A (IP address)	IN (0x0001)

Start time:	16:17:25
Start date:	21/01/2022
Path:	C:\Users\user\Desktop\yAbf8Z3qA5.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\yAbf8Z3qA5.exe"
Imagebase:	0x20000
File size:	1345024 bytes
MD5 hash:	DA3CB7622834A14916D498C1BD8A7827
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000000.00000002.394239368.000000000C531000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
Reputation:	low

Show Windows behavior

Start time:	16:17:35
Start date:	21/01/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BYTkrh" /XML "C:\Users\user\AppData\Local\Temp\tmpFF62.tmp
Imagebase:	0x1170000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Start time:	16:17:36
Start date:	21/01/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff61de10000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Start time:	16:17:36
Start date:	21/01/2022
Path:	C:\Users\user\Desktop\yAbf8Z3qA5.exe
Wow64 process (32bit):	false
Commandline:	{path}
Imagebase:	0x120000
File size:	1345024 bytes
MD5 hash:	DA3CB7622834A14916D498C1BD8A7827
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Start time:	16:17:38
Start date:	21/01/2022
Path:	C:\Users\user\Desktop\yAbf8Z3qA5.exe
Wow64 process (32bit):	true
Commandline:	{path}
Imagebase:	0x790000
File size:	1345024 bytes
MD5 hash:	DA3CB7622834A14916D498C1BD8A7827
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000002.630595587.0000000005BB0000.00000004.00020000.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000008.00000002.630595587.0000000005BB0000.00000004.00020000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000002.630595587.0000000005BB0000.00000004.00020000.sdmp, Author: Joe Security Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000002.630568364.0000000005BA0000.00000004.00020000.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000008.00000002.630568364.0000000005BA0000.00000004.00020000.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000000.380197922.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000000.380197922.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000008.00000000.380197922.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000008.00000002.628097807.0000000003EB7000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000000.380861261.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000000.380861261.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000008.00000000.380861261.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000002.630404786.0000000005900000.00000004.00020000.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000008.00000002.630404786.0000000005900000.00000004.00020000.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000002.623546911.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000002.623546911.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000008.00000002.623546911.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000000.378603204.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000000.378603204.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000008.00000000.378603204.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000000.383163459.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000000.383163459.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000008.00000000.383163459.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
Reputation:	low

Show Windows behavior

Start time:	16:17:45
Start date:	21/01/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp6807.tmp
Imagebase:	0x1170000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Start time:	16:17:46
Start date:	21/01/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff61de10000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Start time:	16:17:47
Start date:	21/01/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmp6F7A.tmp
Imagebase:	0x1170000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Start time:	16:17:48
Start date:	21/01/2022
Path:	C:\Users\user\Desktop\yAbf8Z3qA5.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\yAbf8Z3qA5.exe 0
Imagebase:	0xf30000
File size:	1345024 bytes
MD5 hash:	DA3CB7622834A14916D498C1BD8A7827
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.440223202.000000000D2E1000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.440223202.000000000D2E1000.00000004.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.440223202.000000000D2E1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
Reputation:	low

Show Windows behavior

Start time:	16:17:48
Start date:	21/01/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff61de10000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Start time:	16:17:50
Start date:	21/01/2022
Path:	C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" 0
Imagebase:	0xd60000
File size:	1345024 bytes
MD5 hash:	DA3CB7622834A14916D498C1BD8A7827
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000F.00000002.455188416.000000000CEF1000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000F.00000002.455188416.000000000CEF1000.00000004.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 0000000F.00000002.455188416.000000000CEF1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 40%, ReversingLabs
Reputation:	low

Show Windows behavior

Execution Graph

Execution Coverage:	18.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	3.5%
Total number of Nodes:	173
Total number of Limit Nodes:	8

Executed Functions

Function 04924B66 Relevance: 9.6, Strings: 7, Instructions: 866COMMON

Download Yara Rule

Strings

,:kr, xrefs: 04924EB6
</kr, xrefs: 04924BB5
</kr, xrefs: 04924D58
y, xrefs: 04924D03
</kr, xrefs: 04924EAA
</kr, xrefs: 04924D4B
</kr, xrefs: 04924D66

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: ,:kr$</kr$</kr$</kr$</kr$</kr$y
API String ID: 0-841260871
Opcode ID: c2f87364f0a8a8c8a5c535e49ac637eb5afa81f2d29c7cbf1c7f4a57ea7fcd17
Instruction ID: 48a6915875339bdb11a4c705c6d957ffdb7ca7d0a8ce7eb0c43fcd4dbe040c4d
Opcode Fuzzy Hash: c2f87364f0a8a8c8a5c535e49ac637eb5afa81f2d29c7cbf1c7f4a57ea7fcd17
Instruction Fuzzy Hash: 4A62FF30A44265DFCB058F68CE40AEEB7B6FF84310F058576E415EB696E738E842CB51

Uniqueness

Uniqueness Score: -1.00%

Function 02311D91 Relevance: 2.7, Strings: 2, Instructions: 165
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

_kg, xrefs: 02311F18
:@Dr, xrefs: 02311E93

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: :@Dr$_kg
API String ID: 0-3809862537
Opcode ID: e8e90aa39ae96b2aaae1b94a1f0f20e6e5ef50e56bb247a8cccded09b6ad9698
Instruction ID: c9d75f67365e8416337a56ceac3142c1792ef874251e652ddd414dbcd42d94cd
Opcode Fuzzy Hash: e8e90aa39ae96b2aaae1b94a1f0f20e6e5ef50e56bb247a8cccded09b6ad9698
Instruction Fuzzy Hash: 6D71B174E11248DFDB48DFE4D99499EBBB2FF89301F14942AD905AB364DB305A41CF60

Uniqueness

Uniqueness Score: -1.00%

Function 02311DA0 Relevance: 2.7, Strings: 2, Instructions: 164
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

_kg, xrefs: 02311F18
:@Dr, xrefs: 02311E93

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: :@Dr$_kg
API String ID: 0-3809862537
Opcode ID: 8fbd6e25692aa2afe4345e1748c1c99f4ea11e7c5007aa968f853d0b1c80b92a
Instruction ID: 15139bf8e03b41e807ff1bff60e6a141b11237d3cfcbe90b4248f4a43e4c0403
Opcode Fuzzy Hash: 8fbd6e25692aa2afe4345e1748c1c99f4ea11e7c5007aa968f853d0b1c80b92a
Instruction Fuzzy Hash: F4719074E11208DFDB48DFA4D99499EFBB2FF88301F24942AD906AB354DB345A41CF64

Uniqueness

Uniqueness Score: -1.00%

Function 02300ECB Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 02300F4B

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 1d8a66c654cbf1038c20c8553f145d2810a3f5f1c17efa3db0f2348c8f780ff8
Instruction ID: 0251f7bd2312f1c787454350aceae9fe7ebf568f663c16f6660c7d3972e44cb5
Opcode Fuzzy Hash: 1d8a66c654cbf1038c20c8553f145d2810a3f5f1c17efa3db0f2348c8f780ff8
Instruction Fuzzy Hash: 6821A176509784AFDB128F25DC94B52BFF4EF06210F0884DAE9858F1A3D371A918DB71

Uniqueness

Uniqueness Score: -1.00%

Function 02300F02 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 02300F4B

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: a4c7021cc2b275667382fa23ab60e641fdd8dcfd7d5631e79e2d1212cb6fe4e3
Instruction ID: 7f329fc2759d33cc14ebb2b6c12623686734e30a80ea76536d288d56b46a4a16
Opcode Fuzzy Hash: a4c7021cc2b275667382fa23ab60e641fdd8dcfd7d5631e79e2d1212cb6fe4e3
Instruction Fuzzy Hash: 72115A355007449FDB248F65D884B66FBE8EF04620F1884AAEE4A8B652D371E418DB71

Uniqueness

Uniqueness Score: -1.00%

Function 0492B9D8 Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

f]Ir, xrefs: 0492BA5B

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: f]Ir
API String ID: 0-3302829692
Opcode ID: a3d63778e522e71da64dc686eec89bf6294e5deecde6e376b0fdfa0a35868e20
Instruction ID: fe7ee38c6bcf19e58536927f698f1d8d3f98048b6c07885f06f0c44b7a78c269
Opcode Fuzzy Hash: a3d63778e522e71da64dc686eec89bf6294e5deecde6e376b0fdfa0a35868e20
Instruction Fuzzy Hash: 63310871E052589FEB18CFAAD84079EFBF3AFC9300F14C1BAD848A6259D73459458F51

Uniqueness

Uniqueness Score: -1.00%

Function 04928840 Relevance: 1.3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

CR~, xrefs: 049288FF

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: CR~
API String ID: 0-623761677
Opcode ID: f7c22150bd69eeee96ba3c7a5398957315e128f8c264ff091429f529dd2ba501
Instruction ID: 9ab1bf2017aba96ccb3bf7c5af760276e05ff1073866a2206b725246931fe8ab
Opcode Fuzzy Hash: f7c22150bd69eeee96ba3c7a5398957315e128f8c264ff091429f529dd2ba501
Instruction Fuzzy Hash: 1F21E8B1E016588BDB18CF9AD9547DEFBF3AFC9300F14C06AD408A6258DB341A45CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04922112 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89a70baac17b80a4f596be021159c04cff50d996ca43572185e6709322d3e02c
Instruction ID: 01252a4876dc090161819531024fcab40f88e19cbd4b48470bda0561c0bd2534
Opcode Fuzzy Hash: 89a70baac17b80a4f596be021159c04cff50d996ca43572185e6709322d3e02c
Instruction Fuzzy Hash: 64028D74E01269CFEB24DF64C954BEDBBB2BF89304F5081AAD90967264EB701E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 04929700 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a650a7765dcf409c10c5815fe193d4a1e9a591ecd5560573ddf47cd489fcf04d
Instruction ID: fb2f9bcfe1897453044dd2830593d1b3d27cd6d4b4fc7c6fd761711dfc8833e4
Opcode Fuzzy Hash: a650a7765dcf409c10c5815fe193d4a1e9a591ecd5560573ddf47cd489fcf04d
Instruction Fuzzy Hash: 3CC164B4E1521ADFCB04CF95C6818AEFBB6FF89310F249966C411AB215D730EA81DF90

Uniqueness

Uniqueness Score: -1.00%

Function 049296FB Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0089f190fb3540097c0122484e1ccbc602ded5aae3759b188714824f8ec52ed
Instruction ID: aab4febad7fee0a2d0c5497e1a527339278caa8b92f9484be705d9bea1694901
Opcode Fuzzy Hash: c0089f190fb3540097c0122484e1ccbc602ded5aae3759b188714824f8ec52ed
Instruction Fuzzy Hash: 8CC153B4E1521ADFCB04CF95C6858AEFBB6FF88310F249966D411AB215D730EA81DF90

Uniqueness

Uniqueness Score: -1.00%

Function 049277CE Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 761630ea4e62f019385bf1b311ec865c4e8d99a30e8635819bf376ecb7029963
Instruction ID: 6b641c54e66bb2cd4a26d7d01ebc0e64b7b58cc9b7814dd8b5572450a01ff577
Opcode Fuzzy Hash: 761630ea4e62f019385bf1b311ec865c4e8d99a30e8635819bf376ecb7029963
Instruction Fuzzy Hash: 8381C274E05219DFDB08DFE5C984AADBBB2FF89300F10846AD415BB254EB34AA42CF50

Uniqueness

Uniqueness Score: -1.00%

Function 049277E8 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 369a08cc4c84881689f72d5538e2b617dab64a4401b3c21890de0c25344bc95c
Instruction ID: 10f097e11164846fb2ff705eff1861c11380961f58d001e2e81aef7c6033a0e8
Opcode Fuzzy Hash: 369a08cc4c84881689f72d5538e2b617dab64a4401b3c21890de0c25344bc95c
Instruction Fuzzy Hash: 9481C274E05219DFDB08DFE5C984AAEBBB2FF88300F10856AD415BB254EB346A41CF54

Uniqueness

Uniqueness Score: -1.00%

Function 02312E91 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfb8e0e12cda193881d35c7360be96570135c8399aa23c5852d8b209693b2634
Instruction ID: f6e983ce905d491c10f518ab43629e32719c3f7bcb7db4497f5b1554b4cc30e5
Opcode Fuzzy Hash: dfb8e0e12cda193881d35c7360be96570135c8399aa23c5852d8b209693b2634
Instruction Fuzzy Hash: 385115B0C09219EEDB08CFA5E5806EEFFF9BB49310F20A42AE416B7251D7349545CF28

Uniqueness

Uniqueness Score: -1.00%

Function 04927F30 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30eb8d8a5bb2d1b5d557932f8340ad7955d495afbc8c4859ef6d46d6cb2dd205
Instruction ID: ece06c205012708178b20dca9f4a30d94a326912146743b96847264f1f65e321
Opcode Fuzzy Hash: 30eb8d8a5bb2d1b5d557932f8340ad7955d495afbc8c4859ef6d46d6cb2dd205
Instruction Fuzzy Hash: 6651F471D0921ACFDB08CFA6CA506AEFBF2EB89300F14D46AD419B7255D7349A41CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 04923DF8 Relevance: 3.9, Strings: 3, Instructions: 133
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

X$kr, xrefs: 04923EE4
X1kr, xrefs: 04923F86
X$kr, xrefs: 04923EF0

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X$kr$X$kr$X1kr
API String ID: 0-1403565524
Opcode ID: 6e5a7b3b9d000d48e36eea5b8221f3e495a83b282b339769f3c157f2cb0234c4
Instruction ID: 0cca42b7fdbb810d93d7342f144134d36d4d4cdcf51c691fa5508f5cb0403e72
Opcode Fuzzy Hash: 6e5a7b3b9d000d48e36eea5b8221f3e495a83b282b339769f3c157f2cb0234c4
Instruction Fuzzy Hash: C1417370B40215CFDB54DBB9D919BADBBF2AB88700F10807AE506EB395EE749C01C751

Uniqueness

Uniqueness Score: -1.00%

Function 04925A58 Relevance: 2.8, Strings: 2, Instructions: 257
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

|8kr, xrefs: 04925EE9
|8kr, xrefs: 04925EF5

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: |8kr$|8kr
API String ID: 0-1849645254
Opcode ID: a76ca39b6e1ab6fce47e87553979475229de039cb9a6bb13427a642aef619bdd
Instruction ID: 9dc526c70f952d64ee264602bfdeb84d12630654cd112e0ce0fa67271fe87864
Opcode Fuzzy Hash: a76ca39b6e1ab6fce47e87553979475229de039cb9a6bb13427a642aef619bdd
Instruction Fuzzy Hash: 6AA1D130A05225EFCB15CF68DA84ABEB7B2FF44320F168576E415DB295E738AC42C791

Uniqueness

Uniqueness Score: -1.00%

Function 049240F1 Relevance: 2.8, Strings: 2, Instructions: 256
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

ID, xrefs: 0492415B
:@Dr, xrefs: 049243F7

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: ID$:@Dr
API String ID: 0-215857786
Opcode ID: 5c085e521deacea464e2924459a3ecef9edd8918e3713248a16f5db046e49a4c
Instruction ID: db9ed67448783b12225a7df543755d73d76060849bb4d9df2de44b51b401015a
Opcode Fuzzy Hash: 5c085e521deacea464e2924459a3ecef9edd8918e3713248a16f5db046e49a4c
Instruction Fuzzy Hash: E091C130608251CFC715DF28C954A69BBE2FFC5310F25D5BAD1869B29ADB34E803C792

Uniqueness

Uniqueness Score: -1.00%

Function 049205A8 Relevance: 2.7, Strings: 2, Instructions: 201
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

`5kr, xrefs: 0492072D
:@Dr, xrefs: 049206D4

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: :@Dr$`5kr
API String ID: 0-2548079215
Opcode ID: 5ff8c3ce9e4559bade159369d6b7974f3228e497fb229730a8c38a9fe9b8b7b4
Instruction ID: f60fcf46d23079f33c0a6a0a36acf609a37e19a4a3ecf68f914d5120c51fa5f2
Opcode Fuzzy Hash: 5ff8c3ce9e4559bade159369d6b7974f3228e497fb229730a8c38a9fe9b8b7b4
Instruction Fuzzy Hash: 1691F574E01228CFDB54CFA9C994BADBBF2BF89310F1050AAD509AB3A4DB716945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04923DEA Relevance: 2.6, Strings: 2, Instructions: 132
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

X$kr, xrefs: 04923EE4
X1kr, xrefs: 04923F86

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X$kr$X1kr
API String ID: 0-3132599531
Opcode ID: f811d99e536c9f406496f11379ac3172c0aaecacc8f36eaa4e58c5afda35025c
Instruction ID: 214979450d0b95c41f681df3c806fc87203d094d7d5b864118fd14c51668ba60
Opcode Fuzzy Hash: f811d99e536c9f406496f11379ac3172c0aaecacc8f36eaa4e58c5afda35025c
Instruction Fuzzy Hash: 8B419370B40215CFDB54DBB8D919BAEBBF2AB88700F14807AE505EB395EE749D01CB51

Uniqueness

Uniqueness Score: -1.00%

Function 04921E98 Relevance: 2.6, Strings: 2, Instructions: 52
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

X$kr, xrefs: 04921F0E
X$kr, xrefs: 04921F1E

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X$kr$X$kr
API String ID: 0-2690305392
Opcode ID: 85249ca70a18ec21c998357538ec16a649c3c740dd1d7ce102321fcc71508280
Instruction ID: 24ab0592b0c7ec84980fb84bb028d6ccef2686a8ff4bcfb0bb4dee617396daf8
Opcode Fuzzy Hash: 85249ca70a18ec21c998357538ec16a649c3c740dd1d7ce102321fcc71508280
Instruction Fuzzy Hash: 34115870E04228DBDF04DFA9D941AEEBBB2FF88300F108569E51077294DB386951DF90

Uniqueness

Uniqueness Score: -1.00%

Function 04921F50 Relevance: 2.5, Strings: 2, Instructions: 30
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

X$kr, xrefs: 04921F76
X$kr, xrefs: 04921F86

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X$kr$X$kr
API String ID: 0-2690305392
Opcode ID: b37ddf2125645fc26f29811be553218fe6df8f7c8e72e3521221bad980e094f9
Instruction ID: d37902c90276de2a4dafe54c6e4de4d9e2d323b13c2199bdb4a53cd2f09b6878
Opcode Fuzzy Hash: b37ddf2125645fc26f29811be553218fe6df8f7c8e72e3521221bad980e094f9
Instruction Fuzzy Hash: D3F05E30E04248EFDB08DFA8C7556ADBBB6FB85301F2089B5D41157298EF306E51EB90

Uniqueness

Uniqueness Score: -1.00%

Function 02300977 Relevance: 1.6, APIs: 1, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 02300A27

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 8fd07b11f5883a2c7f84a67eb9ef94857fe2bdf746242d2950323ce31309369b
Instruction ID: 07d89294bbc43823165cdd3738232721da46a34b3ae1e14df673f2b252f5337f
Opcode Fuzzy Hash: 8fd07b11f5883a2c7f84a67eb9ef94857fe2bdf746242d2950323ce31309369b
Instruction Fuzzy Hash: 2131B472004384AFE7128B65DC45F67BFACEF06710F04849BE985DB152D324A909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00BCAB26 Relevance: 1.6, APIs: 1, Instructions: 92
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00BCABD5

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 66441ba329479277c2828dd25abe4c6ac90c6a8b615e06ba16721d7212d850dc
Instruction ID: c9e0818287664c5ad8e793a022fbbe3bf39866e8bdc7f181af545cce2dcbe4cc
Opcode Fuzzy Hash: 66441ba329479277c2828dd25abe4c6ac90c6a8b615e06ba16721d7212d850dc
Instruction Fuzzy Hash: 0131B172504384AFE7228B25CC45FA7BFFCEF06710F0884ABED819B152D264A849CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00BCBEE0 Relevance: 1.6, APIs: 1, Instructions: 90
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00BCBF81

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 904611a7d70a42c25879bbe42583af9f2c0a63cb3cf6e515b0209aa05c81be72
Instruction ID: 0b07f53fb5a6f9d2132b99165607e5613698e82bc94fe07b689e3864f3710a4a
Opcode Fuzzy Hash: 904611a7d70a42c25879bbe42583af9f2c0a63cb3cf6e515b0209aa05c81be72
Instruction Fuzzy Hash: 1A317C71504380AFE722CF65DC85F66BFE8EF45610F0884AEE9858B252D365E809CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00BCAC1D Relevance: 1.6, APIs: 1, Instructions: 89
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,94DBC7B4,00000000,00000000,00000000,00000000), ref: 00BCACD8

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: fe8a0e6749b1a4fe6b2e80fa4ff07804e837c67a5c6a2e591d033156459c4ccd
Instruction ID: 763f887128122c698186493983e0152cbf625f217c42528e55c0b1f950ce1f3d
Opcode Fuzzy Hash: fe8a0e6749b1a4fe6b2e80fa4ff07804e837c67a5c6a2e591d033156459c4ccd
Instruction Fuzzy Hash: FF319375105384AFE722CB25CC44F62BFF8EF06714F1884DAE9859B152D264E949CB61

Uniqueness

Uniqueness Score: -1.00%

Function 023011FC Relevance: 1.6, APIs: 1, Instructions: 87
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TerminateProcess.KERNELBASE(?,00000E2C,94DBC7B4,00000000,00000000,00000000,00000000), ref: 02301290

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 8c5349e2d5142fba08f6fdc548b38e9f618b99e09a438c2efb6042e0b0255752
Instruction ID: 35735088d550c01ae5c9a16b1112767cd16910edd9677e3f6d5e82a724b718b0
Opcode Fuzzy Hash: 8c5349e2d5142fba08f6fdc548b38e9f618b99e09a438c2efb6042e0b0255752
Instruction Fuzzy Hash: FF21B6765093806FE7128B25DC95F96BFA8EF47320F1880DBE984DF192D264A509CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0230026B Relevance: 1.6, APIs: 1, Instructions: 87
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,94DBC7B4,00000000,00000000,00000000,00000000), ref: 02300310

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: 25aca6c15df6d7527cd0fcbc5a29257749ccff76ceda36e5fb3432140ca3fbd8
Instruction ID: f56ab7535b58db41a8aea01ce6a908289703eea83399ec95bb7fac1950b35bc1
Opcode Fuzzy Hash: 25aca6c15df6d7527cd0fcbc5a29257749ccff76ceda36e5fb3432140ca3fbd8
Instruction Fuzzy Hash: F231B172508384AFE722CB64DC95F97BFA8EF06314F1884EBE9859B152D224A908C771

Uniqueness

Uniqueness Score: -1.00%

Function 02300597 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 02300633

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: OpenPolicy
String ID:
API String ID: 2030686058-0
Opcode ID: 879418d973f7a9c50b85a7f44c106f5f645c72b46fe8540f8f32d0cd99fa0103
Instruction ID: 305bf0d970cc8c4dabf0a1343a183536a85813f2b64488360a127c73000f619e
Opcode Fuzzy Hash: 879418d973f7a9c50b85a7f44c106f5f645c72b46fe8540f8f32d0cd99fa0103
Instruction Fuzzy Hash: DD21C172404344AFE721CF64CC84F6ABFA8EF46310F18849BED849B252D324A409CB61

Uniqueness

Uniqueness Score: -1.00%

Function 023009AA Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 02300A27

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 706d2ff4ab295cd6e5f3b57264ec73fa98fe8038065ff5cab144af64447df165
Instruction ID: cb4718895c2ee43f950a782e966e8eb5e7dd4f6221fbe45b1d9ba8a59119339e
Opcode Fuzzy Hash: 706d2ff4ab295cd6e5f3b57264ec73fa98fe8038065ff5cab144af64447df165
Instruction Fuzzy Hash: 4521BD72500204AFEB218F65DC84F6BBBACEF04320F14886AEE459B651D670A5088B71

Uniqueness

Uniqueness Score: -1.00%

Function 00BCBF02 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00BCBF81

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: a8efe0bd99993258ac398f2d80ad23b87ff73759194a9e33f510c195dec15063
Instruction ID: 0148b44d2a43d3ecdea0e2427b7284a5b3ad7814846ca24c03fbc52b0d9c9b48
Opcode Fuzzy Hash: a8efe0bd99993258ac398f2d80ad23b87ff73759194a9e33f510c195dec15063
Instruction Fuzzy Hash: 45218975500200AFEB21CF65CC85F6AFBE8EF08710F1484AEEA858B242D371E908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 02300A85 Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?), ref: 02300B0C

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: ea9ce588871f198c5f02fefb62cf333b0e75111a0268048f795bce9a14e0fbee
Instruction ID: d2ff2b19cdb8a6106b1bd982f790334d1ec4efa69ee031a6ce1a3d2869a8a96e
Opcode Fuzzy Hash: ea9ce588871f198c5f02fefb62cf333b0e75111a0268048f795bce9a14e0fbee
Instruction Fuzzy Hash: 2521AE725093809FDB168B25DC91B92BFB8EF06214F0984DADC848F2A3D265A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00BCAB56 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00BCABD5

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 9938742a4b12c50e2212e2fe284dbe0b7f0c4bddaf030a7419bd3d7156d22e41
Instruction ID: 807934117677f54a0b10acb9850212038b320991bfef81c07c7c62e3ebba06ec
Opcode Fuzzy Hash: 9938742a4b12c50e2212e2fe284dbe0b7f0c4bddaf030a7419bd3d7156d22e41
Instruction Fuzzy Hash: 3A21AE72500708AFE7219F25DC84FABFBECEF04710F14849BEE459B241D664E8088BB2

Uniqueness

Uniqueness Score: -1.00%

Function 023005C2 Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 02300633

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: OpenPolicy
String ID:
API String ID: 2030686058-0
Opcode ID: 97ecf59899d5215365e484713ab38a2f316a2eae6ff0c06c2ee34b0544dee2eb
Instruction ID: ee5b50264f599dd97d932825f3625acfc6eb4ebcfdcd370a72e51483de4a414a
Opcode Fuzzy Hash: 97ecf59899d5215365e484713ab38a2f316a2eae6ff0c06c2ee34b0544dee2eb
Instruction Fuzzy Hash: 1D21AC72500208AFEB20DF69DC85F6AFBACEF84710F14846BEE449B281D664A4098B75

Uniqueness

Uniqueness Score: -1.00%

Function 00BCB577 Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 00BCB5FA

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileNameTemp
String ID:
API String ID: 745986568-0
Opcode ID: 8eee67a8d8eb888c850a228981c64fb6083e2c71f377cc3a6a82febe85ef454d
Instruction ID: 41ba0920de0fc766f85e6859b48402e3c2488ed692bbee04f57f700140d4415a
Opcode Fuzzy Hash: 8eee67a8d8eb888c850a228981c64fb6083e2c71f377cc3a6a82febe85ef454d
Instruction Fuzzy Hash: 722138721483806FD301CB25DC51F76BFB8EF86620F09819BED848B642D230A915CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 023001A2 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E2C,94DBC7B4,00000000,00000000,00000000,00000000), ref: 02300221

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 50f0f265c2be921ec3219f3fd1cd049b7080a644ae043448f3ea8562078cd90a
Instruction ID: 4ed3050916758203397071003d5b3e551a422dbb31aa5058bbb8e37986f71f6a
Opcode Fuzzy Hash: 50f0f265c2be921ec3219f3fd1cd049b7080a644ae043448f3ea8562078cd90a
Instruction Fuzzy Hash: 30219272405340AFDB228F55DC84F57FFB8EF46310F18849BEA859B152D274A408CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00BCAC5E Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,94DBC7B4,00000000,00000000,00000000,00000000), ref: 00BCACD8

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1e7c801a73cf3d12166e97b648bf35ae39c059a82f136549e80d392c5c216f9c
Instruction ID: 7e6ec8d812ef098e0e1e8e923bc7f79f993cbff14a855e9091c886476e0b98d1
Opcode Fuzzy Hash: 1e7c801a73cf3d12166e97b648bf35ae39c059a82f136549e80d392c5c216f9c
Instruction Fuzzy Hash: AE215C75600608AFE720CF15DC84F67BBECEF05714F1484AAEE459B651D760E849CA72

Uniqueness

Uniqueness Score: -1.00%

Function 023002A6 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,94DBC7B4,00000000,00000000,00000000,00000000), ref: 02300310

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: a3c72d0699bbc77ddab460812807f81a773cff7380d015854b057304de125fe8
Instruction ID: 99ad6920addfbe79da5e2024ce85d6f14c652b9816886ab8079d00090ec0abf1
Opcode Fuzzy Hash: a3c72d0699bbc77ddab460812807f81a773cff7380d015854b057304de125fe8
Instruction Fuzzy Hash: 4D11C072504604AFEB218F65DC94FABBBACEF05310F1484ABEE459B251D670E408CB71

Uniqueness

Uniqueness Score: -1.00%

Function 02300007 Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,94DBC7B4,00000000,00000000,00000000,00000000), ref: 02300085

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 10baee4c680d702d6f7fbbe196f5a06fc74ffd08f286f24d17d1b1a916face25
Instruction ID: f3e51536d914e74bcce68870d2dcea0c2d4825284f5b7abfa62caaabe29a0c22
Opcode Fuzzy Hash: 10baee4c680d702d6f7fbbe196f5a06fc74ffd08f286f24d17d1b1a916face25
Instruction Fuzzy Hash: C9219071509380AFD7128B25CC94F56BFB8EF47314F1880DBEE849B293C364A449C762

Uniqueness

Uniqueness Score: -1.00%

Function 0230104D Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,94DBC7B4,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 023010BE

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: 85513ec1e8a6a57be482429bb41af89d623006ce0a57f19927803905af72fe22
Instruction ID: 662dbfba8d883a77f6d8c47e4ac946a7f7d8bf6d00d1fe0c64964f81426b3f79
Opcode Fuzzy Hash: 85513ec1e8a6a57be482429bb41af89d623006ce0a57f19927803905af72fe22
Instruction Fuzzy Hash: 6E2180715093809FD712CB65DC95B92BFE8EF06210F0980EBE989CB162D274A908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00BCB1A5 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 00BCB221

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 90ea6b713ae180efb1089f9db0a712ff5f3743cb643a46da789f0b5992e061a8
Instruction ID: 58bc10b0d3e729c148f97c6fb2654f431418a8e537aef3394c8dceb0361ef8e7
Opcode Fuzzy Hash: 90ea6b713ae180efb1089f9db0a712ff5f3743cb643a46da789f0b5992e061a8
Instruction Fuzzy Hash: EB21AEB5408380AFD7228A25DC81F66BFE8EF06314F0880CAED848B253D365A808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00BCBD55 Relevance: 1.6, APIs: 1, Instructions: 65memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 00BCBDC9

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 3c63be4436aebd35813288507125bfcf7383e66c0b8bce6f77a55d4217508475
Instruction ID: 80430e909b6a89c59445fa5801cd32566916cff5bbfe86f5b5f52281b4e2cda2
Opcode Fuzzy Hash: 3c63be4436aebd35813288507125bfcf7383e66c0b8bce6f77a55d4217508475
Instruction Fuzzy Hash: 2C21AE36109380AFDB228B25DC50BA2FFB4EF06314F0884DEED858B162D261A808DB61

Uniqueness

Uniqueness Score: -1.00%

Function 023012E9 Relevance: 1.6, APIs: 1, Instructions: 65injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0230135C

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 4c16ea29e59fe19f0c7d24e1539091325df71bff5f08af8da74511caabf7c879
Instruction ID: 2c1be87a621a3c1e1a2a5a99c292e03fb550145a3b8a834608ce2bc4db0f8e2c
Opcode Fuzzy Hash: 4c16ea29e59fe19f0c7d24e1539091325df71bff5f08af8da74511caabf7c879
Instruction Fuzzy Hash: D821AE751097849FDB228F25DC90A52FFB4EF06310F0880DAED858B662D375E848DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0230143D Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 023014B1

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 741b05de5ab94fb118d9ca950c7a92cb6e33d5baa57d279046825f16bd9ebb1e
Instruction ID: 0c77e986479b21d0eb8c78c8273cf9615cb9491a026c26d56304eea1522e175b
Opcode Fuzzy Hash: 741b05de5ab94fb118d9ca950c7a92cb6e33d5baa57d279046825f16bd9ebb1e
Instruction Fuzzy Hash: F7218C724093C0AFDB138B25DC54A52BFB4EF17210F0984DBEDC48F163D265A818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00BCA5AF Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00BCA61A

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: f17402e38944c22ef0f1224748628a45985bc3958130d282c0a679bd7cbacd7b
Instruction ID: fb455417647c404b8e60ee2702ab34a1030d72d7326d6d85e7482ef21131cfeb
Opcode Fuzzy Hash: f17402e38944c22ef0f1224748628a45985bc3958130d282c0a679bd7cbacd7b
Instruction Fuzzy Hash: 4B11A272409384AFDB228F50DC44B62FFF8EF4A314F0884DEEE858B152D275A418DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0230123A Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(?,00000E2C,94DBC7B4,00000000,00000000,00000000,00000000), ref: 02301290

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: aadc99bc5e2b73fca76c9d5871b47ffccd73b06016534d74e7b89e8b0f218a35
Instruction ID: a5a06c8405172b0672ea28b33afda84799ca4702f069eac9182925a71c8ac7bd
Opcode Fuzzy Hash: aadc99bc5e2b73fca76c9d5871b47ffccd73b06016534d74e7b89e8b0f218a35
Instruction Fuzzy Hash: 0611A371500204AFEB10CF65DC85BABBB9CEF49720F1484ABEE49DB281D6B4A404CF71

Uniqueness

Uniqueness Score: -1.00%

Function 00BCA65A Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 00BCA6CC

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: f6487db2153238b7c6e501b56274102f55114bbb3f1ac5dcf6001101c8a18701
Instruction ID: dc60bf781052b9b1658f4646abe6e888c840533f92b1c440f0d39fdc44fc3dc3
Opcode Fuzzy Hash: f6487db2153238b7c6e501b56274102f55114bbb3f1ac5dcf6001101c8a18701
Instruction Fuzzy Hash: 711159754093C4AFD7128B25DC94B62BFB4EF07624F0980DBED849B263D2655908DB72

Uniqueness

Uniqueness Score: -1.00%

Function 023001C2 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E2C,94DBC7B4,00000000,00000000,00000000,00000000), ref: 02300221

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 98f742a99cad14133beb5d0e3420864be29ff10ff2eb3274d12e4d1b149c7bc6
Instruction ID: decb0813709ed1a123381c43cedd297e4e74b3c5c7c5bbe13b5755d40d561c37
Opcode Fuzzy Hash: 98f742a99cad14133beb5d0e3420864be29ff10ff2eb3274d12e4d1b149c7bc6
Instruction Fuzzy Hash: 6911B271400204EFEB21CF55DC84F6AFBACEF49710F14846BEE459B241D274A409CB71

Uniqueness

Uniqueness Score: -1.00%

Function 02300CA7 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02300D0C

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 76bf0f6c704bfa5ab49483a1933d1e2309a0d80833ead16097b96493430caac5
Instruction ID: 48a300f8cbe3b731f804dd560ba2804052c7c27a19b9ca506ea1e798ed8a1a3b
Opcode Fuzzy Hash: 76bf0f6c704bfa5ab49483a1933d1e2309a0d80833ead16097b96493430caac5
Instruction Fuzzy Hash: 1011D076109780AFDB228F25DC90B52FFB4EF06220F0880DEED858A562C275A458DB62

Uniqueness

Uniqueness Score: -1.00%

Function 02300C00 Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON

Download Yara Rule

APIs

SetThreadContext.KERNELBASE(?,?), ref: 02300C5F

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 8a5bd43fb55aad88689ab231b689a96597a07ae00bdccbd97490e6afe8faef6d
Instruction ID: c0378a3ac50dda9f374ca0e0195c2519e15cebfa5a2ceb3218d2488a14892b4e
Opcode Fuzzy Hash: 8a5bd43fb55aad88689ab231b689a96597a07ae00bdccbd97490e6afe8faef6d
Instruction Fuzzy Hash: 6D11BF755043849FD715CB15CC85B52FFE8EF06220F0880AAED858F2A2D374E808CB71

Uniqueness

Uniqueness Score: -1.00%

Function 02300032 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,94DBC7B4,00000000,00000000,00000000,00000000), ref: 02300085

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 25cd7dbf8ae9ca4f86a678f044f5a8da7b66b3eca169322700bdeeeea4a0aa4c
Instruction ID: abf87e9e6cedd66ab20671091979691e50444a30264b30a0a12059e4b5a06e07
Opcode Fuzzy Hash: 25cd7dbf8ae9ca4f86a678f044f5a8da7b66b3eca169322700bdeeeea4a0aa4c
Instruction Fuzzy Hash: F401D275500604EFE720DB15DC85F67FBACEF05720F1480ABEE459B282C6B4A408CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 00BCADF4 Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00BCAE54

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5f58e6bc872aa92389b3fd29d61253202d55e23120dc9411621800d693c1b04b
Instruction ID: 7ffb0ca75ae89f8443d3a5451689af12da670ddd715df57fe6fc45a49dafb94e
Opcode Fuzzy Hash: 5f58e6bc872aa92389b3fd29d61253202d55e23120dc9411621800d693c1b04b
Instruction Fuzzy Hash: B3118C36405784AFDB228F55DC44E56FFF4EF06320F08849EEE854B262C375A858CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0230107E Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,94DBC7B4,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 023010BE

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: bc4663974a2421b40e8717ec2d6249209ee0f21e1c8e904c3fdb1269c79db935
Instruction ID: 533399ed4d97a0cc27da18072c5a6086167f8e1460ebc8043fdf80f3b5b875e0
Opcode Fuzzy Hash: bc4663974a2421b40e8717ec2d6249209ee0f21e1c8e904c3fdb1269c79db935
Instruction Fuzzy Hash: 81115E75500244DFDB10CF69D885B56FBE8EF04320F1884ABED899B652D775E408CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00BCA9F0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32 ref: 00BCAA4A

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: a3b3afeb79375ceb0506c2167de9d34c1135a8c2c8bfad0e63da5e9168612a32
Instruction ID: e7a57b287e2d4803e7b58d1e046df6e686c323ed1f6482f3eb93a26f43b917df
Opcode Fuzzy Hash: a3b3afeb79375ceb0506c2167de9d34c1135a8c2c8bfad0e63da5e9168612a32
Instruction Fuzzy Hash: 18117C36409784AFD7228F15DC84B52FFF4EF06720F08C4DAED854B262D275A918CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00BCB5AA Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 00BCB5FA

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileNameTemp
String ID:
API String ID: 745986568-0
Opcode ID: f4508adb3fe62bf302f8f9b6fd4d9b2b387971329d26b16d260bfe4130c862ae
Instruction ID: 447ea75ccf9366c4f98526b36f6ba48aadcc8d7f904cd09e03c04e2d2ecc53bf
Opcode Fuzzy Hash: f4508adb3fe62bf302f8f9b6fd4d9b2b387971329d26b16d260bfe4130c862ae
Instruction Fuzzy Hash: 29017176500600ABD710DF16DC86F36FBA8FB88B20F14816AED089B741E771F915CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 02301316 Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0230135C

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: b47e8b09a9eaf24ca451fdac5c9635e99c29d60128fa09865d0a97283d76b3c3
Instruction ID: 4bd9ad862d5707b74da0f8660e98283fc3be9f22cc4b2314a92661812ebcaab4
Opcode Fuzzy Hash: b47e8b09a9eaf24ca451fdac5c9635e99c29d60128fa09865d0a97283d76b3c3
Instruction Fuzzy Hash: B8015B75500604DFDB208F15D884B66FBE4EF04720F1880AADD898BA56D371E458DF71

Uniqueness

Uniqueness Score: -1.00%

Function 02300AD2 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?), ref: 02300B0C

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 1f3ff0ab8755b8b8115b1df26cad5abdcc75e4a4791595d599b31b1345dc8b73
Instruction ID: afa41c3ea7f3b8ba207a23af656d64e3d8f39dbb9ef0a3a8dd2d3dccc1aa0ff7
Opcode Fuzzy Hash: 1f3ff0ab8755b8b8115b1df26cad5abdcc75e4a4791595d599b31b1345dc8b73
Instruction Fuzzy Hash: 59019E756006409FDB54CF29D885766FBE8EF00624F18C0AADD49CB682E6B4E408CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00BCB1D6 Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 00BCB221

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: f296eddfac7aabaca4d10070e4839c9b641b14c4a2a24e2070867394c3e96a6b
Instruction ID: 0c55c84ef8ea5d1ac25e3da9d609017a61024df1171ff0947e92614fd680eca4
Opcode Fuzzy Hash: f296eddfac7aabaca4d10070e4839c9b641b14c4a2a24e2070867394c3e96a6b
Instruction Fuzzy Hash: 1E018C765006049FDB20CE19D886F2AFFE8EF04720F18809EDD498B652D371E808CB72

Uniqueness

Uniqueness Score: -1.00%

Function 00BCA5D6 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00BCA61A

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 5f9c27073b1ce03de0ba14b39ad84ecbe8edd0bb508e741f6a1c2da2d8c4e01f
Instruction ID: 1e7ebddb5ae7a5676b41194cbfc71955a6d94989badefe71b64350fc52fbe95d
Opcode Fuzzy Hash: 5f9c27073b1ce03de0ba14b39ad84ecbe8edd0bb508e741f6a1c2da2d8c4e01f
Instruction Fuzzy Hash: F8016936400604EFDB218F55D884B56FFE4EF08724F18C5AEEE8A4B612D276A418DF62

Uniqueness

Uniqueness Score: -1.00%

Function 02300C22 Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON

Download Yara Rule

APIs

SetThreadContext.KERNELBASE(?,?), ref: 02300C5F

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: d591c75c27b54de879476cd75308ba658fa3c7e56dd21b62f348116c158c6fc0
Instruction ID: 07e2a84094243fa9b23d18b0a299862fc6848cb8ee02af8e8dfdc5b4bbb47c95
Opcode Fuzzy Hash: d591c75c27b54de879476cd75308ba658fa3c7e56dd21b62f348116c158c6fc0
Instruction Fuzzy Hash: E2017C396006449FDB24CF19D8C5B66FBE8EF04620F18C0AADD4A8F692D775E848CB71

Uniqueness

Uniqueness Score: -1.00%

Function 02300CCE Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02300D0C

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: d4deb0a5388a010820e33bb4f20acaaa946887f1a3b9d8254ec770a74f74e011
Instruction ID: 441ba7b6381b9b1f91295aa0f3cd8eef53382144aef5c39b29266956c804a7f9
Opcode Fuzzy Hash: d4deb0a5388a010820e33bb4f20acaaa946887f1a3b9d8254ec770a74f74e011
Instruction Fuzzy Hash: C1018C36500600DFDB258F19D884B66FFA4EF05320F18849BDE4A4A652C372E458DB72

Uniqueness

Uniqueness Score: -1.00%

Function 00BCBD8E Relevance: 1.5, APIs: 1, Instructions: 42memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 00BCBDC9

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: cd9ef26be40ee08ea54b0781196ac8c7da01e289c39c402925f92fedc6c4bf37
Instruction ID: eb8ae6d0b2f92ef8c7754134d9c482cd706ae63ff7a3808427d6ff81040ea657
Opcode Fuzzy Hash: cd9ef26be40ee08ea54b0781196ac8c7da01e289c39c402925f92fedc6c4bf37
Instruction Fuzzy Hash: C2019A365006409FDB208F19D885F6AFFE0EF04320F1880AEDE8A8A651C371A818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00BCAE16 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00BCAE54

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 7e27cbfec9664f1bc013eb6b470271604040534410bbddc564dd5999885f36d1
Instruction ID: 8e51ca61b0851ffe2064efafc5e42b3bc71ed87e2f8bb5e174d582e6319768cf
Opcode Fuzzy Hash: 7e27cbfec9664f1bc013eb6b470271604040534410bbddc564dd5999885f36d1
Instruction Fuzzy Hash: 10017C35400604DFDB208F55D884B66FFE4EF08724F28C49EDE494A622C375A458DFB2

Uniqueness

Uniqueness Score: -1.00%

Function 02301476 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 023014B1

Memory Dump Source

Source File: 00000000.00000002.389506877.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2300000_yAbf8Z3qA5.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 1503f1f090695cb6ff13a0c4f805e93330835364b232613b69d054a3a410adfa
Instruction ID: cdb9f2f04266e999249219a9ef16039f10e75e3308e74b752f12795e17df4694
Opcode Fuzzy Hash: 1503f1f090695cb6ff13a0c4f805e93330835364b232613b69d054a3a410adfa
Instruction Fuzzy Hash: F9017C35900604DFDB208F55D884B26FFA4EF04320F18809ADE890B662D3B5A418CB72

Uniqueness

Uniqueness Score: -1.00%

Function 00BCAA12 Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32 ref: 00BCAA4A

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: cbc4e14a2cafdca76e077ef7d50641d52815ad08d57ce97c93af5350cd1521ed
Instruction ID: 3756061473901b09e03abf27a00935c6481f4100b1cdb110e80ca3d4c4b2e700
Opcode Fuzzy Hash: cbc4e14a2cafdca76e077ef7d50641d52815ad08d57ce97c93af5350cd1521ed
Instruction Fuzzy Hash: AE01AD35400608DFDB208F45D984B56FFE0EF04724F18C09AEE494B212C2B5A808DF62

Uniqueness

Uniqueness Score: -1.00%

Function 00BCA69A Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 00BCA6CC

Memory Dump Source

Source File: 00000000.00000002.389321533.0000000000BCA000.00000040.00000001.sdmp, Offset: 00BCA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bca000_yAbf8Z3qA5.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 9b7ba4bb55a64a9d75f4f6642b492e8f69512aef3aea18bb792696f2668939e1
Instruction ID: ecff170500a65afc30f922f3333a59605c5e54ecf845ed689de337bc59b87f98
Opcode Fuzzy Hash: 9b7ba4bb55a64a9d75f4f6642b492e8f69512aef3aea18bb792696f2668939e1
Instruction Fuzzy Hash: 1BF0AF39800648DFDB109F15D884B66FFE0EF04724F28C0EADD494B216D2B5A848DE62

Uniqueness

Uniqueness Score: -1.00%

Function 04920599 Relevance: 1.4, Strings: 1, Instructions: 176COMMON

Download Yara Rule

Strings

:@Dr, xrefs: 049206D4

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: :@Dr
API String ID: 0-3830894600
Opcode ID: 02462693fc696c0361007db9bcaf041e90858f259f3bc7b30f38ccdb877c3d65
Instruction ID: a19ad5447f43bc34530ee0e4cf64f00c3610a98afe1b32b50ee574f7071715fe
Opcode Fuzzy Hash: 02462693fc696c0361007db9bcaf041e90858f259f3bc7b30f38ccdb877c3d65
Instruction Fuzzy Hash: CE712974E01228CFEB54CFA8C954BADBBF2BF89310F1091A9D509AB394DB706945DF50

Uniqueness

Uniqueness Score: -1.00%

Function 049265E2 Relevance: 1.3, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

X$kr, xrefs: 04926A0F

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X$kr
API String ID: 0-683389969
Opcode ID: dd10a1cf162b777b7fb3aa3d3d6dfbfa207e58ecddadcdca7d28bab363718942
Instruction ID: 77dc401d47dd88fff81d35d7dd5ce404928c353940a540a551da2c36bac59aef
Opcode Fuzzy Hash: dd10a1cf162b777b7fb3aa3d3d6dfbfa207e58ecddadcdca7d28bab363718942
Instruction Fuzzy Hash: B431B070A04661CBCB108F28DA513BEBBF6EF45304F0449BBE466C7A95E334EE509711

Uniqueness

Uniqueness Score: -1.00%

Function 023120E1 Relevance: 1.3, Strings: 1, Instructions: 89COMMON

Download Yara Rule

Strings

0"ax, xrefs: 023121C1

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: 0"ax
API String ID: 0-3365803739
Opcode ID: 6bdc5029d4b3efcc77ec8dbff6b62a2af0d65c49dccdbd7d433a11c773317c9c
Instruction ID: 06a14875391e63922420217d0943e613d4a1516b3e67b0a9aa09d152f936dd41
Opcode Fuzzy Hash: 6bdc5029d4b3efcc77ec8dbff6b62a2af0d65c49dccdbd7d433a11c773317c9c
Instruction Fuzzy Hash: 883188B0D05259DFCB48CFA5D9846EEBFF1FF89210F2098AAD905A7255D7385A42CF20

Uniqueness

Uniqueness Score: -1.00%

Function 023120F0 Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

0"ax, xrefs: 023121C1

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: 0"ax
API String ID: 0-3365803739
Opcode ID: 6bdd5d534c9c7dfae79240f1ca6c76922170f14bd6af8a078c05965d3c14e012
Instruction ID: c312d8662716e27d603f0cc24dadd74308bde1f48ce9d6b0a116a22267a46cea
Opcode Fuzzy Hash: 6bdd5d534c9c7dfae79240f1ca6c76922170f14bd6af8a078c05965d3c14e012
Instruction Fuzzy Hash: F63169B0D1521AEFCB48CFA5D9846EEBBF1FB88310F10986AD905A7244D7385742CF60

Uniqueness

Uniqueness Score: -1.00%

Function 04922010 Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

X1kr, xrefs: 049220D4

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X1kr
API String ID: 0-844551562
Opcode ID: 8fa37c61b45c7cc68b89e18491b3b7372adb19a6e6fa2da0e24d298446721f14
Instruction ID: 1f416774a4b68ea00e67f5a2f4730300862844c5188079dea2cf793ac997dbec
Opcode Fuzzy Hash: 8fa37c61b45c7cc68b89e18491b3b7372adb19a6e6fa2da0e24d298446721f14
Instruction Fuzzy Hash: B831B474E01209DFDB04DFA9D550AAEFBF2EF89300F20916AD814A7354DB355A42CF51

Uniqueness

Uniqueness Score: -1.00%

Function 04922020 Relevance: 1.3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

X1kr, xrefs: 049220D4

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X1kr
API String ID: 0-844551562
Opcode ID: 49c01e33a40bb072bb6aabe005f9ed879324ba8e2c828aca27980ad1656eed25
Instruction ID: 4357728b7b9918615e17ac66dab740c744b6609ff28c7637a2751bcc46b359b8
Opcode Fuzzy Hash: 49c01e33a40bb072bb6aabe005f9ed879324ba8e2c828aca27980ad1656eed25
Instruction Fuzzy Hash: 1D316174E012099FDB04DFA9D540AAEFBF2EF88300F20916AD814A7354EB355A41CF55

Uniqueness

Uniqueness Score: -1.00%

Function 04925A48 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

W, xrefs: 04925A55

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: c96f8ea5621f7ba615912c9741aa61bb2694fb09c5fbad3f2b670f34ad809c20
Instruction ID: bc1451d062141becbf1da6d5108f36911e8fe6b0f33de67f952c387a3d922ecb
Opcode Fuzzy Hash: c96f8ea5621f7ba615912c9741aa61bb2694fb09c5fbad3f2b670f34ad809c20
Instruction Fuzzy Hash: 2321BA31E06124EFD710CF28DA89BAAB7B1FF05310F0A85B6E4149B2A5E339AD44DB51

Uniqueness

Uniqueness Score: -1.00%

Function 04921E88 Relevance: 1.3, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

X$kr, xrefs: 04921F0E

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X$kr
API String ID: 0-683389969
Opcode ID: 401dcce11975478219e15a3c8a8bda308e8f2b55675a84c774161798f7d27b13
Instruction ID: f545bf94484d47292325493c70823f54c32530d7275535a00e3af84152d73d9b
Opcode Fuzzy Hash: 401dcce11975478219e15a3c8a8bda308e8f2b55675a84c774161798f7d27b13
Instruction Fuzzy Hash: 6B21CF74D04268DFCF14DFA5DA066EEBBF6FF85300F10826AD420672A5DB346951DB80

Uniqueness

Uniqueness Score: -1.00%

Function 02310D7C Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

Ko, xrefs: 02311079

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: Ko
API String ID: 0-2189785040
Opcode ID: e522a653a9d8e172baa95f220e0926270c02af4d4c1e795fb9ece1cd0dbd6bdf
Instruction ID: c0ce70c5acbb56a8858d09e8d79c061dc19e1ce845494a5174bc65c0b60f1e00
Opcode Fuzzy Hash: e522a653a9d8e172baa95f220e0926270c02af4d4c1e795fb9ece1cd0dbd6bdf
Instruction Fuzzy Hash: 98212C78E06358DFDB58CF64D98469DFBB2FB45355F1091ABE409AB250DB305A80CF11

Uniqueness

Uniqueness Score: -1.00%

Function 02310DBC Relevance: 1.3, Strings: 1, Instructions: 49COMMON

Download Yara Rule

Strings

Ko, xrefs: 02311079

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: Ko
API String ID: 0-2189785040
Opcode ID: 634220496abc21be4daf1bc078814285ab963ad806e275910a67bf4709905599
Instruction ID: 3ec65e411afd4052a1ecd762235924b21ab857562512dd9ea2edd1da1688dd22
Opcode Fuzzy Hash: 634220496abc21be4daf1bc078814285ab963ad806e275910a67bf4709905599
Instruction Fuzzy Hash: 70210778E06268DFCB58CFA4EA8079DBBB2FB45351F1054AAE549A7254EB305A84CF01

Uniqueness

Uniqueness Score: -1.00%

Function 04921F40 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

X$kr, xrefs: 04921F76

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X$kr
API String ID: 0-683389969
Opcode ID: 5e56eadbb9231b248d3f685c0875c700fe321f7e7392e6ce4ee20fb7b408ec9b
Instruction ID: ab9dfe6132a8aca41c0d6db48e27096331a19b49ea4439a14fce294665e3c36b
Opcode Fuzzy Hash: 5e56eadbb9231b248d3f685c0875c700fe321f7e7392e6ce4ee20fb7b408ec9b
Instruction Fuzzy Hash: B1F0BE70909384EFDB09EF6087522EEBBB2FB43301F1044B6C450572A5E7346AA1EB91

Uniqueness

Uniqueness Score: -1.00%

Function 0492E0A3 Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

<, xrefs: 0492E0C9

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: ab539fa20ce4afae6f50f8276855a4c113340a3e8a8ca28e06e722f073533eb1
Instruction ID: bd30e4c4023d980468416672f32a5adb05dd6fd2f706ee0bd3fd4e90493dc064
Opcode Fuzzy Hash: ab539fa20ce4afae6f50f8276855a4c113340a3e8a8ca28e06e722f073533eb1
Instruction Fuzzy Hash: 5CF0AF70D05269CFCB61EF25D9846DCBB72AB5A340F0089EAD80A67214DB315B81CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0492D207 Relevance: 1.3, Strings: 1, Instructions: 16COMMON

Download Yara Rule

Strings

Au|P, xrefs: 0492D236

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: Au|P
API String ID: 0-3090623985
Opcode ID: e43cc17c00ac05efb2abc1b2226d0ef79c11cf2dce4ca46d6892c3ffadfbffd7
Instruction ID: 08fe879cdeff52929b99c2c0dd09d2c3fc0f97379a0502796fea866147947b69
Opcode Fuzzy Hash: e43cc17c00ac05efb2abc1b2226d0ef79c11cf2dce4ca46d6892c3ffadfbffd7
Instruction Fuzzy Hash: 1EE04F7090A33ACFCB94CF248D48ADDB7B6AF56301F1094E6840A76224DA30AA84DF11

Uniqueness

Uniqueness Score: -1.00%

Function 049209D8 Relevance: .9, Instructions: 882COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a96ac99e76d9ffc51e2faee07f4d6ca2118d4bdab0c8a47fb6d5d2e1a8a0e8a
Instruction ID: 8430df8bc8f5fefa1a45bc5bdf2201d7941fc26879f142b2858457bcaea2c7ec
Opcode Fuzzy Hash: 7a96ac99e76d9ffc51e2faee07f4d6ca2118d4bdab0c8a47fb6d5d2e1a8a0e8a
Instruction Fuzzy Hash: F8929034A41218CFDB24DB64C994BE9B7B2FF8A301F1540E9D50AAB361DB31AE95CF11

Uniqueness

Uniqueness Score: -1.00%

Function 04920A30 Relevance: .9, Instructions: 870COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8f1987a6298e54ec74f743d27c4ffb39bab9f8a9bf0f4e1c6bbf8c43b59d5e2
Instruction ID: af94186e94e56af3d10e477e82eafc39e189c9b6846db31927f676325a2ec718
Opcode Fuzzy Hash: f8f1987a6298e54ec74f743d27c4ffb39bab9f8a9bf0f4e1c6bbf8c43b59d5e2
Instruction Fuzzy Hash: E6929134A41218CFDB64DB64C894BE9B7B2FF8A301F1540E9D50AAB361DB31AE85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 04920A1F Relevance: .9, Instructions: 863COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a51f32fa60a81081c523ea80bff617132cbcf1b4d0fd3e70fdac546a0987bb2d
Instruction ID: 9075f2103bfe4d18d784b7d83a20a98fe02739df3a4b6f4d49565d730beebcde
Opcode Fuzzy Hash: a51f32fa60a81081c523ea80bff617132cbcf1b4d0fd3e70fdac546a0987bb2d
Instruction Fuzzy Hash: F8929034A41218CFDB64DB64C994BE9B7B2FF8A301F1540E9D50AAB361CB31AE95CF11

Uniqueness

Uniqueness Score: -1.00%

Function 04922120 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f089ae69efbcc4f4bf3344fd0ad103073bbd94948b1a0376099a9d339ee5b782
Instruction ID: 0f8e88300cd548662b9626d27acc111850135e9efdd6c9b47570baf1384bdea7
Opcode Fuzzy Hash: f089ae69efbcc4f4bf3344fd0ad103073bbd94948b1a0376099a9d339ee5b782
Instruction Fuzzy Hash: E0027C74E01269CFEB24DF64C954BEDBBB2BF88304F5081AAD90967264EB701E81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 0492EAA0 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 639dbf8d0f28d42ed491b7fad34b878947f390cc55988ced622409081fe2c313
Instruction ID: 9c13df6361db0565e92a3bb55d9f81f7691dad5ea5ebd4f815c4dffe1823e17d
Opcode Fuzzy Hash: 639dbf8d0f28d42ed491b7fad34b878947f390cc55988ced622409081fe2c313
Instruction Fuzzy Hash: 9D916D70A02299DFCB44DFA9EA9499CBBF2FF48316B50D57AD4059B369DB30A941CF00

Uniqueness

Uniqueness Score: -1.00%

Function 04920280 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5f5edc01429eb242e28a7a8f546543141e9fd0a93a3ab7e5891cbfc09d422a3
Instruction ID: 8c42ed26a78b1702071db294ecd2639996cfd666d64dc1146e36c564febf1930
Opcode Fuzzy Hash: c5f5edc01429eb242e28a7a8f546543141e9fd0a93a3ab7e5891cbfc09d422a3
Instruction Fuzzy Hash: 22417E78A00218DFDB14DFA8C584B9DBBF1EF4D710F1054A5EA02AB3A4D775A940EF60

Uniqueness

Uniqueness Score: -1.00%

Function 04921D60 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cdd94e27b52a29106f690113f8f9bc97f7973a3ba700bb6b8f1c6b1cfacf6a2
Instruction ID: 877ab1d5e52557993cb092b7c4410455d035eb50840f4a7a954903eb728ece85
Opcode Fuzzy Hash: 4cdd94e27b52a29106f690113f8f9bc97f7973a3ba700bb6b8f1c6b1cfacf6a2
Instruction Fuzzy Hash: 88417EB5E002189FDB44DFAAD5856DDFBF2AF88210F14C06AE418A7354EB306E42CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04926A80 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4496281368ccf74d7710983774741faffe624e1deb9db712662506c77a5f8fde
Instruction ID: e087fdc383e933f1c29dc4a16351bfbbd55ca5fe8d1d4cc483bf03afcbd22338
Opcode Fuzzy Hash: 4496281368ccf74d7710983774741faffe624e1deb9db712662506c77a5f8fde
Instruction Fuzzy Hash: B831E231A09175DFDB208F28CA016BAB7F5EF65300F04863BE496CA699D338FC54D661

Uniqueness

Uniqueness Score: -1.00%

Function 04928200 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50e500a2b45d26d85129591ecbc0235856e42ebb890ac7ad66905245e4cc0f2e
Instruction ID: f50f8092c5d4ee7bfe9bf8403abecda46e1380e7f0fcdee593bf4d634e9bd0e8
Opcode Fuzzy Hash: 50e500a2b45d26d85129591ecbc0235856e42ebb890ac7ad66905245e4cc0f2e
Instruction Fuzzy Hash: D9213BB0E08619EFCB04DF95C68199EBBF2FF99340F5599AAC414BB219D334AA058F50

Uniqueness

Uniqueness Score: -1.00%

Function 04920006 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 812905c99755d72f011b3690349d0b8a39e631dbb0bfcc345e49588a169c7fd3
Instruction ID: 34997684d134d2eb65e2ba5674f0e0485513daa444997b2bb328b62c3cd88c75
Opcode Fuzzy Hash: 812905c99755d72f011b3690349d0b8a39e631dbb0bfcc345e49588a169c7fd3
Instruction Fuzzy Hash: 9721936084E3C65FD75387748D647EBBFB06F07214F5A44EBC080EB593D568084ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 04928100 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f653742d5decc7d5b0a6ad08cc458401dfbdc6451019fb81c2e04178d4136d85
Instruction ID: 3ead69fee0c3e0dd8752db45c09c0ff390118700e3bb24eb78a002a8d63f41b1
Opcode Fuzzy Hash: f653742d5decc7d5b0a6ad08cc458401dfbdc6451019fb81c2e04178d4136d85
Instruction Fuzzy Hash: 273127B4D05209DFCB44DFA9C5819AEFBB1FF49300F5085AAD815AB355D338AA42CF90

Uniqueness

Uniqueness Score: -1.00%

Function 04924009 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 632fc61d81134db4d4420e8667cf0b05399ffb399d588f0ba9c1416c055c1889
Instruction ID: b6aa34ff457762c0245c1f5f0979c0ce459c699a9d581db518adbbee34eefc52
Opcode Fuzzy Hash: 632fc61d81134db4d4420e8667cf0b05399ffb399d588f0ba9c1416c055c1889
Instruction Fuzzy Hash: 272106327492758BC7148F78CE0026E7FB5EB06300F06497BE511DB287D235E8858791

Uniqueness

Uniqueness Score: -1.00%

Function 04929C90 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2962b39e29731a7f5a1ebb63f2b49c4bba58d2d758e0b3858385fc57b0aff473
Instruction ID: e87890546eae93ce158c40434acc16e233ac97391b4ad2df776ed75f779a6b26
Opcode Fuzzy Hash: 2962b39e29731a7f5a1ebb63f2b49c4bba58d2d758e0b3858385fc57b0aff473
Instruction Fuzzy Hash: 3B213BB0E0525ADFCB04CFA5CA4069EFBF6BF86300F1499AAD405AB255E7349B01EF50

Uniqueness

Uniqueness Score: -1.00%

Function 04928110 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e90b69e0cfb887a6d882c79de06accc7fc70e7a1df558a4967cbc183422e8c5c
Instruction ID: e064349a9e9262f2ba96ece2944d1c1ce4f163964d24fbc7ac0515dfbde07903
Opcode Fuzzy Hash: e90b69e0cfb887a6d882c79de06accc7fc70e7a1df558a4967cbc183422e8c5c
Instruction Fuzzy Hash: 5021E4B4E0521ADFCB44DFAAC580AAEFBB5FF48300F50856AD815AB355D734AA41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04921C99 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 574b65f832426c21324baafd8e6f2a5853989be71e4c63c7c88757400d5eb865
Instruction ID: ed2d0f93aa410713534291bc4cc6171b3529030e33efacbd0dcbc428f2a28936
Opcode Fuzzy Hash: 574b65f832426c21324baafd8e6f2a5853989be71e4c63c7c88757400d5eb865
Instruction Fuzzy Hash: AD21C275E012599FCB44DFA9D9445EEBBF2BF89300F14806AD808F7260E7351A46CF64

Uniqueness

Uniqueness Score: -1.00%

Function 0238075C Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389562939.0000000002380000.00000040.00000040.sdmp, Offset: 02380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2380000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea59e8c7a878900c7b36a79bc69d8c655099c89b9c4a7003276d710d9aab49c7
Instruction ID: ad7154b83f3b6ee46aa8cbadc3fbb7bbf3db58d7dc3d81564326064ad9a82a50
Opcode Fuzzy Hash: ea59e8c7a878900c7b36a79bc69d8c655099c89b9c4a7003276d710d9aab49c7
Instruction Fuzzy Hash: 3411B434204384EFD719DB24C984B26BB95AB88B08F24C59DE9491F653C777D807CE51

Uniqueness

Uniqueness Score: -1.00%

Function 02380726 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389562939.0000000002380000.00000040.00000040.sdmp, Offset: 02380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2380000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76b862d1f3d82d1f34c12602fcec4e02f49c76fd06add40373d1d04ddbc5da87
Instruction ID: 758c05e8e89cabd4e1a7c19ff6c59a9d6b4672f2b960d7150a36715eb7a864bc
Opcode Fuzzy Hash: 76b862d1f3d82d1f34c12602fcec4e02f49c76fd06add40373d1d04ddbc5da87
Instruction Fuzzy Hash: F8216D3550D3C08FD7079B20C960B15BFB1AF47604F1985DED8859F6A3C73A880ACB52

Uniqueness

Uniqueness Score: -1.00%

Function 04929D88 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fc39c6f1ded5fffce40a2dbd2ccd397e2e5db676b3f563c93b6df5ff3aa767d
Instruction ID: 30e1b9aa70eba38673a8de50b25cd35e3c0c19000c615e03bf0fb2e3668be70e
Opcode Fuzzy Hash: 7fc39c6f1ded5fffce40a2dbd2ccd397e2e5db676b3f563c93b6df5ff3aa767d
Instruction Fuzzy Hash: 5F113D74E05108EFDB44DFA9C654A5DFBF2EF89300F15C49AD514AB265D7349A01DF40

Uniqueness

Uniqueness Score: -1.00%

Function 049200F7 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26f1fc44b7435f686b6bc93e8cca431991302aa91150123b78624c2ac038a379
Instruction ID: 08a24242051c9cdb48e0226e34f9a20835586ec219154aca73e620d97eaccefe
Opcode Fuzzy Hash: 26f1fc44b7435f686b6bc93e8cca431991302aa91150123b78624c2ac038a379
Instruction Fuzzy Hash: D5212C34A0224ACBCB04EBA8D99499DBBB1FB80305B5086ABD901A7354EF755E05DB51

Uniqueness

Uniqueness Score: -1.00%

Function 02312020 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35fd6b97e8018fb0f32e1900742a54f74246a1b9ed96c96b4b3a8caf91cbb3b8
Instruction ID: 930e6678757ea4ba3b107a27af0e8cb0d2d60ff6c2ac0fa134290ae53fa3f094
Opcode Fuzzy Hash: 35fd6b97e8018fb0f32e1900742a54f74246a1b9ed96c96b4b3a8caf91cbb3b8
Instruction Fuzzy Hash: A4119AB4E0524ADFCB08DFA4D9541AEBBB2FF89300F10C6AAD805A7259E7305A51CF51

Uniqueness

Uniqueness Score: -1.00%

Function 04925ACB Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00a03cf1a32df3a2014e8d09b1efed4c16a33f8f0ac8691efc4c1d5d5effe8cd
Instruction ID: 2c0df26b2d4db1703b7258fd2e97547cc55391cc8505f422f178b916f268b756
Opcode Fuzzy Hash: 00a03cf1a32df3a2014e8d09b1efed4c16a33f8f0ac8691efc4c1d5d5effe8cd
Instruction Fuzzy Hash: 74118C31A06024EFC710CF28DA89BB9B3E1FF00325F4A89B6E5259B2A5E375E954D741

Uniqueness

Uniqueness Score: -1.00%

Function 04929D98 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c688b17def67f3bae8fc364551696347e817ec96b6e2e616d9c38e23ebe93824
Instruction ID: ab45c6189443e8ad3d7038976500a975c92152608b7e01d3ab6a3e114bf1915c
Opcode Fuzzy Hash: c688b17def67f3bae8fc364551696347e817ec96b6e2e616d9c38e23ebe93824
Instruction Fuzzy Hash: BC11F874E05118EFDB44DFA9C684A6DFBF6EF88300F15C4A9E518AB265DB30AA00DF40

Uniqueness

Uniqueness Score: -1.00%

Function 04920108 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d092ed085912640f0265323e99a843c1d2648c4003a2a21272255300c6190c43
Instruction ID: 8c5e3d91c51e7c377840dde29ebdfb67d9bb28c5f14f28e33dfbe76bd01c8c6d
Opcode Fuzzy Hash: d092ed085912640f0265323e99a843c1d2648c4003a2a21272255300c6190c43
Instruction Fuzzy Hash: 8111FE34A0120ACBCB44EFA8D89599DFBB5FB80305B5081BBD90167354EF755E05DB91

Uniqueness

Uniqueness Score: -1.00%

Function 049293F8 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 337a158628ec6c68377c1de764f28069d9951b060dc3ca9ae8883115afe4d2e3
Instruction ID: a774883b16b4f96a9f1432c45d92b3fe148a3f0823e3faffe7963b5b2e421223
Opcode Fuzzy Hash: 337a158628ec6c68377c1de764f28069d9951b060dc3ca9ae8883115afe4d2e3
Instruction Fuzzy Hash: E121C474A01228CFDB54CF64C990ADDBBB1FF48310F2151A9D405AB358DB31AE81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04929442 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bade78c80f5159e6855ee2bd584dfe888a9982cfd6aa86dbf92e035c59434497
Instruction ID: 363c0aa26b87f96b82c8729dfb3375fb9eca5c022f938bd2f4f4be8e25fc4030
Opcode Fuzzy Hash: bade78c80f5159e6855ee2bd584dfe888a9982cfd6aa86dbf92e035c59434497
Instruction Fuzzy Hash: 41217074A02228CFDB54CF64C994AD9BBB1FF48310F259195E809AB355DB31AE81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 02314323 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f72701d51814f29d5d867737848cde726306f057b8c39f3e48464fbb6372559a
Instruction ID: 0a206059fbcbfbe8befc48bee4af3aecc56849dcb7e0bc6b86c1b3a690198888
Opcode Fuzzy Hash: f72701d51814f29d5d867737848cde726306f057b8c39f3e48464fbb6372559a
Instruction Fuzzy Hash: 14112B70D0612ADBCB68CF54ED9479DFBB4EB49311F1058EAC20AA7650EB309A90DF04

Uniqueness

Uniqueness Score: -1.00%

Function 023805CF Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389562939.0000000002380000.00000040.00000040.sdmp, Offset: 02380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2380000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8a9d6f8da6224569a21511e289789b1099e124448acfe9503e55e9d30e9252d
Instruction ID: 0c2372f41d62f7a4088f685cf650fc1fa114eadea78432bc93c35fe3056c6bf1
Opcode Fuzzy Hash: a8a9d6f8da6224569a21511e289789b1099e124448acfe9503e55e9d30e9252d
Instruction Fuzzy Hash: 5201D676509380AFD7028B16AC54866FFB8DE86620708C0DFED898B612D225A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 049203E8 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae0ec48aecfb480e1899026378762130f10380c4298d8047919a603e655b9b0e
Instruction ID: fe66dc171254ddfb6e11f5781013b79620d7ade443e935aa62bdb2292657e787
Opcode Fuzzy Hash: ae0ec48aecfb480e1899026378762130f10380c4298d8047919a603e655b9b0e
Instruction Fuzzy Hash: C2F0B4309523089BC718DB708A50EAF7373DFD6304B5498A9C001772A9DE385F01EB54

Uniqueness

Uniqueness Score: -1.00%

Function 04926C20 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 724df7c0c34fc38d7eaa0d0eb6a5b08608608cedf6593c397b0c314a5f05e86a
Instruction ID: ca946cf7e78c7aff4af86c8ba5aa8a746da933e20dbcd4e1e43eddb7217549df
Opcode Fuzzy Hash: 724df7c0c34fc38d7eaa0d0eb6a5b08608608cedf6593c397b0c314a5f05e86a
Instruction Fuzzy Hash: 8A01F474806309EFCB00EFA0D68555CFBB5EB4A202F2088A6D006E7518EB30AE00DF01

Uniqueness

Uniqueness Score: -1.00%

Function 0492A7A8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8454e28c416b9c1f7fec8e50781cdf072abdc6758bd5495c095802c8a9ef0c1
Instruction ID: d411f8ca85e5284ef2b296e1ef7baa1515ee5b5360fc594ffc8f6fe66700a38d
Opcode Fuzzy Hash: a8454e28c416b9c1f7fec8e50781cdf072abdc6758bd5495c095802c8a9ef0c1
Instruction Fuzzy Hash: CD015A7480025AAFCB00EFA8C954AAEFBF0BF49301F1085A6D844A3351E734AA40CF90

Uniqueness

Uniqueness Score: -1.00%

Function 04920220 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dfaf3b487ce4f8122b3505166a3b1e018e7e2bacdf42400b62115eb93fcc38c
Instruction ID: fcc688e03eb5888a7a6fe3f0d0f3ff42c239b8e405312d5393f248ca160e3909
Opcode Fuzzy Hash: 3dfaf3b487ce4f8122b3505166a3b1e018e7e2bacdf42400b62115eb93fcc38c
Instruction Fuzzy Hash: FBF0907480F3C4DFCB12DBB49A6568A7FB16B13300F5540FBC4848B6A6E2385A4ADB52

Uniqueness

Uniqueness Score: -1.00%

Function 04921FA9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f76dfd7116088115d2366d79d724f6ccedd088a82444f94ccec8b7dfa8916d8b
Instruction ID: 29e74be0082b1ab5eebb848be510c8fa88266c57b39887cb9ff36b0379360773
Opcode Fuzzy Hash: f76dfd7116088115d2366d79d724f6ccedd088a82444f94ccec8b7dfa8916d8b
Instruction Fuzzy Hash: ACF08770D00248DFDB05EFA9C5519AEFBB1FB5A301F2081EAD814A7355D739AA10CF92

Uniqueness

Uniqueness Score: -1.00%

Function 04920531 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0811937f26087a6888a932c61cf8b6e82df76df54aab961229576946557c425
Instruction ID: 007558dcc117b2743e843278394ecbd7b60ea360403e54edecaf95a2f70fcb51
Opcode Fuzzy Hash: a0811937f26087a6888a932c61cf8b6e82df76df54aab961229576946557c425
Instruction Fuzzy Hash: 71F0C4B4E05319DFCB05DFA8C690A9EBBB1BB09300F1145E6D814A7355E630AE45DB91

Uniqueness

Uniqueness Score: -1.00%

Function 04920070 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b112a0787282c34e0696baa7260ab852cc308cdd0c3d888b7601fb6daa835ef7
Instruction ID: 5e500c7a8dfec44033b1900b8c335467c47db63158d78414467f716fcc9e9506
Opcode Fuzzy Hash: b112a0787282c34e0696baa7260ab852cc308cdd0c3d888b7601fb6daa835ef7
Instruction Fuzzy Hash: F8F08C70D512199BEB549FA4C9557BFFBF5EB49714F10183AC110B3280DA756904CBE4

Uniqueness

Uniqueness Score: -1.00%

Function 0492A7B8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0567e4fc6904cbe42b810cbfc0b3d71a21370dceb460d61c35aee5e17ad3309
Instruction ID: c2d5a624efcceb45221294633342f0a3584c5aac87d6c9473f898f6f203f8956
Opcode Fuzzy Hash: c0567e4fc6904cbe42b810cbfc0b3d71a21370dceb460d61c35aee5e17ad3309
Instruction Fuzzy Hash: 7801F674D0021A9FCB40EFA8C955AAEFBF4FB48301F1085A6D854A3340D734AA40CF90

Uniqueness

Uniqueness Score: -1.00%

Function 049203F8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e17a90a812598b0b5167e62e94528a049b82f7a3d7ef1e69b35350253b9c1c25
Instruction ID: 2f38d1cd84efb8b0d8fdeadc43ff84493ef4a41f565ae468aebfbad8bfcaf0cf
Opcode Fuzzy Hash: e17a90a812598b0b5167e62e94528a049b82f7a3d7ef1e69b35350253b9c1c25
Instruction Fuzzy Hash: EAF03034A523089BD708DB71D990E7FB377DFD9204F5498A8800133298CE355F01E694

Uniqueness

Uniqueness Score: -1.00%

Function 02380818 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389562939.0000000002380000.00000040.00000040.sdmp, Offset: 02380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2380000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction ID: 71df7561f6ea1238e759df9e85d4a6428daf795753f962f6ff5035f94f2611cb
Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction Fuzzy Hash: 13F01D35204644DFC705DF40D940B15FBA6EB89718F24C6ADE9490B752C337D813DE81

Uniqueness

Uniqueness Score: -1.00%

Function 02313FB2 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 413cb8479e825612e1068ae91c853c04e5644d148121d0665e3e40224eec9b11
Instruction ID: 31d07d8afa928a4de103a038851112285859b6a16fb7815a20fce240c677981c
Opcode Fuzzy Hash: 413cb8479e825612e1068ae91c853c04e5644d148121d0665e3e40224eec9b11
Instruction Fuzzy Hash: 1E019CB09022298FEB64DF64CE45BDAFBB0FF49341F1040EAD249A7695D7701A81CF11

Uniqueness

Uniqueness Score: -1.00%

Function 0231387C Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 828a1737ea2a29c96631d733a9bebacc8e990b9bb513b09a6f62de8baa955b7a
Instruction ID: 1ed14e4d465f8f88a3d060934377bfe6911ec9343cdb36defa574dc403327092
Opcode Fuzzy Hash: 828a1737ea2a29c96631d733a9bebacc8e990b9bb513b09a6f62de8baa955b7a
Instruction Fuzzy Hash: 9101C971E8022DDADB68DF60CC82BD9BBB4EB08700F1040D69619B6281D7746BC5DF94

Uniqueness

Uniqueness Score: -1.00%

Function 049275A1 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2546cff547224cccae3c6299f60ae6d63704cadd02de29694ef1f829fdceefc
Instruction ID: 4b905ec839b732142b627eda872c518d348bfe63fcbb165d7756da2db7c62cae
Opcode Fuzzy Hash: d2546cff547224cccae3c6299f60ae6d63704cadd02de29694ef1f829fdceefc
Instruction Fuzzy Hash: 5001FB70A013689FDB54DF24C980B5DBBB6FF85300F1084E9D009A7254DB306E84CF52

Uniqueness

Uniqueness Score: -1.00%

Function 023805F6 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389562939.0000000002380000.00000040.00000040.sdmp, Offset: 02380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2380000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4991fff8ad342abea93620211b6125e3df04ff44bb647aeb1c0f2c50b7fc77b1
Instruction ID: af93e04dd569ce947f9c2d4b18619f59d060999772cc05c4685d0ccec35b921e
Opcode Fuzzy Hash: 4991fff8ad342abea93620211b6125e3df04ff44bb647aeb1c0f2c50b7fc77b1
Instruction Fuzzy Hash: ADE092766006008BD650CF0BEC81456F7D8EB88630B18C07FDC0D8B700E235F508CEA5

Uniqueness

Uniqueness Score: -1.00%

Function 049282F9 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: addaca168e03b0a9f885d30dfe153c20e961f5fccfb6ec6cccdbddf788066204
Instruction ID: 96a963ede27665ac9736893d0c46c9ea7f1dacec9c80956340cf12682a6e5009
Opcode Fuzzy Hash: addaca168e03b0a9f885d30dfe153c20e961f5fccfb6ec6cccdbddf788066204
Instruction Fuzzy Hash: F7F058B4D09309DFCB06EFA8CA005AEBBB1FB1A301F4181AAD804D7322E7359A44DF40

Uniqueness

Uniqueness Score: -1.00%

Function 02312BC9 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4344c5b6702ac26d132bff51f16c6075fd6883fee8b94f7b330717ee81018442
Instruction ID: 7930efac6a258f053ece4128dd2deaf4e0fb43cc950ce27d4605996a4c0e8638
Opcode Fuzzy Hash: 4344c5b6702ac26d132bff51f16c6075fd6883fee8b94f7b330717ee81018442
Instruction Fuzzy Hash: C1F0A070906384DFC705EFB0D9646ADBF70EF46201F0041EAC84497261EB364944CF00

Uniqueness

Uniqueness Score: -1.00%

Function 04920450 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 799ffa584cea367f130206eaecb5265fe78fc5808889b338a8c16badb50402b5
Instruction ID: 9edf1b45071d490903494953702ed355bd60602a485ff9985ade0c68e780975a
Opcode Fuzzy Hash: 799ffa584cea367f130206eaecb5265fe78fc5808889b338a8c16badb50402b5
Instruction Fuzzy Hash: A2F0D474D02348DFCB15EFB8DA54AADBBB1AB05201F1045BAC910A7365EB759A10CB51

Uniqueness

Uniqueness Score: -1.00%

Function 04920460 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea9c62605efccf1a55413244f13ba26ee4df3072f1806bbcc3f44992fae7d3c6
Instruction ID: 0604ff97a58aee8bf537a90c0b472c0f05b42e2bee39c2dd4854aee7b651c239
Opcode Fuzzy Hash: ea9c62605efccf1a55413244f13ba26ee4df3072f1806bbcc3f44992fae7d3c6
Instruction Fuzzy Hash: 6CF0C974D02308DFCB14EFB8D5589AEBBB5FB05301F1045A9D81463354EB759A50CF95

Uniqueness

Uniqueness Score: -1.00%

Function 02312920 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8883af50aceab8b0187491f7121217fcaac1aaa24be5c58d8051b4e6bea3e19
Instruction ID: 8774fce9932207baf53a9042079876ae5bf52aea143f3c1d430f536559f42702
Opcode Fuzzy Hash: a8883af50aceab8b0187491f7121217fcaac1aaa24be5c58d8051b4e6bea3e19
Instruction Fuzzy Hash: 18E065349052889FCB05DFB8C19469CBFF0EF0A210F0082EACC48A7321E638A959EF01

Uniqueness

Uniqueness Score: -1.00%

Function 02314807 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c29f0275f92c463638d9ad7549a93e0b41d69acc49816826cfc952ce1333683e
Instruction ID: 3145c8ba701902aeeec86ac964da38ffb01e541eb250c4f1c448edbaf84e3147
Opcode Fuzzy Hash: c29f0275f92c463638d9ad7549a93e0b41d69acc49816826cfc952ce1333683e
Instruction Fuzzy Hash: 70E0DF3080A2D48FCB05EBBC54A42DC7FB0DF42208F1400EFC88497212E6324196CF40

Uniqueness

Uniqueness Score: -1.00%

Function 02313D6D Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89a9eb5e4a2bcecf46fabbf2a26856ef7c7aa818c7e2e35a1c5a9fba0f24f7ce
Instruction ID: 9a8b8d32ad487f8cc7c30d01dc09f091e332bbe587b532136224c01ab8bf7b20
Opcode Fuzzy Hash: 89a9eb5e4a2bcecf46fabbf2a26856ef7c7aa818c7e2e35a1c5a9fba0f24f7ce
Instruction Fuzzy Hash: E1F0767582922ADFCB25DB60C984BECFBB5FB49301F0480EAD609A6250DB309A81DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0492C69C Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a453fabf7149133fd0e559339f7598a4e8353e504b3d7dbdcfaa52c50ac1473e
Instruction ID: 2afcd8789ec538a86dda09a607defaca2bec09b68e7e5d0c371f112a50585762
Opcode Fuzzy Hash: a453fabf7149133fd0e559339f7598a4e8353e504b3d7dbdcfaa52c50ac1473e
Instruction Fuzzy Hash: F8F01CB4E1431ADFDB64CF50C940B9DB7B6AF86300F1184E6924DA6244D7389A80CF16

Uniqueness

Uniqueness Score: -1.00%

Function 02312B08 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19ba7540737d166854ac330761deabe2072276a7072127493810fd11c9294436
Instruction ID: 7a67f5fe44c0627096a0faf7c2c7b941ca2bc53dc2522791f20ed181873c62bf
Opcode Fuzzy Hash: 19ba7540737d166854ac330761deabe2072276a7072127493810fd11c9294436
Instruction Fuzzy Hash: ECE01A74D192889FCB45EFB899647DDBFF0EF96204F1441EEC88897251E6345619CF02

Uniqueness

Uniqueness Score: -1.00%

Function 02312BD8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a252a7000c2113e87893981d61594440157428e841ade2dd8875f53bef934f1
Instruction ID: 9aec17650ed97af4e91f2e5c5b4e29c1c6b68a50c662c6b12855da5bc9ed6940
Opcode Fuzzy Hash: 4a252a7000c2113e87893981d61594440157428e841ade2dd8875f53bef934f1
Instruction Fuzzy Hash: 20E01A70D01309AFC708EFB4E919B6DB7B4EB45306F1081AAC805A3250EF765940CF84

Uniqueness

Uniqueness Score: -1.00%

Function 04928308 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f9198d68bf8f9f444282aefaa24cb5eca1bd0a7594faea635a4e9ca765701a6
Instruction ID: e13d4d8efcd37ff36d8374fc5afc251895d20a5f23768475df9c379e90026c0c
Opcode Fuzzy Hash: 7f9198d68bf8f9f444282aefaa24cb5eca1bd0a7594faea635a4e9ca765701a6
Instruction Fuzzy Hash: B4E0EDB4D01319EFCB04EFA8D944AADFBB5FB48301F1085AAD81493310D7359A50DF80

Uniqueness

Uniqueness Score: -1.00%

Function 02311D4F Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c1d884bfab8dc557bdb6bdfae5d6c56020f53c04d9645a955dd9ceac04ae1ae
Instruction ID: 28a48912e36ecb1013447e784bd4d7390fa1f9b20401a9bf089ce1e5841686fe
Opcode Fuzzy Hash: 9c1d884bfab8dc557bdb6bdfae5d6c56020f53c04d9645a955dd9ceac04ae1ae
Instruction Fuzzy Hash: 4FE0D874C092449FC755DFB89B5029C7FB1EB42304F0040DBCC4493251D6300515CF41

Uniqueness

Uniqueness Score: -1.00%

Function 02311CD0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80e123fc724d34277f6fbe2482085dbded653c3d513daa77d06a67a1988ccd6f
Instruction ID: f7670bb0ebdc969396e2ea948120d05131151b66bd12a20490f83cfb6f12a9bb
Opcode Fuzzy Hash: 80e123fc724d34277f6fbe2482085dbded653c3d513daa77d06a67a1988ccd6f
Instruction Fuzzy Hash: 44E09274C093849FC745EBB898242ADBFB09F45200F0045EAC884A7250E6345654DF41

Uniqueness

Uniqueness Score: -1.00%

Function 04920230 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 949b4bc2f058779d56f1b63a7246eeb32e0739b627bbd68a8008e63c9a64ce77
Instruction ID: b3b311b4c737d4a65bf1b2f942d92288e0f8f6cab489440ab4debf3d336151ed
Opcode Fuzzy Hash: 949b4bc2f058779d56f1b63a7246eeb32e0739b627bbd68a8008e63c9a64ce77
Instruction Fuzzy Hash: 2FE08634D06308DFCB04DFA4D54555CBBB5EB45301F1081BAD84953358EB316E54DF81

Uniqueness

Uniqueness Score: -1.00%

Function 0492766F Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ffb0bb31c6bd5ba39c11081dbe68e8ef2a3efad30f3f88fffcfbee5053ffd9e
Instruction ID: 6229420639b2cbf075f5ed30153ee991b94752450e9e4df69c3071a7f52fe641
Opcode Fuzzy Hash: 0ffb0bb31c6bd5ba39c11081dbe68e8ef2a3efad30f3f88fffcfbee5053ffd9e
Instruction Fuzzy Hash: CFF05E3090A2A89FDBA1DF28CD81B8DBBF1BF46200F2455DED158AB241D6345944CF11

Uniqueness

Uniqueness Score: -1.00%

Function 02313F2B Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b43628c6009cc06f9690cc0673e50926c69c7ab2fc680b4619e4a410d32b9f5
Instruction ID: 59c7540c51aa8b39caf9e09670f62bf9690968fa469b87e3efea2d2c3751c5d0
Opcode Fuzzy Hash: 8b43628c6009cc06f9690cc0673e50926c69c7ab2fc680b4619e4a410d32b9f5
Instruction Fuzzy Hash: 8EF06CB5955229AFCB68DF20C984BEAFBB0EB06340F4080DA854967251EB340FC0DF40

Uniqueness

Uniqueness Score: -1.00%

Function 02311658 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54eba6af24ba973942998d2227aa55d1ccf937c4ef1ca13bec9cd87ba651fd79
Instruction ID: 6bc04e6626c94719cd1b17aae765a3f83f0c3f4e6d0e2340a0328f12518686bb
Opcode Fuzzy Hash: 54eba6af24ba973942998d2227aa55d1ccf937c4ef1ca13bec9cd87ba651fd79
Instruction Fuzzy Hash: 08E0D670D09308DFDB49EBB8D4002DCBBB0EF00304F0040EAC808A7280EA389A08CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0231295F Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5886be94136ed45c6c575da9d66d225d33619082f261b87c88da8f56e6328720
Instruction ID: 4541dbbffe7f594809bf7b93e2c6793876928b1fffc201be35f5b014af028859
Opcode Fuzzy Hash: 5886be94136ed45c6c575da9d66d225d33619082f261b87c88da8f56e6328720
Instruction Fuzzy Hash: C1E086208052898FC702AFF8955438DBFF0DF46211F5805D6CC4493311E534555A9B51

Uniqueness

Uniqueness Score: -1.00%

Function 02312B89 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c3fe3731b3fd235fd90bd71f5556062611bdbea9f5b87d85984c712c8ad572d
Instruction ID: fcb5aa014e8a4bea54f0b3d5320496861dae95f7e7ce35ecdd0785ca823ca55a
Opcode Fuzzy Hash: 3c3fe3731b3fd235fd90bd71f5556062611bdbea9f5b87d85984c712c8ad572d
Instruction Fuzzy Hash: 2FE0C2309192D48FC70AFB7898A43ED7FB0EF47209F1448EAC8C497291EA300A55CF51

Uniqueness

Uniqueness Score: -1.00%

Function 023129E9 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0b2ab2a1537f5fc03964442203757aa50933fc7934367f3bf640fc1e78aa4bd
Instruction ID: 6c4b7b3d2c59fdde4910ceb481af0b15a29254beeb316e543bef9c6f7a78b6fc
Opcode Fuzzy Hash: d0b2ab2a1537f5fc03964442203757aa50933fc7934367f3bf640fc1e78aa4bd
Instruction Fuzzy Hash: DEE04F70D093489FCB15EFB4995469EBFB0AF85301F1484EEC848A3261E6341969CF52

Uniqueness

Uniqueness Score: -1.00%

Function 0231342D Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5567dda633dd589523193d32254430594bd47d544329e2f7b98b166b8f49766a
Instruction ID: d40f67b4e02f781cf9cc706ba957891e5353787ad7db7e529ea3c6defff9ae0b
Opcode Fuzzy Hash: 5567dda633dd589523193d32254430594bd47d544329e2f7b98b166b8f49766a
Instruction Fuzzy Hash: 4BE0ED7195411E9ECF64DFA0CA40BEDB7F4EB45305F1080EAD114A7291D2349F84DF50

Uniqueness

Uniqueness Score: -1.00%

Function 02311D0F Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78b2faa0fa2116801a5a330f6d5b7c024d5387fa76cf821429d7bee4b3a7adf5
Instruction ID: 87c6b66ef35b61759dc805a54e403e09ec01cb08e244561f554ed2beb470311e
Opcode Fuzzy Hash: 78b2faa0fa2116801a5a330f6d5b7c024d5387fa76cf821429d7bee4b3a7adf5
Instruction Fuzzy Hash: 7BE04FB5D09348EFCB45EFA8D4143DDBBB0AF44304F0444EBC848A7251EA345A58CF41

Uniqueness

Uniqueness Score: -1.00%

Function 02313DE0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c5c7aeceeb35ef8c3acef807aa4a2f3c8ee0cb0c2ca9f02fbdb5155a20cfce
Instruction ID: 251132e140c21c2543722fc34c61b15c7727f7dea0d2fce834aeb31a0f904181
Opcode Fuzzy Hash: d7c5c7aeceeb35ef8c3acef807aa4a2f3c8ee0cb0c2ca9f02fbdb5155a20cfce
Instruction Fuzzy Hash: 55F092309012299BEB64DF54CD99BA9B7B2FB59300F1056D9E60DA72A0DA319EC1CF00

Uniqueness

Uniqueness Score: -1.00%

Function 023133D2 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b499f40c7222096db26a582555680b95cd8e46528275fabe20855a1f8c3cd2ff
Instruction ID: 49dba2fecbfb3ca521ba45ff2010d8639e4d9f14e82fa87181889687f1165e29
Opcode Fuzzy Hash: b499f40c7222096db26a582555680b95cd8e46528275fabe20855a1f8c3cd2ff
Instruction Fuzzy Hash: 09F09B758152299FCB65DF60CA44BDDBBB5AB08300F0080EA9109A3261DB341A91DF41

Uniqueness

Uniqueness Score: -1.00%

Function 0492D193 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb0575453ad4134b541d9f3f590f5d4e7faab16d24d299bd70dfefdc636b6f80
Instruction ID: 78b546a49e945e3c554e36889bfe7452848ae5f75ddf7efdeeb8431985f8a5d9
Opcode Fuzzy Hash: eb0575453ad4134b541d9f3f590f5d4e7faab16d24d299bd70dfefdc636b6f80
Instruction Fuzzy Hash: C7E08C749083169BCB80DE148580BAD76BAAF52300F2090A9805EB7714DA34AD45CF12

Uniqueness

Uniqueness Score: -1.00%

Function 049209E8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bdfd2731219662877d0c2eaf72008ec28e5be6a8d904c400cd700e80ff36d51
Instruction ID: a798d741fa7b1e0d2bf0268037b16fee06621c5d677b3c85f03dd4b9c0ba651b
Opcode Fuzzy Hash: 6bdfd2731219662877d0c2eaf72008ec28e5be6a8d904c400cd700e80ff36d51
Instruction Fuzzy Hash: 10E01230942258DFDB04DBA4CA55BAEB7B89B41301F2011E9D40427351DE716E40DB95

Uniqueness

Uniqueness Score: -1.00%

Function 02311379 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73c6294a7ced8dad8cfd561d9d8b9789dd1c12a31520addbdac0e1ccfbc99506
Instruction ID: c78b137bed0b4dc655a44ce1a29464727bf64d73a0db33399f7d3972a33b7707
Opcode Fuzzy Hash: 73c6294a7ced8dad8cfd561d9d8b9789dd1c12a31520addbdac0e1ccfbc99506
Instruction Fuzzy Hash: 49F0A5749122289FCB94CFB4D89479DBBB2FB49311F1044AA9A0DA3356DF305E828F00

Uniqueness

Uniqueness Score: -1.00%

Function 02311D60 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e294f3041ab3af46d95b769e20688a829b5f451988546443f6b423f3641190e
Instruction ID: a7392ca92de3462d2afc0d62ea7c0eb1640489cd690d5baf5f2f944ea330ffc2
Opcode Fuzzy Hash: 7e294f3041ab3af46d95b769e20688a829b5f451988546443f6b423f3641190e
Instruction Fuzzy Hash: E0D01774D05208ABCB58EFB8D8146ADBBB5AB84304F1081AAC818A3340EA345A44CF81

Uniqueness

Uniqueness Score: -1.00%

Function 023133BC Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56f5786a57e99401f9ac1007884f2fa3cb0787577afc8c81d9675f7282df50ae
Instruction ID: 3a4aac85f55b6336d6d6ecb597080441d5889a52254d8a4ee24e0f3f53f96aac
Opcode Fuzzy Hash: 56f5786a57e99401f9ac1007884f2fa3cb0787577afc8c81d9675f7282df50ae
Instruction Fuzzy Hash: 91E04670C06228CFCB64DF21CA06BCABBB4FB54300F0080DA9509A7291D7704B80CF82

Uniqueness

Uniqueness Score: -1.00%

Function 049200ED Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ff6d2cb605c91a64cd8fb2598eb81e37dcf4d77bbaddc9dfff51082b0504476
Instruction ID: 0010ccb8ebe584c7f6633d41db9992da9274dc9abe451146f944c0a33ef21758
Opcode Fuzzy Hash: 8ff6d2cb605c91a64cd8fb2598eb81e37dcf4d77bbaddc9dfff51082b0504476
Instruction Fuzzy Hash: 06D01735E01209CBCB108FA4E0446ECF771FB89329F14842AC614B3210DB315454CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0492E9C8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ed26930d2c934d6e81c77c80ba9f9c9c2b0a61e608379bda598630fa1226147
Instruction ID: 87886950e613b9c9422814626793f63178a5c9b369e44ec962eb391f63bb0475
Opcode Fuzzy Hash: 2ed26930d2c934d6e81c77c80ba9f9c9c2b0a61e608379bda598630fa1226147
Instruction Fuzzy Hash: 66E0EC78D00308EFCB44EFA9D54575CBBF4EB49301F1040AAD80893350EA35A944CF41

Uniqueness

Uniqueness Score: -1.00%

Function 02311D20 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7e410598a1adebc088fc7fe0a1f10f28c5022cf07140084c256b13ca01ccf1f
Instruction ID: 11b6f562bdc4dd03a8c9cec52a0b3362c03dc65f6aaa5e35e365b1774b10fd6b
Opcode Fuzzy Hash: d7e410598a1adebc088fc7fe0a1f10f28c5022cf07140084c256b13ca01ccf1f
Instruction Fuzzy Hash: 27D017B4D00208AFCB44EFA9D40439CBBB4AB44204F0080AAC80893340EA349A44CF81

Uniqueness

Uniqueness Score: -1.00%

Function 02314818 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ebfc3b609f2f3a368c92e424d4b8649b45b5c33c90120dd8bedc36ed8d77e64
Instruction ID: b4dc635ff80751423e8491c31259304e40d325b468c82d11bc2cb4166e4c2c68
Opcode Fuzzy Hash: 9ebfc3b609f2f3a368c92e424d4b8649b45b5c33c90120dd8bedc36ed8d77e64
Instruction Fuzzy Hash: 20D05E348023499FC718EBB89504358B7B4AB40605F1000B9C90853250EB369544CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02311668 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d81d1db03b30e5b56150290ec252b911ff30cdf0b50302fad82e0c7f5c8b4c4b
Instruction ID: e182daf8b883874234a3b1bfeb9072d8eaec4c9af8fc056967a662ec2cc6b8c0
Opcode Fuzzy Hash: d81d1db03b30e5b56150290ec252b911ff30cdf0b50302fad82e0c7f5c8b4c4b
Instruction Fuzzy Hash: 58D01774D00308AFCB44EFA9D50539CBBF4AB44600F1080AA880893380EA359A44CF81

Uniqueness

Uniqueness Score: -1.00%

Function 02313E41 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b909392cb6575743664c21f087c39f2774d05bbe53b302ed033bf56fd981a80
Instruction ID: 21521cc89ea026d603bd5e5efecc8aa77704aad295d09e710b74726533a0c85e
Opcode Fuzzy Hash: 4b909392cb6575743664c21f087c39f2774d05bbe53b302ed033bf56fd981a80
Instruction Fuzzy Hash: F3E0C2748022298BCBA4CF24CD54B8DB7B1FF48305F0080EAD64EA7260EA305E91CF00

Uniqueness

Uniqueness Score: -1.00%

Function 02311CE0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ee6338998f87b37f37e3b84823821037fcd2f078499f36793c9a936fed1ea19
Instruction ID: 43536f227129fd247f6cc3fec6c5c33bd0199ebdbeebf3763754f44e8094349a
Opcode Fuzzy Hash: 2ee6338998f87b37f37e3b84823821037fcd2f078499f36793c9a936fed1ea19
Instruction Fuzzy Hash: 42D01774D01308AFCB54EBB9A8143ACBBF4AB44201F1085EAC84892280EA389644DF81

Uniqueness

Uniqueness Score: -1.00%

Function 00BC23F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389314563.0000000000BC2000.00000040.00000001.sdmp, Offset: 00BC2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc2000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9de21a6df0893fd185cbac2d2c49f6a4542882db43a3d01f56b638076760361
Instruction ID: 73d284f82e8a872b95cb2406b4c8e1173bf990e21538f1b2c1594c2abffb877e
Opcode Fuzzy Hash: e9de21a6df0893fd185cbac2d2c49f6a4542882db43a3d01f56b638076760361
Instruction Fuzzy Hash: D5D05E79215A818FD32A8B1CC1A9F953BE4EB51B04F4644FDE8008B763C368D981D200

Uniqueness

Uniqueness Score: -1.00%

Function 023140EC Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3e685a5f2ac009b38982d3f26eba2bf208648b21389a340919872372fd52b30
Instruction ID: e45954c4c54fd5cfe5c62b30727326a5999a1897b2a4ecfdec97e40c4a00cb4a
Opcode Fuzzy Hash: c3e685a5f2ac009b38982d3f26eba2bf208648b21389a340919872372fd52b30
Instruction Fuzzy Hash: 91E09274816268CFDB68DF20C998BDCBBB1AB44741F1040DAC509A3251DB384FC1CF51

Uniqueness

Uniqueness Score: -1.00%

Function 04928B06 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26dbfef61fb1ea060facd25baa586a1f460d08f81769cf8de71f2b9770030a1c
Instruction ID: abb69ad95993333b3b40cded93cbb1b9defaa8160045d419fb3119721f6a3bb8
Opcode Fuzzy Hash: 26dbfef61fb1ea060facd25baa586a1f460d08f81769cf8de71f2b9770030a1c
Instruction Fuzzy Hash: D2E05A34602314CFC7589F20C9A8998BBB2FF49302F5005A9E40A9B361DB35AA80CE00

Uniqueness

Uniqueness Score: -1.00%

Function 00BC23BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389314563.0000000000BC2000.00000040.00000001.sdmp, Offset: 00BC2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc2000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df0287e1f0c431b2b426aea315f9e5ab4a4a8c652fe670c3e5d3772433af0287
Instruction ID: 9be9a83bd7a53de431b295bc9ef6137d37bedc7635bbf83d2dc9538cd21677fc
Opcode Fuzzy Hash: df0287e1f0c431b2b426aea315f9e5ab4a4a8c652fe670c3e5d3772433af0287
Instruction Fuzzy Hash: 2DD05E343002818FC715DB0CC594F5937D4EB81B00F0644ECAC008B662C3A8DC81C600

Uniqueness

Uniqueness Score: -1.00%

Function 0231351F Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9ee4a0dea8cdb2d3b92e731f3334465be29ba8ff2544fe6fecaddd8c5d26eef
Instruction ID: dd243dc2741be76ae446c8aad7b846cab3117085018c11340ac46500d45b92f3
Opcode Fuzzy Hash: b9ee4a0dea8cdb2d3b92e731f3334465be29ba8ff2544fe6fecaddd8c5d26eef
Instruction Fuzzy Hash: B5E0B6B0D8621A9BDB24DF60DA51BDDFBB5AB14700F1090DA9619AB290D6719A81CF00

Uniqueness

Uniqueness Score: -1.00%

Function 02310E91 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfe5a14d7445b85dd220e5ad8c390ca50f6aeacfc2bae54834f63a3f425e99eb
Instruction ID: 2581bd17d00d1e386167abe74dbe20afd0fe612feb2a8344b304f00ccea7e7dc
Opcode Fuzzy Hash: dfe5a14d7445b85dd220e5ad8c390ca50f6aeacfc2bae54834f63a3f425e99eb
Instruction Fuzzy Hash: 6CE09A74D11218DFCB54DF60E89479CFBB1FB49201F105496D409A3251DB705D40CF10

Uniqueness

Uniqueness Score: -1.00%

Function 049200CD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ddc76d2eb986497e0adf94022bf784e951536fe9ee14a506a34208e5b99d817
Instruction ID: b74cc95e7c8716b00f9c1a84e4c04bff8bb243a17de9971e61d46b39cb2ceadb
Opcode Fuzzy Hash: 7ddc76d2eb986497e0adf94022bf784e951536fe9ee14a506a34208e5b99d817
Instruction Fuzzy Hash: 13D0C936E01208CF8B108FA8E4404DCF775FB89325B14906BC514B3310DB319455CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0492C853 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e20344b99ae2ed423520c91680951a729c2fb519175d2c7cdd57efc48d5cc28d
Instruction ID: f7f70ef1559a8469fe9271fee898d4857f86010a195a36fb00ab300472a071aa
Opcode Fuzzy Hash: e20344b99ae2ed423520c91680951a729c2fb519175d2c7cdd57efc48d5cc28d
Instruction Fuzzy Hash: C4D017B4D042199BCF40DFD4C881BADF7B9AF05300F1084969518BB348D7389A09CF19

Uniqueness

Uniqueness Score: -1.00%

Function 0492DD2F Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a416e7938b409da490c48fd81117ecb7221b8577d14e49264b5f1736bdd66d2f
Instruction ID: c533e9fdd0b6d5a7953cc0143c1462286fd1aaf8de5051454d03585d3b5086f1
Opcode Fuzzy Hash: a416e7938b409da490c48fd81117ecb7221b8577d14e49264b5f1736bdd66d2f
Instruction Fuzzy Hash: 58D01270D042199ADF44CF64C990BADF7B9AB05300F105495D015A6254D7349640CF15

Uniqueness

Uniqueness Score: -1.00%

Function 0492D1C7 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21ed4cc4d4bb646e2c4c7cd90e985a9908cc6dadcc29ed9f11c9e479a9554aa7
Instruction ID: f0d200f3eb134466c66ffc4645f0705932cb49b57bdf1e34a69b83a6cfecf49d
Opcode Fuzzy Hash: 21ed4cc4d4bb646e2c4c7cd90e985a9908cc6dadcc29ed9f11c9e479a9554aa7
Instruction Fuzzy Hash: 1FD0A73480530A8BCF80CF50C5806DDB7FAEF12300F3091A5805AA7250DE349A05CF01

Uniqueness

Uniqueness Score: -1.00%

Function 02311164 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2200766187f4dcbbd6dda98f1c63fa48fb3c034aea5b48628a77487448d3e01
Instruction ID: 0a75b2f2f17b73468c2dd831f1e94b726a4e3731f250b72b19a0a4229e3e8f47
Opcode Fuzzy Hash: e2200766187f4dcbbd6dda98f1c63fa48fb3c034aea5b48628a77487448d3e01
Instruction Fuzzy Hash: 0AD0A77084D149DE8F0DCBA0D8C009CBFB5AB44140F242822D5459B943D2B05441CB10

Uniqueness

Uniqueness Score: -1.00%

Function 0492D7EB Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f21bd1503c584350a872af6af9732b7f94a48d40a7d99cb1841a6e74c6d40232
Instruction ID: 3cbfd584b7c34b4b55659782a2449dae5ddf576a80f5f7c2d456da51d920e603
Opcode Fuzzy Hash: f21bd1503c584350a872af6af9732b7f94a48d40a7d99cb1841a6e74c6d40232
Instruction Fuzzy Hash: B3D0C974D08229CBDF54CFA0C850BAEF7BAAF05300F10909A8029B3302D7385941CF19

Uniqueness

Uniqueness Score: -1.00%

Function 0492913C Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d93f5f3cb1dfa3fa0ea9d3764902c1278edbad1ebee1bc2146e63902c15c721
Instruction ID: 01932d9bfec52da93bde26cdd6c921adbcfb87238e5252f62f79aadae5d6b30e
Opcode Fuzzy Hash: 4d93f5f3cb1dfa3fa0ea9d3764902c1278edbad1ebee1bc2146e63902c15c721
Instruction Fuzzy Hash: E0D06774901368CFCB50DF50CA449ADFBB2FB49312F104199D80567314D731AE81CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0231378D Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1854455dc09d88cd4959f6d682dfb467ee29c7d77f1e681304744144f28f85b
Instruction ID: 3cd7b450973fa20a8bc3996cedfed96e3fa969e392a7f31e29a8d3970122f1ed
Opcode Fuzzy Hash: b1854455dc09d88cd4959f6d682dfb467ee29c7d77f1e681304744144f28f85b
Instruction Fuzzy Hash: 9DD0C9798247698FDB28EF20C9447ECBAB0FB11324F0087DA8169B61D2D7340AC1CF00

Uniqueness

Uniqueness Score: -1.00%

Function 0492CE5B Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f90dc3ee2fdbdcd5714f49db98048f6fd1bcc84d44d6a196260bea594656da71
Instruction ID: 9d12696ca18088d9abf327bed8681a19f18b89da6fa3a0c1ac83233b53a4f5ef
Opcode Fuzzy Hash: f90dc3ee2fdbdcd5714f49db98048f6fd1bcc84d44d6a196260bea594656da71
Instruction Fuzzy Hash: 00C01274D082198ACB50CF50C442BAEB7B9AF55300F1090D58088B3304E7345A41CB19

Uniqueness

Uniqueness Score: -1.00%

Function 0492DBFB Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2267ecd12cbcc0668bb0b6bc8320f949c5c56fd08220f02e5cd6d6d4a46a23ef
Instruction ID: 9bea9851f320e3fb16b30e416f19978fe51a6b185bdbefc4a0b8ba8a2a5a3ec5
Opcode Fuzzy Hash: 2267ecd12cbcc0668bb0b6bc8320f949c5c56fd08220f02e5cd6d6d4a46a23ef
Instruction Fuzzy Hash: 8AC08CB09083158ACB40DF609810BADB6BAAB1B300F2090E9800CB3300E7349940CF09

Uniqueness

Uniqueness Score: -1.00%

Function 023111C0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddec5d93b3772a563ec558bb6464f5e8fc0f25c6c0a314220f78e7b19c64c881
Instruction ID: c7130572899b8d39f8b2fd848a22e832760a32a7ff518aa2c5f70ae792a51ccb
Opcode Fuzzy Hash: ddec5d93b3772a563ec558bb6464f5e8fc0f25c6c0a314220f78e7b19c64c881
Instruction Fuzzy Hash: 65C08070416688DBC744CF60F9D040CBB76F7C131277065575011D78E0DF315440CB10

Uniqueness

Uniqueness Score: -1.00%

Function 023111FE Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 530d9c299ead7b3a0dbc8155f2dcbc8d0a44bd46622e5c27f27f6d6c585abc17
Instruction ID: d67904ae2c6665ef4ecd17bf3d755cb4a030cb27698e51b7339e80527ac43ccf
Opcode Fuzzy Hash: 530d9c299ead7b3a0dbc8155f2dcbc8d0a44bd46622e5c27f27f6d6c585abc17
Instruction Fuzzy Hash: 62C048389021099FC708DF60EDA496AFB31AB96212F20A146994663664CE796880CE4A

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 02312248 Relevance: 1.5, Strings: 1, Instructions: 292COMMON

Download Yara Rule

Strings

K`D*, xrefs: 0231263E

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: K`D*
API String ID: 0-1781041367
Opcode ID: 3981feceed75828d576f37dc3db628ee11411f435638cbbd54c664d271036c1f
Instruction ID: bcdf9934bf707a12f471560dc2f2f6c8bd87dd656cf930995b43c4942f5cb9ec
Opcode Fuzzy Hash: 3981feceed75828d576f37dc3db628ee11411f435638cbbd54c664d271036c1f
Instruction Fuzzy Hash: EAD11674E04268DFDB18DFA9C590AADFBB2BF89304F248199D814AB356C7359A42CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02312258 Relevance: 1.5, Strings: 1, Instructions: 274COMMON

Download Yara Rule

Strings

K`D*, xrefs: 0231263E

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: K`D*
API String ID: 0-1781041367
Opcode ID: 317192ecb1d9cbdc965eb2038cc49ea42d19cb35a512b43d29f370b04ae4b549
Instruction ID: 3383b4252079deeafc69f9f3e6435ea43bed9cb14f3fe4b477a2ed6ec9213a4a
Opcode Fuzzy Hash: 317192ecb1d9cbdc965eb2038cc49ea42d19cb35a512b43d29f370b04ae4b549
Instruction Fuzzy Hash: B0D10774E04268DFDB18DFA9C580AADFBB2BF89304F24C1A9D814AB345D7359A42CF50

Uniqueness

Uniqueness Score: -1.00%

Function 023106B0 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

n, xrefs: 02310704

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: n
API String ID: 0-2013832146
Opcode ID: 258ba750bc63d21ff374154598a82385c29768dbaedaf45cb111cbfdc09d3bbf
Instruction ID: 9f8a31619f63b6b0b6e935f216eb4a2e1ebfaa4542d5adb954482222bed621b8
Opcode Fuzzy Hash: 258ba750bc63d21ff374154598a82385c29768dbaedaf45cb111cbfdc09d3bbf
Instruction Fuzzy Hash: EA715A74D04259CFDB18CFA5C580AADFBB2FF89304F1082AAD815AB359D7349A82CF50

Uniqueness

Uniqueness Score: -1.00%

Function 023106A1 Relevance: 1.4, Strings: 1, Instructions: 166COMMON

Download Yara Rule

Strings

n, xrefs: 02310704

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: n
API String ID: 0-2013832146
Opcode ID: 61cc9924ed51ed5751b9bdd4ccfd21a29e24429da0511d1d0841f2ec2545564a
Instruction ID: 8276a3d4ca88a092bec7a8f7a03d77b2f7119afb91a267e6cc2735d7ad3e359e
Opcode Fuzzy Hash: 61cc9924ed51ed5751b9bdd4ccfd21a29e24429da0511d1d0841f2ec2545564a
Instruction Fuzzy Hash: A9716D74D04259CFDB18DFA5C580AADFBB2FF89304F10C5AAD815AB25AD7349A82CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0492B85A Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

Z09^, xrefs: 0492B966

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: Z09^
API String ID: 0-600318979
Opcode ID: 2abce70b2726d5efccf22d901eebb76791abf582395ee746f8fb37d8f5b9db0a
Instruction ID: 769c956b0525c551e2e08f9c5c7494ef293c8128791fd907bcabb592909a6a1f
Opcode Fuzzy Hash: 2abce70b2726d5efccf22d901eebb76791abf582395ee746f8fb37d8f5b9db0a
Instruction Fuzzy Hash: 9931E7B4E0521ADFCB04CFA6C6805AEFBF2BF89300F24C5AAC515A7259D7306A419F91

Uniqueness

Uniqueness Score: -1.00%

Function 0492B868 Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

Z09^, xrefs: 0492B966

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: Z09^
API String ID: 0-600318979
Opcode ID: 87e2d9752a41fd91c540291a70c255cb09b33342252d06aa783effa246b91135
Instruction ID: a6c564b7b5c01193102264e51c75174f7ee065a2dd3a388e70983bfc970665ea
Opcode Fuzzy Hash: 87e2d9752a41fd91c540291a70c255cb09b33342252d06aa783effa246b91135
Instruction Fuzzy Hash: EC31D7B4E0521ADFCB08CF96C6805AEFBF2BF88300F24C56AC515A7258D731AA419F95

Uniqueness

Uniqueness Score: -1.00%

Function 0492A471 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 174fa939186e7b65c80658e18b54b7c35fdc2a4e31714be1e62216a0240af38c
Instruction ID: 144c42f8a29ef5277f7719b02187d59963bf516b3dc07a26c4fa480227b0d4d7
Opcode Fuzzy Hash: 174fa939186e7b65c80658e18b54b7c35fdc2a4e31714be1e62216a0240af38c
Instruction Fuzzy Hash: A071DF74E25219EFCB44CFA9D68499DBBF1FF49310F1499AAE415AB324D338AA40CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0492A480 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1711aa42671efc728f70a80591d3ab85b49a38be4cedbfe0690993a5732c130
Instruction ID: 3b1aa93eb3274f729af4ff7025962992c5c684602692b0057abe426b3c8104ed
Opcode Fuzzy Hash: c1711aa42671efc728f70a80591d3ab85b49a38be4cedbfe0690993a5732c130
Instruction Fuzzy Hash: 7171CE75E15219EFCB44CFA9D68499DBBF1FF49310F1498AAE419AB324D338AA40CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02312C19 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 662e90fac5ec240193ff9be13a9c69dd666f9d21748a4f35358ff43287f8d18a
Instruction ID: ca4bb2f3d552fde34b171854d26135142453ec8dab44a8556721ea3834f29fb8
Opcode Fuzzy Hash: 662e90fac5ec240193ff9be13a9c69dd666f9d21748a4f35358ff43287f8d18a
Instruction Fuzzy Hash: AC61F3B4D1621A8FCB08CFA5D9909AEFBB5FF89300F20942AD905B7314D7349A01CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0492B608 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16b3458281b9dd26d8d1e9a559ad705e73ae28f3271f9f50861b0528ad402241
Instruction ID: 651023f192368a2a52c718e206a1d84dcbf5925df76d4030f682cab77960f22b
Opcode Fuzzy Hash: 16b3458281b9dd26d8d1e9a559ad705e73ae28f3271f9f50861b0528ad402241
Instruction Fuzzy Hash: 3E610674E05219DFCB08CFA6D6809AEFBF2FF89210F14956AD815B7264D338AA418F54

Uniqueness

Uniqueness Score: -1.00%

Function 0492B618 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 911a35d85de5661a665d2fd1ce37e6557394d7fdda72a3549c66c86d12a6c80e
Instruction ID: c226c669870b5f58a82f64d2d80755a26195508a56797c7abd41d0322d544c70
Opcode Fuzzy Hash: 911a35d85de5661a665d2fd1ce37e6557394d7fdda72a3549c66c86d12a6c80e
Instruction Fuzzy Hash: 4561E674E1521ADFCF08CFA6D6809AEFBF2FF89210F10956AD815B7264D338A6418F54

Uniqueness

Uniqueness Score: -1.00%

Function 0492C42C Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 854448110c0f728e0e4efe727fb6a07b573221c27ded308285bc5656fec64155
Instruction ID: b115700b77c6e5d1969db300ddd9eb75d602f800864cf94c3cccdb2c45067cc6
Opcode Fuzzy Hash: 854448110c0f728e0e4efe727fb6a07b573221c27ded308285bc5656fec64155
Instruction Fuzzy Hash: E651BE71E056598BDB18CF6B8D4439DFBF3AFC9200F15C1BA894CAB655EB344A428F11

Uniqueness

Uniqueness Score: -1.00%

Function 02310007 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f98de49e6aebe14eb472df64f0a5e1daa051a880faa909a26ab3bbdf289b144
Instruction ID: 34f2443bfaf295ae177c5b21cb40538a4ddd5e8a689564391dba6ac8f24c89c7
Opcode Fuzzy Hash: 3f98de49e6aebe14eb472df64f0a5e1daa051a880faa909a26ab3bbdf289b144
Instruction Fuzzy Hash: 52514D70C093899FDB1ACFB6C85169DBFF1AF4A300F1584AAC454EB262D7385986CF11

Uniqueness

Uniqueness Score: -1.00%

Function 023130D0 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b15eab1bdd4b3e42d40bfc144aa7920db06096b562a4815c1ad6e30ce924dede
Instruction ID: 9ca455b23c6ee3f3b5a9dfce7fcd56790002e1b56dfcb90665e129591ae6a314
Opcode Fuzzy Hash: b15eab1bdd4b3e42d40bfc144aa7920db06096b562a4815c1ad6e30ce924dede
Instruction Fuzzy Hash: E8513E70D1522A9BDB68CF66D9447AAFBB6FF88300F1084FAC51DA7614EB305A85CF00

Uniqueness

Uniqueness Score: -1.00%

Function 023130C0 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c51c534d9952fa97a5fddd9a8f77a4126f161d7dea9f40bf4e0ed541a212dbe
Instruction ID: c14618e44fecaacdd14464158da120b3146691cc1493c33dacd41f334a846df8
Opcode Fuzzy Hash: 6c51c534d9952fa97a5fddd9a8f77a4126f161d7dea9f40bf4e0ed541a212dbe
Instruction Fuzzy Hash: 35512D70D1521A9BDB68CF26C95479AFBB2FF89300F5084FAC51CA7654EB305A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 02310070 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e20df5263106a1910d50fa7e8bed07b5bf9f6869a6d7a49e46e4c8976ddbdce5
Instruction ID: b60c54697dc4ad00947eb9bf9c7851008553c6ce814fc21216f5e1343a33e133
Opcode Fuzzy Hash: e20df5263106a1910d50fa7e8bed07b5bf9f6869a6d7a49e46e4c8976ddbdce5
Instruction Fuzzy Hash: 1741E274D04209DFDF18CFAAC94169DFBF5BB89300F20856AD819AB255DB349682CF54

Uniqueness

Uniqueness Score: -1.00%

Function 04929B30 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79b60c90ee00c1be00d432353eb6c8c9c49e145af4c1b479bba035028111541e
Instruction ID: 2fd28f56f89a2faab1c61458436bc69f2594c762beb30dd67bad83e6aa324a8c
Opcode Fuzzy Hash: 79b60c90ee00c1be00d432353eb6c8c9c49e145af4c1b479bba035028111541e
Instruction Fuzzy Hash: FB41F5B0E08219DFCB04CFA9C5819AEFBF1FB49300F14D5AAC419A7264D7389A41DF11

Uniqueness

Uniqueness Score: -1.00%

Function 0492B439 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809c606825f7bbe4f2431c8430ff53556c864ef8e657c45074e73c607f36ea76
Instruction ID: b77124d1295426be33a437b4cdd7bce93eda31662dc87abac1a63ced31222076
Opcode Fuzzy Hash: 809c606825f7bbe4f2431c8430ff53556c864ef8e657c45074e73c607f36ea76
Instruction Fuzzy Hash: BD4103B0E0561ADFCB04CFA6DA805AEFBF2BF88300F14D46AD515AB214E734A6418F90

Uniqueness

Uniqueness Score: -1.00%

Function 0492B448 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 409c15345680297f4b4862fc439822f9733ed31597d1f19a4e229e879796eea2
Instruction ID: a52208c0aa047e243fdf02bb29885538fbb2ba0dc827a765456c393c260337a4
Opcode Fuzzy Hash: 409c15345680297f4b4862fc439822f9733ed31597d1f19a4e229e879796eea2
Instruction Fuzzy Hash: 7C31F5B0E0461ADBDB04CFA6D9815AEFBF2FF88300F20D46AC515AB254E734A641DF94

Uniqueness

Uniqueness Score: -1.00%

Function 02311507 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b607e3140a56f6e958607c5e7f517864e58062f93ce8bbafea6b590bcdbc6e7e
Instruction ID: 48e75326edf8e8b29533be313ea261a59c99f302585b965ad6ee6c51c32f0e70
Opcode Fuzzy Hash: b607e3140a56f6e958607c5e7f517864e58062f93ce8bbafea6b590bcdbc6e7e
Instruction Fuzzy Hash: A63112354093D28FC7479F7488662D6BFF0EE4B21876D04EAC8C1DE063E2765496DB41

Uniqueness

Uniqueness Score: -1.00%

Function 04921D50 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.392516623.0000000004920000.00000040.00000001.sdmp, Offset: 04920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4920000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f868fb71b0e17a54a2b8d86ab174d10553ecc0984fe0cd05a946a8b812124ea1
Instruction ID: b5ca40050ec1bcddf0c432c2b5fb8b4f10cb7eaba334968053f94a375969e12b
Opcode Fuzzy Hash: f868fb71b0e17a54a2b8d86ab174d10553ecc0984fe0cd05a946a8b812124ea1
Instruction Fuzzy Hash: 412103B5E056189FDB08CFAAC9845DDFBF2AF99310F18D0AAD408B7224E7345A418F10

Uniqueness

Uniqueness Score: -1.00%

Function 02314920 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c67667ac45b299fbe522339b8cf35f1e53c85b05eba0c37009de92d8072410b
Instruction ID: 2c056c27b856cfaf8f3f696b6ea7cc0b97a5630d391a19856bb36d77cb20c767
Opcode Fuzzy Hash: 0c67667ac45b299fbe522339b8cf35f1e53c85b05eba0c37009de92d8072410b
Instruction Fuzzy Hash: B41126B0D0529A9EDB05DFA5C858BFEBFF0AB0A300F14546AE045B3255D7744A41CF68

Uniqueness

Uniqueness Score: -1.00%

Function 02314930 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 852cfa7e30f66d7753635d3982152d4116e292128e25c25066be795fa41dd45d
Instruction ID: 582a05704a895e7cc06be6e73290a3b28980455a158bf8c324966fe0064c6671
Opcode Fuzzy Hash: 852cfa7e30f66d7753635d3982152d4116e292128e25c25066be795fa41dd45d
Instruction Fuzzy Hash: 3B11E3B0D152599FDB18DFAAC844BEEBBF4BB4A300F14946AD405B3245D7788A40CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 02311698 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49f4d9e5f0e328a623893d5e979bdef179d13d516cb2420861b7226cc4b3725e
Instruction ID: f352fd01fb3a45daff610e4e629a7408fdac65293ae100018f5365f7836756cf
Opcode Fuzzy Hash: 49f4d9e5f0e328a623893d5e979bdef179d13d516cb2420861b7226cc4b3725e
Instruction Fuzzy Hash: 5711FAB0D05659CFDB08CFBB89412DEFBF7AFC9200F18C56AC458AB225D63846029F50

Uniqueness

Uniqueness Score: -1.00%

Function 023116A8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 944f06fca5a450892a81286e7043fe075168576e35c1dc7d304b52ebfefd16b7
Instruction ID: f362fd4ee0e3bb432bda5b47228a21b35df8431acff03e3a0f300762d30cd0d4
Opcode Fuzzy Hash: 944f06fca5a450892a81286e7043fe075168576e35c1dc7d304b52ebfefd16b7
Instruction Fuzzy Hash: 411109B0E01619CBDB08CFABD90029EFBF7AFC8200F24C17AC918A7215EB3446018F44

Uniqueness

Uniqueness Score: -1.00%

Function 0231449F Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 880e6261cee93edd4a5d6a8f848ffc73b445fb43f963e45d59f2a63f92af10af
Instruction ID: 0d77f75ae874f02a5752c68b7067c8bec04be3659494bb6b7d3c9e740af4241f
Opcode Fuzzy Hash: 880e6261cee93edd4a5d6a8f848ffc73b445fb43f963e45d59f2a63f92af10af
Instruction Fuzzy Hash: 1601CD320452D2CFD74B8F388062286BFF2EF4B3143A505E4C492DF465E76254D6DB41

Uniqueness

Uniqueness Score: -1.00%

Function 0231447C Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.389514002.0000000002310000.00000040.00000001.sdmp, Offset: 02310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2310000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 108bf9c3b1e794b340a2e5613930e6cb3dc35b0234559f195d9b34462e79355c
Instruction ID: a6325a78006edf75b884dc218b5a7cb967d2081f3506456579a7d2ffbab410e3
Opcode Fuzzy Hash: 108bf9c3b1e794b340a2e5613930e6cb3dc35b0234559f195d9b34462e79355c
Instruction Fuzzy Hash: 29F0953210A2A2CFC70B8F388442506BFB1FF0B30432A4AE5C092EF4A1E2706485DB40

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: yAbf8Z3qA5.exePID: 5964, Parent PID: 6960COMMON

Execution Graph

Execution Coverage:	25.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	3.9%
Total number of Nodes:	179
Total number of Limit Nodes:	5

Executed Functions

Function 050BB638 Relevance: 2.2, Strings: 1, Instructions: 902COMMON

Download Yara Rule

Strings

r, xrefs: 050BC0EC

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 2c8612888bd163a0dcbc9a314583fc9b31ad31fbc7aebbe62577d7c1e6272e4e
Instruction ID: 81701991176d9b5b4c97f2928d02997febc00ec5a9ff71a2d33aa7f6bffef9b0
Opcode Fuzzy Hash: 2c8612888bd163a0dcbc9a314583fc9b31ad31fbc7aebbe62577d7c1e6272e4e
Instruction Fuzzy Hash: 36824470A0060ADFDB14CF68D984AAEFBF2FF88310F158569D51AAB651D770E981CF90

Uniqueness

Uniqueness Score: -1.00%

Function 050B3850 Relevance: 2.0, Strings: 1, Instructions: 733
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

>_Ir, xrefs: 050B3F9D

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: >_Ir
API String ID: 0-3386957151
Opcode ID: 74cebf9fd824386f86c61bccd9a38e07ba9e1bc1a89eba25362c0d57585a074c
Instruction ID: 4962b28d2ed0cc60948d67f90213e2d421da82111c87adb9286f4a7fe6cb5775
Opcode Fuzzy Hash: 74cebf9fd824386f86c61bccd9a38e07ba9e1bc1a89eba25362c0d57585a074c
Instruction Fuzzy Hash: 7842D171A04215DFDB14CF58D8C49EEBBF2FF84300B2989AAD509AB256D7B1EC41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 051D2B3A Relevance: 1.6, APIs: 1, Instructions: 79networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D2BCB

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: afd4d5b2933273642f4b2bac4b1f55c056e19c5aedfcc3509be628419e7c827b
Instruction ID: fb51761781f2e3e47cf67b25a4fd2ca46b0f0dbb746cb83ab31792fff7e2618f
Opcode Fuzzy Hash: afd4d5b2933273642f4b2bac4b1f55c056e19c5aedfcc3509be628419e7c827b
Instruction Fuzzy Hash: FC219F75508384AFE7128B65DC84F96BFA8EF46310F0884ABEA849B252D264A908C771

Uniqueness

Uniqueness Score: -1.00%

Function 051D1517 Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 051D1597

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 3783dffcb0438dbd4c46553d8b6f4d3370014b9b87e381c64d29daa9b76fe216
Instruction ID: 74f2a2ce0163d60e64f125411653abe56b3f4a72b82fd4da5d037e7c0862b247
Opcode Fuzzy Hash: 3783dffcb0438dbd4c46553d8b6f4d3370014b9b87e381c64d29daa9b76fe216
Instruction Fuzzy Hash: 6021AD76509384AFEB128F25DC40B52BFA8AF06210F08849AE9858B163D374A908CB72

Uniqueness

Uniqueness Score: -1.00%

Function 051D3026 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSARecv.WS2_32(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D3096

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: Recv
String ID:
API String ID: 4192927123-0
Opcode ID: f2c4301591270a29d65cacdf75b01a9ad05b59aefa9e60e5f5bd0d407f45fafe
Instruction ID: ad730215f9d69ad7825fd61bb153ee49de64e7ce26d865c40d10f9d41f507780
Opcode Fuzzy Hash: f2c4301591270a29d65cacdf75b01a9ad05b59aefa9e60e5f5bd0d407f45fafe
Instruction Fuzzy Hash: 9F119071500604AEEB21CF55DC84FABFBECEF04310F14886BEA459B611D675A4098B72

Uniqueness

Uniqueness Score: -1.00%

Function 051D1753 Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL ref: 051D17C9

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: bd0a8daa1cd6addf5cf03adb73ccb2d5b5470697e68145da7a12527ffa229785
Instruction ID: 47c9a2d9e6ebd5bbaad636888e16951bdb96b45f4e6dd9da0fca85c6d1a0b377
Opcode Fuzzy Hash: bd0a8daa1cd6addf5cf03adb73ccb2d5b5470697e68145da7a12527ffa229785
Instruction Fuzzy Hash: 89218E764097C0AFDB238B21DC45A62FFB4EF16314F0984DBED848B163D265A509DB72

Uniqueness

Uniqueness Score: -1.00%

Function 051D2B6A Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D2BCB

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: d74651563a6b23c36e032e043bc8561f25682d89e6d1cca8494f9455fa5d55bd
Instruction ID: d3c937db10650817b5d7f4f8eb29ebc56332dee232d1ceb6244e68ff687f86cf
Opcode Fuzzy Hash: d74651563a6b23c36e032e043bc8561f25682d89e6d1cca8494f9455fa5d55bd
Instruction Fuzzy Hash: 17119D76500204AEEB20CF65DD85FA6FBA8EF05720F1484ABEE199B241D7B4A408CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D154E Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 051D1597

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 393e0648d80dd954cb2e8ae5c579b914e3dea2a18cccc338ddf33f63ff9b9b98
Instruction ID: 94cc1e8eae5996fe52c8cb5e977ae6a646bcbf8db9a0ddccb72739c1d228c36a
Opcode Fuzzy Hash: 393e0648d80dd954cb2e8ae5c579b914e3dea2a18cccc338ddf33f63ff9b9b98
Instruction Fuzzy Hash: 98119E75500604AFDB20CF59D884B66FBE8FF09260F0884AAEE468B612D775E418CF71

Uniqueness

Uniqueness Score: -1.00%

Function 051D1276 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 051D12A8

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 29c5e7a974e8b31d0eb0332ca23043e84bffa8c025024f523b7333669bfb9782
Instruction ID: 763ed33212c3f3fa9709f1b4b7ef5f02f9e0078d2e47b553eaa43e9d4bf8bb2f
Opcode Fuzzy Hash: 29c5e7a974e8b31d0eb0332ca23043e84bffa8c025024f523b7333669bfb9782
Instruction Fuzzy Hash: EB01A231940244AFDB10CF59D885766FFA4EF04320F28C4AADE488F206D3B5A404CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 051D178E Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL ref: 051D17C9

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 0712fbcbe5621b45ea77da87fbadae359acc06f8e7b3350eeff822e0460050c2
Instruction ID: aa8d41b47b0e9fd040658317a38f67b02fb10719ba57aa2de83adf5a92aba210
Opcode Fuzzy Hash: 0712fbcbe5621b45ea77da87fbadae359acc06f8e7b3350eeff822e0460050c2
Instruction Fuzzy Hash: D1017836540604EFDB609F59D884B62FFE1EF08720F18849ADE494A626D3B5A418CB72

Uniqueness

Uniqueness Score: -1.00%

Function 050B8D68 Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f03e0f74c165a364eec9c033010507e7e017a240764d18c1db77972ef81e3b0d
Instruction ID: 50ccff879b3930cb6dc54646e2079cf590bd6084d30e63d188492b50cc22e92f
Opcode Fuzzy Hash: f03e0f74c165a364eec9c033010507e7e017a240764d18c1db77972ef81e3b0d
Instruction Fuzzy Hash: 7712AF30E14615CFEB14DF69E4C46ADBBF2BF88304F18896AE516AB394DBB59841CF40

Uniqueness

Uniqueness Score: -1.00%

Function 050B23A0 Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c2e0dfa2aae07bcd43c56ac0cdb2f1253d87fb5dbac3ac6a6a940eeb11e8166
Instruction ID: 4c8f50dd80ccb6f83ea62d482954df7c13e89a58a0a81ca145a0a0d07de06e6d
Opcode Fuzzy Hash: 8c2e0dfa2aae07bcd43c56ac0cdb2f1253d87fb5dbac3ac6a6a940eeb11e8166
Instruction Fuzzy Hash: A412C334A00216CFEB28DF35D9C4AADBBF2BF84304F148179D416EB255DBB59946CB50

Uniqueness

Uniqueness Score: -1.00%

Function 050B9968 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c193bd4b5a78fdc88f619c0437f2c20abca2357239fb9f8544906db8904ef478
Instruction ID: c769b9b3e5e2aa928c07c5a1d367f5a26b2e54239cf61668599ca3a789da9a93
Opcode Fuzzy Hash: c193bd4b5a78fdc88f619c0437f2c20abca2357239fb9f8544906db8904ef478
Instruction Fuzzy Hash: AA818D71F011159BEB58DB6DE880AAEBBF3AFC4310B2A8575D506EB395DE709C018B80

Uniqueness

Uniqueness Score: -1.00%

Function 050B2FA8 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab9453dc2f9c73c2d3309fb3a8ee9c7e3ea52ffd6cae25c9fe2bc541a9959933
Instruction ID: ab77134f0d406a0682d8f62c35319adcaa8930393827fcd3e89043bb97d06941
Opcode Fuzzy Hash: ab9453dc2f9c73c2d3309fb3a8ee9c7e3ea52ffd6cae25c9fe2bc541a9959933
Instruction Fuzzy Hash: 9281A031F101159BEB18DB69D894AAEBBF3AFC8310F2A8575D405EB365DE71DC018B90

Uniqueness

Uniqueness Score: -1.00%

Function 050B9A2F Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fd7b7b76caf52875fb47cadd267f4c234fd89ec406746023834ede20b0496ad
Instruction ID: 810eee39a790e1f9b3689f39a9d5b742eef80fba61f8fc4c9e67444223ff47cc
Opcode Fuzzy Hash: 8fd7b7b76caf52875fb47cadd267f4c234fd89ec406746023834ede20b0496ad
Instruction Fuzzy Hash: D3517F72F014159BD718DB6DD980AAEBBF3AFC4310F2A8165D409EB3A9DE70DD018B84

Uniqueness

Uniqueness Score: -1.00%

Function 050B8810 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c7be0ac304432867259e71c458df4e0e1faf79f2889ee1af139ada0bb30b33f
Instruction ID: b5cef0fc01e5885c9835b318b8d3bc51bef3a5e4b23f69ae9892bf6c4e1b91ba
Opcode Fuzzy Hash: 7c7be0ac304432867259e71c458df4e0e1faf79f2889ee1af139ada0bb30b33f
Instruction Fuzzy Hash: A7017C78D02204EFD704EF71F9987AD7BB5FB0A302F189996D94AA3294DB709908CF44

Uniqueness

Uniqueness Score: -1.00%

Function 050B09A5 Relevance: 5.1, Strings: 4, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

X1kr, xrefs: 050B0AA2
X1kr, xrefs: 050B0A5A
X1kr, xrefs: 050B0A98
X1kr, xrefs: 050B0A50

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X1kr$X1kr$X1kr$X1kr
API String ID: 0-2451847431
Opcode ID: eb7fa78793140ce63e3d82f3e9d14934570623b6420c680b56fdc895b52ed99e
Instruction ID: f57504d92a841b011b11add382511275646f50bbcc23267eb01524dd3af9a916
Opcode Fuzzy Hash: eb7fa78793140ce63e3d82f3e9d14934570623b6420c680b56fdc895b52ed99e
Instruction Fuzzy Hash: 7441B931B002049FDB04DFA8D998EAEB7F6FF84300F254565E546AB760CB71AC06CB80

Uniqueness

Uniqueness Score: -1.00%

Function 06590070 Relevance: 3.9, Strings: 3, Instructions: 141
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

lir, xrefs: 06590228
x, xrefs: 06590234
X1kr, xrefs: 06590181

Memory Dump Source

Source File: 00000008.00000002.631118582.0000000006590000.00000040.00000001.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6590000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X1kr$lir$x
API String ID: 0-2404541180
Opcode ID: 01e563be3352dcb1486f51aaa637211b6211a1289d52c3c346461c5cd4f99737
Instruction ID: 5bf9e5db40c239b579ceecc3f3afc0d7b54224d4baff251f9139e189e2118396
Opcode Fuzzy Hash: 01e563be3352dcb1486f51aaa637211b6211a1289d52c3c346461c5cd4f99737
Instruction Fuzzy Hash: A851B631A00205CFDF98EFB9D8546AEBBF1BF89304F50892DC406AB395DB319946CB91

Uniqueness

Uniqueness Score: -1.00%

Function 065901F1 Relevance: 3.8, Strings: 3, Instructions: 86
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

lir, xrefs: 06590228
x, xrefs: 06590234
X1kr, xrefs: 06590181

Memory Dump Source

Source File: 00000008.00000002.631118582.0000000006590000.00000040.00000001.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6590000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X1kr$lir$x
API String ID: 0-2404541180
Opcode ID: 64add83812332608620d1c560cb5610ab07bd01314864540f008871635372161
Instruction ID: 0f70bc0f46630bd1821fd7abe8391e2d5736180e72f03a46803c30248fe00317
Opcode Fuzzy Hash: 64add83812332608620d1c560cb5610ab07bd01314864540f008871635372161
Instruction Fuzzy Hash: CF31BF30B012048FDF59EFB9D4546AEBBF2BF8A304F54866DC406AB395DB349906CB81

Uniqueness

Uniqueness Score: -1.00%

Function 065901E5 Relevance: 3.8, Strings: 3, Instructions: 86
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

lir, xrefs: 06590228
x, xrefs: 06590234
X1kr, xrefs: 06590181

Memory Dump Source

Source File: 00000008.00000002.631118582.0000000006590000.00000040.00000001.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6590000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X1kr$lir$x
API String ID: 0-2404541180
Opcode ID: 64add83812332608620d1c560cb5610ab07bd01314864540f008871635372161
Instruction ID: 0f70bc0f46630bd1821fd7abe8391e2d5736180e72f03a46803c30248fe00317
Opcode Fuzzy Hash: 64add83812332608620d1c560cb5610ab07bd01314864540f008871635372161
Instruction Fuzzy Hash: CF31BF30B012048FDF59EFB9D4546AEBBF2BF8A304F54866DC406AB395DB349906CB81

Uniqueness

Uniqueness Score: -1.00%

Function 050B20D0 Relevance: 2.7, Strings: 2, Instructions: 197
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

n, xrefs: 050B22F1
r*+, xrefs: 050B230F

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: n$r*+
API String ID: 0-3373005577
Opcode ID: 2fae9bee2199ae73e3831a21c2e422ed32b05381b6949432b6e944c0085d5edc
Instruction ID: d358f10e0f9d5b9297a37d4245329194e04eb9fd38743622e3adce2d2781b6e9
Opcode Fuzzy Hash: 2fae9bee2199ae73e3831a21c2e422ed32b05381b6949432b6e944c0085d5edc
Instruction Fuzzy Hash: 9A715D34A08206DFEF44DFA5D581ABEBBB2FF85300F14846AC502EB2A5D7B59D41CB51

Uniqueness

Uniqueness Score: -1.00%

Function 050B9C7B Relevance: 2.7, Strings: 2, Instructions: 181
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

>_Ir, xrefs: 050B9CEF
, xrefs: 050B9DBB

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: $>_Ir
API String ID: 0-1787506450
Opcode ID: 6d9050c4b249cce1636ba21fd6b3f2ea14b0a8044558f1f2ad29180e2a5ecaf1
Instruction ID: 018407003d434ce049810241fa3902e9b5766596bc374c8f3822ecc06750603b
Opcode Fuzzy Hash: 6d9050c4b249cce1636ba21fd6b3f2ea14b0a8044558f1f2ad29180e2a5ecaf1
Instruction Fuzzy Hash: A351D031F041448FDB54CB6AE8806FEBBF3FBC5214B29887AD60ADB355DA7198068B51

Uniqueness

Uniqueness Score: -1.00%

Function 050B02E8 Relevance: 2.7, Strings: 2, Instructions: 169
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Dr, xrefs: 050B0537
`5kr, xrefs: 050B03A5

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: :@Dr$`5kr
API String ID: 0-2548079215
Opcode ID: 66a2e2e32deecafe6a577b52409190b27651abd00b63cf8636fb5c2545017fd9
Instruction ID: 99f9c1e22fce7396e704e0e9a53de9052249a45a19ab8b22fba903dc1b0c9bf2
Opcode Fuzzy Hash: 66a2e2e32deecafe6a577b52409190b27651abd00b63cf8636fb5c2545017fd9
Instruction Fuzzy Hash: 3B516E30A05205CFEB58DF68D4A4BAE7BF2FF88710F148069D506AB391DBB5AC41CB52

Uniqueness

Uniqueness Score: -1.00%

Function 050B9718 Relevance: 2.6, Strings: 2, Instructions: 132
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

>_Ir, xrefs: 050B9765
, xrefs: 050B9836

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: $>_Ir
API String ID: 0-1787506450
Opcode ID: e5495a3416e8aa1d5128b9da0d615d0f586033e189a2752d8f5f8f4090bc0bf4
Instruction ID: 5f496021cd61f1df9ad350ca56f735c2d12a5d7bd8dce81c40606114631efd49
Opcode Fuzzy Hash: e5495a3416e8aa1d5128b9da0d615d0f586033e189a2752d8f5f8f4090bc0bf4
Instruction Fuzzy Hash: AC41E271F082098BEB50CF65E9C05FE77E3FB81214F29CC6AD6169B614D6B5D8028791

Uniqueness

Uniqueness Score: -1.00%

Function 050BD776 Relevance: 2.6, Strings: 2, Instructions: 73
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

`, xrefs: 050BD874
0, xrefs: 050BD83F

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: 0$`
API String ID: 0-1112799572
Opcode ID: c64fec587e047154afb20da7cba2913d006ac65002e0c96b526b4ead61c6ee76
Instruction ID: 653d6e6cd74c82a40493a5a8d86f20801ed370c476fb960e7ca671d5c7b7af31
Opcode Fuzzy Hash: c64fec587e047154afb20da7cba2913d006ac65002e0c96b526b4ead61c6ee76
Instruction Fuzzy Hash: BD212D70700311CFCB49AF28955515ABFA1AB8931936499BCE509EF355DF73A80BCF80

Uniqueness

Uniqueness Score: -1.00%

Function 050B006B Relevance: 2.6, Strings: 2, Instructions: 50
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

i, xrefs: 050B0073
$l, xrefs: 050B00E2

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: $l$i
API String ID: 0-2599576434
Opcode ID: bfaf9bd19fef0232119ec7ec045da8983bb02bfb2fd341e399b99ebbd41e0b58
Instruction ID: fd9faf1d3c6e378b058fd42fab1a1329077ee645c2ed23b3e1c1561a54efe352
Opcode Fuzzy Hash: bfaf9bd19fef0232119ec7ec045da8983bb02bfb2fd341e399b99ebbd41e0b58
Instruction Fuzzy Hash: 8C116030614342DFCB04FB78D49995E7BE2FFC0300B04993CE646AB315EBB298469B02

Uniqueness

Uniqueness Score: -1.00%

Function 050B12A0 Relevance: 1.7, Strings: 1, Instructions: 460
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$ghr, xrefs: 050B1349

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: $ghr
API String ID: 0-1352911727
Opcode ID: e83d199c731f430f632da27233590069538977a9df7c231c472c990de6643b35
Instruction ID: ab06f812f9136dbee2234ad55cf8f5c6403288b9ca83759aecf70d9659c0aa32
Opcode Fuzzy Hash: e83d199c731f430f632da27233590069538977a9df7c231c472c990de6643b35
Instruction Fuzzy Hash: 7E22E434A00615CFC724DF29D490AAEBBF2FF89300F148699D85AAB755DB34AD86CF41

Uniqueness

Uniqueness Score: -1.00%

Function 051D228D Relevance: 1.6, APIs: 1, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 051D239D

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: b837571e69d4685412de2384adb5d7413da116612607b4ca9b213a3e2ea7d9d9
Instruction ID: fe63981be76c38d82e73a6226cce69dfff9ea3fc5ddce894969d934af282ffce
Opcode Fuzzy Hash: b837571e69d4685412de2384adb5d7413da116612607b4ca9b213a3e2ea7d9d9
Instruction Fuzzy Hash: BD41B3755493806FE7128B25DC45F92FFB8EF06610F18849BEA849B293D265A508C772

Uniqueness

Uniqueness Score: -1.00%

Function 051D1DF3 Relevance: 1.6, APIs: 1, Instructions: 103
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSASocketW.WS2_32 ref: 051D1EAE

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: e7c7e263334b74bdcf52735c6e0c58bc99fbca9fb525d948f3033cca5f6c36f3
Instruction ID: cdae83f62e2f2a81e5c145692daa6cb97e6f2658e4c78a0a70dc9a63f6048d90
Opcode Fuzzy Hash: e7c7e263334b74bdcf52735c6e0c58bc99fbca9fb525d948f3033cca5f6c36f3
Instruction Fuzzy Hash: 46319A715493C0AFE7238B608C54B66FFB4EF06210F0984DAE9848B1A3C365A848CB72

Uniqueness

Uniqueness Score: -1.00%

Function 051D18D4 Relevance: 1.6, APIs: 1, Instructions: 101
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 051D19A6

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 8880bea7f141dee04e50bae136381342daa3a393aaf02a43296e16340bfcbf27
Instruction ID: a0b69fab18133edde0cf77eb4a20c33e1cdaa243b205b33e70eacf555a3978fa
Opcode Fuzzy Hash: 8880bea7f141dee04e50bae136381342daa3a393aaf02a43296e16340bfcbf27
Instruction Fuzzy Hash: D1315A6540E3C06FD3138B318C61A61BF74EF87614B0A81CBE884CF5A3D269690AC772

Uniqueness

Uniqueness Score: -1.00%

Function 051D0EB8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 051D0F5B

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: f7a15b66032f644594a3f5dc086f0f4c29159412a1e28d32b614a0224910f92e
Instruction ID: 48b86d412407c2b9598117c2968cf5cc8c34638103744b140f84d95fbbc4baa5
Opcode Fuzzy Hash: f7a15b66032f644594a3f5dc086f0f4c29159412a1e28d32b614a0224910f92e
Instruction Fuzzy Hash: 8331B172104344BFEB228B65DC44F67FFACEF46720F0488AAF985DB152D264A919CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D2860 Relevance: 1.6, APIs: 1, Instructions: 95timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D28FD

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 3fb8419ad4108913c059b568095922880cc0b2616cf1f7f8d81dce09389eb758
Instruction ID: 5e21ca304ee9659d261c4e73f4f902697132d28539104b08fe7d225ea636bff9
Opcode Fuzzy Hash: 3fb8419ad4108913c059b568095922880cc0b2616cf1f7f8d81dce09389eb758
Instruction Fuzzy Hash: 8B31E476009380AFEB128F65DC85F56FFB8EF06310F08849BE9959B192D365A509C771

Uniqueness

Uniqueness Score: -1.00%

Function 051D0C58 Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 051D0D1A

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileNameTemp
String ID:
API String ID: 745986568-0
Opcode ID: accb2f069577d420a076c2e994e76fb5e1dd2cf8b925ac523f9fbff03f31aa08
Instruction ID: 29384a8e6ee6cc85853696a095f6c4286b349d9d9db614ff73dbef115e08d2d5
Opcode Fuzzy Hash: accb2f069577d420a076c2e994e76fb5e1dd2cf8b925ac523f9fbff03f31aa08
Instruction Fuzzy Hash: 44314B6144D3C06FD7038B658C51B62BFB4EF87610F0E85DBE9848F5A3D225A91AC7B2

Uniqueness

Uniqueness Score: -1.00%

Function 051D2968 Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E2C), ref: 051D2A2F

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: e8da653d33d7370e00002e88daa30c5cc9cdae659d7853931796aab72cf73992
Instruction ID: 49bfff991886031192293f125b9803fd8ddb1c927dade1ca80e2832e2ee359d5
Opcode Fuzzy Hash: e8da653d33d7370e00002e88daa30c5cc9cdae659d7853931796aab72cf73992
Instruction Fuzzy Hash: CB31A1B1104344BFE7218B60DC45FA6FBACEB45710F14899AFA459B181D3B4A948CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D0390 Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 051D045E

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 52e79cc1439e72755cbffcdb4e32eb1e08cf1b9c0d4395a27ff761fe135d773f
Instruction ID: 4c287bf1f8eec1e17936151331f1b2436dbae32ad7082b98409ec8a265557c70
Opcode Fuzzy Hash: 52e79cc1439e72755cbffcdb4e32eb1e08cf1b9c0d4395a27ff761fe135d773f
Instruction Fuzzy Hash: DE31D572004344AFE7228F20CC41FA6FFB8EF06714F14859EEA859B192D3A5A949CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D07F4 Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 051D0899

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 2cd067a643a22863718182320611c8e5f221625fdb370070ebf84699071dadeb
Instruction ID: 54f6f0e613c058c679ba71c4d33227d16859483bc7e4bdcc3391b13dd8acde65
Opcode Fuzzy Hash: 2cd067a643a22863718182320611c8e5f221625fdb370070ebf84699071dadeb
Instruction Fuzzy Hash: 57316D71504380AFE722CB65DC44F66FFE8EF49610F0884AEE9858B252D365E909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D00F6 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 051D019D

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: c22698a97ad9365074b39673360e572cb06360e33540f381221860745adde8e8
Instruction ID: aa0d2a159e7162f23a2779e76d3039a57427a4224783e75b5e524c35140bfaca
Opcode Fuzzy Hash: c22698a97ad9365074b39673360e572cb06360e33540f381221860745adde8e8
Instruction Fuzzy Hash: 7A319171509780AFE712CB65DC85F56FFE8EF06210F18849AE984CB292E375E909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D2D03 Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D2DA9

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 3c44ab299c86dd6daf53e22f7d168eb3bcbdffc09c5e526655bd2b732558f643
Instruction ID: 3abe2db1a49e9811a9e12eaa49e29b0a813d42079e323e8c91f7ca4392a43fb6
Opcode Fuzzy Hash: 3c44ab299c86dd6daf53e22f7d168eb3bcbdffc09c5e526655bd2b732558f643
Instruction Fuzzy Hash: 0C318B75009780AFEB22CB25DC55F96FFB8EF06310F0884DAE9849B163D265A508C772

Uniqueness

Uniqueness Score: -1.00%

Function 051D2156 Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 051D21F3

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 9e58b37957d86e18b68f5e481ba47085d39e9a4fa7728ef6ab1c264546f37412
Instruction ID: 431892ab3d9c5c770a9e241c5f7fe28c5df62c2345fbdeb5a7dd548de19595d4
Opcode Fuzzy Hash: 9e58b37957d86e18b68f5e481ba47085d39e9a4fa7728ef6ab1c264546f37412
Instruction Fuzzy Hash: 16218D72504344AFEB218B65DC45F6AFFACEF45720F1884AAE944DB292D364A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D0FB9 Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNELBASE(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D105C

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 4d3d8a53f15a6824ade9ad8927bd313ef5143189525e403a6f00538f67c247a3
Instruction ID: c0e5cef36b73a291a88bad810fb54045cc3c42ff118602a0dd91aeb68e167988
Opcode Fuzzy Hash: 4d3d8a53f15a6824ade9ad8927bd313ef5143189525e403a6f00538f67c247a3
Instruction Fuzzy Hash: 3031F772549380AFEB128B25DC41F96BFB8EF46310F0884DBED849F193D664A509C771

Uniqueness

Uniqueness Score: -1.00%

Function 051D23F4 Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 051D24A6

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 6229d12a5eb91b7dfd8d8bc0e573da430c304465ebeccf59f670de891a12a028
Instruction ID: 35f181db5bd001ca324243c0a422e14f2085db65ba54835e5a1440df428db170
Opcode Fuzzy Hash: 6229d12a5eb91b7dfd8d8bc0e573da430c304465ebeccf59f670de891a12a028
Instruction Fuzzy Hash: B23191B2408780AFE722CB55DC45F96FFF8FF06320F04859AE9849B252D375A949CB61

Uniqueness

Uniqueness Score: -1.00%

Function 051D04AB Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D055C

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: f879c570f50feeb3763575e2480e8e3c6c5842f1d781fc57c11560e69a110f4f
Instruction ID: c4f406e03420789e26e29426442b25dc41e1eda7501611a01866149302ac2ca5
Opcode Fuzzy Hash: f879c570f50feeb3763575e2480e8e3c6c5842f1d781fc57c11560e69a110f4f
Instruction Fuzzy Hash: 1D319171109380AFD7228B65DC84F52FFB8AF0B310F0884DAE9859B162D364A808CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D298A Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E2C), ref: 051D2A2F

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: fe9337a484b8b6dd3f17336c279def6af735d83988316b3f4831b24f91da13e7
Instruction ID: c35d33c7cdf11fa3cbbc6363296a7b8fcf19d0c11fcd74b938d74979390fc5ca
Opcode Fuzzy Hash: fe9337a484b8b6dd3f17336c279def6af735d83988316b3f4831b24f91da13e7
Instruction Fuzzy Hash: FE21BF71500304AFFB31DB64CC85FA6FBACEF44710F14896AFA459A281D7B4A5498B71

Uniqueness

Uniqueness Score: -1.00%

Function 051D2F0D Relevance: 1.6, APIs: 1, Instructions: 80networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D2FA2

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: 63ed39fbc9f5f773a70c09b8ce9ec63f755220e954f30dfae3efce2bb1b90ea7
Instruction ID: 8e700212ab2155a8c2f89376536e89c0cccbf1fa8f0e55648c9fde09d8102511
Opcode Fuzzy Hash: 63ed39fbc9f5f773a70c09b8ce9ec63f755220e954f30dfae3efce2bb1b90ea7
Instruction Fuzzy Hash: 6E21A172404344BFEB228F55DC44FA7FFACEF45710F0488AAEA959B252D274A509CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D0EDE Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 051D0F5B

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 6737281ef469cf00e462ca668c4b303aa6d696b74c0c6f7cadaa37f81d580a7e
Instruction ID: a47814afc1121d956be247921a53ad55838e6dd6e5843d83df78b618db889ef0
Opcode Fuzzy Hash: 6737281ef469cf00e462ca668c4b303aa6d696b74c0c6f7cadaa37f81d580a7e
Instruction Fuzzy Hash: 1F21B072500704AFEB218F64DC49F6BFBACEF08710F14886AEE45DB251E774A5088B71

Uniqueness

Uniqueness Score: -1.00%

Function 051D30F8 Relevance: 1.6, APIs: 1, Instructions: 80windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 051D3195

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: f1ad437f4ef6d3b7801825c767582f6fb6e0a9fd2165d006b93c96f6ab1cb3f6
Instruction ID: 462f81c533eb9275a4a4413c8a4fe5a7652e4106f7244ef6e68ba702a2ee68d1
Opcode Fuzzy Hash: f1ad437f4ef6d3b7801825c767582f6fb6e0a9fd2165d006b93c96f6ab1cb3f6
Instruction Fuzzy Hash: E521D37250D3C06FD7028B658C51B66BFB4EF87610F0980DBD9848F2A3E224A919C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 051D08F0 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D0985

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 06523dc6346aa7a49d296788fcb1abfb80a535ff96742814c1d5bb541896ca24
Instruction ID: 9f9ed25a5e6351f2c938942a3e97794e032fef75da5d4afb9c2990559947013b
Opcode Fuzzy Hash: 06523dc6346aa7a49d296788fcb1abfb80a535ff96742814c1d5bb541896ca24
Instruction Fuzzy Hash: F321F8B54497806FE7128B25DC81FA2BFA8EF47720F1884D7EE848B293D2646909C771

Uniqueness

Uniqueness Score: -1.00%

Function 051D02AB Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 051D0353

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 296e1bff96c22939345ee02f8ad79a2bce1570e0d76053dd473ec1e735ec7e8c
Instruction ID: e9c48b662cc7754bac7e8347ecd4986a31190a1d531b575e8c1904e839c47d40
Opcode Fuzzy Hash: 296e1bff96c22939345ee02f8ad79a2bce1570e0d76053dd473ec1e735ec7e8c
Instruction Fuzzy Hash: 20219575009780AFE7228F21DC45FA6FFB8EF06710F1884DAED849B192D365A949CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D3006 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSARecv.WS2_32(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D3096

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: Recv
String ID:
API String ID: 4192927123-0
Opcode ID: d1c8b5ee81ee6315e5a53e59c7e2871f2eded5b953245fc6dd4b6fd7105a8a2b
Instruction ID: 4b94bac451a34e38db565462ac64618b84fe997b48cff185278dcac0c4a4b9b5
Opcode Fuzzy Hash: d1c8b5ee81ee6315e5a53e59c7e2871f2eded5b953245fc6dd4b6fd7105a8a2b
Instruction Fuzzy Hash: 65217F72404344AFEB228F55DC44FA7FFB8EF45310F04889BEA859B552D265A508CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D081A Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 051D0899

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 08952048094cbf8b15e058a3e80106c7ecbcfedd2ca8dee851587f5d0a170535
Instruction ID: f584710362cabf4e24b87d9884551c068bb0296003ed152840fd9c847ced9f96
Opcode Fuzzy Hash: 08952048094cbf8b15e058a3e80106c7ecbcfedd2ca8dee851587f5d0a170535
Instruction Fuzzy Hash: 30216B75904600AFEB21DF65D849F66FBE8FF08610F14846AEA858B251E3B1E404CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 051D2182 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 051D21F3

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 3035cc13b9087f4a5bce55a5cf150dcaa9190a2a858c594f719adc420aded560
Instruction ID: 031e2d768be7db89d4a6425be43b4039cfebf1ae0259ed42ffc3892f46b44a57
Opcode Fuzzy Hash: 3035cc13b9087f4a5bce55a5cf150dcaa9190a2a858c594f719adc420aded560
Instruction Fuzzy Hash: 3321BB72600204AFEB20DB29DC85F6AFBACEF44720F14846AEE55DB241D6B4E5098B71

Uniqueness

Uniqueness Score: -1.00%

Function 051D0B79 Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D0C10

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: b63887c3537314210dacf898d78998b3e4f5c66158316283e906bbc3ea8dedcf
Instruction ID: b41364ad851fc516fd8a4087f4df02dda124bdc8ac9cca9050eddeba098a4bf1
Opcode Fuzzy Hash: b63887c3537314210dacf898d78998b3e4f5c66158316283e906bbc3ea8dedcf
Instruction Fuzzy Hash: F8219DB6508744AFE7218B15DC85F67FFF8EF09710F08889AE9859B252D364E809CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D03CA Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 051D045E

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: e8b3a9ab6c47fb1efb8d3c4b71fceb73d5285a70973aa0ee25114439e944e561
Instruction ID: b1fd1ea2db3338c5800e823e498fcc118a78fa63236f8cf5eb7aa38b16c6880c
Opcode Fuzzy Hash: e8b3a9ab6c47fb1efb8d3c4b71fceb73d5285a70973aa0ee25114439e944e561
Instruction Fuzzy Hash: 3721AF72100204AFEB219F15DC45FB6FBA8EB08710F14895AEA459A281D7B1A949CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 051D09C0 Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D0A51

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 23821f0a1dd18d01d4ade12d702fd46d82e48a5e56c70cea30a8f19dfbd78fda
Instruction ID: abd4399a875dc6fab028b722ee36e8e64cc3ce387b5687ce42af25c8f2e4b1ca
Opcode Fuzzy Hash: 23821f0a1dd18d01d4ade12d702fd46d82e48a5e56c70cea30a8f19dfbd78fda
Instruction Fuzzy Hash: BB21A172409380AFEB228F65DC44F56FFB8EF46314F0884DBEA849B153D265A509CB72

Uniqueness

Uniqueness Score: -1.00%

Function 051D012A Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 051D019D

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: a6f3d90e74d3de90be66c7f84b6e035442287f180314f1ba3591781017730477
Instruction ID: 85dde0c4bbfe4dd194aa29cc7a774630e3742b11e28963a65d61d22bd222ffc9
Opcode Fuzzy Hash: a6f3d90e74d3de90be66c7f84b6e035442287f180314f1ba3591781017730477
Instruction Fuzzy Hash: B7219F71504200AFE720DF65DD89F6AFBE8EF09710F14846AED458B241E7B5E504CB75

Uniqueness

Uniqueness Score: -1.00%

Function 051D0723 Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 051D079F

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 3d6fda2902b0bca1c525613b06d9dd9b4f22adca19a5685d44e050cc30b9e893
Instruction ID: 797ec43ff023954b96a75d2e97cc605d4abca9130f7def35c193c065f9ea032a
Opcode Fuzzy Hash: 3d6fda2902b0bca1c525613b06d9dd9b4f22adca19a5685d44e050cc30b9e893
Instruction Fuzzy Hash: 0E217F765093809FD752CB29DC49B56BFE8EF06210F0984EAE985DF252E364E908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D0A9B Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 051D0B1E

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 81dcdeca6aff13869ee9e4133ff67f58679720c75a744c3295642a2d4a730b48
Instruction ID: 882e2bda958cd1ca0232b666e7e5c36a880f8c973b27b4ac5ac7bebdebce46df
Opcode Fuzzy Hash: 81dcdeca6aff13869ee9e4133ff67f58679720c75a744c3295642a2d4a730b48
Instruction Fuzzy Hash: A62183B65093845FD712CB25DC95B52FFE8AF06314F1880EAED85DB253E265E404C771

Uniqueness

Uniqueness Score: -1.00%

Function 051D10BF Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNELBASE(?,00000E2C), ref: 051D114B

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 98bd11d6da8323bbf74989fa526575fa1f2a711ebb7053526fb9c075c30c2ebb
Instruction ID: eae89a397529d77ac7ed9123446268a6a5bf008f18014cd05d14647e3004a677
Opcode Fuzzy Hash: 98bd11d6da8323bbf74989fa526575fa1f2a711ebb7053526fb9c075c30c2ebb
Instruction Fuzzy Hash: 2121D871544380BFE7218B25DC45F66FFA8EF46710F14809AFD459B192D3A4A944C761

Uniqueness

Uniqueness Score: -1.00%

Function 051D2332 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 051D239D

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 3c4f009460b4f5836dbd5849ea0db7f6f05296efe3d7eed53fb5ad2bc01fd821
Instruction ID: 3c53c30b89338b5e50abc6dc4595fd4615bd63d7d908a04fcc218a62d468bb8d
Opcode Fuzzy Hash: 3c4f009460b4f5836dbd5849ea0db7f6f05296efe3d7eed53fb5ad2bc01fd821
Instruction Fuzzy Hash: 2F21CD75504200AFE720DF25CC85FAAFBE8EF48720F14846AEE858B241D3B5E408CB72

Uniqueness

Uniqueness Score: -1.00%

Function 051D01F4 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 051D0264

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: c39623709c80cc83aa73c2840c88afc1f8c3fafee79be71b1925c5ef6a792601
Instruction ID: 354fc348bb3734c1792fac838beeec9c7b7d61bb2cd6a56796dfd4b88a719c48
Opcode Fuzzy Hash: c39623709c80cc83aa73c2840c88afc1f8c3fafee79be71b1925c5ef6a792601
Instruction Fuzzy Hash: 0D21A175409784AFE712CB54DD89B51BFA8FF46220F0884AAED849B653E374A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D15E4 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 051D1650

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 605d09a31f2d78f0a2ce8ef44c6f801c0436d815f06999c1b7e764994597cc3f
Instruction ID: ecbb7a7462280d4e292a09a4014dc4ac0f37642a42f53245dd0cddf0434ae6dc
Opcode Fuzzy Hash: 605d09a31f2d78f0a2ce8ef44c6f801c0436d815f06999c1b7e764994597cc3f
Instruction Fuzzy Hash: D021A4715093C06FDB028B25DC95A92BFB4AF07224F0D80DADD858F253D2659508C771

Uniqueness

Uniqueness Score: -1.00%

Function 051D2F32 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D2FA2

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: f2c4301591270a29d65cacdf75b01a9ad05b59aefa9e60e5f5bd0d407f45fafe
Instruction ID: 01751e565c8310d0cec91c1c2f1b89eadf8dd7654c3b51e4064b89aeb0ff0717
Opcode Fuzzy Hash: f2c4301591270a29d65cacdf75b01a9ad05b59aefa9e60e5f5bd0d407f45fafe
Instruction Fuzzy Hash: 0811AF72400604AFEB21CF55DC84FABFBACEF08710F14886BEA559B211D774A409CB72

Uniqueness

Uniqueness Score: -1.00%

Function 051D2432 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 051D24A6

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 0b29b74faf7df116d2fe9e94e5a1c3c99d65311df2c1327d53c96459e565406e
Instruction ID: ed7ef298d20c67ed2c34d602f0c1d00b5b45fa603692fc8ae14ad59b0228758d
Opcode Fuzzy Hash: 0b29b74faf7df116d2fe9e94e5a1c3c99d65311df2c1327d53c96459e565406e
Instruction Fuzzy Hash: CE21AC75504200AFE721CF65DC85FA6FBE8EF08720F14845AEE849B241D3B5A908CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 051D1E42 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32 ref: 051D1EAE

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: d617e14c26b823a73c4923d0b929cbf1a434703ae6641b5dc8c0b093f56ba9c4
Instruction ID: b228f56d41b6a076321e6e4c1b3624053029e9de9026bab087b65d590c46faaf
Opcode Fuzzy Hash: d617e14c26b823a73c4923d0b929cbf1a434703ae6641b5dc8c0b093f56ba9c4
Instruction Fuzzy Hash: E221CD72500240AFEB22DF65DC45F66FFE9EF08310F14846AEE858B641D3B1A448CB72

Uniqueness

Uniqueness Score: -1.00%

Function 051D1699 Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,0A228721,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 051D170A

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: fd0bce953c00973d9eb876712e752433396cc9542cd963c5464816bbe83a7396
Instruction ID: e7a97b36e433986ea00731ae47ecb418b553d97991c70b7382d726dd0ab99ef7
Opcode Fuzzy Hash: fd0bce953c00973d9eb876712e752433396cc9542cd963c5464816bbe83a7396
Instruction Fuzzy Hash: 43218075509380AFD712CF25DC85A92BFE8EF06210F0984EAE985CB162D274A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D0B9E Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D0C10

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 011ed29f1612b0c36f8f23f571251430f94601631a2a32c80d44b756e5b8b578
Instruction ID: e4e9038bad95cb157125728c72b186de26ff5a2004b6a043f53e23ba9393f40f
Opcode Fuzzy Hash: 011ed29f1612b0c36f8f23f571251430f94601631a2a32c80d44b756e5b8b578
Instruction Fuzzy Hash: 7B11BE76504604AFEB20CF15CC85F67FBE8EF08710F1488AAEE459B241E7A0E409CA72

Uniqueness

Uniqueness Score: -1.00%

Function 051D04EA Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D055C

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: c11323c2d78f9258b85ae9a1e54700c2629c57fa02919077941e6e58f27588d5
Instruction ID: bc293ad6c5b6be58f8bbae153e14ae54d002a678810d4838b8e8e136a6a790e6
Opcode Fuzzy Hash: c11323c2d78f9258b85ae9a1e54700c2629c57fa02919077941e6e58f27588d5
Instruction Fuzzy Hash: F011AC72500600EEEB20CF19DC84F67FBE8EF08720F14846AEE469B251E760E408CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D2D42 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D2DA9

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: ef7c7dcfc8ba3dcfe887c5bfde3c174164f5d247dfb8e1c9b0ac61dcde2f22a2
Instruction ID: 7f5badc842aa6e14a8e1e7eae63aafbabb7de3064848f69ecee3eb3291d5cb72
Opcode Fuzzy Hash: ef7c7dcfc8ba3dcfe887c5bfde3c174164f5d247dfb8e1c9b0ac61dcde2f22a2
Instruction Fuzzy Hash: FF11BE79500600AFEB20CF55DC84FA7FBA8EF08710F14846AEE599B241D7B4A408CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D289E Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D28FD

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 345d49a88634b58f76b86c956933e56cc63b77af58b00e22eaec22069fd55bd1
Instruction ID: 64c5f2d7cd6feb0b665baa35c6fc362239d2c4824e79387fd47d1ed86795e4ed
Opcode Fuzzy Hash: 345d49a88634b58f76b86c956933e56cc63b77af58b00e22eaec22069fd55bd1
Instruction Fuzzy Hash: B511E272500200AFEB21CF65DC85F6BFBA8EF04320F14846BEE558B251D7B0A405CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D13AC Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 051D1416

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 1487037064ab891a803ce38cd5002455bb620586d657a5289d043303fcaace54
Instruction ID: ab363eeb7d59a7bbe40cedc5e776d09406074811fe23a336f1796f3da6528da6
Opcode Fuzzy Hash: 1487037064ab891a803ce38cd5002455bb620586d657a5289d043303fcaace54
Instruction Fuzzy Hash: A4114A72549380AFD7218B65DC85B66FFE8EB45220F0884AAED49CB652D364E808CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D123E Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 051D12A8

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: e781e7e8f313639b4949caff37d34cf0e5bd4c2a35e74128745a11df8ad6ce20
Instruction ID: 19d3fddec1b93cbe27f731777f2276ab3cbf2a6ec27059b1d233ce4b663533c9
Opcode Fuzzy Hash: e781e7e8f313639b4949caff37d34cf0e5bd4c2a35e74128745a11df8ad6ce20
Instruction Fuzzy Hash: BA118C754093C4AFDB128B25D895A51BFB4EF07214F1980DBDD848F253D265A909CB62

Uniqueness

Uniqueness Score: -1.00%

Function 051D118F Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

SetKernelObjectSecurity.KERNELBASE(?,?,?), ref: 051D1202

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: KernelObjectSecurity
String ID:
API String ID: 3015937269-0
Opcode ID: c4779ea07f0cde0968e1f80d0ba95f0c31849db5db2e467ce185afb4e81282ae
Instruction ID: e46ac302c20c35111aea92ba7000b8bfe828910f5fdbbab12a67456812e8cf1b
Opcode Fuzzy Hash: c4779ea07f0cde0968e1f80d0ba95f0c31849db5db2e467ce185afb4e81282ae
Instruction Fuzzy Hash: 5E21A275109380AFD7128B25DC44A62FFB4EF06214F1980DFED858B163D265E949CB62

Uniqueness

Uniqueness Score: -1.00%

Function 051D1006 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNELBASE(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D105C

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 23c76c880f299edef00a12d7a4413112de1d6cc32ecfcac48e7b028aca8bdc77
Instruction ID: d869daedae40090ffe66d3ccff0ceb187a212f94587cef0e5a34552dc4b32109
Opcode Fuzzy Hash: 23c76c880f299edef00a12d7a4413112de1d6cc32ecfcac48e7b028aca8bdc77
Instruction Fuzzy Hash: AC119E71540244AFEB20DB29DC85FABFBA8EF45720F1484ABEE059B241D6B4A404CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D02DE Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 051D0353

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: ad3fd4bf35de4aaa83b300205c045d0d4b7d79d061e05052392ff14c56fec5e3
Instruction ID: d3c57dc4fda40c0bca08320b71c97f9aa4ba7518855649b290ad81df4b4b9b4e
Opcode Fuzzy Hash: ad3fd4bf35de4aaa83b300205c045d0d4b7d79d061e05052392ff14c56fec5e3
Instruction Fuzzy Hash: 6311DA31100600BFEB21CF14CC85F66FBA8EF08720F1484AAEE455A291D2B5A508CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 051D09F2 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D0A51

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 045f85d264ceffa98a361a0f6808bc63adfc19678d85061430622f31f8289637
Instruction ID: 6f11ffd3b875e0fbfb002873c2c93784a2b58d1e4421fd10ee4422f325f6270c
Opcode Fuzzy Hash: 045f85d264ceffa98a361a0f6808bc63adfc19678d85061430622f31f8289637
Instruction Fuzzy Hash: FC11C171500600EFEB21CF55DC85F66FBA8EF48720F14846BEE499B241D3B8A508CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 051D10E2 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNELBASE(?,00000E2C), ref: 051D114B

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 3c570925208fa0c350797a4b7d4bf1327b426459d65b6f17dd2aeb71ceced861
Instruction ID: b009b23d03acf16e7b168637cdd84a095153851c3a42d2027d31bde4f1971df8
Opcode Fuzzy Hash: 3c570925208fa0c350797a4b7d4bf1327b426459d65b6f17dd2aeb71ceced861
Instruction Fuzzy Hash: 8811C671640604BFF720DB25DC46F76FB98EF05720F14C06AEE459A281D6A4A549CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D0AD6 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 051D0B1E

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: abc59d557f2bcc438f2eb7e0796507232404fe894eee94f98b6a5db48f560e07
Instruction ID: 57c4dc6288bd853a6f1d4adc46197e849283d2c97f527031805227f05222feb0
Opcode Fuzzy Hash: abc59d557f2bcc438f2eb7e0796507232404fe894eee94f98b6a5db48f560e07
Instruction Fuzzy Hash: 261182766042049FDB20CF29D889B56FBD8EF08714F1884AADD49CB241E774E404CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D13CE Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 051D1416

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: abc59d557f2bcc438f2eb7e0796507232404fe894eee94f98b6a5db48f560e07
Instruction ID: 32617d80d96a5ac20321e3458054a8309c648a08c7159a84561cb95196037496
Opcode Fuzzy Hash: abc59d557f2bcc438f2eb7e0796507232404fe894eee94f98b6a5db48f560e07
Instruction Fuzzy Hash: 93116171644240AFEB20CF69D885B66FBD8EF04620F18C4AADD49CB641D774E804CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D0932 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,0A228721,00000000,00000000,00000000,00000000), ref: 051D0985

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: a5bde355a1820584ea27d289599b09588b31c4d9d083a36d7c9d009e5e0644a2
Instruction ID: 9dae657e56cea37dc19857c2ad489f1afdd7590a31eee53cfa7eed27b452cce4
Opcode Fuzzy Hash: a5bde355a1820584ea27d289599b09588b31c4d9d083a36d7c9d009e5e0644a2
Instruction Fuzzy Hash: 7E01D271500704AEF720CB19DC85F66FBA8EF49720F1480A7EE489B241D6B4A4088BB2

Uniqueness

Uniqueness Score: -1.00%

Function 051D075A Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 051D079F

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 841a21dbc941ea529d017da7c1622aaf5b202014d2d3e9b48d6f81a29f4f9f47
Instruction ID: dba75e8823c2999de7b56c144b5b15fe6ed90c42a2d16c25ce54f853d27ff4cd
Opcode Fuzzy Hash: 841a21dbc941ea529d017da7c1622aaf5b202014d2d3e9b48d6f81a29f4f9f47
Instruction Fuzzy Hash: C6118E756002009FEB60DF29D889B66FBD8EF08220F1880AADD49CF641E7B4E504CF71

Uniqueness

Uniqueness Score: -1.00%

Function 051D16CA Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,0A228721,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 051D170A

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: 95683fc3de13409a7c95994c10f34ccc23f6c4656c82d0bc74de512428b4e6c4
Instruction ID: cc961ccfb2e8ad6d364f9beba373e4570b7688f0b4d28de6f96699face83d54a
Opcode Fuzzy Hash: 95683fc3de13409a7c95994c10f34ccc23f6c4656c82d0bc74de512428b4e6c4
Instruction Fuzzy Hash: 2B11A135640200AFDB60DF69D884BA6FBE8EF04220F0884AADD098B211D7B1E408CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051D314A Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 051D3195

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 760d5344d98fda98569cb65d1710e317028bb112357851c1d473946f8d5d0003
Instruction ID: 65acdd4596ace2dea61086b7dc836087e9ce99da826430c04d77716eac7306f6
Opcode Fuzzy Hash: 760d5344d98fda98569cb65d1710e317028bb112357851c1d473946f8d5d0003
Instruction Fuzzy Hash: 1D015E76540600ABE610DF16DC86B26FBA8FB88B20F14816AED089B741E371B515CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 051D0CCA Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 051D0D1A

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileNameTemp
String ID:
API String ID: 745986568-0
Opcode ID: 605a8458dc894d6f7da6a0b35e1d3dcea283e8e3c10272c514dca54eceda52c6
Instruction ID: 58da37a4bd86b826b63dc4b24b7163c8fffd2a9b44c8fa7ee2589abb3ea2b69f
Opcode Fuzzy Hash: 605a8458dc894d6f7da6a0b35e1d3dcea283e8e3c10272c514dca54eceda52c6
Instruction Fuzzy Hash: B2017176540600AFE710DF16DC86F26FBA8FB88B20F14816AED089B741E371F515CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 051D11C2 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

SetKernelObjectSecurity.KERNELBASE(?,?,?), ref: 051D1202

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: KernelObjectSecurity
String ID:
API String ID: 3015937269-0
Opcode ID: c277110c509273ee854bc43c0f305dd5c1924827eb5223289db1ed580748c79f
Instruction ID: 75bca7e70f9ebfa78257d6120daf2ae7dfe7146d75551c395eb251c4dd8bf10f
Opcode Fuzzy Hash: c277110c509273ee854bc43c0f305dd5c1924827eb5223289db1ed580748c79f
Instruction Fuzzy Hash: 8D01B175640600AFDB20CF69D885B66FBE4FF04320F18C0AADE498B651D3B1E448CB72

Uniqueness

Uniqueness Score: -1.00%

Function 051D161E Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 051D1650

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: c581bd66283d4c4e5c143d4cdc60f37c626e1d337ba0a95080e51e1599cdc247
Instruction ID: 41c6baa28a51c320b8fe2d7e098a5be3e94797038491158651f67ad9d6ac247f
Opcode Fuzzy Hash: c581bd66283d4c4e5c143d4cdc60f37c626e1d337ba0a95080e51e1599cdc247
Instruction Fuzzy Hash: 0E01DF75544600AFDB10CF29E885B66FFA4EF04220F18C0ABDD0A8B242D2B5E408CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 051D0232 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 051D0264

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 8c8a0a45bee4e40745abd375a263c7cf6b3575478e97bda8bff51d2cb3efa866
Instruction ID: c4ca1595b0b3822f5a0e7a71377bde6245bd10d37b3aad277f31d82b8aba0213
Opcode Fuzzy Hash: 8c8a0a45bee4e40745abd375a263c7cf6b3575478e97bda8bff51d2cb3efa866
Instruction Fuzzy Hash: 5101DF359012009FEB10CF29D889766FF94EF48320F18C4ABDD498B602E6B5E448CB72

Uniqueness

Uniqueness Score: -1.00%

Function 051D1956 Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 051D19A6

Memory Dump Source

Source File: 00000008.00000002.629876871.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_51d0000_yAbf8Z3qA5.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1f0baee91f3c5952e997bc32768b53871e9962887ce93aca933c709ece9671cb
Instruction ID: 25b0b0f0084ec57c914f87c4c8e512f18098467b6c11a5307588fc1eaebddfdc
Opcode Fuzzy Hash: 1f0baee91f3c5952e997bc32768b53871e9962887ce93aca933c709ece9671cb
Instruction Fuzzy Hash: DA016276540604ABD610DF16DC86F26FBA8FB88B20F14815AED085B741E371F515CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 050B0682 Relevance: 1.4, Strings: 1, Instructions: 130COMMON

Download Yara Rule

Strings

}, xrefs: 050B074F

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: }
API String ID: 0-3934603907
Opcode ID: 1dbadd99d75e8ea5d7773bd3764017f9d87366d483a474f4a50012c3be04947a
Instruction ID: a6a9b98b9fe70043f5db1cd3bfae8d34267beed3098a5dd7a94b901573949b73
Opcode Fuzzy Hash: 1dbadd99d75e8ea5d7773bd3764017f9d87366d483a474f4a50012c3be04947a
Instruction Fuzzy Hash: C44172306082508FD308BB3AED5D96E3BA6AF81301715557AF543EB2B1DF624C4A8F91

Uniqueness

Uniqueness Score: -1.00%

Function 050B1458 Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

$ghr, xrefs: 050B14C7

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: $ghr
API String ID: 0-1352911727
Opcode ID: 8d0ee353153998d0fcccdc488c23fe27e57e9920dbed19f727e77922358db8e3
Instruction ID: ec8a2cdc4f37d970c9b581f52ae4425db1198040498d6c430c9ebc79d6b155a7
Opcode Fuzzy Hash: 8d0ee353153998d0fcccdc488c23fe27e57e9920dbed19f727e77922358db8e3
Instruction Fuzzy Hash: A451F734A00214CFDB58EF64D894B9DBBB2BF49300F1441EAD40AAB365CB75AE85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 050B0690 Relevance: 1.4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

}, xrefs: 050B074F

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: }
API String ID: 0-3934603907
Opcode ID: 3a4f29687f3881b2a32a07c6a2ee066d45c779e0d212e5cb3f46844ed3557526
Instruction ID: a34a51d82c497c526b94eef81db4f7be607313ebad5fc5d9a57de65049e4232b
Opcode Fuzzy Hash: 3a4f29687f3881b2a32a07c6a2ee066d45c779e0d212e5cb3f46844ed3557526
Instruction Fuzzy Hash: E5414B306082108FD318BB3AED5DA6E3BA6BF847027145579F543EA2B0DF724C4A9F91

Uniqueness

Uniqueness Score: -1.00%

Function 050BE900 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

lir, xrefs: 050BE99C

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: lir
API String ID: 0-3872640509
Opcode ID: 9af0239b76e9980caa1b797d276562d7fb1c056c8124610615284ca43bbcdf82
Instruction ID: bb18e25a3bb62c3b0ea1aca4f95ec49c03f653a78cf4bece9b220a2081c0b031
Opcode Fuzzy Hash: 9af0239b76e9980caa1b797d276562d7fb1c056c8124610615284ca43bbcdf82
Instruction Fuzzy Hash: A53162317082018FEFA4D654F0D06FDBBDEEF82214B18856FC24ADF242D9B1D44A8391

Uniqueness

Uniqueness Score: -1.00%

Function 050B8BC0 Relevance: 1.3, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

r*+, xrefs: 050B8CD7

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: r*+
API String ID: 0-3221063712
Opcode ID: 08d52f1167619f28b37656c374f114c79f4b8ae91105659392b5bf8a7b164fb1
Instruction ID: a0c4dcb637f564ac2b7388e5512f5cf126c6a083c61f4d8c8519353d0fa11c87
Opcode Fuzzy Hash: 08d52f1167619f28b37656c374f114c79f4b8ae91105659392b5bf8a7b164fb1
Instruction Fuzzy Hash: D14138B0E05209DFEB48DFA4D1866EEBBF6FF44300F1484AAD902A7260DB745A45CF55

Uniqueness

Uniqueness Score: -1.00%

Function 050B1290 Relevance: 1.3, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

$ghr, xrefs: 050B1349

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: $ghr
API String ID: 0-1352911727
Opcode ID: eb21e10c4cb914c1057fc806944a5db35648f63b805e9d801746893444fc8977
Instruction ID: 3b07c876bdae79ccd286968fe490a914b94152c567e61f1e3a99c59b679a2cf1
Opcode Fuzzy Hash: eb21e10c4cb914c1057fc806944a5db35648f63b805e9d801746893444fc8977
Instruction Fuzzy Hash: 16411734E04218DFDB64DF69E890BADBBB2BF49340F0441AAD40AAB355DB709D85CF61

Uniqueness

Uniqueness Score: -1.00%

Function 050BE1D9 Relevance: 1.3, Strings: 1, Instructions: 76COMMON

Download Yara Rule

Strings

lir, xrefs: 050BE293

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: lir
API String ID: 0-3872640509
Opcode ID: 8a6506df28d44cdce11b0c710be5fd109fbe6bb6057cdeba520af7b4d8301a11
Instruction ID: 91e547f6d019c7b292878cad2fb713c73417cfe1b39152f828a1217ac0295db6
Opcode Fuzzy Hash: 8a6506df28d44cdce11b0c710be5fd109fbe6bb6057cdeba520af7b4d8301a11
Instruction Fuzzy Hash: 7521B375A04114CBEF14CBA8E0857FEBBEABB88315F14457EE406EB340DBB59C428B95

Uniqueness

Uniqueness Score: -1.00%

Function 050B4710 Relevance: 1.3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

Strings

X1kr, xrefs: 050B4747

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X1kr
API String ID: 0-844551562
Opcode ID: 684e8044ed5b2c63a3ac6ced5dd930aff933b2928acbf7d0c62e36a6ffd7179c
Instruction ID: 34d936120ba9d0945b9d76268713a5c504d0d547d20b0a8812fca83188e8e3a9
Opcode Fuzzy Hash: 684e8044ed5b2c63a3ac6ced5dd930aff933b2928acbf7d0c62e36a6ffd7179c
Instruction Fuzzy Hash: 45F050363402605BDE24AABDB5403FD32CB8BC6660F54003FD205D7781EDB5DC829350

Uniqueness

Uniqueness Score: -1.00%

Function 050BA5EF Relevance: 1.3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

Strings

Huir, xrefs: 050BA623

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: Huir
API String ID: 0-669697419
Opcode ID: 25a144106fce66826bad3dd80917b1166d24e40ec54043b0813be0d668cfc392
Instruction ID: 7fc5f93be00ecc95ab31511485a651fc4c7a46cabea782d8e4b2a1239b689262
Opcode Fuzzy Hash: 25a144106fce66826bad3dd80917b1166d24e40ec54043b0813be0d668cfc392
Instruction Fuzzy Hash: E4F0F6B170825087D744AEACACD1BBD7A97ABC5230B74423FE515EF3C5DDA49C014355

Uniqueness

Uniqueness Score: -1.00%

Function 050B7760 Relevance: 1.3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

Strings

Huir, xrefs: 050B7793

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: Huir
API String ID: 0-669697419
Opcode ID: 287011e39214b4b4553c699bf4fe31b2d20770d719fd0eb50880a364aa08062b
Instruction ID: 6e83a0bc089569d01e0c1658294cc0c9a741fac075df1ac8afd8c9c62efea769
Opcode Fuzzy Hash: 287011e39214b4b4553c699bf4fe31b2d20770d719fd0eb50880a364aa08062b
Instruction Fuzzy Hash: 98F046B274810053C604AAACADC1BAD2A8BEBCA360B69132EE109EB3C4DD549C020366

Uniqueness

Uniqueness Score: -1.00%

Function 050B7770 Relevance: 1.3, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

Huir, xrefs: 050B7793

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: Huir
API String ID: 0-669697419
Opcode ID: 46fc7da32a818c60f59ee9ee9683d1d1231c3fe534c37e94d3a171bd39fcfccc
Instruction ID: 2588eea9d4bccfda76cbb4dc0c927d29bf21dbffda83efa7d43ee1ba5fa53efa
Opcode Fuzzy Hash: 46fc7da32a818c60f59ee9ee9683d1d1231c3fe534c37e94d3a171bd39fcfccc
Instruction Fuzzy Hash: D8F0E93134811053D6447A6CADC1A7E7A8BEBC9770774433EE21AEF3C5DD91AC0243A6

Uniqueness

Uniqueness Score: -1.00%

Function 050B62B8 Relevance: 1.3, Strings: 1, Instructions: 20COMMON

Download Yara Rule

Strings

lir, xrefs: 050B62C6

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: lir
API String ID: 0-3872640509
Opcode ID: 073871282997a5e07656d640c807522e5a3728fe9fe387a099624cc03e12ba4f
Instruction ID: 6cc6507daf548e1d4bd5fe5cba24a4ef4411e1d322d621abeb7030a3bbf033fc
Opcode Fuzzy Hash: 073871282997a5e07656d640c807522e5a3728fe9fe387a099624cc03e12ba4f
Instruction Fuzzy Hash: CBD0A734B45624176A187E7E5915A7F378D5BC1A51341087FFA0BEA380ED139C0343DD

Uniqueness

Uniqueness Score: -1.00%

Function 050B02A0 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

Lm, xrefs: 050B02B6

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: Lm
API String ID: 0-3864954704
Opcode ID: c18860866b41e1a968cd0244343ae0f59bee668288b188aab5af2c25ddf36ab6
Instruction ID: bb09f81d54b426179212cb9a1df4a83a54f3cb1f461886f56d8b3195708ad3a6
Opcode Fuzzy Hash: c18860866b41e1a968cd0244343ae0f59bee668288b188aab5af2c25ddf36ab6
Instruction Fuzzy Hash: 67D02B32508600CBD310D344FD5AECF7BE1FB84301305C93ED427A6640C760BC024742

Uniqueness

Uniqueness Score: -1.00%

Function 02B201FC Relevance: .4, Instructions: 415COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.626769693.0000000002B20000.00000040.00000040.sdmp, Offset: 02B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2b20000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0259d8dfc0a7efbbc42e91eb3dff0508d8921eb8fcbd9d2ddf37c4bb93e1e840
Instruction ID: 9f17e1ed2acbbedcc61a516031a102c075d06d99b9934c43593c5a733edbbb88
Opcode Fuzzy Hash: 0259d8dfc0a7efbbc42e91eb3dff0508d8921eb8fcbd9d2ddf37c4bb93e1e840
Instruction Fuzzy Hash: C831F66654E7C18FC7039B259CA5591BFB0AF17220B5E84E7C484CF6B3E2695C09CB72

Uniqueness

Uniqueness Score: -1.00%

Function 050B6358 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc6791c8ac7d7ca58634edd6fa8f2b98406c3189e1bf4d9c4432f4cdf5af562a
Instruction ID: 77ce509eca43fdf8856db92df95101170397779fa2bc718ef061518ec92254d2
Opcode Fuzzy Hash: cc6791c8ac7d7ca58634edd6fa8f2b98406c3189e1bf4d9c4432f4cdf5af562a
Instruction Fuzzy Hash: 98817F31A00619CBDF15DF14D8909EEB7B3BF85304F1585A5D80AAF245DBB2AA86CF90

Uniqueness

Uniqueness Score: -1.00%

Function 050BB090 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24e6077e36625ea566bca21779dfc69182d804e62f93e2b10f54ae2d13e05bb3
Instruction ID: 426f5fb3f0924d80ba2251fc2d3add63c688afc7c989ad50b3a3da92fb67aa2a
Opcode Fuzzy Hash: 24e6077e36625ea566bca21779dfc69182d804e62f93e2b10f54ae2d13e05bb3
Instruction Fuzzy Hash: C881B031B005058BD708EB68C891B6EBBA6FFC9710F95467CE605AF794DFB0AC068791

Uniqueness

Uniqueness Score: -1.00%

Function 050BEAC8 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f5011a5515465f19e8ffcb0bbe91635246a184db639bf4c247d8a37ee71ded0
Instruction ID: 7564d1e4d90ee1ad62528597e184f7500818cc309a2c61df626ad1a24da2f618
Opcode Fuzzy Hash: 4f5011a5515465f19e8ffcb0bbe91635246a184db639bf4c247d8a37ee71ded0
Instruction Fuzzy Hash: 43711C34A04604CFEB54CB69D4D4AEEBBF6BF48314F148469D416A7761CBB1E886CB50

Uniqueness

Uniqueness Score: -1.00%

Function 050B4DB8 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dc46865caf8bd2d1f560551ca72748860b4f3d7bbd640ee00b4c504ad4568af
Instruction ID: fe162ad9920aed8eb86b9833d383d0b61ce1f0136e0a630bbbe8561689deda51
Opcode Fuzzy Hash: 4dc46865caf8bd2d1f560551ca72748860b4f3d7bbd640ee00b4c504ad4568af
Instruction Fuzzy Hash: C651DF302042158FDB09EF69E4C0DBE7BA3EF84300B14862AD4068B39BDBB1AD06CB55

Uniqueness

Uniqueness Score: -1.00%

Function 050BFDA8 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97af56803ee1c7b9358c8963ef57c9762f54bfef60355d74ffc8dead67047f50
Instruction ID: b128d0e04fb4974247c7c4b9dd5d9e9e17c9021d1a27eed10f7aa4e305dbfa52
Opcode Fuzzy Hash: 97af56803ee1c7b9358c8963ef57c9762f54bfef60355d74ffc8dead67047f50
Instruction Fuzzy Hash: 1451E430A04752CFE729DF39D8907AEBBF2BF85300F14886ED1569B691CBB5A841CB50

Uniqueness

Uniqueness Score: -1.00%

Function 050B78D8 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35943c4d1efaf7a9b2c153794ed87fc5e8d95dfa9b37b16e827de73b3b47a0e9
Instruction ID: b35dc74c3120e03b8bf2f49bc4c09345fb5e7e7930ee564e70533a2c54056054
Opcode Fuzzy Hash: 35943c4d1efaf7a9b2c153794ed87fc5e8d95dfa9b37b16e827de73b3b47a0e9
Instruction Fuzzy Hash: AD310531A0061ACFDF55CF14D894ADEBBB2EF85304F5185A4D909BB205DBB06B8ACF80

Uniqueness

Uniqueness Score: -1.00%

Function 050B74D0 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fac24a4933d4b5983cf04af9280c59bd6f96512b9b6320c514f71d450e12f74
Instruction ID: b836f44dc737ad443fc7b1181481999a44e1230ba9e0de1b6be1344a1dea57a5
Opcode Fuzzy Hash: 1fac24a4933d4b5983cf04af9280c59bd6f96512b9b6320c514f71d450e12f74
Instruction Fuzzy Hash: 19514031B002158BDB58DBB9D4949EEB7F3EFC4710B248569C406AB395EE70AD42C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 050B7DC0 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fa1ffd4d824d7b15e6c51636b28d2cae48bce98179f69e7660c62eb3641d442
Instruction ID: 1cec20f9b86b6233abd56a20d642846015f5ab05138362c6131077925ae48c18
Opcode Fuzzy Hash: 2fa1ffd4d824d7b15e6c51636b28d2cae48bce98179f69e7660c62eb3641d442
Instruction Fuzzy Hash: 5F511275D00219CFDB18CFA9D9849DCBBF2FF88300F20856AD85AA7294E7316946CF80

Uniqueness

Uniqueness Score: -1.00%

Function 050B8091 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b507c3fe903068acc3f5c9bbdfa6bd4bdf84edcead7e59bab3d83962b5ec7eca
Instruction ID: 99cb74828d2de5c4ff179053aaa7c147e7c5b9b755d25df70582bbab6788a695
Opcode Fuzzy Hash: b507c3fe903068acc3f5c9bbdfa6bd4bdf84edcead7e59bab3d83962b5ec7eca
Instruction Fuzzy Hash: 65517E34A00215CFEB54EB74D598BAD7BF6BF85300F2482A9D909EB7A1DB709C41CB61

Uniqueness

Uniqueness Score: -1.00%

Function 050BD188 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad4f424f370d9baa912f731ac53bd814246375cf707bc0ffea99777f6cc29a17
Instruction ID: 579cd35807301c8b3472e098c8df5fa04f469a3ea6a56e6b9877633b92c34bcf
Opcode Fuzzy Hash: ad4f424f370d9baa912f731ac53bd814246375cf707bc0ffea99777f6cc29a17
Instruction Fuzzy Hash: 69418231A007059FEB18DB76D994BAEFBE3FF98310B14C629C456A7650DB71E8028B54

Uniqueness

Uniqueness Score: -1.00%

Function 050B0BC0 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3110d156f9cd9871049171c5d10806264de2c122f7c9bbd3a0ba7cf3cea7978c
Instruction ID: 717ecd0c1b0609160972ca81be5170e7017e28007d5793a481c6ae7e86109ac4
Opcode Fuzzy Hash: 3110d156f9cd9871049171c5d10806264de2c122f7c9bbd3a0ba7cf3cea7978c
Instruction Fuzzy Hash: 69419131B041048FDB15CB2CD468AEF7BE7AF85310F15806AE906EF3A1CEB19C068791

Uniqueness

Uniqueness Score: -1.00%

Function 050BEAB9 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27849ad34bd3ed54623115f7ec3f7e404b8386cee7a902f11f09003f160b4fd5
Instruction ID: e30a8a46f8c6f2695b4adc93004d200495a5d6fa1205ee48ec0af10a855b6605
Opcode Fuzzy Hash: 27849ad34bd3ed54623115f7ec3f7e404b8386cee7a902f11f09003f160b4fd5
Instruction Fuzzy Hash: 2F514D34A04604CFEB64CF69D4C4BEEBBF6BF48314F148469D456A7661CBB0E885CB50

Uniqueness

Uniqueness Score: -1.00%

Function 050B5920 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e43c4cf56f195dd6788b716b21845b0a1391f83deedbe2a77cf5c4cb55376fe
Instruction ID: 5f8e536013afb09acfcfdbb9c666967badd5f9722d3a324879990ba1e86e895e
Opcode Fuzzy Hash: 2e43c4cf56f195dd6788b716b21845b0a1391f83deedbe2a77cf5c4cb55376fe
Instruction Fuzzy Hash: F4417F307092018BFB19A776BC987BE27E76FC4610B1485B9E506E7394FEB5C8028B91

Uniqueness

Uniqueness Score: -1.00%

Function 050BFAE8 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b89343047d9ef7cf643680a0d908f48abfcc1db9d41d3eaddab4a95d8ac70a4a
Instruction ID: a5c2c636f77f3836fbac7d9b9823d3155a13122ba9ecd1d1aece52ed923e98e0
Opcode Fuzzy Hash: b89343047d9ef7cf643680a0d908f48abfcc1db9d41d3eaddab4a95d8ac70a4a
Instruction Fuzzy Hash: F351E835A00205CFEB04DF68D990EEDBBB6BF88320F158598D911AB365D775EC81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 050B86B8 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 134fc842ca7fb448020b1963a968959b64209687442fd2d7b65d76e3b145e8d7
Instruction ID: 22202b06dd3c2e599a9f6ba5f5bd323e4e193b6d8ed03488091df71b6d81d8a3
Opcode Fuzzy Hash: 134fc842ca7fb448020b1963a968959b64209687442fd2d7b65d76e3b145e8d7
Instruction Fuzzy Hash: D841AA75A00119DFDB00DFA8E588AAEFBF9FF44315F10C266D516A72A0DB70E846CB91

Uniqueness

Uniqueness Score: -1.00%

Function 050B7050 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66e334714694006cabb5849ab6f4bf39e121613c32d4deab7139e5a3b0076c68
Instruction ID: 78c5406bb5297c920f80dd3d6fba6c5e56bf2782fbce2bd32af134fa498185f9
Opcode Fuzzy Hash: 66e334714694006cabb5849ab6f4bf39e121613c32d4deab7139e5a3b0076c68
Instruction Fuzzy Hash: 0941B138700210CFC719FF6AE49419E7BE2BF8D6003684268E906B7796DB71AC46DB51

Uniqueness

Uniqueness Score: -1.00%

Function 050BB430 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c93822fd569086754820c565ccaf89f32fda6c1b35d48ea3b0fae10f31bf772
Instruction ID: a3125a2a81b57b22d965d08b5a375b9e66eceacd4635024424e82d48cf5b60ef
Opcode Fuzzy Hash: 9c93822fd569086754820c565ccaf89f32fda6c1b35d48ea3b0fae10f31bf772
Instruction Fuzzy Hash: 1131E271A006649BDB14CA98E8C07BEBBF2FF88310B244429E81AE7750DB74ED41C781

Uniqueness

Uniqueness Score: -1.00%

Function 050B7060 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10f748e844b8cb573985d2417f2c7506b9fa90d912c0421e673fb9470b0c7509
Instruction ID: 1ae75d5789221515d1813efb9d2884cd4f8e93bb4e788c9d4159243dc2e4e0f5
Opcode Fuzzy Hash: 10f748e844b8cb573985d2417f2c7506b9fa90d912c0421e673fb9470b0c7509
Instruction Fuzzy Hash: A2419038701210CFC719FF7AE09419D7BE2BF8D6103684268E906BB796DB71AC46DB91

Uniqueness

Uniqueness Score: -1.00%

Function 06590268 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.631118582.0000000006590000.00000040.00000001.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6590000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a5751c465b229425b0ad71a146cf5840d25e7f762430e43f398393f1d149b4f
Instruction ID: 9b7a4b2b551fb6155d41ab60c2b6ac545d581247c117bfc2c8ba7bfd6491d278
Opcode Fuzzy Hash: 9a5751c465b229425b0ad71a146cf5840d25e7f762430e43f398393f1d149b4f
Instruction Fuzzy Hash: 6741D571E00208DFDF84CFA9C580A9DBBF2FF48314F24896AD419AB255D731A946CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 050B02DA Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63eac868c6de0562dd483948f8f4c42a0b3cd4b633af2c3d90c3ae1ac5c8a5e7
Instruction ID: e8a0d6e6fe3a229ed6bd149652e0962a9a1438b1ea8cb560940c9d19164539e0
Opcode Fuzzy Hash: 63eac868c6de0562dd483948f8f4c42a0b3cd4b633af2c3d90c3ae1ac5c8a5e7
Instruction Fuzzy Hash: D5314E70A01205CFEB58CB68D5A8BAF7BF6FF88B10F144469D502AB790DBB19C418B51

Uniqueness

Uniqueness Score: -1.00%

Function 050BEE90 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c9b70699b864ec6b07c30899cdaf29fa12281941cdf8925717dcaff50e87e86
Instruction ID: b8249ad79191360aeabc8604ced206ddc610c1781c45607f5a1b806f99e08b06
Opcode Fuzzy Hash: 5c9b70699b864ec6b07c30899cdaf29fa12281941cdf8925717dcaff50e87e86
Instruction Fuzzy Hash: 8D31C836A00115DFDF15EF68E8848EE7BB7BF89310B050465E502BB250DBB1AD05CB91

Uniqueness

Uniqueness Score: -1.00%

Function 050BE528 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e24fedc79f61acb3e5d0ed3df0f57f185b996dff396aeaf1d4186f04a5b09bff
Instruction ID: 04eaad8d23a052087b621ae67e43c458772ed3cb3de04f7cf4384aa1e8b0c698
Opcode Fuzzy Hash: e24fedc79f61acb3e5d0ed3df0f57f185b996dff396aeaf1d4186f04a5b09bff
Instruction Fuzzy Hash: 92318F75A00214DFEB54DF68D584AEEBBF6BB88311F248179D40AE7241EB71DE81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 050B45C8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc32738516fcbbf2d999a5c57ed237bf25b40b5e4e437ba37f96f23681f3e1f0
Instruction ID: 33484ffe6ca6b361ad2ce9f84751ed0dfdc76f46bc722fd18919d4a3c28da957
Opcode Fuzzy Hash: cc32738516fcbbf2d999a5c57ed237bf25b40b5e4e437ba37f96f23681f3e1f0
Instruction Fuzzy Hash: 68216971B001199FEF44DA99E9C1BFFB7FBFB88204F204129D619E3241E6B05A058752

Uniqueness

Uniqueness Score: -1.00%

Function 050B50E0 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b2d62b802e5c100ecaf6c4d4e9c44913333b3e663944cb2bc820850da5ae191
Instruction ID: 031325980755f19606e84fcf7435f3266999e6147749aeea13dde349d4793caa
Opcode Fuzzy Hash: 5b2d62b802e5c100ecaf6c4d4e9c44913333b3e663944cb2bc820850da5ae191
Instruction Fuzzy Hash: 1D216F30A003099FEB04DFA9D8546EEBBF6AF89300F144969D506BF251EBB06945CB80

Uniqueness

Uniqueness Score: -1.00%

Function 050BE7A9 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d8805f94d89a0bc586383d7ab099de2c02f9fd19ade8da5674f140d7f8512fd
Instruction ID: 7c3ff5a3051c4af711c3d2dc1a9558e8c6426c07caf2163dc94204c32b686120
Opcode Fuzzy Hash: 2d8805f94d89a0bc586383d7ab099de2c02f9fd19ade8da5674f140d7f8512fd
Instruction Fuzzy Hash: F3314C71B00605CFDB54DBB9D581AAEBBF6BF88300B50442DE50AE7790DA75EC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 050BE341 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49dcc5bc5cfcf5410bf1677e4b46e8798f2f160e37702f9f365e1ffd16d72af8
Instruction ID: 0d6612edf980b59a7b98125fbe6e96d57492e21cec7efb2450872d85fb3d7d4d
Opcode Fuzzy Hash: 49dcc5bc5cfcf5410bf1677e4b46e8798f2f160e37702f9f365e1ffd16d72af8
Instruction Fuzzy Hash: 1C311A313007018FC799A77C849166A7BE3AFC53147A4992CD646AF758DEB6ED038B84

Uniqueness

Uniqueness Score: -1.00%

Function 050B43D0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80e6b8900141fa8edd2bed7c6501f10191e8460f4fbadd06be1ee80decdb8616
Instruction ID: 46f75b5eeb655dec7266a34e976b469cbaba4729a3c5176f9f741411850156c1
Opcode Fuzzy Hash: 80e6b8900141fa8edd2bed7c6501f10191e8460f4fbadd06be1ee80decdb8616
Instruction Fuzzy Hash: 4B31AF35600215CFDB04EF69EC8489D7BB3FF843047148269E5066B27ADB72A91BDF41

Uniqueness

Uniqueness Score: -1.00%

Function 050B55E8 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a7e4db13fa0a6d5938a3da682c9f94cc94ead62a4cd0d07b97ba519e9fb82b0
Instruction ID: dffc9b46a505f90c508b9a559098f13aed67233de325b80078196570b7eb1fa9
Opcode Fuzzy Hash: 6a7e4db13fa0a6d5938a3da682c9f94cc94ead62a4cd0d07b97ba519e9fb82b0
Instruction Fuzzy Hash: 9221DB30B502158FEB149F78D9957FD7AE3AB88710F14006AD502EB3D0EEF54D458791

Uniqueness

Uniqueness Score: -1.00%

Function 050B5B51 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 744825c9cec251dc0407140f3742232af1b73888be6f1763b3470e193a83b22f
Instruction ID: 31a78bdc433c311c6ee1288c74137764d7f3a6b02dabaad2670eb8b97f023b93
Opcode Fuzzy Hash: 744825c9cec251dc0407140f3742232af1b73888be6f1763b3470e193a83b22f
Instruction Fuzzy Hash: 6B21CF71B052048FDB08EAB9A8905FEBAE7ABC8210F54847AD407F7381EDB18C4187A5

Uniqueness

Uniqueness Score: -1.00%

Function 050B8B92 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39d3114a8a2e6f68be7b2b4607a96f26b271a9b09658e921e569d839b40b0fc6
Instruction ID: 1d3763990b83ffa3cd14753a5bd1493be57c2c59677250ff16ea2d270f3ace80
Opcode Fuzzy Hash: 39d3114a8a2e6f68be7b2b4607a96f26b271a9b09658e921e569d839b40b0fc6
Instruction Fuzzy Hash: D9319EB0D09248DFEB45CFA4D4857EE7BF5FF01340F1484AAD4029B3A0D6749902CB56

Uniqueness

Uniqueness Score: -1.00%

Function 050B8A00 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 641b2ff0d1b798c78d803a701a9afcb918dcd8272e64ad385f84524d36fdcf17
Instruction ID: 0e86a6bd1588b77e752d7528c8dfdda9db5d49c61fc24b9c3ecc5036c4bda9d1
Opcode Fuzzy Hash: 641b2ff0d1b798c78d803a701a9afcb918dcd8272e64ad385f84524d36fdcf17
Instruction Fuzzy Hash: 55218DB1B10200CFD748EF78E49596E3BA6FF84315359852AE506EB3A4EF719C02CB51

Uniqueness

Uniqueness Score: -1.00%

Function 050B6E86 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2707c250769e97e38fc65202e96bf7e9e88bf2efacd9d57ad96901c7653e5935
Instruction ID: 2e4cbe7e1c79cff8ec7fd0edced64a1848adc070706697a0feb6d7b03a187c52
Opcode Fuzzy Hash: 2707c250769e97e38fc65202e96bf7e9e88bf2efacd9d57ad96901c7653e5935
Instruction Fuzzy Hash: ED314C302143118BC718FB39E49955D7BA2AF853543989A6CE606EB345DF72AC4BCB81

Uniqueness

Uniqueness Score: -1.00%

Function 050BAD18 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba20534337dc31887b71c2d029922998c8a4142b276a65a1f35ecd55d48f3bbf
Instruction ID: 023fa90c188f6fb9ea3e0416db95421044ca3c2c282026ffa027f1edc28e536f
Opcode Fuzzy Hash: ba20534337dc31887b71c2d029922998c8a4142b276a65a1f35ecd55d48f3bbf
Instruction Fuzzy Hash: 4B216570B04605DBDB14DF78D981AEEBBF2BB88711F104A7DE113AB254DBB1A845CB90

Uniqueness

Uniqueness Score: -1.00%

Function 050BF041 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5453b5d1768cf6aa570b88b7f7b1596f4515a0e95c6764a019c7d74888ea6087
Instruction ID: 7ad4c0454fc3bc117b3f1f53d724a82053d5b79461258adda181a7eef958efd2
Opcode Fuzzy Hash: 5453b5d1768cf6aa570b88b7f7b1596f4515a0e95c6764a019c7d74888ea6087
Instruction Fuzzy Hash: 8E211675E00108DFDB45DFA8D980AEEBBF6AF8C300F14842AD615BB251DB719941CF60

Uniqueness

Uniqueness Score: -1.00%

Function 050B5B60 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 699c2c1e9a4029b3a1936b13221b7e5708e6efb22e9183193ee798d48965777b
Instruction ID: 1467b5e8ac00f5c436933ee4f8ebbdca7e2f3baef567f64eacf9096cf5815afd
Opcode Fuzzy Hash: 699c2c1e9a4029b3a1936b13221b7e5708e6efb22e9183193ee798d48965777b
Instruction Fuzzy Hash: 7C21DE31B011048FEB08EAB998905FEBAE7ABC8210F10847AD407FB381ED708C418BA1

Uniqueness

Uniqueness Score: -1.00%

Function 050BED80 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd16a1d286a3c5e5a4ce4b8b7bd2259bfb352955eed235d4fe20d65e197cfaab
Instruction ID: 248965e0bb3315f8bbe77a3f312509a958b4b003799cbec8fb542002d369a909
Opcode Fuzzy Hash: bd16a1d286a3c5e5a4ce4b8b7bd2259bfb352955eed235d4fe20d65e197cfaab
Instruction Fuzzy Hash: D8218131A04615CFEB55CF28D4806EEBBFABB84214F184179D41AEB341DBB29841CB91

Uniqueness

Uniqueness Score: -1.00%

Function 050B25DE Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 681817edc6096f4d14207c9f3fbb64f34b0bf27463f0f711fa63f69291091932
Instruction ID: 770c5fd9e1664c788a7cc511176a3f37190f7a91d4fab44a51d1f83a5459b974
Opcode Fuzzy Hash: 681817edc6096f4d14207c9f3fbb64f34b0bf27463f0f711fa63f69291091932
Instruction Fuzzy Hash: D4318E74A10346CFEB64DF66D884A9EFBF2BF84318F20D129C005AB265DBB4954ACF41

Uniqueness

Uniqueness Score: -1.00%

Function 050B8FA6 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dda1a502679ed24c7ca9c66d8ce2b32e24e468a6af8468971ce4477e6d36923
Instruction ID: 7813831d1bbaa3b1234fbe4d57a68c5108a8d831007a30a3ff916cf5c80dc05d
Opcode Fuzzy Hash: 4dda1a502679ed24c7ca9c66d8ce2b32e24e468a6af8468971ce4477e6d36923
Instruction Fuzzy Hash: 43316B30E10245CFEB50DF65E485A9EBFE2BF84314F148929D905AB254DFB4A889CF81

Uniqueness

Uniqueness Score: -1.00%

Function 050B50D0 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4e8a08c99ae40b129cba0e9958fb9dfa1047240fc2416b563bdeba3527cc4ea
Instruction ID: 37538910ab5b3f8886b435ddb57ad132e3f88aacf8ee7d2675d771dd7a10b7ea
Opcode Fuzzy Hash: c4e8a08c99ae40b129cba0e9958fb9dfa1047240fc2416b563bdeba3527cc4ea
Instruction Fuzzy Hash: 8021CD72D043499FEF00CFA4D8956EEBFB2AF85300F450465C505FB251E7B0598ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 050B21E9 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03e851a78d5dd2ede38477f015d31c5464c9a3b7c749cdd526ed1157eb139707
Instruction ID: 3662123b7a1f984cd5c7c2dc955e4e5295d77b018e2d136090881c3fa5e85d11
Opcode Fuzzy Hash: 03e851a78d5dd2ede38477f015d31c5464c9a3b7c749cdd526ed1157eb139707
Instruction Fuzzy Hash: 77212B74D0820AEFEF84DFA9D5856EE7BB2BB45300F10416AD402EB2A0D6B19E45CB52

Uniqueness

Uniqueness Score: -1.00%

Function 050BB420 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc9f780eda3d0a1f5d46c31022b54bfe1c82455ee15010edf209b2edb9b0d5ce
Instruction ID: 554ede0d4f8382c76ed8670128cad14f325821ea104b343b0ef14da6c30de10f
Opcode Fuzzy Hash: fc9f780eda3d0a1f5d46c31022b54bfe1c82455ee15010edf209b2edb9b0d5ce
Instruction Fuzzy Hash: CA218EB2E142699BCB04CA99DC945EEFBF2FB89310B14456AE819E3351D774AD01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 050BFC4E Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bb2d302865315045b21120394290a3094a216f9b2f322cd300684878728e82d
Instruction ID: 599b2001adf3dda55c75326068d90308520a0f2d3e62501a35eb1103ff526577
Opcode Fuzzy Hash: 8bb2d302865315045b21120394290a3094a216f9b2f322cd300684878728e82d
Instruction Fuzzy Hash: E6319039A002058FEB05DBA8C590EEDBBF6BB88320F164194DA01AB366D675EC81CB50

Uniqueness

Uniqueness Score: -1.00%

Function 050B5840 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a9e674ad8d562d392f5d800d34019a75fca5767af1c7f849faa102478f6f1b5
Instruction ID: bb15faa6e3991a927a5de3f3db5d2fe2b81c8f4c1db4ea337adc36c913425bb8
Opcode Fuzzy Hash: 5a9e674ad8d562d392f5d800d34019a75fca5767af1c7f849faa102478f6f1b5
Instruction Fuzzy Hash: 5711E930B111149BEB08E7BAEC949FFBAE79FD9214B54457D9003AB391EDF09C0047A1

Uniqueness

Uniqueness Score: -1.00%

Function 050B21F8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eb8b459caf06420584539d42d5b8e375b7cf8430aefb267bd2a3d4dcbf8b3a5
Instruction ID: 227b15c5304ba229874c76408d833b6eeb740c4e8afac8ff6e9a7eadaaacc750
Opcode Fuzzy Hash: 9eb8b459caf06420584539d42d5b8e375b7cf8430aefb267bd2a3d4dcbf8b3a5
Instruction Fuzzy Hash: 6D212D34D0820AEFDF84DFA5D5856FD7BF2BB44300F10416AD502E7260D6B19E45CB52

Uniqueness

Uniqueness Score: -1.00%

Function 050BE650 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b47e371aa176438e2f6945c5edcf279d8e1f5dcfb766271e3e9f7f9e3f4fe1a
Instruction ID: bc40726e25e8e50f7d79d522d0def4fb3028b6cd9c4164c418d03b7501d7836e
Opcode Fuzzy Hash: 9b47e371aa176438e2f6945c5edcf279d8e1f5dcfb766271e3e9f7f9e3f4fe1a
Instruction Fuzzy Hash: 02216070A00114DFDB94DFA8E595AFEB7FAFF88290B21806AD506E7240D771AD11CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 050BAD09 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9cde8a05e7f3f64d16913e64899072eb20893ba45e6821dad8fc667d7f6ffc4
Instruction ID: 5a89bbdc5be45e013001cc70d102085d2d1fe5b8906ee495056132d01fc6239a
Opcode Fuzzy Hash: c9cde8a05e7f3f64d16913e64899072eb20893ba45e6821dad8fc667d7f6ffc4
Instruction Fuzzy Hash: 23118171F04614DFDB14DA68E981AEE77F2BB88701F10497AE503EB284EBB1AC018790

Uniqueness

Uniqueness Score: -1.00%

Function 050B5000 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a1d5296cc55b81fbde624a3fa122f35a2142b6c27e3db94c2a80257475004d2
Instruction ID: d323ed5f81014cb3a27713374e2f6a69d6491475b002ec26a17765affc163b7f
Opcode Fuzzy Hash: 7a1d5296cc55b81fbde624a3fa122f35a2142b6c27e3db94c2a80257475004d2
Instruction Fuzzy Hash: 6211B431B14211CFDB44EBB9A8906EE7BE2AF88610B5441B9C506E7285EF709D028BD5

Uniqueness

Uniqueness Score: -1.00%

Function 050B48C8 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4bdbda7d898a7b9d665c33491eccf48901c9de3873f3c28bca5aafea24e782
Instruction ID: 3d6ea0257e9542bcec3d5ac30caef29d35e14d72a419d89150059153edbfd775
Opcode Fuzzy Hash: 0b4bdbda7d898a7b9d665c33491eccf48901c9de3873f3c28bca5aafea24e782
Instruction Fuzzy Hash: 3E11C632F04119ABDF18DA68E8909FE7BB7AFC5710F04442AD906B7242ED601F0687A1

Uniqueness

Uniqueness Score: -1.00%

Function 050B4520 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c9427b92542346719277af748aa9be0030ffdaac9c84a1d80ebb7981ce08a4c
Instruction ID: 0f32d91bcec4857279476d7c1345853a73a06f716a44edd78763fc18e4136630
Opcode Fuzzy Hash: 6c9427b92542346719277af748aa9be0030ffdaac9c84a1d80ebb7981ce08a4c
Instruction Fuzzy Hash: 3A01C432F045158BEF14DA59E4402EFB7A79FC5721F04413AAD069B342DAF29E0587D0

Uniqueness

Uniqueness Score: -1.00%

Function 050BCC68 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0d103324520362bc4e984854acd4d0be8602a354cd634287340748064720e3b
Instruction ID: fc98a0c618b07412fe20390647c3da53025118c24f35215e178b0b92033150d6
Opcode Fuzzy Hash: d0d103324520362bc4e984854acd4d0be8602a354cd634287340748064720e3b
Instruction Fuzzy Hash: 761191307001119BE748EB69D494AAE7BE7AFC97507288179E406EB355DF72AC028794

Uniqueness

Uniqueness Score: -1.00%

Function 050B0B18 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c085995da1db97057c61fa82c4e1a8eb0579390ed6686bb6fbd2a038388c5b8
Instruction ID: cb2048c83ec69925153a565d5795df5c9120d6333966c6872aa315802bfc52b1
Opcode Fuzzy Hash: 0c085995da1db97057c61fa82c4e1a8eb0579390ed6686bb6fbd2a038388c5b8
Instruction Fuzzy Hash: C911E520B58115EAFB60D534ACB9FFF61F79B44748F20846A9803EB240DAA1C9008790

Uniqueness

Uniqueness Score: -1.00%

Function 050BF9E0 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10057c59014f6a990ceae3caa848e43c778d841438f2b6ed41e5739e103e357d
Instruction ID: 96a24a577dc4926145df8640f707ef61dcf6ac7d9fce0473bea4e059c8d849d2
Opcode Fuzzy Hash: 10057c59014f6a990ceae3caa848e43c778d841438f2b6ed41e5739e103e357d
Instruction Fuzzy Hash: 5E1193F0A0434ADBEB18DE64E8D47EEBFB2AB48318F14447EC516A7280CAF55845CB90

Uniqueness

Uniqueness Score: -1.00%

Function 050BCD98 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b1009e3dc632cb5fc1f1e831cd933baf072378b5701cbb8da73fa6005b0419e
Instruction ID: 1389ae89cc7b0da2d8d22b0c1330efa479b4859a4e359dcde6ae86ce1fe74af9
Opcode Fuzzy Hash: 4b1009e3dc632cb5fc1f1e831cd933baf072378b5701cbb8da73fa6005b0419e
Instruction Fuzzy Hash: 11118930308641CBE618E738919157E7BD3BBC5704398856DA65B9B341DEA3AC078796

Uniqueness

Uniqueness Score: -1.00%

Function 050BE640 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 439782d63f22ee612ecdf5f86df44a46102a510829f28b1f72993564552e7b4e
Instruction ID: 1dd325ddde64a1e877d9f1031db1bfa96563deb57db5f3a134563bed4bf061f9
Opcode Fuzzy Hash: 439782d63f22ee612ecdf5f86df44a46102a510829f28b1f72993564552e7b4e
Instruction Fuzzy Hash: 43115E75A05114DFEB54CF68E5819FEB7FAFB48391B21806BE40AE3240D371AD01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 02B2087C Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.626769693.0000000002B20000.00000040.00000040.sdmp, Offset: 02B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2b20000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f99ee80f494ce1f33d22a4f37ac412470a7c5d88eda050fd905d9b45bcc8751
Instruction ID: d7b2e2569c2af9f281c1910a08ca9fba02b1f224ae61a99b1419f82ff910336f
Opcode Fuzzy Hash: 6f99ee80f494ce1f33d22a4f37ac412470a7c5d88eda050fd905d9b45bcc8751
Instruction Fuzzy Hash: 1811C034204384DFE305EB14C944B26BB91EBA8708F24C99DEA4E1B652C7779807CB91

Uniqueness

Uniqueness Score: -1.00%

Function 050BC980 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25b21b1ebe57a7389273f420aea1374ad30f23e2e0997a15a82bdae97080e5b7
Instruction ID: f2fb1d561daefdc73c39218e52b31200d585aef168be118a578d3e74dfc2c8df
Opcode Fuzzy Hash: 25b21b1ebe57a7389273f420aea1374ad30f23e2e0997a15a82bdae97080e5b7
Instruction Fuzzy Hash: F211A3317042649FE709AF39A858B2D3B97FBCA215B090568F506FB398CA715C47C744

Uniqueness

Uniqueness Score: -1.00%

Function 050B11DF Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 973094cb759dc5c53542e3939a6f821fd47c3866f006bf072b200882b78b38a4
Instruction ID: 2df8b513da5f634f926e1ca1760f0a3058e99d7328538ff2fc32625e33277298
Opcode Fuzzy Hash: 973094cb759dc5c53542e3939a6f821fd47c3866f006bf072b200882b78b38a4
Instruction Fuzzy Hash: 51114434308190CFDB05D728E4B49AD7FE6AF96301B1541FBD546CB7A6CEA58C09C752

Uniqueness

Uniqueness Score: -1.00%

Function 050B9EE8 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 783986b73ffc7792c0c8fbffac46972da5a4961f35fce22b859ce1866ae4ca2c
Instruction ID: db9e7e6d978bd829e006bc61b280428b7feb7332afb42843a11a09c823ac4538
Opcode Fuzzy Hash: 783986b73ffc7792c0c8fbffac46972da5a4961f35fce22b859ce1866ae4ca2c
Instruction Fuzzy Hash: 99014075B000408FCB8CE7B890686BD3BE3EFC9655315446DD60ADB3B4EE319C0A8B41

Uniqueness

Uniqueness Score: -1.00%

Function 050B7D28 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f37d99ec690bfe5d0c93dfbe66a86bf4d122fb631551d60959239d4627db2c10
Instruction ID: d1e49971e021d2b08c528d9f3e74a34fa74bbe624d4603bb8d8dddaea01edbd6
Opcode Fuzzy Hash: f37d99ec690bfe5d0c93dfbe66a86bf4d122fb631551d60959239d4627db2c10
Instruction Fuzzy Hash: B7015231A049049BEB28DA54E8906FFBBB2EBC4794F14446EC516A7281CBF1AD0187D1

Uniqueness

Uniqueness Score: -1.00%

Function 050BA9E8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d0bb8d67fba786f7ccfe6d369ccecea75dd88e33547d32617200e97946fdd22
Instruction ID: 02bf1f530c56dbc373ebebff0d4a32989f165458c15159a186ace2165edcb4a8
Opcode Fuzzy Hash: 7d0bb8d67fba786f7ccfe6d369ccecea75dd88e33547d32617200e97946fdd22
Instruction Fuzzy Hash: 130192B1B08204DBEB14DA58EAD17FFBBF2AB84210F14446EC516A7240DBF16D0587E1

Uniqueness

Uniqueness Score: -1.00%

Function 050BE058 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cfe759bc93315ed745bee74b2b369281e4686c63d4aad673722803c18feea8a
Instruction ID: c27bf882b03b88c05857d6abde0a228f4d49203e0587ca8536389d10d23c31f8
Opcode Fuzzy Hash: 7cfe759bc93315ed745bee74b2b369281e4686c63d4aad673722803c18feea8a
Instruction Fuzzy Hash: 2C012B31701220DFDB1427BAA8489AF7ADEFFC9764714443DE506E7381DD728C0283A0

Uniqueness

Uniqueness Score: -1.00%

Function 050B5740 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a79a849e00cada8d135f7287176d59aa4855d9b0e07177fabe9500e21df8d0a6
Instruction ID: 426d044c0bf160eecf9dfa5e13e4622ecc5ce1b2f920f7fdf7b11b5bd7386f14
Opcode Fuzzy Hash: a79a849e00cada8d135f7287176d59aa4855d9b0e07177fabe9500e21df8d0a6
Instruction Fuzzy Hash: 49117030A44305CFE704EFB6F9C06AE7BB2BF44340F20026AD401A6284F7729941CB90

Uniqueness

Uniqueness Score: -1.00%

Function 050B5508 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2283d4c94af232b0cf684c5bb19480e165d70ebfd7260b2ebce116278ed945b4
Instruction ID: 51262d0ae283013beb0af6e17e51404907c9c852a47f32af9087d6a71e58f022
Opcode Fuzzy Hash: 2283d4c94af232b0cf684c5bb19480e165d70ebfd7260b2ebce116278ed945b4
Instruction Fuzzy Hash: 80115E30A113158FCB48FFBAEC51AAE7BA6EF88301F50452AD505E7295EB319942CB91

Uniqueness

Uniqueness Score: -1.00%

Function 050B9EF8 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70d7abc78e52a7e4b587f0c6d775d524e94537ec7b0dc4ad8142a9acdcd4ce4e
Instruction ID: 771f3f328936aa845beb9766d0ae9a13956f03e8863872ae21e69f65f2f59054
Opcode Fuzzy Hash: 70d7abc78e52a7e4b587f0c6d775d524e94537ec7b0dc4ad8142a9acdcd4ce4e
Instruction Fuzzy Hash: 2C012C34B000409F8B8CEBBCD0689BD3BE7EFC96513554469E60ADB374EE719C4A8B51

Uniqueness

Uniqueness Score: -1.00%

Function 050B7D18 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c734b888d9edc42fcb37d771b3292fab368106637d860dfc59f0f7f27529cb3a
Instruction ID: 043c7cc44ceac78af28ccb78710750eaabe6fb4663ac8a4e7dde89601b8485d3
Opcode Fuzzy Hash: c734b888d9edc42fcb37d771b3292fab368106637d860dfc59f0f7f27529cb3a
Instruction Fuzzy Hash: 81018C31A089009BE728CA64E8D0AFE7BB3EBC4780F18446EC407A7780CAB19D018B81

Uniqueness

Uniqueness Score: -1.00%

Function 050B05B9 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0df4a60a3c35f40427713655f0b4f75a410b917a95776c79ff42c5b11191645d
Instruction ID: 887e0dddf0111b5ecbaae7c305f7320e45bb67d6bc8f9182a15d5e2e72f45c4e
Opcode Fuzzy Hash: 0df4a60a3c35f40427713655f0b4f75a410b917a95776c79ff42c5b11191645d
Instruction Fuzzy Hash: 8B01F4717040200BCB09677D64217BF26975BC5641B68112ED106EF3C5CDA48C0343D6

Uniqueness

Uniqueness Score: -1.00%

Function 050BA9D9 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c960e870b5b1759a6839137d9d5ecaf4bbf1097734f20c5eb5319649c05ea854
Instruction ID: 1d21d4a1aeaf8f0d04e2876a18d0f836a38708c051c797b20fd74e57355a261b
Opcode Fuzzy Hash: c960e870b5b1759a6839137d9d5ecaf4bbf1097734f20c5eb5319649c05ea854
Instruction Fuzzy Hash: 0D0175B1B18244DBEB14DF24E6D57FEBBF3AB84200F14446DC416AB241DBF5AD058BA1

Uniqueness

Uniqueness Score: -1.00%

Function 050BAE40 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eed670df67f9917a64700747dbcb54beeb72eea9404674cd4d13d58291cca7d9
Instruction ID: 5c4ec5961e81dc78ac2855c7eaaa86d45adc5cad36f1eb037b1662fb3b0a9993
Opcode Fuzzy Hash: eed670df67f9917a64700747dbcb54beeb72eea9404674cd4d13d58291cca7d9
Instruction Fuzzy Hash: AD012C71F002199FDB90EFB9A8457EEBBF4EB44214F10413AD659E3244EB7155058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 050B6D90 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1805414ce0410629625f894ae6f0924759ade5a77d4be4cc9bf25e1dd751a4e
Instruction ID: 2e4a84761096316899a40c411934c721022b11a8844194faefb40d7e04921083
Opcode Fuzzy Hash: d1805414ce0410629625f894ae6f0924759ade5a77d4be4cc9bf25e1dd751a4e
Instruction Fuzzy Hash: 12014F71E002189FDB50EBB9E8817EEBBF5EB44610F50423AD508E3285EB719956CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 050BC1C8 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88373994d3de36162b542e4cb8171500f6d5aac29d11dea2d52efe4bacf801fc
Instruction ID: fd4755a928378d661670e8d573326358fa361e8d2e7bed3def34856624127380
Opcode Fuzzy Hash: 88373994d3de36162b542e4cb8171500f6d5aac29d11dea2d52efe4bacf801fc
Instruction Fuzzy Hash: 4401A7767047008FE321CF99E5809ABB7F5FF86225705896BD19ED3A10D670F8058B50

Uniqueness

Uniqueness Score: -1.00%

Function 050B05C8 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfae12f6dade2c36d8961e80dc547e6a16bc4f60ca40572d37b9882c18f21a49
Instruction ID: b017d2faba66d4e9d186a95556c140892f2abb23b464dc9826af91fc6a53b0a8
Opcode Fuzzy Hash: dfae12f6dade2c36d8961e80dc547e6a16bc4f60ca40572d37b9882c18f21a49
Instruction Fuzzy Hash: A7F0B4717001200BCA49767EA4627BF62DB9BC9A507A8512EE20AEF384CEB19C0303D6

Uniqueness

Uniqueness Score: -1.00%

Function 050B4798 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7384d41aa7c0e3c0a717b45604cf3ca2cc43d7436173eedd4b345023caa0dae
Instruction ID: da6e354205e354deb52de37a65f305dcd74dc59bf34f2e0c142251221b56f8be
Opcode Fuzzy Hash: f7384d41aa7c0e3c0a717b45604cf3ca2cc43d7436173eedd4b345023caa0dae
Instruction Fuzzy Hash: F4014B31F002098FCB54EFBDC4506AFBBE6EB89350F20443AD509E7280FA359A4687E5

Uniqueness

Uniqueness Score: -1.00%

Function 050BC970 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8646e650c135bcd0c030e5239f47bac21ea9ce4488fef8717f828fc866228ae8
Instruction ID: d90394400866580e53893cce6ccbb4eeff1ed83cb5ffed5fb298259c7af91ad0
Opcode Fuzzy Hash: 8646e650c135bcd0c030e5239f47bac21ea9ce4488fef8717f828fc866228ae8
Instruction Fuzzy Hash: 3F01B5717042A09FE709EF38E55976D3BE2F789209F0905B9E406EB399CA305C43C744

Uniqueness

Uniqueness Score: -1.00%

Function 02B2081F Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.626769693.0000000002B20000.00000040.00000040.sdmp, Offset: 02B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2b20000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 416173b40cf6fd9f4b0db305b6dff7b65dce7d950bea0e56e804e8023ffa8c42
Instruction ID: 96ec64eb6119c4b504cf0848cb0fcc992b2fa3c1e76c38c455a2e4b293b61d43
Opcode Fuzzy Hash: 416173b40cf6fd9f4b0db305b6dff7b65dce7d950bea0e56e804e8023ffa8c42
Instruction Fuzzy Hash: DE117735108784DFC706DB14C940B15BBA1EB55718F24CAEDD9491B693C33B9816CF51

Uniqueness

Uniqueness Score: -1.00%

Function 050B6D7F Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17e399fc492b994af0e8b4025280d1825b5bdd024e1d308aff9f6bfd0f736e16
Instruction ID: bbb178795f2ea3e7955063807b62dc4cc4019320142a64f580f607e0f27fa1f6
Opcode Fuzzy Hash: 17e399fc492b994af0e8b4025280d1825b5bdd024e1d308aff9f6bfd0f736e16
Instruction Fuzzy Hash: 30018F71E012189FDB50EFB9E8817EEBFF1EF44200F500229D545E3285E7719942CB91

Uniqueness

Uniqueness Score: -1.00%

Function 050BAE30 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2197a656c913825d70d84c7f1c86e309edacaa1ca528fae00d1ef8be0fb692a
Instruction ID: afc9f182642ce16f351e046e29519d1a2479966d2da4c1bd46d30f6a6fd5ca04
Opcode Fuzzy Hash: f2197a656c913825d70d84c7f1c86e309edacaa1ca528fae00d1ef8be0fb692a
Instruction Fuzzy Hash: 7D018FB1F002189FDB94EFB8E9457AE7BF5EB08200F10412AD944E3284EB3159018FD1

Uniqueness

Uniqueness Score: -1.00%

Function 050B1218 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03aa5212aba912e6b392511dd174a36601cdbe223ff96650f8d1d40acf09b361
Instruction ID: cccc9891551861506bf15edf69733963aa37e6e455505242d8e4ab6c8c7adafb
Opcode Fuzzy Hash: 03aa5212aba912e6b392511dd174a36601cdbe223ff96650f8d1d40acf09b361
Instruction Fuzzy Hash: EC011230314110CBDA08DB2DE0A49AD77EBBFC5710B1541BAE506CB7A5CFB59C19C785

Uniqueness

Uniqueness Score: -1.00%

Function 02B205D7 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.626769693.0000000002B20000.00000040.00000040.sdmp, Offset: 02B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2b20000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fc2c48d23b7809e0e76103b2308f64b26558ed7eaa854218388b2fbdfa64387
Instruction ID: b991289dcee319ad63a3080755b636526fe64ee2f45f99f34e7a8d7ba18991ec
Opcode Fuzzy Hash: 6fc2c48d23b7809e0e76103b2308f64b26558ed7eaa854218388b2fbdfa64387
Instruction Fuzzy Hash: 8CF0CDB65097806FD7128F06EC40863FFB8EF86670709C49FED498B611D165B904CB72

Uniqueness

Uniqueness Score: -1.00%

Function 050BAFB1 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6027f97877955c6fc6a321a0d54ae334f84771083d631810ff354da968d5af83
Instruction ID: 109ac13891d31099e9c38bd3285084036798d9b770052d1057e7fb1b012d6268
Opcode Fuzzy Hash: 6027f97877955c6fc6a321a0d54ae334f84771083d631810ff354da968d5af83
Instruction Fuzzy Hash: 6201AD31310200CFC704FB78E4565AD7BE3AB89315308867AEA0ADB354EF71AC468B81

Uniqueness

Uniqueness Score: -1.00%

Function 050B5CD0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 219a59f3da6d12f927a7017ccd7c65a57cc7532879e56c278fbabf843e4e9ab7
Instruction ID: 15abc1674fdeee2a54687d3418896584171dc5791e90433b9c8221c92ccbfca4
Opcode Fuzzy Hash: 219a59f3da6d12f927a7017ccd7c65a57cc7532879e56c278fbabf843e4e9ab7
Instruction Fuzzy Hash: 1FF096B2E011145F8F50DFBD68516FF7FF5DB94654B55026AD40DE3341F63089028799

Uniqueness

Uniqueness Score: -1.00%

Function 050BAFC0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de33c44bb18737e5d7255e9f9a4fb74b4296f0888a9b203c03560dbbdae95d63
Instruction ID: 409be8902b49271852ceef78e57ed55abe049a4a6e068470cdd756d19e6743cb
Opcode Fuzzy Hash: de33c44bb18737e5d7255e9f9a4fb74b4296f0888a9b203c03560dbbdae95d63
Instruction Fuzzy Hash: B6F0A430310210CBC704FB79E4595AD7BE7ABC93103584679EA07DB354DF71AC068791

Uniqueness

Uniqueness Score: -1.00%

Function 050B8920 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3ab0c91e7a29313a9d4de55eed659633977722480879ae73d6bbaf42a46071b
Instruction ID: 8611236cb37af3bd2099de48f2203f99616ad2dcb3079ac1bdeec6085721a383
Opcode Fuzzy Hash: c3ab0c91e7a29313a9d4de55eed659633977722480879ae73d6bbaf42a46071b
Instruction Fuzzy Hash: EC0108B4D05288AFCB44CFA8D58099EBFF1EF49304F2495AAD945E7741D3305A41CF41

Uniqueness

Uniqueness Score: -1.00%

Function 050B67C0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e60e1daae385e8fb61be285fe6cf942a498a7abb1f138ddb1325b0d3bc9b08f
Instruction ID: 0b1d1a177f98f42f41376d714cef7da2a40e6a97c71770071cf1f4dc2b3f0473
Opcode Fuzzy Hash: 9e60e1daae385e8fb61be285fe6cf942a498a7abb1f138ddb1325b0d3bc9b08f
Instruction Fuzzy Hash: 8BF05932F081148BEB20C578B8906FFBBF3DB85750F40067AC906E3381EA660A0786C1

Uniqueness

Uniqueness Score: -1.00%

Function 050B67D0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aef060e91820549029e421a604e4fbea42bfb1d4e036539479dc715af12c95fd
Instruction ID: 0dae4dcec96f93ebbbc0b326df515cf9cc943678b8171c8eb3561f12c5acdd0a
Opcode Fuzzy Hash: aef060e91820549029e421a604e4fbea42bfb1d4e036539479dc715af12c95fd
Instruction Fuzzy Hash: FDF0E930F0451597EB14D56978A05FF7BE79785694F004526C906D3380EE665A0282D2

Uniqueness

Uniqueness Score: -1.00%

Function 050BFD37 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdf21ef5c8a7cc8dcd72854ab4070825d992454efec9dd0f216519f2d8551ff0
Instruction ID: 064fd1a2cf4c04e6bb4836dda1bbbf1e9f178a9f15cbb8738bd9c093a7a0247d
Opcode Fuzzy Hash: bdf21ef5c8a7cc8dcd72854ab4070825d992454efec9dd0f216519f2d8551ff0
Instruction Fuzzy Hash: 43F0FF32904114AFCB42DFA89C409EEBFF2EF49210B0080ABE459D72A0E2B18A20DF50

Uniqueness

Uniqueness Score: -1.00%

Function 050B9F88 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c40b0dbec004b1c75a5b309dafd64876d852b297542c2905aa501f5e9513993a
Instruction ID: fd1e7276a9a537c62771b9470eb9f7ccd53bb00c388fd6eebe4d8a7417678c26
Opcode Fuzzy Hash: c40b0dbec004b1c75a5b309dafd64876d852b297542c2905aa501f5e9513993a
Instruction Fuzzy Hash: E6F09031B001449FCF5CABB8E0696AD3FE6EB8965171404ADEA0AD73A0EE359C4B8741

Uniqueness

Uniqueness Score: -1.00%

Function 050BCC58 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03b849bedfa57c134c3dc7e57c1932ec71db5b4874ab741bbb792b2c79cb64a2
Instruction ID: 2545e0d91ba4af06642158abc0c46fa5eebcb17c8a4203e92e44a8a572719fe6
Opcode Fuzzy Hash: 03b849bedfa57c134c3dc7e57c1932ec71db5b4874ab741bbb792b2c79cb64a2
Instruction Fuzzy Hash: 9BF0AB737000212BD168716D68847BF36DB87E8A60768013AF546E3380CD61AC0343EC

Uniqueness

Uniqueness Score: -1.00%

Function 050B6349 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62c731320fdf74ef24e35aad1019e7d683dfde996f244f3fff63bf30e7775762
Instruction ID: 53564c522646da42bcef6baff267f755d252adf6271dc8b062890c3fa3a4e5be
Opcode Fuzzy Hash: 62c731320fdf74ef24e35aad1019e7d683dfde996f244f3fff63bf30e7775762
Instruction Fuzzy Hash: 9AF02E72B1011497EF24D569A8A1AFFB7E6DBC4A90F00017AC956E33C1F672590186D2

Uniqueness

Uniqueness Score: -1.00%

Function 02B20846 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.626769693.0000000002B20000.00000040.00000040.sdmp, Offset: 02B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2b20000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c7b0a9b14f6d4bcbbd990a1166d7eadf8d90008d030ae21594bacddbd4b4cd5
Instruction ID: 702eb404572388fb6ba81bf9884a7cf78c6e7f3676918c9a4671eebbb00c2a94
Opcode Fuzzy Hash: 0c7b0a9b14f6d4bcbbd990a1166d7eadf8d90008d030ae21594bacddbd4b4cd5
Instruction Fuzzy Hash: 0401A23400D3C08FD303DB24D950745BFB2AF47208F19C5DEE9889B2A3C627880ADB52

Uniqueness

Uniqueness Score: -1.00%

Function 050BEA57 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f76450afd7a2b535ed2537d02062c4a995876ec0272c69505c6bbb9810cb3a97
Instruction ID: ebfadaff3c0a91dd88552ffff55bac44052b0bf1be93bf1bebb23e4b144727a0
Opcode Fuzzy Hash: f76450afd7a2b535ed2537d02062c4a995876ec0272c69505c6bbb9810cb3a97
Instruction Fuzzy Hash: DDF0A7E2A083509BF7258198F8CC7FD6B8E77C4765F0A06BAA94BD7182D9D47C008361

Uniqueness

Uniqueness Score: -1.00%

Function 050B86A9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c71fdc027e011f75104c4982f2ab4f82b077ec267860d0c7c802b485b27ba9f
Instruction ID: aff3a47aabbf206f99e36284073dd87e722d4e713a5bf38f4dbfba59b6bd737c
Opcode Fuzzy Hash: 9c71fdc027e011f75104c4982f2ab4f82b077ec267860d0c7c802b485b27ba9f
Instruction Fuzzy Hash: 61F0B4B1F08104DFD700DA68EAC59EFBBEAEF90211F04C476D201D7271E6B194018B92

Uniqueness

Uniqueness Score: -1.00%

Function 050BA581 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0bd83e5d740589b05766a6e20a37974203ef117a11e8a0a9e3ece5259a7a6da
Instruction ID: 65b4cedc6ddae55a1b84174a6f7d0a9a6a7d409ba86e9850b830ed90e2081b5c
Opcode Fuzzy Hash: f0bd83e5d740589b05766a6e20a37974203ef117a11e8a0a9e3ece5259a7a6da
Instruction Fuzzy Hash: 86F062313083408FDB059778B8511AD3FA2BBC621935D447FE206DB262DE76AD0BCB91

Uniqueness

Uniqueness Score: -1.00%

Function 050B0918 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85a39fa35b82037ccd0c2823f9942f3b7013bbffb1db143ffba8c477eae1ae3a
Instruction ID: 169d2e47badecbdd07476e634963b52719426feb30cc3d618d9b63ef4547c457
Opcode Fuzzy Hash: 85a39fa35b82037ccd0c2823f9942f3b7013bbffb1db143ffba8c477eae1ae3a
Instruction Fuzzy Hash: A6E0EC31E152149AB75099F5F8A85EFB7AAD7C5650F0048379A07A3300D9F04C064291

Uniqueness

Uniqueness Score: -1.00%

Function 050B5CE0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ebd5f23cdef2c927ae60fb7d01c2e41af2cfb5c13ab4796e87aea9695c5188a
Instruction ID: cde84887770182715f488319f040bf5c072218249b547c3bcd904ea65530132d
Opcode Fuzzy Hash: 1ebd5f23cdef2c927ae60fb7d01c2e41af2cfb5c13ab4796e87aea9695c5188a
Instruction Fuzzy Hash: 35F08271E002154F8B90EBBD58445DFBFFAAB88620B11013AD408E3341EA30990187D9

Uniqueness

Uniqueness Score: -1.00%

Function 050B45B9 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c4f47007a2d61ac0976232816443985a567d9ab4027b3e7790063a35fc92c41
Instruction ID: eb0d4b6382b8f9fbed80d8c87ed89ed230cab1f18ef8bf80e553ed9ffe7d99de
Opcode Fuzzy Hash: 0c4f47007a2d61ac0976232816443985a567d9ab4027b3e7790063a35fc92c41
Instruction Fuzzy Hash: 42F0A072E442195FDB50DAA9AC46BEFBBF8EB84351F25013ED50CE3281E26085058761

Uniqueness

Uniqueness Score: -1.00%

Function 050B5FD0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2732e0b36a4953021f5c43bc403a99d495dcbdce5bc9f8367ea24c36323a7ece
Instruction ID: 99c90b528d1e506e184fcb7ec233ff2415dbec03f89fbf20bb709920ba2e28e1
Opcode Fuzzy Hash: 2732e0b36a4953021f5c43bc403a99d495dcbdce5bc9f8367ea24c36323a7ece
Instruction Fuzzy Hash: EFF03A72D002099FCF50DFB9D88AAEFBFF0EB49210B10053AD005F3201E23A45028BA0

Uniqueness

Uniqueness Score: -1.00%

Function 050BFD48 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bac7578c176ff7d3eb32739a84235ae1af603fc1014c950c00431d91698c0b2
Instruction ID: 97d50c3890c179784e682c705ce5462f69a1e74122054e724d6bc045c95a481a
Opcode Fuzzy Hash: 8bac7578c176ff7d3eb32739a84235ae1af603fc1014c950c00431d91698c0b2
Instruction Fuzzy Hash: 7CF05E31904219EFCB41EFA8DD449EEBFF6EF09210B04C4A6E558D7261E6718660DF91

Uniqueness

Uniqueness Score: -1.00%

Function 02B20938 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.626769693.0000000002B20000.00000040.00000040.sdmp, Offset: 02B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2b20000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction ID: 94afcbdfd632e1eeab7849b29dd74ac3fd9c789dea744c6965b0c732246b01d2
Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction Fuzzy Hash: C7F01D35104644DFC305DF04D940B16FBA2EB99718F24CAADE9491B752C337E817DB81

Uniqueness

Uniqueness Score: -1.00%

Function 050B6120 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6b07dc0fe904da73e764da82b7717e5035494e651dd0fa91ec90696919ad760
Instruction ID: f592319fd278d4c468ef0b2e481c49e36a42d013f4ab1ce30a5b8059ed99e38d
Opcode Fuzzy Hash: b6b07dc0fe904da73e764da82b7717e5035494e651dd0fa91ec90696919ad760
Instruction Fuzzy Hash: 9EE022727082101BEB15927CA812B6EA7AA8BDA341F1A043EE10AE73D1CCA29C034365

Uniqueness

Uniqueness Score: -1.00%

Function 050BA598 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6385b7f0a2bb254d11fab8c6b87a17f199d0e65601ba4b6aec170683020a366
Instruction ID: 497a340851a3301aba07e13b0781c549a1abfc07346f278f9a9af78dd3614d0a
Opcode Fuzzy Hash: e6385b7f0a2bb254d11fab8c6b87a17f199d0e65601ba4b6aec170683020a366
Instruction Fuzzy Hash: 88F0A7313041008F8B08966CB45156D7BE6FBC5329359843DE20BEB310CE73AD078791

Uniqueness

Uniqueness Score: -1.00%

Function 050BE498 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1c5e5be5a2f3e3d245c2f2507c5b85a5736eb8b0fdc79978804681cd638d61b
Instruction ID: 727c08f79bb516ab8271131bed123c171b4204bbcdc366ab0c9216eef6af45f7
Opcode Fuzzy Hash: f1c5e5be5a2f3e3d245c2f2507c5b85a5736eb8b0fdc79978804681cd638d61b
Instruction Fuzzy Hash: B3E0E5722005108BC314C55CD661AEE67DADBC5250315582EC50FAB380EE6298024790

Uniqueness

Uniqueness Score: -1.00%

Function 050B57A2 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e58f5d37e4d047329ebb958a997b72c5108dfc053f65d291fed3029e0301132
Instruction ID: ded3c64848fc67ed8bce38f922da224efe09c40da9d9b49bcfbc992b3bae8d01
Opcode Fuzzy Hash: 3e58f5d37e4d047329ebb958a997b72c5108dfc053f65d291fed3029e0301132
Instruction Fuzzy Hash: EBF0A030B44200CBEB48F779FD946FD7762AF84204B2082BAD206A61C0FE6108018795

Uniqueness

Uniqueness Score: -1.00%

Function 050B76A7 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c79aea40e76ff3ba73e0aced3485b69f4d0ffe6ab4031923efb7cf9d9f99a508
Instruction ID: a09eee08cb10ac0ca33d3d24be474045259ccab40bbc46d082299c228ef7f6ca
Opcode Fuzzy Hash: c79aea40e76ff3ba73e0aced3485b69f4d0ffe6ab4031923efb7cf9d9f99a508
Instruction Fuzzy Hash: FFE09B34B011114BFB54B3B9B8943EE66929FD0A14F405138C506DB7C0EFA14D068792

Uniqueness

Uniqueness Score: -1.00%

Function 050BFCF0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 958a62148da065764b59b3566d25afdb3cf1a4eaa20ef4c11d521a210764336d
Instruction ID: 51a6c746585b6a76c4ba314e32c47287648f9bd58e5968d478ddc2afa990a13d
Opcode Fuzzy Hash: 958a62148da065764b59b3566d25afdb3cf1a4eaa20ef4c11d521a210764336d
Instruction Fuzzy Hash: 83E0223220AE03CBF318D690FEC06FEA397BB40241750181FC14757E50CAE1F8424B82

Uniqueness

Uniqueness Score: -1.00%

Function 02B205AF Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.626769693.0000000002B20000.00000040.00000040.sdmp, Offset: 02B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2b20000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86d7379b33e6b52851484177550e813363adc3b2c7f9fbb66ec88b1e181c1732
Instruction ID: 8882524a5e076a43f50a2bcd5c1fa9fdbcd3be4b8160f4ed3feb53f7231d80e3
Opcode Fuzzy Hash: 86d7379b33e6b52851484177550e813363adc3b2c7f9fbb66ec88b1e181c1732
Instruction Fuzzy Hash: 48E09275A812208BD200AF0AA8410B1B7A1FA9433171884BBDC0DCA201E626921D8BA6

Uniqueness

Uniqueness Score: -1.00%

Function 02B205F6 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.626769693.0000000002B20000.00000040.00000040.sdmp, Offset: 02B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2b20000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdf167992570f75aac25218c7863ce71406d4bf4daa1e7e26d04b02f9232218c
Instruction ID: 8f35fc7c1a854cd983eade571b6f759c082bf95c867a9d032ddc5dba9933f530
Opcode Fuzzy Hash: fdf167992570f75aac25218c7863ce71406d4bf4daa1e7e26d04b02f9232218c
Instruction Fuzzy Hash: B1E06D766406009BD650CF0AEC81452F798EB88630B18C47FDD0D8B700E175B5048EA6

Uniqueness

Uniqueness Score: -1.00%

Function 050B6130 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f1fb9f548626ab5fcb2158e3c3c1ff3b7510e0e3249ba64446b7b46cfd94b15
Instruction ID: a2edc3fb4f2df603fdecba57e169630b66eb6c377769bf5be927c5748cbc36d1
Opcode Fuzzy Hash: 9f1fb9f548626ab5fcb2158e3c3c1ff3b7510e0e3249ba64446b7b46cfd94b15
Instruction Fuzzy Hash: E9E0863130021567D619A26D6411B6EF2DF8BD9755F14483EE20AA7391CCA3AC0343A9

Uniqueness

Uniqueness Score: -1.00%

Function 050BB571 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3d3ff7b0db476ae8ad7085fb5e3787106dcb356edf4bba63fd86a9d44e8bcc2
Instruction ID: 981f8035f45dd6f92ffe4462de2746e8a863d59c889049f5c7afe0d831d3db6a
Opcode Fuzzy Hash: e3d3ff7b0db476ae8ad7085fb5e3787106dcb356edf4bba63fd86a9d44e8bcc2
Instruction Fuzzy Hash: 73E0D832900B104BC334DE2FD801647F7F9FBE5720F088A3ED259D2604DBB0B9054690

Uniqueness

Uniqueness Score: -1.00%

Function 050BE9E8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c16e9c6edf20ffd6fb9fd34d6ca4f262de8020bf0b67906a950ccf7d4e27ad15
Instruction ID: b08f9e28ce05fa92fca5a9936b8a7f17f92d3908ef09c230d678a1823357e778
Opcode Fuzzy Hash: c16e9c6edf20ffd6fb9fd34d6ca4f262de8020bf0b67906a950ccf7d4e27ad15
Instruction Fuzzy Hash: 26E0DF312101208B9624D65DE551DEEBBDEDBC5B60310882ED51AEB301EEA2FC0247D0

Uniqueness

Uniqueness Score: -1.00%

Function 050BE4A8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c8a275e7575e952b727b488e1b802f019c1a7caefdc9bd241dde334f6990d36
Instruction ID: 811db83bedd8617ae845e147b77d8b1d956cb2fd986a055f543c527301f261e0
Opcode Fuzzy Hash: 4c8a275e7575e952b727b488e1b802f019c1a7caefdc9bd241dde334f6990d36
Instruction Fuzzy Hash: 70E0DF312001209B8324D66CE5519EE7BDEDBC6720314886ED90A9B340EFB2EC0287D1

Uniqueness

Uniqueness Score: -1.00%

Function 050B88C8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 259b061aeb786eadc0aeda379100a508f1bfd85fbc1c97ee11ab742794fbd43a
Instruction ID: 9ee96da0ca90aa3892da297bd912a7463803c089ad9da429a1da16627a4bdbe4
Opcode Fuzzy Hash: 259b061aeb786eadc0aeda379100a508f1bfd85fbc1c97ee11ab742794fbd43a
Instruction Fuzzy Hash: 38F01278D09248AFDB04EFA9E485A9DBBF9EF45304F14C5BA9C4593242D7705A04DF42

Uniqueness

Uniqueness Score: -1.00%

Function 050B8B38 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc109bb5b48b3f8de1185a12284feb92dc186e4110053676853f1b0c8ac06b4b
Instruction ID: 5ef5e6d43f06a95dd02c81ffd1fbbdb876f6059adf53df89152d7f5d2bbeb18c
Opcode Fuzzy Hash: cc109bb5b48b3f8de1185a12284feb92dc186e4110053676853f1b0c8ac06b4b
Instruction Fuzzy Hash: D9E09B35B161209B87546FB9B414A687BFEEB8C5917188167DD06D3354DE708C0187D1

Uniqueness

Uniqueness Score: -1.00%

Function 050BCF8E Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b8c062d6aa2e962d6e0b2dc0b8001819cc0c7149ed7e1e43cefda9f270f2882
Instruction ID: a481b823b2f670fce0843a4d2b756e238dd358180bf5cd0710f8ee0b41c321a2
Opcode Fuzzy Hash: 1b8c062d6aa2e962d6e0b2dc0b8001819cc0c7149ed7e1e43cefda9f270f2882
Instruction Fuzzy Hash: 72E0D8767081428FEB05972D50614BE37E7BFC926231604FBE007DB361CAA19C168352

Uniqueness

Uniqueness Score: -1.00%

Function 050B5FE0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a389439b0f26ddb85f47d085d31ce5a5d432751ca0f201d57f87553c8a0f7fe
Instruction ID: c62e24ea333c503a196bd0f1592684d8c9e478afe0c78afb2090c50e427e47e3
Opcode Fuzzy Hash: 9a389439b0f26ddb85f47d085d31ce5a5d432751ca0f201d57f87553c8a0f7fe
Instruction Fuzzy Hash: 25E0C972E1030A9FCF54EFBAD8495EEBFF4EB49350F100476D109E3201E63A5A158BA4

Uniqueness

Uniqueness Score: -1.00%

Function 050B46B8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4e8607087b41c5b3e94956f5fec950ee8bcee0f1ea0ff5133e5a38f7c1efeec
Instruction ID: 1f3ade69c43044958bc5c34150633f76b65f5b269657ebd7468709b83f817058
Opcode Fuzzy Hash: e4e8607087b41c5b3e94956f5fec950ee8bcee0f1ea0ff5133e5a38f7c1efeec
Instruction Fuzzy Hash: F3E08C313000209BEA506AFDB4A46EE37DBEF85750B140066F20BDB692DE5ADD0143C7

Uniqueness

Uniqueness Score: -1.00%

Function 050BFD00 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1919b31a3e1813e0dccbcf7b18319801566590f1be60531f7825272700463143
Instruction ID: 7d1c0039a32ac5dad58ec902d5ddf6160741be58b151da094bda129dbf1ea03c
Opcode Fuzzy Hash: 1919b31a3e1813e0dccbcf7b18319801566590f1be60531f7825272700463143
Instruction Fuzzy Hash: DDE04F3020AE07CBB358D651FDC08FEB3ABBA41251750595BC64347E10CAE5F8424BD7

Uniqueness

Uniqueness Score: -1.00%

Function 050B6771 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72cd5a4cf611fa68b092629b9b006a2656cfb54706ce718b129192cf4be57a35
Instruction ID: ac220cae439fcb68c2d021daa3141231ad6fe65f6204360b5d1a43a930c56d38
Opcode Fuzzy Hash: 72cd5a4cf611fa68b092629b9b006a2656cfb54706ce718b129192cf4be57a35
Instruction Fuzzy Hash: E7E026B26CC51097F70012D9AE06FDD22CA9780762F060039E60AE22C0DAC78800069A

Uniqueness

Uniqueness Score: -1.00%

Function 050B89AB Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1e5ffba620406664bc6d840dc77a4909ded3ea7ca7c0bf76498739f5e70481b
Instruction ID: 93feaf36936aa263f37f0de27ac353ff0d5c864762546a028fcc425f94798ba3
Opcode Fuzzy Hash: e1e5ffba620406664bc6d840dc77a4909ded3ea7ca7c0bf76498739f5e70481b
Instruction Fuzzy Hash: E5E0C030204649CBDA04EF19F8C189D3F6EFF50318758D726A9019A629EFF0A9078783

Uniqueness

Uniqueness Score: -1.00%

Function 050BCFA0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5695390ebf9ec33be10918a999cbb4ad6f90c02ff9683e592a2cf147cc7351e
Instruction ID: b7612852e39dcb88e3a5c17ad3f1ef2305f163fabfc2b6bd6a5362c1fb36a452
Opcode Fuzzy Hash: a5695390ebf9ec33be10918a999cbb4ad6f90c02ff9683e592a2cf147cc7351e
Instruction Fuzzy Hash: E7E0123171801B976514A15EA0918FE76DBBAC966231540BBA1078B360DED29C119393

Uniqueness

Uniqueness Score: -1.00%

Function 050BAEF0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67840d24f9da1b495f44ea52da242c5770c8c2ac5aa6f42a3a7e3fd1ba9fdf55
Instruction ID: 367eca8b22d79488225bac79fc7548955b79a8177c77471420df5782b2440331
Opcode Fuzzy Hash: 67840d24f9da1b495f44ea52da242c5770c8c2ac5aa6f42a3a7e3fd1ba9fdf55
Instruction Fuzzy Hash: C3E0D8B57042108BDB4866F8A1292FC7ED79B98242711045ED507DB3E4DD304C024352

Uniqueness

Uniqueness Score: -1.00%

Function 06590498 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.631118582.0000000006590000.00000040.00000001.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6590000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 346a6496303a2f6702bd2beefa5f0d4bdfdd0d2f7f51bc0ebb8da24d978c79cf
Instruction ID: c2b3608066b3731dc3d53fb7f8470e47052d7e25290cbc8911070cabd277e682
Opcode Fuzzy Hash: 346a6496303a2f6702bd2beefa5f0d4bdfdd0d2f7f51bc0ebb8da24d978c79cf
Instruction Fuzzy Hash: E7E086717491601FD709A6BC98619BA6B99CBE634030654EFE50BEB3D2C8524C06C791

Uniqueness

Uniqueness Score: -1.00%

Function 050B89B0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66c415ef4adadd089d32f9140b3e6b3f8ac009614b7a40ea5171fe88542fb057
Instruction ID: 9366d4e10d62601df3564aad0298e8eecfb8b2949039b2d3ec2359156f4eca71
Opcode Fuzzy Hash: 66c415ef4adadd089d32f9140b3e6b3f8ac009614b7a40ea5171fe88542fb057
Instruction Fuzzy Hash: C1E0C930204609CBDA04EF19F8C089D3F5EFF50318754D726A9019A629EBF0A9078B83

Uniqueness

Uniqueness Score: -1.00%

Function 050B88D8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fc03a1277e27f076be57ec438ffcb17fe44be1a8e3a2a556e7df0a8ee11bf7e
Instruction ID: 8fc1e80f2c99af0596dfe5c24cfc5610989800ccba3b7e30a20c2963cac8ac95
Opcode Fuzzy Hash: 3fc03a1277e27f076be57ec438ffcb17fe44be1a8e3a2a556e7df0a8ee11bf7e
Instruction Fuzzy Hash: C1E0ED78D14208EFDB04EFAAE58559DBBF9EF48304F14D1A69C0593355DB706A00DF41

Uniqueness

Uniqueness Score: -1.00%

Function 050B8B29 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcf38a3c439a64c600b8d8a775dbfaa0c48965a6ab4785f612672af05d596bc9
Instruction ID: 271d474644152a7cfcaf421f8c22f5ae446c484cb308f5331f43c923b4c30302
Opcode Fuzzy Hash: bcf38a3c439a64c600b8d8a775dbfaa0c48965a6ab4785f612672af05d596bc9
Instruction Fuzzy Hash: 7BE092B7F021208BC7515EE4F919B6837FAEB48292B19851AD806E3364DE3088018BC1

Uniqueness

Uniqueness Score: -1.00%

Function 050BE4E9 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 684a937dcddf329475755facc521f3236e7ddfe5d2999d511282aac9ad6520d8
Instruction ID: 20d275590fb66753935acf8211313143bad3ad946a96541b3d45b7635fb43896
Opcode Fuzzy Hash: 684a937dcddf329475755facc521f3236e7ddfe5d2999d511282aac9ad6520d8
Instruction Fuzzy Hash: D1E08CB2204510CBE3688A91F0983FEB29FBB48203B451A1AA50F97280FAA1D9018791

Uniqueness

Uniqueness Score: -1.00%

Function 050B5DE8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 898509a6f8bbf688850b898a91fc0ae6649b3f491b8eed8e6cab42001d37883b
Instruction ID: 51556baaabd09e2b924631c204e6445f419ee6355e683880b07ad33808a1a011
Opcode Fuzzy Hash: 898509a6f8bbf688850b898a91fc0ae6649b3f491b8eed8e6cab42001d37883b
Instruction Fuzzy Hash: CCD02B317591801BEB25B3B82C616EE16C207C0611B4505AFD01B97382E8C98C014781

Uniqueness

Uniqueness Score: -1.00%

Function 050B6780 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1bb246f28f1f47ee4e727dbc16dd407df28121acd8c2935744b636aaeab5793
Instruction ID: 63c582d444fcaded8d07383fc53882b185787d0003d63fa5d39c2e609ce0fe37
Opcode Fuzzy Hash: a1bb246f28f1f47ee4e727dbc16dd407df28121acd8c2935744b636aaeab5793
Instruction Fuzzy Hash: 1DD02B7028C01487FB0066E97A44BEC32CE9B80361B040079DA0AD2290CED79C4043DA

Uniqueness

Uniqueness Score: -1.00%

Function 02B205BF Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.626769693.0000000002B20000.00000040.00000040.sdmp, Offset: 02B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2b20000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1565c8cc1297b905a34b4307835731d146b2dadde7cbef964336a5ee9eae8c76
Instruction ID: c4b160e3adcb113b5ded599be077ad5119746a4b2333c8d60e90c70fd032598f
Opcode Fuzzy Hash: 1565c8cc1297b905a34b4307835731d146b2dadde7cbef964336a5ee9eae8c76
Instruction Fuzzy Hash: 7FD05E7AB442144BE6509A0ABC420A2F390D68023575884BFCC0EC7700E216A15D87A6

Uniqueness

Uniqueness Score: -1.00%

Function 065904A8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.631118582.0000000006590000.00000040.00000001.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6590000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3abea427ca05e342f502713b8a0ee0324fa3ce456ac489dc478825d7ee72051
Instruction ID: 6a8202c9e017c2b4399dd92621608c48fa1635de83f0e4ef481fb0391253d5af
Opcode Fuzzy Hash: a3abea427ca05e342f502713b8a0ee0324fa3ce456ac489dc478825d7ee72051
Instruction Fuzzy Hash: F0D05E213401241B6608E5AC88529BA73CECBD661030498AEA60AFB341CD639C0283D0

Uniqueness

Uniqueness Score: -1.00%

Function 050B7898 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afd875fd44444b2cd885d1c6af7d84e33fff1ee95b8e010b8cbeaaeafa7861ae
Instruction ID: 358c0f59630caa2c49c8a493e1a3c32d3d6493720ec05d58eca33f7bcfb2a54f
Opcode Fuzzy Hash: afd875fd44444b2cd885d1c6af7d84e33fff1ee95b8e010b8cbeaaeafa7861ae
Instruction Fuzzy Hash: 17D08C31888310CAF3258AA5B480AEEBBAAEBC1304F04046B80430560085E2F084C3A2

Uniqueness

Uniqueness Score: -1.00%

Function 050BE4F8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e5c302d6db057c0db27f29c26710b0b398a4281e1c4cb453d3ba48f517b04e0
Instruction ID: 468ea047aae1e155d83ba229178ecd634e681d0c373020fb8d1ee43e822181ae
Opcode Fuzzy Hash: 4e5c302d6db057c0db27f29c26710b0b398a4281e1c4cb453d3ba48f517b04e0
Instruction Fuzzy Hash: 13D05E31109224DBE624D655F0886FEB39FA708612704492AF54B82101FAE2EA4187E2

Uniqueness

Uniqueness Score: -1.00%

Function 050B57F6 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c068535d20abb86b725e79976f272cc6b706a58d9b22396f3da4afa1c984e12a
Instruction ID: 69ec8d796f47f3d59ade7b22e8e17847d9a13a39d200250f05e3e82cb02ed3a1
Opcode Fuzzy Hash: c068535d20abb86b725e79976f272cc6b706a58d9b22396f3da4afa1c984e12a
Instruction Fuzzy Hash: D9D01235F04104CBEB14E7E5FD995EDBB729B84124B1451BAC217B6540FEA1044587D1

Uniqueness

Uniqueness Score: -1.00%

Function 050BFCB9 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22835aafba50f7c0b4b58bc810b4a60679e0b1d5ddbcd57755dabc946e8f4196
Instruction ID: 512e727a8c87dee901736df3cbd063c7e9bb36b8aad4b14cdbf16e8134a25c21
Opcode Fuzzy Hash: 22835aafba50f7c0b4b58bc810b4a60679e0b1d5ddbcd57755dabc946e8f4196
Instruction Fuzzy Hash: DED097E238A0000FF704612E7C22FE2238687DC700F105039F11AEE2D1DCA118020620

Uniqueness

Uniqueness Score: -1.00%

Function 050BEA28 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7afd1c996d7fb6884b1bed8728c26eb9bc66c8bf16e0d6f8fd7c055c8c722734
Instruction ID: 11ecf662ebc5316a73341e788986fd21dbb6fd882057875c1f163d8e77a0cee1
Opcode Fuzzy Hash: 7afd1c996d7fb6884b1bed8728c26eb9bc66c8bf16e0d6f8fd7c055c8c722734
Instruction Fuzzy Hash: D2D05BF2949201CBD3658650F5D10FD377EBA51617305489ED45F47794DBB17C09C781

Uniqueness

Uniqueness Score: -1.00%

Function 050BFE69 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a3706f209309903170142a26eec57556b6ec61845dfaccc1420c1edddfb9e62
Instruction ID: f25b845e96719ce8da0efd0f0f90f3f31b37a93d3420cf7a7247663afdb64a01
Opcode Fuzzy Hash: 7a3706f209309903170142a26eec57556b6ec61845dfaccc1420c1edddfb9e62
Instruction Fuzzy Hash: 4AD0A77BF0011287E71864A8BA423FDF3D98FE51A6F01047FC509D36D0EAF149264680

Uniqueness

Uniqueness Score: -1.00%

Function 050B0170 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be6db6ba1828ae93e90df48780735114d796623d565e50e9ad4241c8db5b5d65
Instruction ID: 880a716500e8e0a3f33f6f76659df064b71cf4fb6ca64650e661589cc921dbe0
Opcode Fuzzy Hash: be6db6ba1828ae93e90df48780735114d796623d565e50e9ad4241c8db5b5d65
Instruction Fuzzy Hash: DBD05EF26093408FCB05A7F1D81AA593B71AF6524671609BDC40BD7BA1EBB7C456CE00

Uniqueness

Uniqueness Score: -1.00%

Function 050B5DF8 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d204ba2704d2e992752c87b0a8687c5178d714258743d7fbecc79feea5486abb
Instruction ID: 4cf4499e1d6bb35c82e0e9a03494d6f0dd26c5d8ce0454e29f32faf51fd174ab
Opcode Fuzzy Hash: d204ba2704d2e992752c87b0a8687c5178d714258743d7fbecc79feea5486abb
Instruction Fuzzy Hash: 2EC01231715114576929B5B968655EE218F06C5921384096AA01B97341FCD25C0102D1

Uniqueness

Uniqueness Score: -1.00%

Function 065903FD Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.631118582.0000000006590000.00000040.00000001.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6590000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 425661113b69d265e471cd970d1fc2c51b62e155d18d97251275c688146129fa
Instruction ID: 365ddd707495b2b3476933664e6dcd90b245962e07f7847310b1b1fc33e51f8f
Opcode Fuzzy Hash: 425661113b69d265e471cd970d1fc2c51b62e155d18d97251275c688146129fa
Instruction Fuzzy Hash: 60D0923105C018CEFFE04A11A6147312224BBB0219F048C7F818F298C187AA80638EF7

Uniqueness

Uniqueness Score: -1.00%

Function 06590468 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.631118582.0000000006590000.00000040.00000001.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6590000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71151430f07cc7ca7a53e8fddb923af8a6135cdc68b7a0541ab3943136243076
Instruction ID: 9dfcb29aa3742f558d224e99b039cd2fdafa0ef72c3113b3ffd3450e1cc15374
Opcode Fuzzy Hash: 71151430f07cc7ca7a53e8fddb923af8a6135cdc68b7a0541ab3943136243076
Instruction Fuzzy Hash: 19D0C9241282458EFF8566A9A5096393B987724549F088C3EFCDE859C2DF99AC008EB3

Uniqueness

Uniqueness Score: -1.00%

Function 050BEA38 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4069614fc7e06e52fa802dfe3cbff9e48f33fb68fefb2073643fdf57b9fb5a84
Instruction ID: 0fe7127fa4de637f37b296fb96af5065bcc7f2eae98ed4c5a54d6ddc02666f5e
Opcode Fuzzy Hash: 4069614fc7e06e52fa802dfe3cbff9e48f33fb68fefb2073643fdf57b9fb5a84
Instruction Fuzzy Hash: E4D0C9B1519214DB9324DA55F4844EE77AEBA45626304896AE41F476409BF2B8408791

Uniqueness

Uniqueness Score: -1.00%

Function 050B064F Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 823dcf10b3eba3222f1f478abe3f0c6f3d24cf58971e99f7ee0913453f918c34
Instruction ID: f3e1ee5ef75e126cd172454938469328f989ddc2cf1e73425213f1f05b6ad9de
Opcode Fuzzy Hash: 823dcf10b3eba3222f1f478abe3f0c6f3d24cf58971e99f7ee0913453f918c34
Instruction Fuzzy Hash: 40D012F384E1408FD3158BF2ACA9BFE7B22DBB2245F2A857DC44251261D5B7856B8D01

Uniqueness

Uniqueness Score: -1.00%

Function 050B72F0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
Instruction ID: 5a4b04a7aa6d51954e68fe734c671192928d3f06dbff2d482ff023355d96587f
Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
Instruction Fuzzy Hash: CFD0423AA040048FD715CB88E594ADDF7F1EB88225F28C1A6D915A7251C732ED56CB50

Uniqueness

Uniqueness Score: -1.00%

Function 050B5F50 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fe523bb1360dbc96e3b9e3c690a56cb1e8bb69d464dd780cc00cb8f8f0137c7
Instruction ID: c862c6d7da11edeb3f130d6114418d63a5818e23e90a7b255ddd8c7d3c8e3b14
Opcode Fuzzy Hash: 1fe523bb1360dbc96e3b9e3c690a56cb1e8bb69d464dd780cc00cb8f8f0137c7
Instruction Fuzzy Hash: 8DD0C93418D3C55EDF1287F92999DDEBFB5586301872D41FFC88AC6463E455840A8713

Uniqueness

Uniqueness Score: -1.00%

Function 050B46A9 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7607fde0d26ee9fa814996e645125cfb28bb22deb8389de6e1d768e8f0a985bc
Instruction ID: 53307e18442d254ade879fc2920f73e29c6edb828efe146a634df71facc1ecc9
Opcode Fuzzy Hash: 7607fde0d26ee9fa814996e645125cfb28bb22deb8389de6e1d768e8f0a985bc
Instruction Fuzzy Hash: 0CC0C03350818017E3500199EC51FD3378CD700362F090079F840D2272E44FD0421543

Uniqueness

Uniqueness Score: -1.00%

Function 050B800E Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f4a778f3eb65436ffaf9966788203544a3a7c1f2653f013ba1e44c50172cb1a
Instruction ID: 60120d66db2ebd5ded6be28ef51e5c8016dd66a09da27b216e544612dd8ed87e
Opcode Fuzzy Hash: 2f4a778f3eb65436ffaf9966788203544a3a7c1f2653f013ba1e44c50172cb1a
Instruction Fuzzy Hash: 56D05E30910208CF8B41DF72EA504DD77F1EF09250310072AD402BB391E7340C028F10

Uniqueness

Uniqueness Score: -1.00%

Function 050B5478 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecffa40a33fda3536af647b79539a563f7039354b17ba0223f26e420f052a247
Instruction ID: 12b5bcc8efe2085b55d114b22bd891011362df15be392a42cacbdeea687d5677
Opcode Fuzzy Hash: ecffa40a33fda3536af647b79539a563f7039354b17ba0223f26e420f052a247
Instruction Fuzzy Hash: 31D0C93000C2048FFA6857AA7E8DBAE7AA9B70420EB0440E1E86690431EBA24159CA13

Uniqueness

Uniqueness Score: -1.00%

Function 065904E0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.631118582.0000000006590000.00000040.00000001.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6590000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b80512a9a459e81ef4c04f71770dcbe4e4b5011ddd62505f14650a129c5109a2
Instruction ID: d68805a49e2a6cbbfa0b1e6873e9d083817440cbabe3f8f815f9b02261f1a133
Opcode Fuzzy Hash: b80512a9a459e81ef4c04f71770dcbe4e4b5011ddd62505f14650a129c5109a2
Instruction Fuzzy Hash: 91C01279A496841BDF5413F0646C59C6B454BA4255F06047E894A466D1EE6184158A01

Uniqueness

Uniqueness Score: -1.00%

Function 050B0180 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d827cf5fc7402a2c84b4a65cc5d0f7f7698d3c69ab1638ed152729640ab4060a
Instruction ID: 9879d4326d633b0f8e1c19ea3d1711dfe0c322ebf4135316816af08414b2837d
Opcode Fuzzy Hash: d827cf5fc7402a2c84b4a65cc5d0f7f7698d3c69ab1638ed152729640ab4060a
Instruction Fuzzy Hash: E2D01230210304CFCB086BB2E41982A33AAAB8860A310087CD81697760EF37E896CA04

Uniqueness

Uniqueness Score: -1.00%

Function 050B5D70 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d0c25a3b18b4c575747cd6738a99045f95df61ee62189f96e88bcee1fb7050c
Instruction ID: 4943e90ab2615a50e5ef3a5bd4a2041849a91f2b8226fa88532caca6f7aec3e2
Opcode Fuzzy Hash: 9d0c25a3b18b4c575747cd6738a99045f95df61ee62189f96e88bcee1fb7050c
Instruction Fuzzy Hash: 80C08C30204E058FAA2427F67E4CA7E37AD9B4000138002A4A40A8A120FE6184000555

Uniqueness

Uniqueness Score: -1.00%

Function 050B0660 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 464b1a544eb511713185626997be67f4937c6291fd81183bb294690db9edc5e0
Instruction ID: 411355872b8749a5743b874ef33000e9b1274055e6b5afaaea0065bab2ede6a5
Opcode Fuzzy Hash: 464b1a544eb511713185626997be67f4937c6291fd81183bb294690db9edc5e0
Instruction Fuzzy Hash: CAC02B3004A204CED20597733C0C8FF720A97D1305300C4318801100308DB398728C11

Uniqueness

Uniqueness Score: -1.00%

Function 050BCD68 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 672b8e31f1100457c82daef74568e0e8857bcb43ff3c65fa552c5b2c839b8a99
Instruction ID: 2ee1cb997b1acd768348e46e9ba8514e6d079a17472fcf145c29f3294c6ecf8f
Opcode Fuzzy Hash: 672b8e31f1100457c82daef74568e0e8857bcb43ff3c65fa552c5b2c839b8a99
Instruction Fuzzy Hash: B5C02BBA412200CFCF1A9B34C46C10C3B31EB532193D800D5F441D5249CF318807CB05

Uniqueness

Uniqueness Score: -1.00%

Function 050B5F60 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f059b52e0c64cd207d3f91e03e07df10d426adcb0119c36964354f9e3e4c4a8
Instruction ID: de79edd7658bd50b3821470bd250fa6faedbf2fd0519c55928c1cfb40526a784
Opcode Fuzzy Hash: 7f059b52e0c64cd207d3f91e03e07df10d426adcb0119c36964354f9e3e4c4a8
Instruction Fuzzy Hash: 1AB09B31144A46CF565417727E4E9AD779D96445057440065E51FD1011FE5294054551

Uniqueness

Uniqueness Score: -1.00%

Function 065904F0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.631118582.0000000006590000.00000040.00000001.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6590000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e03fde96d93f86d89f48c6dff668187cf2fa58300a37f17c330531998bee0789
Instruction ID: 523f1ed6e32d39228dc952b725b59a41622c2689ee4149891b579f58f30f60bf
Opcode Fuzzy Hash: e03fde96d93f86d89f48c6dff668187cf2fa58300a37f17c330531998bee0789
Instruction Fuzzy Hash: 8EB01231645B0C4BED9433F1B54C59C738C1A9041078000315D0D43250BEB5A4484865

Uniqueness

Uniqueness Score: -1.00%

Function 050B9880 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e47a4aff15e7a7d9c2287e0e0d642dc424d10fbfb38967240ace310569af0fd1
Instruction ID: f578a077d806c56360cadeef0ab2c986660a2f1d9b6afa85d787c94eb7a72b46
Opcode Fuzzy Hash: e47a4aff15e7a7d9c2287e0e0d642dc424d10fbfb38967240ace310569af0fd1
Instruction Fuzzy Hash: 97B012302282080A7E815AB13805A3737CC79004583404420A90CC1000F940E0100140

Uniqueness

Uniqueness Score: -1.00%

Function 050B7314 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
Instruction ID: 544fabe95c8066926ec22f6eaecbb5dc8b9d597640bcb2b5c2d055085fce6d0a
Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
Instruction Fuzzy Hash: 5EB092B7A08008C9EB10CA84B4813EDF720E790225F104123C71052000D27201648791

Uniqueness

Uniqueness Score: -1.00%

Function 050B6750 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcbb2e01e7cc170a02870a776062985db440f09ed17350e1472eb7c860f42706
Instruction ID: d9d7b508b28cd3574f86559f8d458b4648f49c3c3476a25a31c2aae312ebbb17
Opcode Fuzzy Hash: fcbb2e01e7cc170a02870a776062985db440f09ed17350e1472eb7c860f42706
Instruction Fuzzy Hash: D3B012F3949E0027EF0006CACD07F063400D390783F172030A180A43C0D06240014D11

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 050BF148 Relevance: 10.5, Strings: 8, Instructions: 467COMMON

Download Yara Rule

Strings

X1kr, xrefs: 050BF416
:@Dr, xrefs: 050BF62F
:@Dr, xrefs: 050BF64D
X1kr, xrefs: 050BF420
0jr, xrefs: 050BF4AA
,:kr, xrefs: 050BF2DD
0jr, xrefs: 050BF4B4
,:kr, xrefs: 050BF2D3

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: ,:kr$,:kr$0jr$0jr$:@Dr$:@Dr$X1kr$X1kr
API String ID: 0-3442507050
Opcode ID: 4c6bda238742ca191226f723e419a634fba857edfe9503be33df2fa29ed4e1b3
Instruction ID: 16a4b5acb334040cc0f67c75b941789bfe87a6b4b1fee26e427a242b991f9712
Opcode Fuzzy Hash: 4c6bda238742ca191226f723e419a634fba857edfe9503be33df2fa29ed4e1b3
Instruction Fuzzy Hash: 4A128C34A00211DFD758DF68D584AAC7BF2FF89711F25849AE846AB3A5CBB4EC41CB41

Uniqueness

Uniqueness Score: -1.00%

Function 050B0D93 Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

:@Dr, xrefs: 050B10CB
X1kr, xrefs: 050B0F1C
0jr, xrefs: 050B0F8E
,:kr, xrefs: 050B0E38

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: ,:kr$0jr$:@Dr$X1kr
API String ID: 0-1245831938
Opcode ID: 54373795194f5b61e32a3056837e21326dbc5c4a01aa4c113b20e47900a7d6ec
Instruction ID: 4c0ed5792b3758bb7f108db6383cd949eacc20bebd5ce3011ff17dccb2f82805
Opcode Fuzzy Hash: 54373795194f5b61e32a3056837e21326dbc5c4a01aa4c113b20e47900a7d6ec
Instruction Fuzzy Hash: 76B1A770A04344CFD3A4EF78D160B6ABBE2BF95704F50596EE5498B399DF719842CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B20C37 Relevance: 5.2, Strings: 4, Instructions: 248COMMON

Download Yara Rule

Strings

r, xrefs: 02B20D51
r, xrefs: 02B20CF9
r, xrefs: 02B20CA1
[, xrefs: 02B20C98

Memory Dump Source

Source File: 00000008.00000002.626769693.0000000002B20000.00000040.00000040.sdmp, Offset: 02B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2b20000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: [$r$r$r
API String ID: 0-2488787805
Opcode ID: 0a15a9c7c708ff069da774153d0c840b8ed0450bffa86e22647b6292c0d949f4
Instruction ID: 1487a1be40f64b9b4db8c2d88ae5425f16ce13449737efd965ed57716994dfc5
Opcode Fuzzy Hash: 0a15a9c7c708ff069da774153d0c840b8ed0450bffa86e22647b6292c0d949f4
Instruction Fuzzy Hash: 8F618E6680E7D25FD3135B344861696BFB1EF23214B1E19CBC4C4CF5A3E229985EC762

Uniqueness

Uniqueness Score: -1.00%

Function 050B0D49 Relevance: 5.2, Strings: 4, Instructions: 242COMMON

Download Yara Rule

Strings

:@Dr, xrefs: 050B10CB
X1kr, xrefs: 050B0F1C
0jr, xrefs: 050B0F8E
,:kr, xrefs: 050B0E38

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: ,:kr$0jr$:@Dr$X1kr
API String ID: 0-1245831938
Opcode ID: 5d48e3913279eefd37af9b95cdbca748b13148b82a1a6ef97b34ca1ec7f9a257
Instruction ID: 85b468dd9c3dddb87e9cf063851434f0f10fa6a29c7c4bb87cf0b4d7943a564f
Opcode Fuzzy Hash: 5d48e3913279eefd37af9b95cdbca748b13148b82a1a6ef97b34ca1ec7f9a257
Instruction Fuzzy Hash: 70B19870A04344CFD3A4EF789160B6ABBE2BFD5704F60596EE5498B399DF719842CB02

Uniqueness

Uniqueness Score: -1.00%

Function 050B0D84 Relevance: 5.2, Strings: 4, Instructions: 228COMMON

Download Yara Rule

Strings

:@Dr, xrefs: 050B10CB
X1kr, xrefs: 050B0F1C
0jr, xrefs: 050B0F8E
,:kr, xrefs: 050B0E38

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: ,:kr$0jr$:@Dr$X1kr
API String ID: 0-1245831938
Opcode ID: 41c9469c9faae94ea795b4afa60755eeed7f3822850a0046aeecd9490a5cf848
Instruction ID: 150cb8af67a9a3ace52b62a4116f63e02e2f2a7fd2f4b0e20525365e9b350c76
Opcode Fuzzy Hash: 41c9469c9faae94ea795b4afa60755eeed7f3822850a0046aeecd9490a5cf848
Instruction Fuzzy Hash: 5BA18970A05344CFD3A4EF789160B6ABBE2BFD5704F60596EE5498B394DF719842CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B20C8B Relevance: 5.2, Strings: 4, Instructions: 223COMMON

Download Yara Rule

Strings

r, xrefs: 02B20D51
r, xrefs: 02B20CF9
r, xrefs: 02B20CA1
[, xrefs: 02B20C98

Memory Dump Source

Source File: 00000008.00000002.626769693.0000000002B20000.00000040.00000040.sdmp, Offset: 02B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2b20000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: [$r$r$r
API String ID: 0-2488787805
Opcode ID: 1737a82bc69e8edf176d31ec2cafe418425f5c509b9349d583e25a71eaf942ed
Instruction ID: 2833c3539d05f5563d960047df31d92227157e410e7f022a49d78449f66cb076
Opcode Fuzzy Hash: 1737a82bc69e8edf176d31ec2cafe418425f5c509b9349d583e25a71eaf942ed
Instruction Fuzzy Hash: 825165A640E7D25FD3135B3848652927FB1EE23258B0E19CBC4C4CF9A3E21A585EC766

Uniqueness

Uniqueness Score: -1.00%

Function 050B01B8 Relevance: 5.1, Strings: 4, Instructions: 78COMMON

Download Yara Rule

Strings

hf, xrefs: 050B0264
hf, xrefs: 050B020B
hf, xrefs: 050B01DC
hf, xrefs: 050B023A

Memory Dump Source

Source File: 00000008.00000002.629403063.00000000050B0000.00000040.00000001.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50b0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: hf$hf$hf$hf
API String ID: 0-2615542122
Opcode ID: 15adbebbc0b6ca54ad65745c51bd19c202f64ea9af153610e179133728379e7e
Instruction ID: ae321397499c7c95914cabb9b5767e8638c37bca78d425531c68ba745caee30f
Opcode Fuzzy Hash: 15adbebbc0b6ca54ad65745c51bd19c202f64ea9af153610e179133728379e7e
Instruction Fuzzy Hash: 3C212F707012159FFB508B68D890F6B7BEAFFC5B44F500469E605AB380EAB1FC018B64

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: yAbf8Z3qA5.exePID: 6476, Parent PID: 936COMMON

Execution Graph

Execution Coverage:	20.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	191
Total number of Limit Nodes:	12

Executed Functions

Function 03271CD0 Relevance: 2.7, Strings: 2, Instructions: 188
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Dr, xrefs: 03271E13
_kg, xrefs: 03271E98

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: :@Dr$_kg
API String ID: 0-3809862537
Opcode ID: c5253d82568c6a4576ed7e437208cdd335a7f9bc7890001b0d1a0e9e9ddb5c94
Instruction ID: c1a6ac32302d3082330a03a1fd0d3a6793f30c2269348c2699664e9fe6cf452a
Opcode Fuzzy Hash: c5253d82568c6a4576ed7e437208cdd335a7f9bc7890001b0d1a0e9e9ddb5c94
Instruction Fuzzy Hash: 8C81E3B4E15248DFCB08EFA8D98559DBBF2FF89300F20946AD805AB354DB745A81CF64

Uniqueness

Uniqueness Score: -1.00%

Function 03271D0F Relevance: 2.7, Strings: 2, Instructions: 166
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Dr, xrefs: 03271E13
_kg, xrefs: 03271E98

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: :@Dr$_kg
API String ID: 0-3809862537
Opcode ID: b5459c613f9bfe150209f21d8b5c9d2b1cc3a1221cfc1bbfcb036a46d149417c
Instruction ID: 460a09dbb6d080db3e4dd79f158ed13c907c5d6dee6f1f54fe507ec1ae5f11a5
Opcode Fuzzy Hash: b5459c613f9bfe150209f21d8b5c9d2b1cc3a1221cfc1bbfcb036a46d149417c
Instruction Fuzzy Hash: 9571C3B4E15248DFDB08DFA8D94459DBBB2FF89300F209429E806AB354DB745A81CF64

Uniqueness

Uniqueness Score: -1.00%

Function 03271D20 Relevance: 2.7, Strings: 2, Instructions: 164
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Dr, xrefs: 03271E13
_kg, xrefs: 03271E98

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: :@Dr$_kg
API String ID: 0-3809862537
Opcode ID: b4adbaa26cc191e5d85fbdc9ba90f1f9e399eac025f5dafdc32f2281a52b5125
Instruction ID: de9a8a31e1d58cb45afb9e333bbfc7d077441829e48e752273775393524197a7
Opcode Fuzzy Hash: b4adbaa26cc191e5d85fbdc9ba90f1f9e399eac025f5dafdc32f2281a52b5125
Instruction Fuzzy Hash: 2E71B3B4E15209DFDB08DFA8D94499DBBF2FF88304F209429E806AB354DB745A81CF64

Uniqueness

Uniqueness Score: -1.00%

Function 032CB9D8 Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

f]Ir, xrefs: 032CBA5B

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: f]Ir
API String ID: 0-3302829692
Opcode ID: 35d8e90069a4924fd6a305485d325402980bf85cfba7b8b6326cb340dde3e30c
Instruction ID: 1f9bfe7a78ac028bc4edf98a9460134cc8e0f4e21092c8f8215a26ec114d4a23
Opcode Fuzzy Hash: 35d8e90069a4924fd6a305485d325402980bf85cfba7b8b6326cb340dde3e30c
Instruction Fuzzy Hash: CF310671E116588FEB18CFABD84069EFBB3AFC9300F19C1BAD848AB215D73059858F51

Uniqueness

Uniqueness Score: -1.00%

Function 032C8840 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

CR~, xrefs: 032C88FF

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: CR~
API String ID: 0-623761677
Opcode ID: f8a6efce8c2d44d3dbf0f5fe9289b0319b00b34126ebfe0fc9efa64b897e6f64
Instruction ID: ec82a6f24ba87161ef1885abc8a2d71334128095f60625a1622fb927f0064473
Opcode Fuzzy Hash: f8a6efce8c2d44d3dbf0f5fe9289b0319b00b34126ebfe0fc9efa64b897e6f64
Instruction Fuzzy Hash: 1A3128B1E006588BDB18CFABD8443DEFBF6AFC9300F14C06AD408AA258DB741A45CF91

Uniqueness

Uniqueness Score: -1.00%

Function 032C96E1 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baf10b39768b210b35ea9f6a25abfadd4bedf7b91f699158d8676e9b3e082d25
Instruction ID: 68a087a63bc91c96aa143ea8803fe6471fbb27a8daed8c00da010e7c7727c3c6
Opcode Fuzzy Hash: baf10b39768b210b35ea9f6a25abfadd4bedf7b91f699158d8676e9b3e082d25
Instruction Fuzzy Hash: A9C148B4D2524ADFCB08DFA4C6958AEFBB5FF49310F249699C401AB215C770AAC5CF90

Uniqueness

Uniqueness Score: -1.00%

Function 032C9700 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03fb9402549e7b19669c5e0444f3a1da798bd1e0b4058f38de61eb96da1a0b4b
Instruction ID: 420f7e9d418b6d89c9b926f60e744b0ceae52a51830092e874fc4ec2abc2b107
Opcode Fuzzy Hash: 03fb9402549e7b19669c5e0444f3a1da798bd1e0b4058f38de61eb96da1a0b4b
Instruction Fuzzy Hash: 25C139B4D2524ADFCB08DFA4C6818AEFBB5FF49310F249659C411AB215C770AAC5CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 032C775E Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 784743aa88f8b8fca98f4ed53da27437dae5001fbf2cb2f9860ba2585d1f60f2
Instruction ID: 8bf46af3d1badb8b941fd6041b0bc0f17a629f1f58fe9f173816d89cac538276
Opcode Fuzzy Hash: 784743aa88f8b8fca98f4ed53da27437dae5001fbf2cb2f9860ba2585d1f60f2
Instruction Fuzzy Hash: 60A11771D202499FCB04CFB9C994AADFBB2FF89300F18866AD505AB354D735AA46CF50

Uniqueness

Uniqueness Score: -1.00%

Function 032C76F7 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3fd3f81752449fed957aea773cab4b5b2fd2181e769c424360dca3564a9a132
Instruction ID: b0b04992ce72a2d3fc920628dbc34d4a40c012ba1f64996db692d30dcbd90c02
Opcode Fuzzy Hash: c3fd3f81752449fed957aea773cab4b5b2fd2181e769c424360dca3564a9a132
Instruction Fuzzy Hash: 9DA14570D202499FCB04CFE9C994AADBBB2FF89300F14856AD505AB364D735AA42CF50

Uniqueness

Uniqueness Score: -1.00%

Function 032C7740 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce4b5b07ba829497d62a5f38eb5bd421044e758f8b77c7da44e6b612a4be5015
Instruction ID: 1070a583d94c1202177affed5af7fd065e260cb29dbfc5f7d4275304f2b0353b
Opcode Fuzzy Hash: ce4b5b07ba829497d62a5f38eb5bd421044e758f8b77c7da44e6b612a4be5015
Instruction Fuzzy Hash: C5912670D202499FCF08CFA9C994AADFBB2FF89300F14826AD515AB354DB35AA45CF50

Uniqueness

Uniqueness Score: -1.00%

Function 032C77E8 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46d9f32a3f25bee5e5284f7b0887de00db022aefcaea48a08adcf1dac32f5e4c
Instruction ID: a4a2d0ae11f2f96b9dfa0a0449f667a2e4e62fbb1121407fb1031bec97fe79f1
Opcode Fuzzy Hash: 46d9f32a3f25bee5e5284f7b0887de00db022aefcaea48a08adcf1dac32f5e4c
Instruction Fuzzy Hash: 2981C274D24219DFDB08DFEAD584AAEFBB2FF88300F10816AD515AB264DB749A41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 03272E11 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8427e9bb9dd727815f464016b481be82fad51d90949d36a34ef9feeda21c280
Instruction ID: 8ed707dd65592818c30c59b691463216ef96bb283ce301a76bdefe301c216d6f
Opcode Fuzzy Hash: e8427e9bb9dd727815f464016b481be82fad51d90949d36a34ef9feeda21c280
Instruction Fuzzy Hash: E55105B0C26209EFCB14CFE5E581AEEFBB4FB49310F10A82AE015B7250D77555828F55

Uniqueness

Uniqueness Score: -1.00%

Function 032C7F30 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb056e5dc97db9a92cba39eb6fd165841850d63416150815f84ac435e9700cd1
Instruction ID: 89c31475e802c3d88fe90f7b3686b3de53dfb61661f1202a42189d042c0722dd
Opcode Fuzzy Hash: bb056e5dc97db9a92cba39eb6fd165841850d63416150815f84ac435e9700cd1
Instruction Fuzzy Hash: 3D513A71D2424A8FDB08CFAAC4906AEFBF2EF89300F14D16AD415B7255D7749A81CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 032C4B59 Relevance: 7.8, Strings: 6, Instructions: 250
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

</kr, xrefs: 032C4D4B
</kr, xrefs: 032C4D58
</kr, xrefs: 032C4BB5
,:kr, xrefs: 032C4EB6
</kr, xrefs: 032C4D66
</kr, xrefs: 032C4EAA

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: ,:kr$</kr$</kr$</kr$</kr$</kr
API String ID: 0-802114320
Opcode ID: 026ca54ae92c98e46436730577c9bb5cf48785f603567174a47171672150dd6e
Instruction ID: b42ed6a9b655ec7b0b837c358c1dee92c0faadb446b824e5c726b633bfff4505
Opcode Fuzzy Hash: 026ca54ae92c98e46436730577c9bb5cf48785f603567174a47171672150dd6e
Instruction Fuzzy Hash: 6BA10930E24285DFDB05EFA9C864BBEB7B1FF88304F14822AE5159B2C5DBB49881C751

Uniqueness

Uniqueness Score: -1.00%

Function 032C40F1 Relevance: 5.1, Strings: 4, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Dr, xrefs: 032C4509
ID, xrefs: 032C415B
:@Dr, xrefs: 032C43F7
:@Dr, xrefs: 032C482D

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: ID$:@Dr$:@Dr$:@Dr
API String ID: 0-1457155814
Opcode ID: 6bffbf186a607016bc69646b87a3743b6676ce7e4db9d60791095a4f7032dd50
Instruction ID: 4d2f9812feed2f3ca25976b9782aebc17c0b3d1f38bca1aef7fa00d5e5c80520
Opcode Fuzzy Hash: 6bffbf186a607016bc69646b87a3743b6676ce7e4db9d60791095a4f7032dd50
Instruction Fuzzy Hash: 8C314930B24286CFC716EB6E8C3477B7BE1EB85A54F1541ABD582E7384DAB08C41C792

Uniqueness

Uniqueness Score: -1.00%

Function 032C3DF8 Relevance: 3.9, Strings: 3, Instructions: 133
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

X$kr, xrefs: 032C3EF0
X1kr, xrefs: 032C3F86
X$kr, xrefs: 032C3EE4

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X$kr$X$kr$X1kr
API String ID: 0-1403565524
Opcode ID: b907f871b2ff4553f7dc156509b3e95b257b78c09f47401b5fe4574906bac881
Instruction ID: b7c692d1ed1fda12dfa1829975afa2e884df24e6d6bcbae82cfeadd084653107
Opcode Fuzzy Hash: b907f871b2ff4553f7dc156509b3e95b257b78c09f47401b5fe4574906bac881
Instruction Fuzzy Hash: 7241A374B10245CFDB44DBA8C815BAEBBF2AF88704F14856AE606E73C4DBB49C41C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 032C05A8 Relevance: 2.7, Strings: 2, Instructions: 201
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

`5kr, xrefs: 032C072D
:@Dr, xrefs: 032C06D4

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: :@Dr$`5kr
API String ID: 0-2548079215
Opcode ID: c30f2c44d363b45097fd2f6296f4d1a60e3094b0021459895af84dff2153a9e5
Instruction ID: 6b0829c0bdfd74812fe1c51e55bc109acbad859c305e21b9bb4f4f6c97af569a
Opcode Fuzzy Hash: c30f2c44d363b45097fd2f6296f4d1a60e3094b0021459895af84dff2153a9e5
Instruction Fuzzy Hash: 9091F274E11259CFEB54CFA8C994BADBBF2BF88310F1091A9D409AB390DB719985CF50

Uniqueness

Uniqueness Score: -1.00%

Function 032C3DEA Relevance: 2.7, Strings: 2, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

X1kr, xrefs: 032C3F86
X$kr, xrefs: 032C3EE4

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X$kr$X1kr
API String ID: 0-3132599531
Opcode ID: b94adfd747e3be5f5b1b1e0b1b1a2245883c2af4cb0a40cada3db0834459dfd2
Instruction ID: 7861d8a21783b1d4850f37acb120abc3fb8bbda41f10221c9bc92dde402cefc6
Opcode Fuzzy Hash: b94adfd747e3be5f5b1b1e0b1b1a2245883c2af4cb0a40cada3db0834459dfd2
Instruction Fuzzy Hash: 0151C374B102458BDB04DB68D815AADBBE2FFC8301F14852AD606AB3C4DBB49D41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 032C1E98 Relevance: 2.6, Strings: 2, Instructions: 52
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

X$kr, xrefs: 032C1F1E
X$kr, xrefs: 032C1F0E

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X$kr$X$kr
API String ID: 0-2690305392
Opcode ID: 0945f5189bcb13cecf0195a64325622c95c8c250ff4dbae8aeace49c6a1b0931
Instruction ID: 992273817d4bc9cba9164228ca26ea93d3f45e8a02861c86e8ed3b9d7306e871
Opcode Fuzzy Hash: 0945f5189bcb13cecf0195a64325622c95c8c250ff4dbae8aeace49c6a1b0931
Instruction Fuzzy Hash: 84114970D14219DBCF08DFA9D8416EEBBB2BF88300F108169E50167291DB786991CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 032C1F50 Relevance: 2.5, Strings: 2, Instructions: 30
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

X$kr, xrefs: 032C1F86
X$kr, xrefs: 032C1F76

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X$kr$X$kr
API String ID: 0-2690305392
Opcode ID: 864712f86529cbd86e10e29d805ec2308efcb62888f6eacf9326a9d0d3b517f9
Instruction ID: 709f13b4b50648ba74c57dd25be879c6d8d137a7d3a655c77f1c9a0d03ce9d7d
Opcode Fuzzy Hash: 864712f86529cbd86e10e29d805ec2308efcb62888f6eacf9326a9d0d3b517f9
Instruction Fuzzy Hash: D8F05430D24388EFDB08EFA4D2456ACB7B2EF85301F2485A8D44157286DB746EE1DB60

Uniqueness

Uniqueness Score: -1.00%

Function 03260452 Relevance: 1.6, APIs: 1, Instructions: 143
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 03260561

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: d9b6961429a8c8912a60040e816a016d11597331f2c5c85480d22c60e2faf6b3
Instruction ID: 3b469fcfc2a3bde39268de4e05dd98df716a7adb508189a4cb0a2ddfc6697917
Opcode Fuzzy Hash: d9b6961429a8c8912a60040e816a016d11597331f2c5c85480d22c60e2faf6b3
Instruction Fuzzy Hash: 78513B7140D3C05FE7138B658C64A92BFB8AF47610F0A84DBD9C4DF1A3D265A849D771

Uniqueness

Uniqueness Score: -1.00%

Function 032608C7 Relevance: 1.6, APIs: 1, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 03260977

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 705529eab03bd328e4f02b9d77ceeac2015041ed22e0245db356ccede03ea20d
Instruction ID: 204cb3787a88c02eca27be0a44105aa02c68bbbf957667fe58b091c0ade4ccaa
Opcode Fuzzy Hash: 705529eab03bd328e4f02b9d77ceeac2015041ed22e0245db356ccede03ea20d
Instruction Fuzzy Hash: CB31D471404384AFEB128B24CC45FA7BFACEF06710F08849BF981CB152D224A809DB71

Uniqueness

Uniqueness Score: -1.00%

Function 01ADAB26 Relevance: 1.6, APIs: 1, Instructions: 92
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 01ADABD5

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 8c56256941d10e4341479d24e53c303a3531e92550575d2b26cdf8b7a4d45053
Instruction ID: c5a24be6f6853a835eb0e50b95ff491dbb42ebac49c5c64c9e800b62626dc262
Opcode Fuzzy Hash: 8c56256941d10e4341479d24e53c303a3531e92550575d2b26cdf8b7a4d45053
Instruction Fuzzy Hash: C531B472544384AFE7228B65CC45FA7BFBCEF06710F08849BED819B152D264E849CB71

Uniqueness

Uniqueness Score: -1.00%

Function 01ADAC1D Relevance: 1.6, APIs: 1, Instructions: 89
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,DC46476E,00000000,00000000,00000000,00000000), ref: 01ADACD8

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 893290463cb032bb8ff1b455db0ca938bd13710c3b5ca51d427922933bd27a74
Instruction ID: cf485fe1b2da046f674de3e5595d5e8e38e3b5e1e7509327916da7a88a14eba2
Opcode Fuzzy Hash: 893290463cb032bb8ff1b455db0ca938bd13710c3b5ca51d427922933bd27a74
Instruction Fuzzy Hash: 20319371105784AFE722CF65CC44F62BFB8EF06320F18849AE9858B153D264E549CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0326022B Relevance: 1.6, APIs: 1, Instructions: 85
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 032602C7

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: OpenPolicy
String ID:
API String ID: 2030686058-0
Opcode ID: a83bde3ea4b68c76271695ddd89490f5958aceba8544f1cfd21e61871de3a7fc
Instruction ID: eb55c4dfe47ecc6259bf4d81f39c3d5638d97c2ca6d21da42e6199fee78370c8
Opcode Fuzzy Hash: a83bde3ea4b68c76271695ddd89490f5958aceba8544f1cfd21e61871de3a7fc
Instruction Fuzzy Hash: 9721A272504344AFE721CF65DC44FAAFFBCEF46310F08849AED849B252D324A448CB61

Uniqueness

Uniqueness Score: -1.00%

Function 032608FA Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 03260977

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 99a743336f2ecde2bc646194eb26eaf01bbcd8e8ce43ce51a772fcdd10317799
Instruction ID: 12c2f5d7978245ad3d30ae020ac91668ef64944cab6ad538ea1ae25afef7fe08
Opcode Fuzzy Hash: 99a743336f2ecde2bc646194eb26eaf01bbcd8e8ce43ce51a772fcdd10317799
Instruction Fuzzy Hash: BF21CF72500204EFEB21DF64DC45FABFBACEF04720F04886AEE859B251D670E4488B71

Uniqueness

Uniqueness Score: -1.00%

Function 032605B8 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,DC46476E,00000000,00000000,00000000,00000000), ref: 0326064D

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: f7fe58e8fdc3fa742774a7e00b936e9d6524f461657cdfb7056dfa077e09545a
Instruction ID: 98f6fba61776a9912b20b0a247a3115687ca0effe264ca5054778034aeba4222
Opcode Fuzzy Hash: f7fe58e8fdc3fa742774a7e00b936e9d6524f461657cdfb7056dfa077e09545a
Instruction Fuzzy Hash: B421F8B54493846FE7128B25DC41FA2BFACDF47720F1881D7ED848B293D264A949CB71

Uniqueness

Uniqueness Score: -1.00%

Function 01ADBEE2 Relevance: 1.6, APIs: 1, Instructions: 79COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,DC46476E,00000000,00000000,00000000,00000000), ref: 01ADBF6C

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: fdcbcdb7078d28ea33f02ab3fac4bbc7f47dd7cf6120dd6c2bbfc990c395adf0
Instruction ID: 4bab6f1cc9f415c2e476cc5bb7713ee9c63edbee147ee728af0631a18a3742fd
Opcode Fuzzy Hash: fdcbcdb7078d28ea33f02ab3fac4bbc7f47dd7cf6120dd6c2bbfc990c395adf0
Instruction Fuzzy Hash: 7F219F72504244AFEB228F65DC84F97FFACEF46310F0484ABEA459B252D264A508CB71

Uniqueness

Uniqueness Score: -1.00%

Function 032604E2 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 03260561

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: d765e216a4d787999ecce06ec27668385efc7d4ed7a139c6d7f25b5e3cc366fc
Instruction ID: 5b5688a1daf272a5c9cf5283fec84c94243a2a0d2bb37a1670b50f99ddc27638
Opcode Fuzzy Hash: d765e216a4d787999ecce06ec27668385efc7d4ed7a139c6d7f25b5e3cc366fc
Instruction Fuzzy Hash: 3F218BB1504200AFEB21DF25D984B66FBE8EF04210F08846AE9858B241E371E444CB71

Uniqueness

Uniqueness Score: -1.00%

Function 03260688 Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E2C,DC46476E,00000000,00000000,00000000,00000000), ref: 03260719

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 3cca7c6554821c3fb48c4cf03562f66c38d722417f9c850ad6f31520e1eab6d7
Instruction ID: 4b024718a132cca165e55ba6c3d5fe06e2fa2544aad142405f8314c3974ef6fa
Opcode Fuzzy Hash: 3cca7c6554821c3fb48c4cf03562f66c38d722417f9c850ad6f31520e1eab6d7
Instruction Fuzzy Hash: EB21A171409380AFD7228F24DC44F56BFB8EF46314F0884DBEA449B153C264A449CB71

Uniqueness

Uniqueness Score: -1.00%

Function 032609D5 Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?), ref: 03260A5C

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 17ba8f705245508ba0df1b5e5e9c820c606c01cb5be0b5f2dbb20b5ed8efcfa2
Instruction ID: 41fced6ac96b2930ac49caa984250af860970be2e22e0551c05d8958e6c836f3
Opcode Fuzzy Hash: 17ba8f705245508ba0df1b5e5e9c820c606c01cb5be0b5f2dbb20b5ed8efcfa2
Instruction Fuzzy Hash: 2C21AE725093819FDB12CB25DC51A92BFB8EF06250F0984DADD848F263D235A948CB61

Uniqueness

Uniqueness Score: -1.00%

Function 01ADAB56 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 01ADABD5

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: f0b498f40bdeee7c8e32cd08e7470e65760ecc97c36f975cabc5f8cb1969bea2
Instruction ID: caa5dc125b68833e76499745a7d4ad893f0dec5f018904b35db0584e461b24c8
Opcode Fuzzy Hash: f0b498f40bdeee7c8e32cd08e7470e65760ecc97c36f975cabc5f8cb1969bea2
Instruction Fuzzy Hash: A9219D72500604AFE7219B69CC84FABFBACEF04720F14885BEE459B241D664E9098BB1

Uniqueness

Uniqueness Score: -1.00%

Function 03260256 Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 032602C7

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: OpenPolicy
String ID:
API String ID: 2030686058-0
Opcode ID: b8a39703f108f0e4480d5526e0f2973175ab53386454cefd6d1950b5a0ddab64
Instruction ID: c625818fffce047ef479fa3e88647f17560f294691b9b0071c8cdedbc59ca7c1
Opcode Fuzzy Hash: b8a39703f108f0e4480d5526e0f2973175ab53386454cefd6d1950b5a0ddab64
Instruction Fuzzy Hash: 5821C072504304AFEB20DF29DC45F6BFBACEF44710F18846AEE459B241D674E4888B75

Uniqueness

Uniqueness Score: -1.00%

Function 01ADB577 Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 01ADB5FA

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileNameTemp
String ID:
API String ID: 745986568-0
Opcode ID: e9d89ea90307edaf94ca3d812ade14a46377b5a884e00ec9db937b9b51b8f628
Instruction ID: 567fb58decbd208f55f94169731ef130ebf75bbc04108e64303d2feed399e4ee
Opcode Fuzzy Hash: e9d89ea90307edaf94ca3d812ade14a46377b5a884e00ec9db937b9b51b8f628
Instruction Fuzzy Hash: 712127725493806FD312CF25DC41F76BFB8EF86A20F09819BED848B652D230A915CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 01ADBF02 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,DC46476E,00000000,00000000,00000000,00000000), ref: 01ADBF6C

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: 0772badd042c453b04da11ee031b9544754c2f8b7b26036efb700daec5668f7f
Instruction ID: fff34bbe219dfa66453ae6e59c85102e8f2a941e7f758f195839bf306e321514
Opcode Fuzzy Hash: 0772badd042c453b04da11ee031b9544754c2f8b7b26036efb700daec5668f7f
Instruction Fuzzy Hash: BE11CD71500604AEEB21CF69DC84FABFBACEF09320F1484ABEE459B241D671E5088B71

Uniqueness

Uniqueness Score: -1.00%

Function 01ADAC5E Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,DC46476E,00000000,00000000,00000000,00000000), ref: 01ADACD8

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1ade3b8c2e6efa6205eed499f9982b9ca64f7678fa78fe11111d544ec3d6213a
Instruction ID: ffffc0d50b957fba014e4247740bac8b95157fa5191686e6708a5fc3b5729b4b
Opcode Fuzzy Hash: 1ade3b8c2e6efa6205eed499f9982b9ca64f7678fa78fe11111d544ec3d6213a
Instruction Fuzzy Hash: CB218C75600A04AFEB20CF59CC84FA7FBECEF04720F08846AEA469B251D760E508CA71

Uniqueness

Uniqueness Score: -1.00%

Function 03260C98 Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 03260D18

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: fa20823b06055cb80087862f6b42c1f0f18ca9f6d0211ccbe1ee34bd9197ffd5
Instruction ID: d4c0196823b1a928ab060efd96897923a8c3429d11db999d37f5f0fc591f40e5
Opcode Fuzzy Hash: fa20823b06055cb80087862f6b42c1f0f18ca9f6d0211ccbe1ee34bd9197ffd5
Instruction Fuzzy Hash: 7A21AF765097C09FDB12CF25DC85A96FFF4EF07210F0980DED9858B163D265A848DB61

Uniqueness

Uniqueness Score: -1.00%

Function 01ADB1A5 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 01ADB221

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: dcce73ce931baa33691ac8d56d7a524b947f31da67dd395da6787f9d43c7ca1d
Instruction ID: 6b78939df5a992f46a176d8b8b282d4193c4284e84562cda693ccae8aaffe66a
Opcode Fuzzy Hash: dcce73ce931baa33691ac8d56d7a524b947f31da67dd395da6787f9d43c7ca1d
Instruction Fuzzy Hash: 4721C3B2508784AFD7228F15DC80B56FFE8EF06214F09808AED858B253D275E808CB71

Uniqueness

Uniqueness Score: -1.00%

Function 01ADBD55 Relevance: 1.6, APIs: 1, Instructions: 65memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 01ADBDC9

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: c8fe6c6a696e7e0b57ea436b0a671d7fea1ee54be64c9c0397bddc81b7b7941d
Instruction ID: c7d2d6f86a3316c88a1cf1bc43b8a6ed59528b6c5197dc6931173a77df8318c9
Opcode Fuzzy Hash: c8fe6c6a696e7e0b57ea436b0a671d7fea1ee54be64c9c0397bddc81b7b7941d
Instruction Fuzzy Hash: 2321AE725093C0AFDB228F25DC40BA2FFB4EF07214F0884DAEDC58B563D261A408DB62

Uniqueness

Uniqueness Score: -1.00%

Function 03260DF9 Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 03260E6D

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 07ae0358d47f352781f4abb5ef49d655987f843e37cd97d2483a8269676294a1
Instruction ID: a5c5489e43c75416dd7d9bbf06115a0a1add0175adfb5a64a159fa8be346f1c4
Opcode Fuzzy Hash: 07ae0358d47f352781f4abb5ef49d655987f843e37cd97d2483a8269676294a1
Instruction Fuzzy Hash: 92218C714093C0AFDB238F25CC44A52FFB4EF17210F0984DAE9848F163D265A858DB62

Uniqueness

Uniqueness Score: -1.00%

Function 03261009 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 0326106C

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 3ce018e5ab25fd2fe1b1f57ef6c3fc7c10d27e6cbe1189943107c09505a05a1a
Instruction ID: d1f4271b74841c8b90742b5032669b7a053b5938cba4a940ecfa48c753e7e87e
Opcode Fuzzy Hash: 3ce018e5ab25fd2fe1b1f57ef6c3fc7c10d27e6cbe1189943107c09505a05a1a
Instruction Fuzzy Hash: AD11AFB55097C45FDB128B25DC84B52BFA89F42224F0880DBED848F693D279A958CB62

Uniqueness

Uniqueness Score: -1.00%

Function 01ADA5AF Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01ADA61A

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d91deb2f49968a8c99070449afe6448b8e64c09b193d0066b8fb25d92de6417f
Instruction ID: 9f5d276e2e2822fc7b0d9cff3a68fbe2e0ed7bb5f1036c51fc419d8ae26b4b55
Opcode Fuzzy Hash: d91deb2f49968a8c99070449afe6448b8e64c09b193d0066b8fb25d92de6417f
Instruction Fuzzy Hash: 7011A271409780AFDB228F54DC44A62FFF8EF4A210F0884DAEE858B152D275A418DB61

Uniqueness

Uniqueness Score: -1.00%

Function 032606BA Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E2C,DC46476E,00000000,00000000,00000000,00000000), ref: 03260719

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: d728239a87d985d48cdc7b6caed0524338e31bfdd480a3875cc6eda7090338c3
Instruction ID: 825f151077fc8bd772ba89e2ad61833920f30e78401514fc3193b96f71315167
Opcode Fuzzy Hash: d728239a87d985d48cdc7b6caed0524338e31bfdd480a3875cc6eda7090338c3
Instruction Fuzzy Hash: E311B271404204AEEB22DF55DD84F9AFBA8EF45310F1484ABEE459B241D674A445CB71

Uniqueness

Uniqueness Score: -1.00%

Function 01ADA65A Relevance: 1.6, APIs: 1, Instructions: 60threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 01ADA6CC

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: ed1e4d12472effa28ea770fca0b4f2834692950e0a820b7e083d703afd478dd8
Instruction ID: 0e3a42340be670a08338c826ebf13a87a8d4653a7fbe287ee212a45e93bcfde3
Opcode Fuzzy Hash: ed1e4d12472effa28ea770fca0b4f2834692950e0a820b7e083d703afd478dd8
Instruction Fuzzy Hash: D71189714093C4AFDB138B25CC80B62BFB4DF43220F0980DAED849B263D2655908CB72

Uniqueness

Uniqueness Score: -1.00%

Function 03260BF7 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 03260C5C

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 08fe5f2a3a046ab55352a9b278c3defd2b6825a9962c32c20e6c77b68ac8cf9c
Instruction ID: 34d70e5864f4785d51951dff05d57dd0b91dd54e1dbc4893677e80404b8ad342
Opcode Fuzzy Hash: 08fe5f2a3a046ab55352a9b278c3defd2b6825a9962c32c20e6c77b68ac8cf9c
Instruction Fuzzy Hash: D211E276409784AFDB228F25DC40A52FFB4EF06320F08C0DEED858B563C275A458DB61

Uniqueness

Uniqueness Score: -1.00%

Function 01ADA2D6 Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 01ADA32C

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 2b3991f7610d6cf6ba57c15756610f6b26f8f4e2dad265512fc7720b9e57d8d1
Instruction ID: 0d6a3c757df46a3279ddf688b8267b00b7c864780d3033a0661ec9755598a558
Opcode Fuzzy Hash: 2b3991f7610d6cf6ba57c15756610f6b26f8f4e2dad265512fc7720b9e57d8d1
Instruction Fuzzy Hash: 4211A7755093C4AFDB128F25DC94B56BFB8DF46220F0880EBED858F653D2759508CB62

Uniqueness

Uniqueness Score: -1.00%

Function 03260B50 Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON

Download Yara Rule

APIs

SetThreadContext.KERNELBASE(?,?), ref: 03260BAF

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 7efe8a5a9ef695e8f73402cefcec9265b981eb304e668b37e6494a9f35502744
Instruction ID: e3236055bf12c7a3d32e82904d2702cc51b365f1723d19a3cb910a7abd6553eb
Opcode Fuzzy Hash: 7efe8a5a9ef695e8f73402cefcec9265b981eb304e668b37e6494a9f35502744
Instruction Fuzzy Hash: 30119D755083849FD711CF15CC84E56FFE8EF06224F08C0AEED458B262D274A848CB61

Uniqueness

Uniqueness Score: -1.00%

Function 032605FA Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,DC46476E,00000000,00000000,00000000,00000000), ref: 0326064D

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 694de822532d2e8040f647b30cd5f1f820237333a58905ba8a32dee0279e62f6
Instruction ID: 4ed0702229f98a1004c9c197cf1d26579450207a0378abefdab13117ad2a5cbf
Opcode Fuzzy Hash: 694de822532d2e8040f647b30cd5f1f820237333a58905ba8a32dee0279e62f6
Instruction Fuzzy Hash: C701D271504604EEE710DF15DC85FAAFF9CDF85720F18C097EE059B241C6B4A4898A71

Uniqueness

Uniqueness Score: -1.00%

Function 01ADADF4 Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 01ADAE54

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 26e997442dfc3e5717df3353ecefbb161e6e7518e7a450dd13ac812b7bfdf98c
Instruction ID: 5c004c44c54c11055834c88ac21c9cb73c59c8201c60094f23ac228f6f7659e4
Opcode Fuzzy Hash: 26e997442dfc3e5717df3353ecefbb161e6e7518e7a450dd13ac812b7bfdf98c
Instruction Fuzzy Hash: EC118C72405784AFDB228F55DC44E56FFF4EF46220F08849AEE854B662C275A458CB61

Uniqueness

Uniqueness Score: -1.00%

Function 01ADA9F0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32 ref: 01ADAA4A

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: e3ca0f3da07075e4f601d4b10dc73003c242c37156f1b78302fb720955407085
Instruction ID: d377d5be340291295aa88294a2a606472487570a3842a14fab1685fb6cb20763
Opcode Fuzzy Hash: e3ca0f3da07075e4f601d4b10dc73003c242c37156f1b78302fb720955407085
Instruction Fuzzy Hash: 3C118E71409784AFD7228F15DD84B52FFF4EF46220F08C5DAED894B263D275A918CB62

Uniqueness

Uniqueness Score: -1.00%

Function 03260A22 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?), ref: 03260A5C

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 6b61ec2dae0b272f1189352e69a40f5bdd4b7ee86b9ab741c6e9ced87355fb06
Instruction ID: 82f1e33f151f8d043369a31b1694ef67778496aa8ff763730ccfbab2420321e1
Opcode Fuzzy Hash: 6b61ec2dae0b272f1189352e69a40f5bdd4b7ee86b9ab741c6e9ced87355fb06
Instruction Fuzzy Hash: 7401B175A142019FDB50CF29DC85766FBD8EF00220F08C4AADE09CF346D6B4E888DB62

Uniqueness

Uniqueness Score: -1.00%

Function 03260CD2 Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 03260D18

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 0f67c15845155f5398467942ea0f764cd1180f288d6c0a92d34ed4ba2f97dfec
Instruction ID: 929a6105570f058d67b35b096c3f9910d791e37669ebd69623e461b8427da77d
Opcode Fuzzy Hash: 0f67c15845155f5398467942ea0f764cd1180f288d6c0a92d34ed4ba2f97dfec
Instruction Fuzzy Hash: 7E016175514604DFDB20CF15DC84B66FBE8EF05210F08C1AADD498B652D671E498DB71

Uniqueness

Uniqueness Score: -1.00%

Function 01ADB5AA Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 01ADB5FA

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: FileNameTemp
String ID:
API String ID: 745986568-0
Opcode ID: 5b013c8fe347b5365d27db2e21536d2e29ab8d7220063fabf8ff31b431b8194a
Instruction ID: 5f08b947af6e62dd64d16eee1de62c211434b920094f31f009e12ddd3af9204e
Opcode Fuzzy Hash: 5b013c8fe347b5365d27db2e21536d2e29ab8d7220063fabf8ff31b431b8194a
Instruction Fuzzy Hash: B301B172900200AFD710DF16DD86F26FBA8FB88B20F14816AED088B741E331F515CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 01ADB1D6 Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 01ADB221

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 2aa6380d2722f573f01ef86446d22a29164bc3dfda91e6bcd6d58b15914c0ce8
Instruction ID: 6629a04759e4132ec386d54708ebe2cf6807baf5c173b227530a1e733b3fc0db
Opcode Fuzzy Hash: 2aa6380d2722f573f01ef86446d22a29164bc3dfda91e6bcd6d58b15914c0ce8
Instruction Fuzzy Hash: 71019E72500A049FDB20DF19DC84B6AFFE8EF05720F09809ADD4A8B752D271E408CB72

Uniqueness

Uniqueness Score: -1.00%

Function 01ADA5D6 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01ADA61A

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 0123929bf5277bb27a9df2b5c58c5790721aa2a98f0dd62ab60eed2483671d67
Instruction ID: 8ad3fbb683493a55d75e20e87812a095e8554c0dddc5f3101f829f47a0b6d24d
Opcode Fuzzy Hash: 0123929bf5277bb27a9df2b5c58c5790721aa2a98f0dd62ab60eed2483671d67
Instruction Fuzzy Hash: E4016D71400A44EFDB218F55D944B56FFE4EF48720F08C5AADE4A4B616D275A018DF61

Uniqueness

Uniqueness Score: -1.00%

Function 03260B72 Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON

Download Yara Rule

APIs

SetThreadContext.KERNELBASE(?,?), ref: 03260BAF

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 3662dcc05e428fd52c4156fcb6e6394b065ed0181ed7a0548f3d5b583807e50e
Instruction ID: 76588da8e9f393d8df38fc75b96ae4b6810b49cf2a56cef32cb6064d833ee217
Opcode Fuzzy Hash: 3662dcc05e428fd52c4156fcb6e6394b065ed0181ed7a0548f3d5b583807e50e
Instruction Fuzzy Hash: 8D01BC356146059FDB20CF19D884B66FBE8EF04228F18C0AEDD498B252D6B5E888DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0326103A Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 0326106C

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 1e0a0c5589f435a2f08294eaf5314edf0d82094fd2a307cc9c4dceecb917a9cd
Instruction ID: e2765fa687970ecede5a8e43b16d7e1004cf8d4d825d0f1a5c3e388a923b3ef8
Opcode Fuzzy Hash: 1e0a0c5589f435a2f08294eaf5314edf0d82094fd2a307cc9c4dceecb917a9cd
Instruction Fuzzy Hash: 6701DF719106849FDB10DF2AD984756FFA8EF40220F18C0ABDD098B646D6B5F498CB72

Uniqueness

Uniqueness Score: -1.00%

Function 03260C1E Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 03260C5C

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 43dbf4ceb441605e04135a8e6827b29ee551ed3c22dc2bc132953ff9ab9fba88
Instruction ID: acef64c3e809a0d6f19cde5a0876a6b22cee9c05d94efc59c65259bf5275b3b6
Opcode Fuzzy Hash: 43dbf4ceb441605e04135a8e6827b29ee551ed3c22dc2bc132953ff9ab9fba88
Instruction Fuzzy Hash: 1501B175514A04DFDB21CF55D884B66FFA4EF04320F08C09EEE454B651C2B1E498EF62

Uniqueness

Uniqueness Score: -1.00%

Function 01ADA2FA Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 01ADA32C

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: aa4c8db7681240c3d905392cc4010c2daae410e9f968fde9a2cc512e0c79a3a2
Instruction ID: 0c059fdc93a0925e9a65c37de08cdea2047aeef5eb60e0577b589813044e59c0
Opcode Fuzzy Hash: aa4c8db7681240c3d905392cc4010c2daae410e9f968fde9a2cc512e0c79a3a2
Instruction Fuzzy Hash: AB01DF759006049FDB10DF29D884766FFA4EF00220F08C0ABDD0A8B202DAB4A408CB61

Uniqueness

Uniqueness Score: -1.00%

Function 01ADBD8E Relevance: 1.5, APIs: 1, Instructions: 42memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 01ADBDC9

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: a8b052e192212c8679b448419307163ac5e820c956391dd4c295cd07e2611122
Instruction ID: ecdd6a1862315f54e8c532c3da8102d74dba617cdafb2b44220461d84b3c8795
Opcode Fuzzy Hash: a8b052e192212c8679b448419307163ac5e820c956391dd4c295cd07e2611122
Instruction Fuzzy Hash: CB01DF31500A44DFDB219F19D884B66FFA4EF09320F18C0AADE8A4B652C271E418CF72

Uniqueness

Uniqueness Score: -1.00%

Function 01ADAE16 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 01ADAE54

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 6e24825644b1f5c78ebe0ebb14f5d93fdb7f41668cebb6ca9b9ba807d78678ba
Instruction ID: b773628f865d735f460f96cc1e123372b3b44c837ca0b9ae9028d405cf306ba9
Opcode Fuzzy Hash: 6e24825644b1f5c78ebe0ebb14f5d93fdb7f41668cebb6ca9b9ba807d78678ba
Instruction Fuzzy Hash: 9D018F71400A04DFDB218F55D884B66FFA4EF08320F08C49ADE4A0B622C7B5E458DF72

Uniqueness

Uniqueness Score: -1.00%

Function 03260E32 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 03260E6D

Memory Dump Source

Source File: 0000000C.00000002.433515804.0000000003260000.00000040.00000001.sdmp, Offset: 03260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3260000_yAbf8Z3qA5.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 06803c8fe7f194faa7a0ac124948fbb4926643c10fa0b1936c58fac6238e8edd
Instruction ID: fbab9cf759cd9adabb5d332a0b5a5e26b80f92d2973cd84e021e5d7ff0a7a47a
Opcode Fuzzy Hash: 06803c8fe7f194faa7a0ac124948fbb4926643c10fa0b1936c58fac6238e8edd
Instruction Fuzzy Hash: E1018B31914604DFDB20CF55D884B6AFFA4EF08320F18C49ADE890B612D2B5A498DFB2

Uniqueness

Uniqueness Score: -1.00%

Function 01ADAA12 Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32 ref: 01ADAA4A

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: fb61a51ab0553bb73028d41822c3387eaa959968f59f3e32f51aba23351bbd28
Instruction ID: 86ba58ac47cbca10f73b4a7218cbcf7c9596f4d2ad5511eaa9ad92b59d10addb
Opcode Fuzzy Hash: fb61a51ab0553bb73028d41822c3387eaa959968f59f3e32f51aba23351bbd28
Instruction Fuzzy Hash: 0F01D131400A04DFDB20DF09D984B56FFA0EF04720F08C19ADE4A0B626C2B5E408CF72

Uniqueness

Uniqueness Score: -1.00%

Function 01ADA69A Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 01ADA6CC

Memory Dump Source

Source File: 0000000C.00000002.432728228.0000000001ADA000.00000040.00000001.sdmp, Offset: 01ADA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ada000_yAbf8Z3qA5.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 91cd9aa539fac54e0ed4eb014ecf705e4e5504d01f1e105aad77a74c5ffb1e2d
Instruction ID: cbce462874105edda4a9f4858ab93ce7bfa29bd50e35b45c724a1c1f00cb997f
Opcode Fuzzy Hash: 91cd9aa539fac54e0ed4eb014ecf705e4e5504d01f1e105aad77a74c5ffb1e2d
Instruction Fuzzy Hash: 78F0C234900A44DFDB10DF19D984766FFA4EF44720F18C09ADE4A4B316D2B5A448CF72

Uniqueness

Uniqueness Score: -1.00%

Function 032C0599 Relevance: 1.4, Strings: 1, Instructions: 173COMMON

Download Yara Rule

Strings

:@Dr, xrefs: 032C06D4

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: :@Dr
API String ID: 0-3830894600
Opcode ID: c9f66baa3e6ecd6bd0cef0390ef2f79a7d0728288ffb5282f55834264b787142
Instruction ID: 73ab1803de46de0c03a0cc644412ddb1d44c18507e52300dc8e68c039510c2c8
Opcode Fuzzy Hash: c9f66baa3e6ecd6bd0cef0390ef2f79a7d0728288ffb5282f55834264b787142
Instruction Fuzzy Hash: C5710574D10259CFEB54CFA9C994BADBBF1BF88700F1481A9D409AB390DB709985CF50

Uniqueness

Uniqueness Score: -1.00%

Function 032C68E0 Relevance: 1.4, Strings: 1, Instructions: 101COMMON

Download Yara Rule

Strings

X$kr, xrefs: 032C6A0F

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X$kr
API String ID: 0-683389969
Opcode ID: 98a45cd281a4f494f4839cfe139c5e3fac3d0069b2e70ad7cb8f295c745c1119
Instruction ID: 23a11cc40baa4e3d35ebbdff376cca8f2104af1ab87577dfd5c13fa8fde3b37c
Opcode Fuzzy Hash: 98a45cd281a4f494f4839cfe139c5e3fac3d0069b2e70ad7cb8f295c745c1119
Instruction Fuzzy Hash: D0319C71A34191CBD704CB6AD8446B9B7E1FF44311F0CC3AAE856CA192D378C9CAE761

Uniqueness

Uniqueness Score: -1.00%

Function 03272060 Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

0"ax, xrefs: 03272141

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: 0"ax
API String ID: 0-3365803739
Opcode ID: 16bf62cdb66a17a2f220f753db536ab83b1827f3fbe5f9bb3740d7357a4309ba
Instruction ID: 561d2123d99e88c1e8e936c30b6cb896ab6b7de13f9d44ecfd51e7575651abe7
Opcode Fuzzy Hash: 16bf62cdb66a17a2f220f753db536ab83b1827f3fbe5f9bb3740d7357a4309ba
Instruction Fuzzy Hash: 9A4164B0D2530ADFCB04CFA5C9846AEBBF1FB89310F14D8AAC505A7294D3784A80CF61

Uniqueness

Uniqueness Score: -1.00%

Function 03272070 Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

0"ax, xrefs: 03272141

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: 0"ax
API String ID: 0-3365803739
Opcode ID: a5090e92466710d45bdb66d70090b782150fc6265c0688f4cc3620fbfbbec082
Instruction ID: 74ef4f5d7f65e9cb4736b93f2d2d3cdb0e47b7694f80277b6539a09ea3e7bec9
Opcode Fuzzy Hash: a5090e92466710d45bdb66d70090b782150fc6265c0688f4cc3620fbfbbec082
Instruction Fuzzy Hash: 953134B0D2530AEFDB04CFA5D9846AEBBF1FB88310F10D86AD505A7244D7749A81CF64

Uniqueness

Uniqueness Score: -1.00%

Function 032C2010 Relevance: 1.3, Strings: 1, Instructions: 74COMMON

Download Yara Rule

Strings

X1kr, xrefs: 032C20D4

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X1kr
API String ID: 0-844551562
Opcode ID: c99a2957e691144ef8a0f8ac07807be1ad1a58c898da3459cd0163606599cf2e
Instruction ID: 943ec76d96b105c307893b6deafa6ea41456b001d2a2939e7de35f258e169622
Opcode Fuzzy Hash: c99a2957e691144ef8a0f8ac07807be1ad1a58c898da3459cd0163606599cf2e
Instruction Fuzzy Hash: 0D31B2B4E01209DFDB08DFA9D540AAEBBB2FF88304F24856AD805B7354DB359A51CF64

Uniqueness

Uniqueness Score: -1.00%

Function 032C2020 Relevance: 1.3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

X1kr, xrefs: 032C20D4

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X1kr
API String ID: 0-844551562
Opcode ID: 16d6b6bb251c2f89a4f446b87949c9d02fd75efa5a40af10dd165375921a07e6
Instruction ID: 1fdb055155af78f08275240ed22c1745858e84893446f6fe722fd3b24b7034a8
Opcode Fuzzy Hash: 16d6b6bb251c2f89a4f446b87949c9d02fd75efa5a40af10dd165375921a07e6
Instruction Fuzzy Hash: C63192B4E01209DFDB08DFA9D540AAEFBF2EF88300F20916AD805A7354DB755A41CF64

Uniqueness

Uniqueness Score: -1.00%

Function 032C1E88 Relevance: 1.3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

Strings

X$kr, xrefs: 032C1F0E

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X$kr
API String ID: 0-683389969
Opcode ID: 39722edafc97b977542141a7aee700d82d5d92dbdc8f90c2c92a8b85be3e752e
Instruction ID: 32ab952fbcd4fd381a94706338291c3c35d738409295f7d0b945d8e7d8f1b1dc
Opcode Fuzzy Hash: 39722edafc97b977542141a7aee700d82d5d92dbdc8f90c2c92a8b85be3e752e
Instruction Fuzzy Hash: 50112B70D24249DBDF08DFA9D841BEEBBB2FF88300F10866AD40567292D7796991CB90

Uniqueness

Uniqueness Score: -1.00%

Function 03270D7C Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

Ko, xrefs: 03271079

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: Ko
API String ID: 0-2189785040
Opcode ID: 64ac8d8146ea76f4b073055594e223bc10e8341c34dcc5255bdf221f5b8a78a4
Instruction ID: 0d006a83d3ed4450a54eff87b55c7c706a6202ffeecd3696f5f14329514028e2
Opcode Fuzzy Hash: 64ac8d8146ea76f4b073055594e223bc10e8341c34dcc5255bdf221f5b8a78a4
Instruction Fuzzy Hash: A9218E38E15358DFCB58DF64D98469DBBB2FB49314F10809AE009AB240DB705EC4CF11

Uniqueness

Uniqueness Score: -1.00%

Function 03270DBC Relevance: 1.3, Strings: 1, Instructions: 49COMMON

Download Yara Rule

Strings

Ko, xrefs: 03271079

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: Ko
API String ID: 0-2189785040
Opcode ID: 613076707bab2216436cb5da42b536c2dafa6c6f827b58b690ae9361fb3c936a
Instruction ID: 0062f2ed4a9faa0b0b1682cbcf046163613142c3d466fae3a4a4aac76f632ccc
Opcode Fuzzy Hash: 613076707bab2216436cb5da42b536c2dafa6c6f827b58b690ae9361fb3c936a
Instruction Fuzzy Hash: 16216778E15358DFCB14DF64E98069DBBB2FB48350F1080AAE405A7340DB705E84CF10

Uniqueness

Uniqueness Score: -1.00%

Function 032C1F40 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

X$kr, xrefs: 032C1F76

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: X$kr
API String ID: 0-683389969
Opcode ID: 3eb1784ed50e42b77eacbdb300df2438fd3cbe1e035f0e5da159f3581018f78d
Instruction ID: 82177c340617d0538c97741b1774d77a6d3df7c1188447de74011e2006e7ae0d
Opcode Fuzzy Hash: 3eb1784ed50e42b77eacbdb300df2438fd3cbe1e035f0e5da159f3581018f78d
Instruction Fuzzy Hash: E4F08234C34384DFDB08EB64C5457ACBB71EB46301F1486A9D40453296D7B4ABF4DB91

Uniqueness

Uniqueness Score: -1.00%

Function 032CE0A3 Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

<, xrefs: 032CE0C9

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 22f6e4287d07512fad3e58d7f5ef59ecdea714371f2eddb1b655aad80d3dd417
Instruction ID: 71c01e5e25a8bc380842b727dc4db60a66a99c6cf279df794f15509ebac55325
Opcode Fuzzy Hash: 22f6e4287d07512fad3e58d7f5ef59ecdea714371f2eddb1b655aad80d3dd417
Instruction Fuzzy Hash: 8DF0AA708256A8CFCB65EF25D8486DCBA72AB59340F009ADAD80A76214CB724BC0CF81

Uniqueness

Uniqueness Score: -1.00%

Function 032C0A30 Relevance: .9, Instructions: 870COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1df36413247025aa08d4c216f35703d44e66d496807174e101474257714e45bd
Instruction ID: 8199b94b30b05a7bf0387dde017e74192f3ac18ea1e131d35b2dc22ab5e15816
Opcode Fuzzy Hash: 1df36413247025aa08d4c216f35703d44e66d496807174e101474257714e45bd
Instruction Fuzzy Hash: E0929134A41218CFDB24DB64C894BE9B7B2FF8A301F1541E9D50AAB361CB31AE95CF51

Uniqueness

Uniqueness Score: -1.00%

Function 032C0A1F Relevance: .9, Instructions: 861COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd30e2b6e87d44355f91751936b249f8a3b628c12f352f29bbb2c4c9fd93d91d
Instruction ID: 811bfd197850b756457756fdf7b1c63dc5b52cab93d97c6a2a7a9ea2ae15f14a
Opcode Fuzzy Hash: dd30e2b6e87d44355f91751936b249f8a3b628c12f352f29bbb2c4c9fd93d91d
Instruction Fuzzy Hash: 12929034A41218CFDB64DB64C894BE9B7B2FF8A301F1541E9D50AAB361CB31AE95CF11

Uniqueness

Uniqueness Score: -1.00%

Function 032C2112 Relevance: .3, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe400df7b149013d108bdd79717ac7b374a3bbe9a7f13e1b8431b33fa990fae3
Instruction ID: 299e35d7f95c056bde521f93204d4cb1b6b2248a05aa12b16c240afe40020839
Opcode Fuzzy Hash: fe400df7b149013d108bdd79717ac7b374a3bbe9a7f13e1b8431b33fa990fae3
Instruction Fuzzy Hash: BB028178E01269CFEB24EF64D944BADBBB2FF88304F508199D90967254DBB01E81CF61

Uniqueness

Uniqueness Score: -1.00%

Function 032C2120 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1bf20aa0d291dc83275cd23010b177eabf999fd6ef7657787f2a39ad9ca8526
Instruction ID: 19d6631fcb1e2db556bf0ee5ee367aca8650b32659e0f14b936aee4d16ce175c
Opcode Fuzzy Hash: d1bf20aa0d291dc83275cd23010b177eabf999fd6ef7657787f2a39ad9ca8526
Instruction Fuzzy Hash: D5027078E01269CFEB24EF64D944BADBBB2FF88304F508199D90967254DBB05E81CF61

Uniqueness

Uniqueness Score: -1.00%

Function 01AD2477 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.432696176.0000000001AD2000.00000040.00000001.sdmp, Offset: 01AD2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ad2000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e9e03da508c0a067382bcc541a864e2e47e4daa3f52f57173d6226991b27695
Instruction ID: 1dbf171ac53c08541fb20205162ebae58e65c5fdb74b45fcdf9564ab73a2d3ab
Opcode Fuzzy Hash: 0e9e03da508c0a067382bcc541a864e2e47e4daa3f52f57173d6226991b27695
Instruction Fuzzy Hash: 31A1A2A191EFC58FD70787325839B94BFB69E5322074E41DBD983CF0A3D129490AC72A

Uniqueness

Uniqueness Score: -1.00%

Function 032CEAA0 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8c8be0676a98ab5f3d1cd0f9c2289b3c5978e5b80a0daf411c786059f4b1d0f
Instruction ID: eeaba6904daf032cb82bfd7dc9d9eda2a829f392c18f87a0067b33e06cb0c723
Opcode Fuzzy Hash: a8c8be0676a98ab5f3d1cd0f9c2289b3c5978e5b80a0daf411c786059f4b1d0f
Instruction Fuzzy Hash: 4E914E74A21289DFCB08DFA4E5849ACBBF1FF8831AB15D16AD415DB214D770AD81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 032C0270 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e2ea6613b6631b0d2ca5c0638ca2e5c2e6bbc0bdf4fde70886ff44d40ffd87d
Instruction ID: eb998a6085db6ad858af1430543751f9783535772faf559b389433afb6127713
Opcode Fuzzy Hash: 1e2ea6613b6631b0d2ca5c0638ca2e5c2e6bbc0bdf4fde70886ff44d40ffd87d
Instruction Fuzzy Hash: 1E519EB8A20219DFDB10CFA8C584B9DBBF1FB4D310F145599E902AB3A0D775A990DF60

Uniqueness

Uniqueness Score: -1.00%

Function 032C0280 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02c4e77cf38729fc9b1182f075736619258493059639ceb9b398ad811375c6b4
Instruction ID: 53ec03f136c833a9a751cf0d7867117919343c0c2f385c3047547c0dc8c1172d
Opcode Fuzzy Hash: 02c4e77cf38729fc9b1182f075736619258493059639ceb9b398ad811375c6b4
Instruction Fuzzy Hash: 4841AF78A20218DFDB00DFA8C584B9DBBF1FB4D310F145599E602AB3A0D775A990DF61

Uniqueness

Uniqueness Score: -1.00%

Function 032C1D60 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 508c15bacf66213f9cd6120ce51397a6ef9ab74ce9b7dc2130029c3da8054fb4
Instruction ID: b27d611428044ad2389498bc0b1cebe606c642c192f37e5d037b4d2177ba5418
Opcode Fuzzy Hash: 508c15bacf66213f9cd6120ce51397a6ef9ab74ce9b7dc2130029c3da8054fb4
Instruction Fuzzy Hash: 81417EB5D102189FDB48DFAAD5816DDFBF2AF88210F14C16AE414A7354EB306D82CF90

Uniqueness

Uniqueness Score: -1.00%

Function 032C5A48 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2611e86f1e184c6745d7a7e54bd96bc9ce02356ca8c6ac4908ecc723196b7a7
Instruction ID: 99e5aef87d440e1784292a4a83a74b81891b846f15a3f1227e0e134639974ab2
Opcode Fuzzy Hash: d2611e86f1e184c6745d7a7e54bd96bc9ce02356ca8c6ac4908ecc723196b7a7
Instruction Fuzzy Hash: 0721AC31E24145CFC710CF2AD888ABABBF1FF86340F1986AAE415DB261D374E984C751

Uniqueness

Uniqueness Score: -1.00%

Function 032C8100 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e59a28754e94795fb72a4068ccdc2f8059f19a7cc6066a956abf7ec4b0e9b674
Instruction ID: 948fec5760f62cb560a18529033130036a89b75c1aa334c47a4786e3271b0087
Opcode Fuzzy Hash: e59a28754e94795fb72a4068ccdc2f8059f19a7cc6066a956abf7ec4b0e9b674
Instruction Fuzzy Hash: E331D6B4D21209DFCB44CFAAC480AAEBBF1FF89300F50856AD815A7314D7749A41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 032C4009 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62fd19d2ba2909eab207220ee5197c70598e6cce7c83ca553e32cb02af659c78
Instruction ID: e9cdd428828a346b88334f48fa56caf6656460d494a13f2561a6dc39eb538cdf
Opcode Fuzzy Hash: 62fd19d2ba2909eab207220ee5197c70598e6cce7c83ca553e32cb02af659c78
Instruction Fuzzy Hash: A31124726781918BC71ADB6ACC6467F7BA5EB42300F05466FD451CB282C275C9848781

Uniqueness

Uniqueness Score: -1.00%

Function 032C8200 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7134d2c04ec94d6abcdff19c1e4033de549e3a93e0c5b03f977ffbf2d4f83616
Instruction ID: aefcdbcf7d377112581d999edc82bb98f7c7420b2955dcb322e12272745f0c27
Opcode Fuzzy Hash: 7134d2c04ec94d6abcdff19c1e4033de549e3a93e0c5b03f977ffbf2d4f83616
Instruction Fuzzy Hash: 97210AB0D24649DFCB04CFA9C5859AEFBB1FF99300F15C69AC415AB214D7309A458F51

Uniqueness

Uniqueness Score: -1.00%

Function 032C8110 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03dff9c984d719905b10bb060129bee8011c7edd552e5a7262ee4daaef64f886
Instruction ID: e3ded9d227e49bf0f9ea4947e9d965196bcaec6521997040d85d1d4e32deeafb
Opcode Fuzzy Hash: 03dff9c984d719905b10bb060129bee8011c7edd552e5a7262ee4daaef64f886
Instruction Fuzzy Hash: 1C21B4B4D25209DFCB44CFAAC580AAEBBF5FF48300F50956AD815A7314D374AA81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 032C001B Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efdc15b65e0c4cb429eb6a45bc2a1864de849dff878777a0656467d1415b93e9
Instruction ID: 862d6aa46719ccb949c8e1dc5ace6a5c7e425960278051ff728ad8a5da3e6347
Opcode Fuzzy Hash: efdc15b65e0c4cb429eb6a45bc2a1864de849dff878777a0656467d1415b93e9
Instruction Fuzzy Hash: 8F119171C5A3C59FCB16CB7488697EABFB0AF47300F0A49DBC440AB192D6781945CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 032C9C90 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b3238f7f42eab73bcb3e6865196eba0fea36a2f279de1e92e07a0dece7f8caf
Instruction ID: c47c1634f50b7f38ae32f7d8c5d11df1df1997a4c6c7d0820bcef6ffc24a6bef
Opcode Fuzzy Hash: 5b3238f7f42eab73bcb3e6865196eba0fea36a2f279de1e92e07a0dece7f8caf
Instruction Fuzzy Hash: 24215971D2424ADBCB04DFA9C980AAEFBF5FB89300F14D6A9C405AB214D7709B81CF40

Uniqueness

Uniqueness Score: -1.00%

Function 032C1C99 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a3b10ac39599aced6fe50b79f68ca6febb5367d6aa84887ee3ecee8cfa8987f
Instruction ID: 7abf4819ce1fe135b9da0382e819075ff2435e63fe6347971943d2571027dc67
Opcode Fuzzy Hash: 5a3b10ac39599aced6fe50b79f68ca6febb5367d6aa84887ee3ecee8cfa8987f
Instruction Fuzzy Hash: 0221C475D102199FCB48DFA9D8446EEBBF2EF89300F14802AD808F3250D7701A55CF60

Uniqueness

Uniqueness Score: -1.00%

Function 031F0724 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433405745.00000000031F0000.00000040.00000040.sdmp, Offset: 031F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_31f0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbc1f857c1686a80c6e1cfbbdb7fb1cca1977957e89aad1630bfbc069681f99e
Instruction ID: fec07dd4a7f25d662d25cce7011a711d6a852197ecc98e8a4eaeb7d38b2a7c7a
Opcode Fuzzy Hash: fbc1f857c1686a80c6e1cfbbdb7fb1cca1977957e89aad1630bfbc069681f99e
Instruction Fuzzy Hash: 1021383514A3C48FC707CB60C890B55BFB1AF4A214F1986EED4899B6A3C33A9816DB52

Uniqueness

Uniqueness Score: -1.00%

Function 031F075C Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433405745.00000000031F0000.00000040.00000040.sdmp, Offset: 031F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_31f0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 073e2dabf577bac36a1768e30bcb74edabdf12efee55c970e832195fc4e83006
Instruction ID: c75f90717a025c846db5d7863ac737e1793478b9d9f962b61a7f450f42f4303c
Opcode Fuzzy Hash: 073e2dabf577bac36a1768e30bcb74edabdf12efee55c970e832195fc4e83006
Instruction Fuzzy Hash: C111B435204644EFD715CB24C984B26FB95AB8C708F28C6DDEA891B653C777D843CE51

Uniqueness

Uniqueness Score: -1.00%

Function 032C00F7 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14141dfbb4ae2ea36f3319c84398d161a5b54ac233dca2a9adffb64a8b3867d5
Instruction ID: 56781c48268b1d270f54f88a1c94b21227eab8652ed0d6777c1dc09a8d1ec3ad
Opcode Fuzzy Hash: 14141dfbb4ae2ea36f3319c84398d161a5b54ac233dca2a9adffb64a8b3867d5
Instruction Fuzzy Hash: 81218434A0024EDFCB04FBA8DA445ADBB71FB88314F50816AD905A7288DFB15E55CB61

Uniqueness

Uniqueness Score: -1.00%

Function 032C9D88 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2aab2abb0abbc57564c777a54d4fa76882efb19b7015d828d1c274f94d5d6d0
Instruction ID: 9dcd64fa5edeef592ced90587f94c85f79a730f6144ce0cad0fa77586e419e79
Opcode Fuzzy Hash: c2aab2abb0abbc57564c777a54d4fa76882efb19b7015d828d1c274f94d5d6d0
Instruction Fuzzy Hash: 34113475E10148EFDB04DFA9C598A9DFBB2EF88300F15C59AD418AB264CB309A40DF40

Uniqueness

Uniqueness Score: -1.00%

Function 032C9D98 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee91577330962115e76a5f7f74164a174787021bdee583e920ef4b376795c4e2
Instruction ID: 1316cf737c74faeef849dcd74e675ff3820f92d76bbac0df2dfeb4ef63c25b6c
Opcode Fuzzy Hash: ee91577330962115e76a5f7f74164a174787021bdee583e920ef4b376795c4e2
Instruction Fuzzy Hash: 85113674E14108EFDB08DFA9C594A6DFBF6EF88300F15C499D518AB264DB30AA80DF80

Uniqueness

Uniqueness Score: -1.00%

Function 032C5ACB Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d851ff39e29d13b461922c0bc9a7ba12c795489020ef5229b4ac68a90a78eae5
Instruction ID: 05b05c847bbc8caddeac5354305f9eee3e20471eb81eca42a699724b7ac987c3
Opcode Fuzzy Hash: d851ff39e29d13b461922c0bc9a7ba12c795489020ef5229b4ac68a90a78eae5
Instruction Fuzzy Hash: 28118C31A34085CFC710CF2AD888BB9B7E0FF42305F6986AAE5259B2A1D375E984C741

Uniqueness

Uniqueness Score: -1.00%

Function 03271FA0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2392715330b32d4d0cbb859ac3f2d17d159bb1f46ce9ae4799e7a88df18ce4c
Instruction ID: 708f79ef592a7b8c2a945a1c1b5a2238300f62a10cd90eef6336292cc0dc799a
Opcode Fuzzy Hash: b2392715330b32d4d0cbb859ac3f2d17d159bb1f46ce9ae4799e7a88df18ce4c
Instruction Fuzzy Hash: 5F119AB4D1530ADFCB08DFA5D9846ADBBB2FF89300F10C49AD805A7255D3309A45CF61

Uniqueness

Uniqueness Score: -1.00%

Function 032C0108 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ef5a1f7dc3fc8f6bfb49c2f8cd85e827e1016536a68d3298b350eae4a9d7c00
Instruction ID: a992d19f2cc19582a402c10d6fd9d001f1d7fe6d2cdef2dfd56f995be1839010
Opcode Fuzzy Hash: 1ef5a1f7dc3fc8f6bfb49c2f8cd85e827e1016536a68d3298b350eae4a9d7c00
Instruction Fuzzy Hash: BD115134A0020EDBCB04FBA8DA445ADBB72FB88315F50817AD905A7388DFB55E55CB61

Uniqueness

Uniqueness Score: -1.00%

Function 032C93F8 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44ff9b6c095b2623f4088d39416002bf10e2e31948643b7b9b4a5b83cec8b34c
Instruction ID: 036b7d8b4de8dfd55b1a78e46a556c8c833c3a2d18f266967657347d99d03ad5
Opcode Fuzzy Hash: 44ff9b6c095b2623f4088d39416002bf10e2e31948643b7b9b4a5b83cec8b34c
Instruction Fuzzy Hash: F421E374911258CFDB54DF64C990ADDBBB1FF49300F205299E405AB359DB31AE80CF50

Uniqueness

Uniqueness Score: -1.00%

Function 032C9442 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3c98ba69c5e5cfec0658028cc478f9ff1b018690fd5c7af1f112b0c9a5f46c8
Instruction ID: a3bfce1937ed0d4880ba77f8cd32d74c9ac910fa9daffe3d4325decc35c7dab7
Opcode Fuzzy Hash: e3c98ba69c5e5cfec0658028cc478f9ff1b018690fd5c7af1f112b0c9a5f46c8
Instruction Fuzzy Hash: 44219074911228CFDB64CF68C990ADDBBB1FF48314F219199E809A7355DB31AE80CF50

Uniqueness

Uniqueness Score: -1.00%

Function 031F05CF Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433405745.00000000031F0000.00000040.00000040.sdmp, Offset: 031F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_31f0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f383cdab61c32ad811f098fcc60697c936c15bddb5d8bb735787f07ea004feb
Instruction ID: c622dd7dd046377ef26f1f8bf1b6779c08f8ddb233690e8f04646bfb652df6fa
Opcode Fuzzy Hash: 0f383cdab61c32ad811f098fcc60697c936c15bddb5d8bb735787f07ea004feb
Instruction Fuzzy Hash: AC01D6B65097806FD712CF06EC40862FFB8DF86220708C09FED498B612E225A808CB72

Uniqueness

Uniqueness Score: -1.00%

Function 03272B08 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 425672229c7dde6ef477963b14b15fd894a3b3bd1c9625f84fdf9a9e698b19b2
Instruction ID: c60d71d6d7813005467eedf977e182753c3d60c4a88686c9872ce71adf292639
Opcode Fuzzy Hash: 425672229c7dde6ef477963b14b15fd894a3b3bd1c9625f84fdf9a9e698b19b2
Instruction Fuzzy Hash: 9A016970D15349DFC749EF70E8487ACBBB0EB4A209F1488EAC80897282D7715A84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 032C03E8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12f262335fecd75f447c77485d42f14988a808e534023267acfe0d7de6708fa8
Instruction ID: a2e310aacb4564d37272c5169ea4f232a7faa357be044c176cf8775cfaaefdf1
Opcode Fuzzy Hash: 12f262335fecd75f447c77485d42f14988a808e534023267acfe0d7de6708fa8
Instruction Fuzzy Hash: A1F09030962309DBD718DB709990EAFB377DFDA208F6889A8800123188CE74AF00E694

Uniqueness

Uniqueness Score: -1.00%

Function 032CA7A8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d646902c9b053b08b0ac2b960304a3fc2aa30115a37901e89f9b14c5180a7bc6
Instruction ID: 9099e4fedecaee35e3d57edc7dfe78b688eae0b25e2dca40b0fa2b5e41f3dd2b
Opcode Fuzzy Hash: d646902c9b053b08b0ac2b960304a3fc2aa30115a37901e89f9b14c5180a7bc6
Instruction Fuzzy Hash: 090148B4C1025A9FCB04EFA8C895AADFFB0FB18300F14869AD844E7245D7349A84CF90

Uniqueness

Uniqueness Score: -1.00%

Function 032C6C20 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3184a1d9f5d50a434876219a4c31dfc70403bfe0e81b03fdcbafcc7f6a0c7731
Instruction ID: a2130dddc9760a29e5d98e60d6b353e6dedfd84e862d2c52ceb3e5e290bce6bc
Opcode Fuzzy Hash: 3184a1d9f5d50a434876219a4c31dfc70403bfe0e81b03fdcbafcc7f6a0c7731
Instruction Fuzzy Hash: F501FF74839308EFCB08EFA0D1896ACBBB8FB0A205F14849AC00AE7108D7309B80DB11

Uniqueness

Uniqueness Score: -1.00%

Function 032C1FA9 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86e478d7811611957682339c6a240b1b48448ba0e6b6a922dc5a900f97738ee5
Instruction ID: b44b42e1389619fc78d0f572e9339b63b042c221302fc96094026d54401f5f6a
Opcode Fuzzy Hash: 86e478d7811611957682339c6a240b1b48448ba0e6b6a922dc5a900f97738ee5
Instruction Fuzzy Hash: 7C013C70D003489FDB04EFA9C454AADFBB5FB4A305F14C59AD844A7345D774AA50CF91

Uniqueness

Uniqueness Score: -1.00%

Function 032C0070 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: defa5df2913652863b16c5a43ae9cf40a651a39f3b105097105c28c9ea8775b8
Instruction ID: 58ba0f6c8313175b5fb27c431b940ff55598638b918913a877fbc76c615b44cf
Opcode Fuzzy Hash: defa5df2913652863b16c5a43ae9cf40a651a39f3b105097105c28c9ea8775b8
Instruction Fuzzy Hash: 06F05870D61249DBDB58DAA4C8597AFBAF4AB49710F10582AC010B3280DAB599848BE5

Uniqueness

Uniqueness Score: -1.00%

Function 032CA7B8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 934e69ef2d6cebd49a276b2af7fb1b22fda8385ec99b09d3c014d5386cd84d17
Instruction ID: 1fb0900f2011051dc350de1a0ba57c3090022bb0c99cec7d15b6cb958c157d55
Opcode Fuzzy Hash: 934e69ef2d6cebd49a276b2af7fb1b22fda8385ec99b09d3c014d5386cd84d17
Instruction Fuzzy Hash: 2E01FB74D002599FCB44EFA8C445AAEFBF4BB08300F108255D854A3345D7349A80CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 032C03F8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8689874523b10e71dd3e41eb726735d42ddf856731d648cf936e0b67d14993b3
Instruction ID: d14b6af709f757d1bea921bc24d4e16d079ca3afcf17bed8dbfbb9e638da267a
Opcode Fuzzy Hash: 8689874523b10e71dd3e41eb726735d42ddf856731d648cf936e0b67d14993b3
Instruction Fuzzy Hash: 59F0C034A62308DBD718DB71D590EAFB377DFD9208F5598A8800137694CE759F01E694

Uniqueness

Uniqueness Score: -1.00%

Function 032C0531 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b63dc659ce134bb5c8e7a56b4a33793c473ff01eae5ed413fb4e8f0a33abd7b
Instruction ID: 6b5490fb6328bf4125febb427211478dc81965ba9c215a88c96d0c67c24d649f
Opcode Fuzzy Hash: 9b63dc659ce134bb5c8e7a56b4a33793c473ff01eae5ed413fb4e8f0a33abd7b
Instruction Fuzzy Hash: FDF019B4D10349DFCB04EFA8C580A9DBBB4FB09200F1045D9D810A7385D770EA50DB91

Uniqueness

Uniqueness Score: -1.00%

Function 031F0818 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433405745.00000000031F0000.00000040.00000040.sdmp, Offset: 031F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_31f0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction ID: 92ce47e062df72ebfe533cdb368c20def46fb74f30c50223f9df7052fa47b3c9
Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction Fuzzy Hash: B4F0FB35104644DFC215CB40D940B15FBA6EB8D718F24C6A9E9890B652C3379813DE81

Uniqueness

Uniqueness Score: -1.00%

Function 03273F32 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f53efa1a29c1f529fd0390e864efb622e45ed0a31827180543359e5d0372bd3
Instruction ID: 3bd16251b1461a225eef0d7bbb908cefbf1c22f7b7a468bc2de2a3c9703b0a78
Opcode Fuzzy Hash: 7f53efa1a29c1f529fd0390e864efb622e45ed0a31827180543359e5d0372bd3
Instruction Fuzzy Hash: 8001DCB49122288FEB60DF64CE45BDABBB0BF4A340F1040DAD259AA254C7700AC1CF52

Uniqueness

Uniqueness Score: -1.00%

Function 032C75A1 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cdcb3b3a24539822ab570de53e6cc98f67ae55341a8d9e33ed6288b6a6afdef
Instruction ID: fd641c66504ad90e0bb1722169d540d55d499a143800e9ff52514511335daf1c
Opcode Fuzzy Hash: 1cdcb3b3a24539822ab570de53e6cc98f67ae55341a8d9e33ed6288b6a6afdef
Instruction Fuzzy Hash: 6401F670A143589FDB94DF24C980BADBBB6FF89300F1081AAE009A7255DB706E80CF56

Uniqueness

Uniqueness Score: -1.00%

Function 03272B48 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c5b8816f8729d49b4c80e1dcd5a56748cb98198d7f4350581f6aa998abcf73b
Instruction ID: b4367495a7c929e401a8e7dc081b00184d036ca8f116ed6fa22f7125eb553d76
Opcode Fuzzy Hash: 2c5b8816f8729d49b4c80e1dcd5a56748cb98198d7f4350581f6aa998abcf73b
Instruction Fuzzy Hash: 4FF08C70E043049FC709EF70D8457ACBB70EB4A305F1086A6C804A7255D7745980CF91

Uniqueness

Uniqueness Score: -1.00%

Function 032737FC Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 621112f18709c95c2e4ad81112acf7845605190f18ddf666159f1c5621230e4f
Instruction ID: 46aa4fdc16a85e139222b68494ff1d7da312538e04d0440b90e46d569146049f
Opcode Fuzzy Hash: 621112f18709c95c2e4ad81112acf7845605190f18ddf666159f1c5621230e4f
Instruction Fuzzy Hash: 9501F6B4A9022D8ADB64CF60CC82BD9BBB4BB08700F1041D69319AA280D7706BC5DF84

Uniqueness

Uniqueness Score: -1.00%

Function 032C0450 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e50342fa881a7c5655a6292212d6a6e3f780caae4f575b4e46fc1b4bb8643eb6
Instruction ID: a63892b5bbba210a8dc309d91cee14a9fbfc8ca9cca3ef56983585c0bdcbadac
Opcode Fuzzy Hash: e50342fa881a7c5655a6292212d6a6e3f780caae4f575b4e46fc1b4bb8643eb6
Instruction Fuzzy Hash: 5DF03A70C45348DFCB15EFB4C4049AEBBB1EB0A204F1445A9D400AB245DB749A50CB91

Uniqueness

Uniqueness Score: -1.00%

Function 032C82F9 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d19638530d939890c4df059fc94628ba584f824dcad0e23c0ae38a7d71839b2a
Instruction ID: 49e500b906e302c3b46c765fe78dbb8f4ba6b97bbef52e9fadb69739c66cbaa9
Opcode Fuzzy Hash: d19638530d939890c4df059fc94628ba584f824dcad0e23c0ae38a7d71839b2a
Instruction Fuzzy Hash: 01F05EB0D04359DFDB05EFA8C444AADBBB1FB0A305F4085AED80497345D7359A44DF81

Uniqueness

Uniqueness Score: -1.00%

Function 031F05F6 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433405745.00000000031F0000.00000040.00000040.sdmp, Offset: 031F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_31f0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b665a46e6577ec00d563bca815b2b418ae9b7ceafb7392551dff4387e3edabb
Instruction ID: 18e26c4cdbc503030d840b8497b17c09ddeac9684e31febf0e9c3c51ac56821c
Opcode Fuzzy Hash: 6b665a46e6577ec00d563bca815b2b418ae9b7ceafb7392551dff4387e3edabb
Instruction Fuzzy Hash: 93E092B6A406048BD650DF0BEC81456F7D8EB88630B18C07FDC0D8B700E135F504CEA5

Uniqueness

Uniqueness Score: -1.00%

Function 032C0220 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e476d4a2fe38c1e5ae6ede5e49bc81a48ec6d579f2c55000d509375365bebaa7
Instruction ID: 8215b9ec0d72c660bba1307106bfe098a2c03c58a1c28249d786767a49519db5
Opcode Fuzzy Hash: e476d4a2fe38c1e5ae6ede5e49bc81a48ec6d579f2c55000d509375365bebaa7
Instruction Fuzzy Hash: A0F0ED74C15308DFCF08DFB8D589AACBFB1EB5A301F1082AAC804A3384D7718A84CB42

Uniqueness

Uniqueness Score: -1.00%

Function 032C09D8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c23c1adf8c3a29171ddbe82bb5166fdac98a5a681c074fc944d1f334a5f18849
Instruction ID: be0e412443289797aa55a781f6e83a79be6d98c53f367425f9d18baa29bad0a4
Opcode Fuzzy Hash: c23c1adf8c3a29171ddbe82bb5166fdac98a5a681c074fc944d1f334a5f18849
Instruction Fuzzy Hash: 93E09A70812288DFCB04DFB4C945FEDBB70DB66301F2407AA840467290DAB29E40CA91

Uniqueness

Uniqueness Score: -1.00%

Function 032C0460 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a2728ee0620efe3ced1890c6ddc3ff5a6251ebd6d788f7f74611263bd155d5f
Instruction ID: 35513a4efb32d9aca89becdce3c5ce256fedbc493717947da52f48958f74fc67
Opcode Fuzzy Hash: 3a2728ee0620efe3ced1890c6ddc3ff5a6251ebd6d788f7f74611263bd155d5f
Instruction Fuzzy Hash: DBF0C974D41308DFCB18EFB8D548AAEBBB1FB09305F1059A9D81463344DB759A91CF91

Uniqueness

Uniqueness Score: -1.00%

Function 03272968 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5688ee87b3d2c669c59116aa08961df906cc4d83a825aecadc7a1a82d4058e02
Instruction ID: 80f8a088833da42065d1b74dcc88124190f4160e0f44c33e46da71833ef089c7
Opcode Fuzzy Hash: 5688ee87b3d2c669c59116aa08961df906cc4d83a825aecadc7a1a82d4058e02
Instruction Fuzzy Hash: 38E092B0C09388AFC705DBB4944039DBFF4AB86204F04C4DAD84897241D5344A4ACB51

Uniqueness

Uniqueness Score: -1.00%

Function 032728A1 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21aa5b7f5a8587c100c7205282f54fe65bd2762e3bd041c141243c3a3545ed60
Instruction ID: 3c916da8267f773f18e21c67f916b97f12c5bb493b3eadef45ccf77964661f87
Opcode Fuzzy Hash: 21aa5b7f5a8587c100c7205282f54fe65bd2762e3bd041c141243c3a3545ed60
Instruction Fuzzy Hash: A7F039709163489FCB05DF78D48568CBFB0EF0A200F1642EAC808DB322D6399A48CF21

Uniqueness

Uniqueness Score: -1.00%

Function 03273CEB Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20769904ba360b73a468a5c380d30ed2f3fc784b1410014c6500c2e17ebb90d1
Instruction ID: d5b6405371187714dbfcf3cc9ef57e9309dfc38ebc9a8a8911d897c40e339302
Opcode Fuzzy Hash: 20769904ba360b73a468a5c380d30ed2f3fc784b1410014c6500c2e17ebb90d1
Instruction Fuzzy Hash: 85F0CA75819229CFCB21CF60C988BECBBB1BB09304F0080DAD208AB250C7305E81CF90

Uniqueness

Uniqueness Score: -1.00%

Function 032CC69C Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bf37fd41c6a45289ff9ad926781beccf823b6aade7a400f67692d067c936d0a
Instruction ID: 924e6a0d1d326b9e2525dc076d479892c83e0a8d096b1048b009bd07f56db87b
Opcode Fuzzy Hash: 4bf37fd41c6a45289ff9ad926781beccf823b6aade7a400f67692d067c936d0a
Instruction Fuzzy Hash: 7CF030B4E20319CFDB54DF54D940B99B3BAAF8A300F1184E9828DAB244D7749AC0CF16

Uniqueness

Uniqueness Score: -1.00%

Function 03271658 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61e4d106e0d0ad4bd069ed1fd19b8054219dbcf2521740d231f8c60c47abf5bb
Instruction ID: 330d0b5e0eab83ee929732457ffded3d90ef36c5b382aafa05ffe7566f044873
Opcode Fuzzy Hash: 61e4d106e0d0ad4bd069ed1fd19b8054219dbcf2521740d231f8c60c47abf5bb
Instruction Fuzzy Hash: CCE09A35C48348AFCB05EBB8944238CBFF0AB16204F0440EAC848DA282E6385A84CF81

Uniqueness

Uniqueness Score: -1.00%

Function 03272A88 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd38163e3d60d89d0e2a7ebc24fbd9337e445fe0254f355a0afb4d19a9bc39f2
Instruction ID: ca3976d6508ae657fcb5e308a134155882893e8eaafa1f8884058f1657dd8922
Opcode Fuzzy Hash: dd38163e3d60d89d0e2a7ebc24fbd9337e445fe0254f355a0afb4d19a9bc39f2
Instruction Fuzzy Hash: A3E06D30D153489FCB15DFB8C4416CCBFB0EF45204F0985E9C80897251D6355944CF42

Uniqueness

Uniqueness Score: -1.00%

Function 032C8308 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cbaf9fb40699fbf694037cd3a7a0b4af923c1b8e6c8f83fd156befceec0ae83
Instruction ID: 326393ac1d3e62af6182a7d39b032209dab6060543fee04a0f811eac5faf6048
Opcode Fuzzy Hash: 4cbaf9fb40699fbf694037cd3a7a0b4af923c1b8e6c8f83fd156befceec0ae83
Instruction Fuzzy Hash: 8DE0E5B4D0030DEFCB08EFA8D544AADBBB5FB09301F1086AAD818A3311D7759A90DF91

Uniqueness

Uniqueness Score: -1.00%

Function 03272B58 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45375837bc2a6b6c4de75a3c49488ac2bb1ad3fb418a5cb03a94e206cf29952e
Instruction ID: 1f87fcea379f6cc316da3fe5fc9985fd66ab1d8a0bf6ac8c54c604518b821888
Opcode Fuzzy Hash: 45375837bc2a6b6c4de75a3c49488ac2bb1ad3fb418a5cb03a94e206cf29952e
Instruction Fuzzy Hash: 79E01A70D04309DFC748EFA4E4497ADB7B4EB49309F1085A9C809A3244D7B55980CF94

Uniqueness

Uniqueness Score: -1.00%

Function 032C0230 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f991b5b7cf510fc9eaa1d72af70f5c6a522e0a336a6ba1b87c4d02821cc29cb0
Instruction ID: 9437971f4856001afa439dd8c37385d3ff0d0f44b728a34fea6bf40a6b3b4e2b
Opcode Fuzzy Hash: f991b5b7cf510fc9eaa1d72af70f5c6a522e0a336a6ba1b87c4d02821cc29cb0
Instruction Fuzzy Hash: 44E04F38915308DBCB08EFA4D50559CBBB5EB49305F1081A9D80953344D7719E94DB92

Uniqueness

Uniqueness Score: -1.00%

Function 032C766F Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31b08d8afeea5cea56ada8222741d584737af6c893baad8dd22b4e7e4cbe58d1
Instruction ID: 092c03e1cd2b9cad4764d848e651f9fd2d2b31bfee286b5d74f34d030e6569e1
Opcode Fuzzy Hash: 31b08d8afeea5cea56ada8222741d584737af6c893baad8dd22b4e7e4cbe58d1
Instruction Fuzzy Hash: 74F08C3080A3A99FDFA0CF28CD90B8DBBB0BF46200F2455CED158AB241D6345A84CF12

Uniqueness

Uniqueness Score: -1.00%

Function 032728E0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5881e6d1bd344fcb12252ebf7686b46f989343ba952113fce520c5f7b5e38e7
Instruction ID: 2a6ac2eb0010fb6dbfe8a3cbc834f0e8b36915ec927de2ade02138cf46cf17f9
Opcode Fuzzy Hash: a5881e6d1bd344fcb12252ebf7686b46f989343ba952113fce520c5f7b5e38e7
Instruction Fuzzy Hash: 2CE04F708153499FC751EBB4D886388BFB0EB06200F154696C808D7211E5344688CF62

Uniqueness

Uniqueness Score: -1.00%

Function 03273EAB Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7ecce071a958689c0ce284d6d8c90c058e9d49afcc44624e8e2f75fb4ffeb65
Instruction ID: 0227febf7534d77828373080f0ffe4957c31f6c114133a2f590454da0da76458
Opcode Fuzzy Hash: c7ecce071a958689c0ce284d6d8c90c058e9d49afcc44624e8e2f75fb4ffeb65
Instruction Fuzzy Hash: 94F062B99152299FDB64CF24C9847EABBB0FB05340F4080DA814967244DB741FC0EF41

Uniqueness

Uniqueness Score: -1.00%

Function 032CD193 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dcac1188cd65d198a78f3a11469c21a99bd9883ae1501ca683d0c6ffa679694
Instruction ID: 739fe0aaff88db3d6d05252f489c180f1eed62ad5b842bed0f1c679d18410221
Opcode Fuzzy Hash: 8dcac1188cd65d198a78f3a11469c21a99bd9883ae1501ca683d0c6ffa679694
Instruction Fuzzy Hash: EAE0C2748243159BCB80DE1084403E972BAEB96300F2091ACC04FBB210CF318D86CF12

Uniqueness

Uniqueness Score: -1.00%

Function 032C09E8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92586ebd09a5e01b0fe7939f89687fe1288c74ac1c7978991a0ce9dfc271c1a1
Instruction ID: 5aa9ff6b146029c8cb640ae82520bcd70ac7de15d3b9079edf7842997f6f777e
Opcode Fuzzy Hash: 92586ebd09a5e01b0fe7939f89687fe1288c74ac1c7978991a0ce9dfc271c1a1
Instruction Fuzzy Hash: 55E01230941248DFDB04EBA4C945BAEB7B49B45705F2415E8C40427390DBB15E50DA95

Uniqueness

Uniqueness Score: -1.00%

Function 03273D60 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a03cb7f9016bf5b5bd48ac17cbaafb27114f96a1b082606c6387430ddd5b2e0c
Instruction ID: f47e2d753484e3188d93d00aeec15d0bcdc8cd1b05932233bc2b22ac18cb12b8
Opcode Fuzzy Hash: a03cb7f9016bf5b5bd48ac17cbaafb27114f96a1b082606c6387430ddd5b2e0c
Instruction Fuzzy Hash: 97F0F2349012298BEB64DF10CD88BA9BBB2FB58300F0046C8E60DA7260C6319EC0CF00

Uniqueness

Uniqueness Score: -1.00%

Function 03273352 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9480b28f17511549525c73968a2510ec3ebf5ee1480fe1330cead4075192f97
Instruction ID: b4e0f83dad05d4c731cc5dbf272784e8452b771a11ca266a49ce1d4be7048c25
Opcode Fuzzy Hash: c9480b28f17511549525c73968a2510ec3ebf5ee1480fe1330cead4075192f97
Instruction Fuzzy Hash: C9F0AE75C052288FCF60DF60CA44BDDBBB5BB08300F1081DA9109A7260DB701F90DF41

Uniqueness

Uniqueness Score: -1.00%

Function 032733AD Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daaee1ff50c45431a72c850899a1690f463147785d74c780e1ce11d8697994c2
Instruction ID: 1a1612769c07fa7d243effbb9446553d9c8ae41f2ea65d8bae770518fde346e8
Opcode Fuzzy Hash: daaee1ff50c45431a72c850899a1690f463147785d74c780e1ce11d8697994c2
Instruction Fuzzy Hash: 94E0ED7595421D9FCB24DFA0CA40BEDB7B4AB45305F1081E5D114A7194D2749F84DF51

Uniqueness

Uniqueness Score: -1.00%

Function 03271379 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c88206b545f1c2a4d1fd9df4515babf063219f3f69b80db256f6063ed3bdb8d
Instruction ID: 81f16c286c1d87a03f5559a742f16264324925aa6da8648366435519b17b0267
Opcode Fuzzy Hash: 0c88206b545f1c2a4d1fd9df4515babf063219f3f69b80db256f6063ed3bdb8d
Instruction Fuzzy Hash: 52F0C9749162288FCB54DF74D99478DBBF1FB49314F1081AAE90DA2345DB705E828F10

Uniqueness

Uniqueness Score: -1.00%

Function 032CE9C8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92ed5abee0e416718ee3b1e1960073442cfabe5c820941ec82824eca01751fe8
Instruction ID: 5dbbd7f10d58a20ae5eaa5115476f8ff3ae6a58aa7e6c9fa25c57f055006f257
Opcode Fuzzy Hash: 92ed5abee0e416718ee3b1e1960073442cfabe5c820941ec82824eca01751fe8
Instruction Fuzzy Hash: 69E0E274E1034CEFCB84EFA9D14979CBBF4EB08205F1081AAD808D3350E635AA84CF82

Uniqueness

Uniqueness Score: -1.00%

Function 032C00ED Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3892446b44e5269c434693ada3f8db752c1ba8a65ba492144c45835c7ec635d0
Instruction ID: 351257103eecdd01750074b3b35b0ecbd324eaf98fe8e28d7636305429ee8f2b
Opcode Fuzzy Hash: 3892446b44e5269c434693ada3f8db752c1ba8a65ba492144c45835c7ec635d0
Instruction Fuzzy Hash: F8D01735D11209CBCB00DFA8E0446ECF775FB89329F10842AC514B3200C73184888F90

Uniqueness

Uniqueness Score: -1.00%

Function 0327333C Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 833df528e0b42888d9fdad8a25c65942594a4c162abc08d8b2dc2f9a66742447
Instruction ID: 2f25b21c5b3dbabd92799853a3bb476e96d4bf56a8fa8d6f437800555d8e55bc
Opcode Fuzzy Hash: 833df528e0b42888d9fdad8a25c65942594a4c162abc08d8b2dc2f9a66742447
Instruction Fuzzy Hash: FCE04F74C16218CFCB30DF21CA06BCABBB0BB50300F0080DA95096B154C7B00B84CFC2

Uniqueness

Uniqueness Score: -1.00%

Function 0327406A Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e678c6c89d8d9b5ed149e8702c6a06bab42c24801358defe89b9a8fafeda7d85
Instruction ID: d749624a95b493fd0cd581a1de28bd1b36bdd0f69246452f06518e170cc21216
Opcode Fuzzy Hash: e678c6c89d8d9b5ed149e8702c6a06bab42c24801358defe89b9a8fafeda7d85
Instruction Fuzzy Hash: D2E05A758063688FDB64DF20CA88BDCBBB1AB54744F1040DA8149AB295CB755FC5CF91

Uniqueness

Uniqueness Score: -1.00%

Function 03271668 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5a42a94608ca878b9725044f102dd4add0a70a777c140678230e70145d8dc23
Instruction ID: 8d4210bc49306e63feadec61e706b2d91000ec7db8a65193c1d6eb3ff981b583
Opcode Fuzzy Hash: b5a42a94608ca878b9725044f102dd4add0a70a777c140678230e70145d8dc23
Instruction Fuzzy Hash: A5D01770D0020CAFCB54EFA9D44539CBBF4AB04600F1080AA880893280E634AA94CF81

Uniqueness

Uniqueness Score: -1.00%

Function 03271CE0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cafb94d55c27a5366fb25e05029f70ab592f53bc78df7683eddad2624c0fc30
Instruction ID: 68fb9bc5eccccb7102be5a056c6365c9dbaf80f8066647b2eecc52faf807d2d8
Opcode Fuzzy Hash: 7cafb94d55c27a5366fb25e05029f70ab592f53bc78df7683eddad2624c0fc30
Instruction Fuzzy Hash: 0AD01774D1430CAFCB54EBB9A4053ACBBF8AB04200F1085EAC84892280E6389694CF91

Uniqueness

Uniqueness Score: -1.00%

Function 032C8B06 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b93170c1f78fead1ae3d4e9515c74f6d0318ac142818dee7295c34a3805d042
Instruction ID: 5ee892c02a91cfe728a1c7541772f90d9fd5e9fb9b26eb1512de7ae25180dcde
Opcode Fuzzy Hash: 5b93170c1f78fead1ae3d4e9515c74f6d0318ac142818dee7295c34a3805d042
Instruction Fuzzy Hash: E0E07E75512354CFC758DF20D5A89987BB2FF49306F5005D8E40A9B366CB76DAC0CE00

Uniqueness

Uniqueness Score: -1.00%

Function 01AD23F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.432696176.0000000001AD2000.00000040.00000001.sdmp, Offset: 01AD2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ad2000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c01d9580bcc6738a3c6d10f988f4a7be9e50879b3f91ccdf6483ed307f979984
Instruction ID: eff24fd64bd24c88c9e3742324ed08161dcdbd72c3b9de4ac91233e1bbc94358
Opcode Fuzzy Hash: c01d9580bcc6738a3c6d10f988f4a7be9e50879b3f91ccdf6483ed307f979984
Instruction Fuzzy Hash: 6CD05EB9255A818FE3278B1CC1A8B953FA4AB51B04F4644FEEC008B663C368D981D200

Uniqueness

Uniqueness Score: -1.00%

Function 032CDD2F Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0a21dce01562522d11defd3f702812f993ec99a1b270f4591e4a1e2b510a415
Instruction ID: b6aeeb200311783bc5a3b8cef45ae79532b53fb47570e9576ad4eda75d7bd890
Opcode Fuzzy Hash: d0a21dce01562522d11defd3f702812f993ec99a1b270f4591e4a1e2b510a415
Instruction Fuzzy Hash: 57D01774C14329DFCB44CFA4C980BAEB7B9AF05300F1065998059BA294DB749A80CF19

Uniqueness

Uniqueness Score: -1.00%

Function 032CC853 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a5ec464786238af5d99d7f6d677c4c3900b463da510dbdc0c9bbc3ee9d63081
Instruction ID: 5093697208a7606055045f6e15e89cc2a4258d6483b124538f006ff0d1d1d8ca
Opcode Fuzzy Hash: 1a5ec464786238af5d99d7f6d677c4c3900b463da510dbdc0c9bbc3ee9d63081
Instruction Fuzzy Hash: 7ED017B4D102189BCB40DFD4C881BADB3B8EB09300F0080598518BB248C7345A49CF19

Uniqueness

Uniqueness Score: -1.00%

Function 032C00CD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 547d57813cd0d996746ec5974f7bad41558ef0aaf7589f361843e477d2007787
Instruction ID: bdb67db7b4d7b778dfb9f262a35abedbf5ea6e003c826874eca27b91d8bc7584
Opcode Fuzzy Hash: 547d57813cd0d996746ec5974f7bad41558ef0aaf7589f361843e477d2007787
Instruction Fuzzy Hash: FBD0C936E01208CF8B149FA8E0404DCF776FB8E329B10906AC514B3300CB319855CF60

Uniqueness

Uniqueness Score: -1.00%

Function 0327349F Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46faa71ddea53ad8ef0ca5a3398a8aef34ac25347064ab121241810a9dff1645
Instruction ID: db3c21d324e5fa166db91d0dccdd5e90d43ac51490f9f3eb0753b71db3962b87
Opcode Fuzzy Hash: 46faa71ddea53ad8ef0ca5a3398a8aef34ac25347064ab121241810a9dff1645
Instruction Fuzzy Hash: 76E046B4D862198BDB24CB60CA50BCDBBB1AB08700F0090D98618AB290D2719E808F00

Uniqueness

Uniqueness Score: -1.00%

Function 01AD23BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.432696176.0000000001AD2000.00000040.00000001.sdmp, Offset: 01AD2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_1ad2000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 897e59ef924b815bfb63f9a9ee41256e0d73c47540c627ed83372341b93c2924
Instruction ID: 91580b0b87d077602a9264b99f85400ab8fe500b57e1fbfc2759eb88fb6c80e7
Opcode Fuzzy Hash: 897e59ef924b815bfb63f9a9ee41256e0d73c47540c627ed83372341b93c2924
Instruction Fuzzy Hash: D7D05E342006818BE715DB0CC594F593BD4AB81B00F0645E9AD018B662C7A4D881C600

Uniqueness

Uniqueness Score: -1.00%

Function 032CD1C7 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e132c8fbdfc7b180009a2fcdba6f480436815aafdbb323097174a40884f49617
Instruction ID: 38f2beaf424e094ed1664e387b53789c74c5165715881ed0ede2d462dcd912d4
Opcode Fuzzy Hash: e132c8fbdfc7b180009a2fcdba6f480436815aafdbb323097174a40884f49617
Instruction Fuzzy Hash: 31D0C7758153199BCB80CF54C5846DD77B5EF55300F209265805EBB150CE349A45CF01

Uniqueness

Uniqueness Score: -1.00%

Function 03271164 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2200766187f4dcbbd6dda98f1c63fa48fb3c034aea5b48628a77487448d3e01
Instruction ID: ea5e6fe59e28e54d0d48a2d87b9a4779f516b2f650a8d472b0a1f28635a95c8f
Opcode Fuzzy Hash: e2200766187f4dcbbd6dda98f1c63fa48fb3c034aea5b48628a77487448d3e01
Instruction Fuzzy Hash: 0ED0A9B087D24AEE8F01CB90D8C00ACBFB2FF88240F246851E0429F242D2F0A884CB10

Uniqueness

Uniqueness Score: -1.00%

Function 032C913C Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e83ec8ebf9aad493f84c6bf72ce3854c99692cead9098193a49ef561290825b
Instruction ID: 0475135325d960d9a712af7710577b61d5ba5e3ddb7ceb65a502a06488892ab2
Opcode Fuzzy Hash: 3e83ec8ebf9aad493f84c6bf72ce3854c99692cead9098193a49ef561290825b
Instruction Fuzzy Hash: EAD06774910398CFCB15CF50C9449ADBBB1FB49316F104199D80567314C771AE81CF41

Uniqueness

Uniqueness Score: -1.00%

Function 032CD7EB Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a663ed82fa8b4d378e25fde715ecf64e2b06890befdff0a84654b8df2bea73
Instruction ID: acff07676486886bc5af12a32371f1eb1a6dd41f5a2215af8fd76c1cbf62d674
Opcode Fuzzy Hash: c6a663ed82fa8b4d378e25fde715ecf64e2b06890befdff0a84654b8df2bea73
Instruction Fuzzy Hash: 69D0C974C18228CBDB54CFA0C840BAEF379AF09300F1091998069B7242C7745981CF59

Uniqueness

Uniqueness Score: -1.00%

Function 032CCE5B Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27f407abce5095c5149513f372870d39c9a48280a838dcad442286825aab0063
Instruction ID: fffd1db3f2d2d48482aa94d46e4bd75cefd7cc7f61bfb56b060ce3acd49fd95a
Opcode Fuzzy Hash: 27f407abce5095c5149513f372870d39c9a48280a838dcad442286825aab0063
Instruction Fuzzy Hash: C2C01278C142188BCB50CF50C4417AEB7B9EB59300F1091958088B7240D7704A81CF19

Uniqueness

Uniqueness Score: -1.00%

Function 0327370D Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5568b22d174eca4a1696bc77cdc35ba229b28779bff04f9c84dc33a3416d3b9d
Instruction ID: 819890db5abcf072cd1dc43ddc500bb9541eb3b90461dfff2b6ff071c7c516bc
Opcode Fuzzy Hash: 5568b22d174eca4a1696bc77cdc35ba229b28779bff04f9c84dc33a3416d3b9d
Instruction Fuzzy Hash: 00D0C9798207288FDB24DF20C9447ECBA70BB11324F0087DA8165BA1D1D7700AC1CF00

Uniqueness

Uniqueness Score: -1.00%

Function 032CDBFB Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433621356.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_32c0000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5ee53168fce1b9f980349379813fffeda3ba264ec5433cb2bd2aacf25f20ba8
Instruction ID: 8c399c325dac9e90729e71dff563dad4f1fd99f9c960660f001701a4e31862bf
Opcode Fuzzy Hash: d5ee53168fce1b9f980349379813fffeda3ba264ec5433cb2bd2aacf25f20ba8
Instruction Fuzzy Hash: D6C04CB49143148BDB54DF609850BA9B6B9EB5A300F209299854DBB240D7715981CF19

Uniqueness

Uniqueness Score: -1.00%

Function 032711C0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6fef3a03be637f7c1ac0fe8054d4415f45d0a5d01851d4ab057ff73ba157fca
Instruction ID: fae84b5df5d483889f52b5fedcbdaabaae16bbc796daaac371195e6238fd878f
Opcode Fuzzy Hash: e6fef3a03be637f7c1ac0fe8054d4415f45d0a5d01851d4ab057ff73ba157fca
Instruction Fuzzy Hash: 2BC01270429688DA8744DF50E5C040C7776F7893157206516602196594C7705480CA20

Uniqueness

Uniqueness Score: -1.00%

Function 032711FE Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.433543697.0000000003270000.00000040.00000001.sdmp, Offset: 03270000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3270000_yAbf8Z3qA5.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1064b7e7a0c890f197e0bdada11b46d5190e562812b43645d771695d57cbdbd8
Instruction ID: 100b6cdc44741472d2906071ea92876b8b39b95b4ebfc2d276006c0e68b402e9
Opcode Fuzzy Hash: 1064b7e7a0c890f197e0bdada11b46d5190e562812b43645d771695d57cbdbd8
Instruction Fuzzy Hash: 17C048389142099FCB08EF50ED949AABB31FB9A215F209056D546632548BB46C848E86

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: dhcpmon.exePID: 4724, Parent PID: 936COMMON

Execution Graph

Execution Coverage:	19.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	154
Total number of Limit Nodes:	10

Executed Functions

Function 01724B66 Relevance: 8.0, Strings: 6, Instructions: 545
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

</kr, xrefs: 01724BB5
</kr, xrefs: 01724D58
</kr, xrefs: 01724EAA
</kr, xrefs: 01724D4B
,:kr, xrefs: 01724EB6
</kr, xrefs: 01724D66

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID: ,:kr$</kr$</kr$</kr$</kr$</kr
API String ID: 0-802114320
Opcode ID: 561bc869a7a2df2ab5901038dcbc11edec414fa9657c03c021885d6c47bfcf72
Instruction ID: 456f15b01c73557271979f04b25da4b5c39e1b9938a0f5cc0167c55233141191
Opcode Fuzzy Hash: 561bc869a7a2df2ab5901038dcbc11edec414fa9657c03c021885d6c47bfcf72
Instruction Fuzzy Hash: DB12F330A04664CFDB15CF68CC44AADFBB5FF89314F1885AAE616EB291D734C942CB52

Uniqueness

Uniqueness Score: -1.00%

Function 017240F2 Relevance: 5.7, Strings: 4, Instructions: 680COMMON

Download Yara Rule

Strings

:@Dr, xrefs: 01724509
:@Dr, xrefs: 017243F7
ID, xrefs: 0172415B
:@Dr, xrefs: 0172482D

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID: ID$:@Dr$:@Dr$:@Dr
API String ID: 0-1457155814
Opcode ID: d7f20c8ead3bcc201242ff794cb578a119b7a6bc83e4f4dfe2743838fd789283
Instruction ID: 3f699e1eb72b53f48dc8210967f5f57c342264283dca2dd1e38d2767c135029d
Opcode Fuzzy Hash: d7f20c8ead3bcc201242ff794cb578a119b7a6bc83e4f4dfe2743838fd789283
Instruction Fuzzy Hash: 5442BD30A04265CFCB14DF6CC840AA9FBF2FF85310F2585AAE5879B256D7749C42CB96

Uniqueness

Uniqueness Score: -1.00%

Function 0172B9D8 Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

f]Ir, xrefs: 0172BA5B

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID: f]Ir
API String ID: 0-3302829692
Opcode ID: 0f8737146969a2392a11a03f438523d1d76f38d5cf6dfdc0a7fbf3fe73a373c7
Instruction ID: cd84cd378a0f8e4ac37f81c6549194a1d79a3a43d6f358a34e9f8e569c7bf6fd
Opcode Fuzzy Hash: 0f8737146969a2392a11a03f438523d1d76f38d5cf6dfdc0a7fbf3fe73a373c7
Instruction Fuzzy Hash: 2331E871E016188FEB18CF6AD84469EFBB3AFC9310F14C0BAD848A7255D7345A468F51

Uniqueness

Uniqueness Score: -1.00%

Function 01728840 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

CR~, xrefs: 017288FF

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID: CR~
API String ID: 0-623761677
Opcode ID: 75845f7967d63e99b66ec4ddf9d7b1738abff60386e2d38aad4b77d0e732144a
Instruction ID: ccca515a639d0c1fc266729bc045f02a78064db3c711adad4b1f317978f9a87d
Opcode Fuzzy Hash: 75845f7967d63e99b66ec4ddf9d7b1738abff60386e2d38aad4b77d0e732144a
Instruction Fuzzy Hash: D13139B1E006188BDB18CFABD8447CEFBF6AFC9300F14C06AD508AA258DB740946CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0172771D Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 227e20c5607376bff3b41befd9c374fcc5c28443a18a34818aae37c227301117
Instruction ID: c83d796b0f0c006b7176fdf5eb9a0e7c4d95e0a06a90bf8a03cf7307f32b21f6
Opcode Fuzzy Hash: 227e20c5607376bff3b41befd9c374fcc5c28443a18a34818aae37c227301117
Instruction Fuzzy Hash: 98B19A74D052699FCB09CFA9CA806ADFFB2FFA9310F1480AAD111AB351D7749A02CF55

Uniqueness

Uniqueness Score: -1.00%

Function 017296EC Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab1ffef2675a3270da8aead42655767a5234731ad0963926e1fa3230ca2cea90
Instruction ID: e2bb9df0ba81dd8b31fe54a30a48800da622e92f82cf8e00c3d80459100b69e4
Opcode Fuzzy Hash: ab1ffef2675a3270da8aead42655767a5234731ad0963926e1fa3230ca2cea90
Instruction Fuzzy Hash: 8CC12774D1522ADFCB04CFA5C5858AEFBB5FF49314F28959AC611AB305D730AA82CF90

Uniqueness

Uniqueness Score: -1.00%

Function 01729700 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2de55dc6174b574576e4e1f7a2fe0d96e2061ce9e4cce0fc4af98473089f2e5
Instruction ID: 920e909b6794c4d4913aff5948c6ae319f6e59d6028875d26570a9aadaa51a71
Opcode Fuzzy Hash: c2de55dc6174b574576e4e1f7a2fe0d96e2061ce9e4cce0fc4af98473089f2e5
Instruction Fuzzy Hash: 84C139B4D1522ADFCB04CFA5C5818AEFBB5FF48314F289599C611AB305D730AA82CF90

Uniqueness

Uniqueness Score: -1.00%

Function 01727740 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7967280ff88a22bc410d8611d30554b4470d884d6c535d8816f3b03ad5be53a8
Instruction ID: e8c9c7bfe32606b1c5bc6fbe1328f64ae020a26d9d58b0e71cc9bfcdff3861a7
Opcode Fuzzy Hash: 7967280ff88a22bc410d8611d30554b4470d884d6c535d8816f3b03ad5be53a8
Instruction Fuzzy Hash: 4EA15A70D00229DFCB08CFA9C6846ADFBB2FFA9310F14806AD511AB365E7349A42CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0172EC6D Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 131382ff9c088132c2fc37e838d52a09f08caa7bcfb5c956c61f6853b3d861f2
Instruction ID: d5aca893229edcd67f35b39b71803d24251df843ca80057397c32f50a3eb3c38
Opcode Fuzzy Hash: 131382ff9c088132c2fc37e838d52a09f08caa7bcfb5c956c61f6853b3d861f2
Instruction Fuzzy Hash: B6816970901289DFCB04DFA8E58499CBBF9FB48319F1494AAD106DF615DB70AE82CF20

Uniqueness

Uniqueness Score: -1.00%

Function 017277E8 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 631ed0e9aae873b0c1254ddfa29a013a6d2e91503fc3cabddf9ac82ebcd060f6
Instruction ID: 8879a5dfe60bd978188ffadf327bb728fcb1dd5648404073a43abd1c0afa1598
Opcode Fuzzy Hash: 631ed0e9aae873b0c1254ddfa29a013a6d2e91503fc3cabddf9ac82ebcd060f6
Instruction Fuzzy Hash: EE81B074E04219DFDB08CFEAC584AAEFBB2FF89300F10816AD515AB254DB749A42CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01727F30 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f76115a3d035bb08c82d9939595aa374c6b876155c3e520aa4236ffc504ff566
Instruction ID: 1061f3c92e3d26e7d2e465e32deeceb2867ed29174f1df5f369e446727bdfce1
Opcode Fuzzy Hash: f76115a3d035bb08c82d9939595aa374c6b876155c3e520aa4236ffc504ff566
Instruction Fuzzy Hash: 36512871D09219CFDB08CFA6C540AAEFBF2EF89300F14D06AD515A7255D7349A42CF95

Uniqueness

Uniqueness Score: -1.00%

Function 01723DF8 Relevance: 3.9, Strings: 3, Instructions: 133
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

X$kr, xrefs: 01723EF0
X1kr, xrefs: 01723F86
X$kr, xrefs: 01723EE4

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID: X$kr$X$kr$X1kr
API String ID: 0-1403565524
Opcode ID: 39007aa2bd396bd3be256207703a8a75a3c28f3fe4f04335763449f761a8fb05
Instruction ID: ee811a03d15f34091801a7e22b7d6cae7cbedb7dd9c0c1c004655d6997bcd8f8
Opcode Fuzzy Hash: 39007aa2bd396bd3be256207703a8a75a3c28f3fe4f04335763449f761a8fb05
Instruction Fuzzy Hash: 31417170B002158BDB54DBACD855BAEBAF6FFCC700F108069E606EB7C5DA748C018B51

Uniqueness

Uniqueness Score: -1.00%

Function 017205A8 Relevance: 2.7, Strings: 2, Instructions: 201
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

`5kr, xrefs: 0172072D
:@Dr, xrefs: 017206D4

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID: :@Dr$`5kr
API String ID: 0-2548079215
Opcode ID: aab408ec226aef0e9d7da7daaf0082f8ddb4c7d82882637df65f070a537f7c0a
Instruction ID: 3e0c60f1e65c6650124c3511f45c326e98f01d533cc2956da770acac578fd38a
Opcode Fuzzy Hash: aab408ec226aef0e9d7da7daaf0082f8ddb4c7d82882637df65f070a537f7c0a
Instruction Fuzzy Hash: AC91D374E01218CFEB54CFA9C894BADFBB1BF89314F1050A9E509AB3A1DB715945CF60

Uniqueness

Uniqueness Score: -1.00%

Function 01723DEA Relevance: 2.6, Strings: 2, Instructions: 136
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

X1kr, xrefs: 01723F86
X$kr, xrefs: 01723EE4

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID: X$kr$X1kr
API String ID: 0-3132599531
Opcode ID: 462b2f260bbc3022a3e27b5fb64a58e5f1d8fd225b26a15f0b2b897c8224f101
Instruction ID: 8678ac40a401ada83b929cb0c3da82ab9fe91e55bc714ae86158e598f501a94f
Opcode Fuzzy Hash: 462b2f260bbc3022a3e27b5fb64a58e5f1d8fd225b26a15f0b2b897c8224f101
Instruction Fuzzy Hash: 2B516270B00255CFDB54DB68D855AAEBAF2FFC8701F10806AD605EB3D5EA788D41CB51

Uniqueness

Uniqueness Score: -1.00%

Function 01721F50 Relevance: 2.5, Strings: 2, Instructions: 30
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

X$kr, xrefs: 01721F76
X$kr, xrefs: 01721F86

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID: X$kr$X$kr
API String ID: 0-2690305392
Opcode ID: 3135715b6602cf59fc25a4bf10fc4b39f3cabf5b43f21c5eeef235c93a940d1b
Instruction ID: 93712db7ce92d3494ef09fda72c19789f4096d11610b2f916de12e1df2994b8f
Opcode Fuzzy Hash: 3135715b6602cf59fc25a4bf10fc4b39f3cabf5b43f21c5eeef235c93a940d1b
Instruction Fuzzy Hash: 48F05E30E05258EFDB08DFA9D284ABDFBB6FB95301F6085A8D51567284DB305F42DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 01720599 Relevance: 1.4, Strings: 1, Instructions: 178COMMON

Download Yara Rule

Strings

:@Dr, xrefs: 017206D4

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID: :@Dr
API String ID: 0-3830894600
Opcode ID: 4e5bc6931d09c53d917fe40d29f67703e82fab7b93fe6a399ce4b3c0da6360ea
Instruction ID: 599f04b039791e007d47baae2a581822e0503bd8670c9c31942f05d329c3ec1b
Opcode Fuzzy Hash: 4e5bc6931d09c53d917fe40d29f67703e82fab7b93fe6a399ce4b3c0da6360ea
Instruction Fuzzy Hash: 5A71E774E01228CFEB54CFA9C894BADBBF1BF48314F1081A9E509AB361DB715985CF60

Uniqueness

Uniqueness Score: -1.00%

Function 01722010 Relevance: 1.3, Strings: 1, Instructions: 76COMMON

Download Yara Rule

Strings

X1kr, xrefs: 017220D4

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID: X1kr
API String ID: 0-844551562
Opcode ID: a54303a56298a34eebfea417e79e53ebb652f12092639f809483d12ccdeb284b
Instruction ID: c3636dc7d977366077edbdaac52609cb38660766dffb3f651ab6a2f087a0b9d1
Opcode Fuzzy Hash: a54303a56298a34eebfea417e79e53ebb652f12092639f809483d12ccdeb284b
Instruction Fuzzy Hash: F231A274E01209DFDB54DFA9D5809AEBBF2FF88300F20816AD805A7354EB359A41CF55

Uniqueness

Uniqueness Score: -1.00%

Function 01722020 Relevance: 1.3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

X1kr, xrefs: 017220D4

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID: X1kr
API String ID: 0-844551562
Opcode ID: ef828add82dcf6921e9177c28c8368af01e84f7ab5b3040cde4d3c1b57a77e92
Instruction ID: 787dc57e4476ad6c43145e03f21e2290b17383cd1e3be990f11b3f1e2a232a39
Opcode Fuzzy Hash: ef828add82dcf6921e9177c28c8368af01e84f7ab5b3040cde4d3c1b57a77e92
Instruction Fuzzy Hash: 8C318FB4E012099FDB08DFA9D5809AEFBF2EF88300F20816AD904A7354EB359A41CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01721F40 Relevance: 1.3, Strings: 1, Instructions: 30COMMON

Download Yara Rule

Strings

X$kr, xrefs: 01721F76

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID: X$kr
API String ID: 0-683389969
Opcode ID: b7b615e824fa524721cac52b4a3e12a6074a23eed05193f717f384a07ad85d6a
Instruction ID: 650cc01f290431c30007101093c49fbc707053cc88be0c46632691336a9ef8a2
Opcode Fuzzy Hash: b7b615e824fa524721cac52b4a3e12a6074a23eed05193f717f384a07ad85d6a
Instruction Fuzzy Hash: EAF0BE70C0A394DFDB09DBA8C681AADBBB1FB12301F5040E5D000A71A1E3385E82DB92

Uniqueness

Uniqueness Score: -1.00%

Function 017276E8 Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

f]Ir, xrefs: 0172767C

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID: f]Ir
API String ID: 0-3302829692
Opcode ID: f1084d8e8c361d6e89089bf3d63ea574f66ab83601a5d5c03365c557f84462ca
Instruction ID: ded1d6bea5474d963ce9c8ccfa71527ae9b83dd8dd19812900a00f15584301a3
Opcode Fuzzy Hash: f1084d8e8c361d6e89089bf3d63ea574f66ab83601a5d5c03365c557f84462ca
Instruction Fuzzy Hash: 7FF06274C062699FDBA5CF68DD80A9EF7B1FF62210F2055DAD405A7240E6345A81CF11

Uniqueness

Uniqueness Score: -1.00%

Function 017268E3 Relevance: 1.3, Strings: 1, Instructions: 20COMMON

Download Yara Rule

Strings

X$kr, xrefs: 01726A0F

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID: X$kr
API String ID: 0-683389969
Opcode ID: e2bb0c24935d38ea0f806f854c82ce11364e990698c7c6138554efd885457b46
Instruction ID: 9ba860ca7139aef017317d9b37b9aad1e85f2b34af21221abfee05bc1edb385c
Opcode Fuzzy Hash: e2bb0c24935d38ea0f806f854c82ce11364e990698c7c6138554efd885457b46
Instruction Fuzzy Hash: 73E04FF0810191CBCB009F65C8815B97B71EB16301F188093EC559E156D634C94BDB62

Uniqueness

Uniqueness Score: -1.00%

Function 01720A30 Relevance: .9, Instructions: 870COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c130717f2f646e2f36de77c590368b39e28d6e814836ee199d2185306e6a5e13
Instruction ID: 020968d776b1c746463c741135e817a08710abe84d1dcc07b833294faaf2c7d4
Opcode Fuzzy Hash: c130717f2f646e2f36de77c590368b39e28d6e814836ee199d2185306e6a5e13
Instruction Fuzzy Hash: 0F929034A41218CFDB64DB64C894BE9B7B2FF8A301F5540E9D50AAB361CB31AE85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01720A1F Relevance: .9, Instructions: 863COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 481c241896759cb6a79b7b203fbb9dcb29dd71942dd99f68fbf79f1accaa1a3a
Instruction ID: 2e8cf3563c6a6ed9bd53415c6fec8fb55f47127cb64edb25347f48acc503d269
Opcode Fuzzy Hash: 481c241896759cb6a79b7b203fbb9dcb29dd71942dd99f68fbf79f1accaa1a3a
Instruction Fuzzy Hash: 3392A074A41218CFDB64DB64C894BE9B7B2FF8A301F5540E9D50AAB361CB31AE85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 0172211A Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11c812c312a915c02225721c751c70134e93b67a42df0f03fb55ae7405625b30
Instruction ID: 86b75b9bb2c9270d627047ac5a81427b2831252ccad006eccb09880b840877d0
Opcode Fuzzy Hash: 11c812c312a915c02225721c751c70134e93b67a42df0f03fb55ae7405625b30
Instruction Fuzzy Hash: D4026074E01229CFDB24DF64D984BADBBB6FF88304F5081A9DA0967294EB705E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01722120 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e25cf5d3eac1a43273e217e8705b1571a39925d5bacf5434c965938a70ec1138
Instruction ID: 37a64ca01d99cf73c2693a52fb5e21a874a961a99ae5b48db5ebdc77f35a1774
Opcode Fuzzy Hash: e25cf5d3eac1a43273e217e8705b1571a39925d5bacf5434c965938a70ec1138
Instruction Fuzzy Hash: 3C026074E01229CFDB24DF64D984BADBBB6FF88304F508199DA0967294EB705E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0172EE20 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e66c2f49d2b938ef6ae883afdaa6476c15eab1583dd484f9076e52f15a4bee02
Instruction ID: e2f0f723ed60a98cd2177cc374c9404c7569ecd82e4080e07df0eaef635a9c9c
Opcode Fuzzy Hash: e66c2f49d2b938ef6ae883afdaa6476c15eab1583dd484f9076e52f15a4bee02
Instruction Fuzzy Hash: 54716870901289DFCB04DFA8E58499CBBF9FF48315F1595AAE5069F215DB70AE82CF20

Uniqueness

Uniqueness Score: -1.00%

Function 01720270 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae888b84b2795bc3a12c497a859856850db3c7706184efdb44eac83eebc3afce
Instruction ID: 2aeb10bedbfb97aca5bebe036f40860210a290d5b1d55527abe70ab06814213c
Opcode Fuzzy Hash: ae888b84b2795bc3a12c497a859856850db3c7706184efdb44eac83eebc3afce
Instruction Fuzzy Hash: C1517CB8A04628DFDB10DFA8C484B9DBBF1FB4D310F105499EA02AB3A1D775A941DF61

Uniqueness

Uniqueness Score: -1.00%

Function 01721D60 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2293def69e5e337aa6370a6de32d5b57a3552c253634f450f338cfaf3d215455
Instruction ID: 542ebe8a44b43b891bf5a9586f8106ed6f43051cbd8373f8a008e943731744f2
Opcode Fuzzy Hash: 2293def69e5e337aa6370a6de32d5b57a3552c253634f450f338cfaf3d215455
Instruction Fuzzy Hash: F4414DB5D012189FDB44DFAAD58069DFBF2BF88210F54916AE418A7254EB345E42CF50

Uniqueness

Uniqueness Score: -1.00%

Function 01720016 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec63ceb18ce35da2467cd1132874a66d9abdc1d9e31fa9fb573cf2268091c85
Instruction ID: 1b84b2f0cc34538ec91d73a3145dd2b35f4c66baa418ad2d1628f55af2c5e949
Opcode Fuzzy Hash: cec63ceb18ce35da2467cd1132874a66d9abdc1d9e31fa9fb573cf2268091c85
Instruction Fuzzy Hash: B821CD7084D3C69FD762CF70886569BFFB1AF03220F0984EFD0409A153D6295845CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 01725A48 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1db6b07b93b98d945e32ea4a52a48b1f91ef3fa6f298c342da1d9b61f368c9f
Instruction ID: c377e2417b9abfa4310d3696678def906dfaf59c382e2c0d83beff8c14b4962f
Opcode Fuzzy Hash: d1db6b07b93b98d945e32ea4a52a48b1f91ef3fa6f298c342da1d9b61f368c9f
Instruction Fuzzy Hash: FA218C31A042248FD710CF2CD889BEAFBF1FF45301F0980A6E4159B2A1D7759E41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01728100 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f31f3749d4c94a6bbb9d5ff6c52a5093737fc9dcec0c9a9bf835c9533c4f748
Instruction ID: 8a93c73d45d0343c859b70505ef89720ed49a4a986bb1698b8a4db6ad18cd8d1
Opcode Fuzzy Hash: 7f31f3749d4c94a6bbb9d5ff6c52a5093737fc9dcec0c9a9bf835c9533c4f748
Instruction Fuzzy Hash: ED31E4B4D0021ADFCB44CFAAC480AAEBBF1FF49310F5085AAD815AB351D3399A42CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01728200 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62bf8a8c155c765eb474a90f33a7aca76b99250717b8059a54acfcba6a177083
Instruction ID: 03296f133e457d6f06a9cf918f2beed1fe2ceb59e45cb0588d4688c6c290a88c
Opcode Fuzzy Hash: 62bf8a8c155c765eb474a90f33a7aca76b99250717b8059a54acfcba6a177083
Instruction Fuzzy Hash: CD212A70D08629DFCB04CF99C5809AEFBF1FF9A300F55859AC414AB214D335AA42CF91

Uniqueness

Uniqueness Score: -1.00%

Function 01728110 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9c39f2246d7d92e3bc85514ce66d332f0e4d15afc53842893b6cd15a366b3b4
Instruction ID: 393a21a85b2a55613d45db73b003b1927acf3732b3301b0e68912d7d6dcce480
Opcode Fuzzy Hash: a9c39f2246d7d92e3bc85514ce66d332f0e4d15afc53842893b6cd15a366b3b4
Instruction Fuzzy Hash: 8621C0B4D04219DFCB44CFAAC480AAEFBF5BF48300F60849AD815AB355D335AA42CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01724011 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a78f89c6a96d8aa8fda3697459f111a7442429c40794333571ac298f7a42480e
Instruction ID: af29cc61f83b063276e13a18af52945450e4a06fae75d039d77a03393b89c204
Opcode Fuzzy Hash: a78f89c6a96d8aa8fda3697459f111a7442429c40794333571ac298f7a42480e
Instruction Fuzzy Hash: 0A11E2726081358BD7348B68CC4426EBBB5EB46310F0145FBE623DB282D379DC868795

Uniqueness

Uniqueness Score: -1.00%

Function 01729D88 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec6c050c1625392f41517892b90de1268cf874f176f293457f58198f9f312d44
Instruction ID: c09e087739b7e88ec40e3372545d6eceb9aae7b25ba92b0f381695a0b28d9855
Opcode Fuzzy Hash: ec6c050c1625392f41517892b90de1268cf874f176f293457f58198f9f312d44
Instruction Fuzzy Hash: B9214734E04219EFDB05CFA9C484A5DFBF2FF89304F19C4A9D604AB265D730AA01DB40

Uniqueness

Uniqueness Score: -1.00%

Function 017200F7 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb6533590862f1cc244671f46b6dbbd9b828adf8658a28744022f6941e093f81
Instruction ID: a421a5fbdf3adebf877743c9cd17e48a407d2f6e06ad993603b0da1b08c63e47
Opcode Fuzzy Hash: bb6533590862f1cc244671f46b6dbbd9b828adf8658a28744022f6941e093f81
Instruction Fuzzy Hash: 61219370A0020ACFCB04EFB8D8815DDBB7AFF40309F908569DA05AB255EFB15E49CB51

Uniqueness

Uniqueness Score: -1.00%

Function 01729D98 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8f792fa9c29a74248e0e24f2400c6ec184248b26b1743a2dc98ec5bbb4e1be4
Instruction ID: c4f4231104794945fef3411b31946fdec9cccf56d84f003a0400bab7528ee030
Opcode Fuzzy Hash: c8f792fa9c29a74248e0e24f2400c6ec184248b26b1743a2dc98ec5bbb4e1be4
Instruction Fuzzy Hash: 3B11F574E04118EFDB44DFA9C584A6DFBF6EF88304F19C499D618AB255D730AA01DF40

Uniqueness

Uniqueness Score: -1.00%

Function 01720108 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfa4b0e6f0ddfe8401f6715de064ed0662c0538fb1d38a89dc147becfa78263c
Instruction ID: fbcba4d6f059f5eda1f4b31608df33f61273cef5e962993aafdb00553b813c75
Opcode Fuzzy Hash: bfa4b0e6f0ddfe8401f6715de064ed0662c0538fb1d38a89dc147becfa78263c
Instruction Fuzzy Hash: C5113374A0010ACFCB04EFA8D8855DDBB7AFF40309F908569DA016B355EFB15E45CB61

Uniqueness

Uniqueness Score: -1.00%

Function 017293F8 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebb5ef31d02d986d072301c2bf3684b89daa8fce0055bc0ac63b559450974794
Instruction ID: 77058d48628d4895c5ba3a2b9064199eb46c64cc60782b2b46fc9e63ae916e6a
Opcode Fuzzy Hash: ebb5ef31d02d986d072301c2bf3684b89daa8fce0055bc0ac63b559450974794
Instruction Fuzzy Hash: 8921BD74A01228CFDB64CF68C980B9DBBB1FF59314F215199E909AB358DB31AA81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 01729442 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfa935d51a137178ecb476aabdc2460bd0de1a4173dd0c3d8e9d2b0e5386ae07
Instruction ID: c543d0d7f6697accf6e995c0bc5165dbef7d4e567e91d1a559c3694b7563f08d
Opcode Fuzzy Hash: dfa935d51a137178ecb476aabdc2460bd0de1a4173dd0c3d8e9d2b0e5386ae07
Instruction Fuzzy Hash: 72219F74901228CFDB64CF64C980B99BBB1FF49314F2591D5E909AB355DB31AE81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 017203E8 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85aa301e5f638021d9b04ed9e60f745f25bf885215d8b6883af9240088045d8d
Instruction ID: 7aede1d27189316c5ca0e593bc90322c4740ff8b6a2c2e99a9538a617faa7359
Opcode Fuzzy Hash: 85aa301e5f638021d9b04ed9e60f745f25bf885215d8b6883af9240088045d8d
Instruction Fuzzy Hash: 85F06230A51305DBD718DBB1C990A6FB3B3EFD6204B6488A8C001A7594CE75AE01E794

Uniqueness

Uniqueness Score: -1.00%

Function 0172A7A8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cffb306a271fa71b15abb46b4bfabf1d10eb2fec6a55a1d9d928ffe4f4c8713d
Instruction ID: 5bd5ea5b725125d85a8a72903cb22edfc0434bb9011b69785c917992a0ae214b
Opcode Fuzzy Hash: cffb306a271fa71b15abb46b4bfabf1d10eb2fec6a55a1d9d928ffe4f4c8713d
Instruction Fuzzy Hash: DE0125B49002599FCB00DFA8C884AAEFBB4BB08310F10819ADA54A7245D334AA40CF91

Uniqueness

Uniqueness Score: -1.00%

Function 01721FA9 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f24159e2fd5a79e62d4aaebd8b86d4d619f0dbb71b4b03f57bcf4ad62ac62830
Instruction ID: 5c007554218bfa6e3d56311ba032456b3409433458cb0f19b9b84f131a5a834c
Opcode Fuzzy Hash: f24159e2fd5a79e62d4aaebd8b86d4d619f0dbb71b4b03f57bcf4ad62ac62830
Instruction Fuzzy Hash: 8B016970900308DFD704DFA9C4949AEFBB1FF46310F1081AAD814A7351D734A941CF92

Uniqueness

Uniqueness Score: -1.00%

Function 01726C20 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0a2707933d9b87aaff850a02687804ff446d30976cb776a5a9635267bc4ee65
Instruction ID: 13f62f9ad2589057dd833169dc859c54519d1f359d3fb0de4b3a77be42d7a40a
Opcode Fuzzy Hash: b0a2707933d9b87aaff850a02687804ff446d30976cb776a5a9635267bc4ee65
Instruction Fuzzy Hash: 31018C74C15208EFDB14EFA5E18555DFBB8EB4A312F2094D7E906E7108E734AA85DB01

Uniqueness

Uniqueness Score: -1.00%

Function 01726C1B Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca7ebe8296121a6543b4dac8501cfb5f0c0e5c9d8c480358aada600d760058f2
Instruction ID: f9f206e2087b11db570014970a5525baef76778234d4c8d435175cd342f5baf6
Opcode Fuzzy Hash: ca7ebe8296121a6543b4dac8501cfb5f0c0e5c9d8c480358aada600d760058f2
Instruction Fuzzy Hash: 7201AD70C15208EFCB14EFA4D18555DFBB8FB4A311F20849BE906EB208E3309A95DF01

Uniqueness

Uniqueness Score: -1.00%

Function 01720531 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a5604cd4106b03c1b5bfd50bae73f0c96bf1e2a5309bf37c8fd0bbab6108cdb
Instruction ID: 6aa09ebf93fe9c614d074935c1144b46b34a7432863c0caf258f7bce83092983
Opcode Fuzzy Hash: 7a5604cd4106b03c1b5bfd50bae73f0c96bf1e2a5309bf37c8fd0bbab6108cdb
Instruction Fuzzy Hash: 61011974904309EFCB14DFA8C48499DBBB4FF05310F2045D9D814A7351E730AE81CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 01720070 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87946d9d262b4995f8cb9e1c609b997a98841646e84f473f6ba8ada14112af85
Instruction ID: 5bea8d984e7d70e01de7c5a75c2b2f8c0507428a2dc5d00bc7f4cdd5a89b6ee2
Opcode Fuzzy Hash: 87946d9d262b4995f8cb9e1c609b997a98841646e84f473f6ba8ada14112af85
Instruction Fuzzy Hash: 42F08C70D1121D9BEB649FA9C8557BFFAF4EB49710F10182AD110B3280DA7959058BF4

Uniqueness

Uniqueness Score: -1.00%

Function 017203F8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39f6cf33ebe59b55ef23b1c1c15a2d62f5c5c5085e22c8ae414d5a3a400f9001
Instruction ID: 9c7d9eadabf573e5178c3ea2e1164663e799a3681e2982deaeb7fe60402ac6a3
Opcode Fuzzy Hash: 39f6cf33ebe59b55ef23b1c1c15a2d62f5c5c5085e22c8ae414d5a3a400f9001
Instruction Fuzzy Hash: 6EF03034A523089BD718DB71D580E6FB377DFDA204F5498A8800133284CE355F01E694

Uniqueness

Uniqueness Score: -1.00%

Function 0172A7B8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809194c9283d41f056ed501a50b53481cd28133c4e06966a6982ea9e686122be
Instruction ID: 334f9904078933c3dd089eea1442f9409fb153334c2630ad924fccd771591265
Opcode Fuzzy Hash: 809194c9283d41f056ed501a50b53481cd28133c4e06966a6982ea9e686122be
Instruction Fuzzy Hash: 1601F6B49002199FCB50DFA8C885AAEFBF4FB08310F108196DA54A3345D734AA41CF90

Uniqueness

Uniqueness Score: -1.00%

Function 01720220 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8153547f9541bc50a3b6109d250b501c5fac61039e7423a0e16980f36d6267e
Instruction ID: aee057149b800058120586ab5811ff3b0887eea48ac0fc0fe33dd06f22736385
Opcode Fuzzy Hash: c8153547f9541bc50a3b6109d250b501c5fac61039e7423a0e16980f36d6267e
Instruction Fuzzy Hash: 00F0A03490D304DFC701DFB9D882699BBF8EF06312F5040EAD84897251E6755E45CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 017275A1 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccded2a304970f15883f7db0ae5fac63b734d21081e65727fe6a42f21f7bcc6c
Instruction ID: 2882b8c245924a230140dd08637539a0ab58e384d9c134bf2031168d43593804
Opcode Fuzzy Hash: ccded2a304970f15883f7db0ae5fac63b734d21081e65727fe6a42f21f7bcc6c
Instruction Fuzzy Hash: 6401FB70A103589FCB54DF24C980B9EBBB6FF85200F1080D9D509A7254DB306E85CF52

Uniqueness

Uniqueness Score: -1.00%

Function 017282F9 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9996206c1c412da880bfbb296309e3ff672d0c4b26620b3fbc6b0c84a289c036
Instruction ID: 0e4ce0d4636c8ed03816173427fff92c0c7cd26d15873c829e73bc7b6f6907c8
Opcode Fuzzy Hash: 9996206c1c412da880bfbb296309e3ff672d0c4b26620b3fbc6b0c84a289c036
Instruction Fuzzy Hash: 13F01770904319DFD705DFA8C844A9DBBB5FB09310F5085AAD80497255E3359A41DF91

Uniqueness

Uniqueness Score: -1.00%

Function 017209D8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92123d023cd8544b8b33a91740d9803f3ec70c3abc8f4f5c7e9801445b0ab9c1
Instruction ID: 0b39d2a5011e2443c8cc8a72602ea39751a0b13dc4159706029fc6655f67fe18
Opcode Fuzzy Hash: 92123d023cd8544b8b33a91740d9803f3ec70c3abc8f4f5c7e9801445b0ab9c1
Instruction Fuzzy Hash: 9BF02B30505348DFC704DBA8CC94BEE77B4EF42305F2001E9C0045B262E6715E40CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 01720450 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 255b67cf75c75f364928b0baa7001b77d9e1a97acc0fd53ce8bfc956d0c3b4a9
Instruction ID: d22ea111a7666604241dcbb478d2b488fbcbbe8fe498ccbcd468f853f0406f32
Opcode Fuzzy Hash: 255b67cf75c75f364928b0baa7001b77d9e1a97acc0fd53ce8bfc956d0c3b4a9
Instruction Fuzzy Hash: 25F03470D41348EFCB10EFB4C4899AEBBB4FF06300F2449A9D504A7265E7759A41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01720460 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae7ea00d455888e0dc5ad25c42e482a3ff01460073cb75d0b2aeb4b3db8bbc93
Instruction ID: 3e35a264d0152cc401659e49be66f6ddeff8888336ba2127454b9100537b89c9
Opcode Fuzzy Hash: ae7ea00d455888e0dc5ad25c42e482a3ff01460073cb75d0b2aeb4b3db8bbc93
Instruction Fuzzy Hash: 59F0AE74D01208EBCB14EFA8D588AAEBBB5EB05301F104AA9D914A3354EB75AA51CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0172E9B8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04593a4e1e265532e44c0dd39a3397cd41b6b9f1551d12bfc200bb5654bd8857
Instruction ID: ae2a6c8f01dae397ff8851e475f561c34b225b99f406c8b66c751b01beb1591f
Opcode Fuzzy Hash: 04593a4e1e265532e44c0dd39a3397cd41b6b9f1551d12bfc200bb5654bd8857
Instruction Fuzzy Hash: 05F039309063449FCB02DB78D444698BFB0EF0A205F1045EEE8449B221E2364545CF42

Uniqueness

Uniqueness Score: -1.00%

Function 01728308 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f614200d8f9a0bd634fccacf03d0c3150986092913a4d8aed2ec144c72fb232d
Instruction ID: 1e705ee608c3f6c8797a1fc4f0ce8b5ca533ab65d06f520d15dfc17bd894b9a3
Opcode Fuzzy Hash: f614200d8f9a0bd634fccacf03d0c3150986092913a4d8aed2ec144c72fb232d
Instruction Fuzzy Hash: CDE0E5B4D00318EFDB14EFA8D544AAEBBB9FB48301F1085AAD918A3314E7359A51DF81

Uniqueness

Uniqueness Score: -1.00%

Function 0172766F Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e71e8d246b09428b8b87807ee84875b5e6b964c7859e91af06941ebdcc57892
Instruction ID: 778aacd16bf66fc126e96fac9b889d46d4d5b1fd0e93e2bf3e6fb863bb51e5f0
Opcode Fuzzy Hash: 7e71e8d246b09428b8b87807ee84875b5e6b964c7859e91af06941ebdcc57892
Instruction Fuzzy Hash: 74F08C3480A2A99FDFA1CF28CC80B8EBBB0FF46200F2455CAD158AB241D6345A85CF12

Uniqueness

Uniqueness Score: -1.00%

Function 01720230 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff1f6d205be7b5e7a73439c212f0cfef7bdcd9cc60b9b00c2558e46794c03cdc
Instruction ID: 599832d4566d006e1005625c5cf835a4c901bd4538870357924b2b0f431d2e32
Opcode Fuzzy Hash: ff1f6d205be7b5e7a73439c212f0cfef7bdcd9cc60b9b00c2558e46794c03cdc
Instruction Fuzzy Hash: 63E0DF34D09308DBCB14DFA9D04169CBBF9EB05302F1080A9D80853340E7315E45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 017209E8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce3793681f6ff96d1971e5960d2b0c9e66a10aa3c1d53ca9dbf3e438afdd9204
Instruction ID: c7a0dac3209019613ba10416152bc6645288a778d7c4b10198a0485005e34159
Opcode Fuzzy Hash: ce3793681f6ff96d1971e5960d2b0c9e66a10aa3c1d53ca9dbf3e438afdd9204
Instruction Fuzzy Hash: 14E01230941248DFDB14DBA8C945BAEB7B89B41305F2011E8D50827351DA716E40DBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0172D193 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fd539a6b84b2ad0d055cf08fb5c145abcbe662e9ffb7f050cf47d86e4dd6e6e
Instruction ID: 0965a33a6f60a1a42f24148e129c40984348678c07728c5bfb60fc0646723f33
Opcode Fuzzy Hash: 8fd539a6b84b2ad0d055cf08fb5c145abcbe662e9ffb7f050cf47d86e4dd6e6e
Instruction Fuzzy Hash: 2FE0EC758043199BDB91DA5484807EDB6BEAF66200F7090A9C05EA7610DA359D46CF12

Uniqueness

Uniqueness Score: -1.00%

Function 01728FDF Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6db810dd099dd0d18d6adf7425276e8a5ed3cdcf4c94a7859df273dc43e2333
Instruction ID: aeb2b4614be8534eef860a8e4c737870e01c6309a027e061a04c808b2a431072
Opcode Fuzzy Hash: c6db810dd099dd0d18d6adf7425276e8a5ed3cdcf4c94a7859df273dc43e2333
Instruction Fuzzy Hash: 56E04EB4902228CFDB64CF68D990B9DB7B1BF58314F1042D5D519A7794D7309A81CF01

Uniqueness

Uniqueness Score: -1.00%

Function 0172E9C8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7663d82a4c2738b7aab911df597ac3e3f3a146757b741db4d9c5d6b97d50634a
Instruction ID: aaf841bd36b90362c51cc4bca6f05e8d65bb96ea006cbd808a5b2ad20b14a5ef
Opcode Fuzzy Hash: 7663d82a4c2738b7aab911df597ac3e3f3a146757b741db4d9c5d6b97d50634a
Instruction Fuzzy Hash: A6E0EC74E00308DFC754EFA9D04575CBBF8EB09300F1040EAD90893350E6359944CF42

Uniqueness

Uniqueness Score: -1.00%

Function 01726B16 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53f2fb7e2e56feee49fc25e08ebfe0b56ab13ea969382dcacd8309266f3fc52d
Instruction ID: 8f50b3dfa2ac91fa588770915f7f08437c10e04959620e674b163b0b5f923a35
Opcode Fuzzy Hash: 53f2fb7e2e56feee49fc25e08ebfe0b56ab13ea969382dcacd8309266f3fc52d
Instruction Fuzzy Hash: 2CE0C27060122ACFCB01CF64CD559BE7BB1AF11300F048262F9156B2F1C7318C51CB62

Uniqueness

Uniqueness Score: -1.00%

Function 01728B06 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf1900e1d0bb1700291525855b3d378387da1d45c5b5a74e7be1f9366d2ed1f0
Instruction ID: 56998c2dea14e2231bcea12776d1fac86a0f47bda83ecc3a02b6724bb8f422d5
Opcode Fuzzy Hash: bf1900e1d0bb1700291525855b3d378387da1d45c5b5a74e7be1f9366d2ed1f0
Instruction Fuzzy Hash: 55E09274502314CFC768CF20D598A987BB6FF4A306F5005D8E50A9B355DB36DA81CF00

Uniqueness

Uniqueness Score: -1.00%

Function 0172DD2F Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a4d9014b9161182eb961bafb104e7277a2e3ac50e8243063d32150f08494cab
Instruction ID: e57e66857beebfbe40e8940fd8ebb9761366bb166adaeddf7177586839f5e2d1
Opcode Fuzzy Hash: 3a4d9014b9161182eb961bafb104e7277a2e3ac50e8243063d32150f08494cab
Instruction Fuzzy Hash: C7D01270C0421A9ADF54CF68C9C0BEDB779AB16200F206495C155A6254D7349640CF15

Uniqueness

Uniqueness Score: -1.00%

Function 0172C853 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a5aab1e6fdec1ff249d6ec246ee2baa6f7889bcd6d87518122ae8c31ebbb2fe
Instruction ID: 473dbddd3503ef2c3f9bef61fc23d09ab569d0548546b877e79b6744cb84e303
Opcode Fuzzy Hash: 3a5aab1e6fdec1ff249d6ec246ee2baa6f7889bcd6d87518122ae8c31ebbb2fe
Instruction Fuzzy Hash: 1FD017B4D001199BDB40DFD4C881BADF3B8AF15300F2090958628BB248D7349A09CF19

Uniqueness

Uniqueness Score: -1.00%

Function 0172D1C7 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18f17ff182b609306c500d247bc2a97382f680ef7fc47621e85383fbe3ae7525
Instruction ID: 113c186d5197e45236b0f2864efa584dadedb7763c00b62b2b8946dfc9222f1c
Opcode Fuzzy Hash: 18f17ff182b609306c500d247bc2a97382f680ef7fc47621e85383fbe3ae7525
Instruction Fuzzy Hash: C3D0A73480030A8BCB80CF54C5806DDB3B9EF22300F30A1A5C05AA7150CE349A09CF01

Uniqueness

Uniqueness Score: -1.00%

Function 0172913C Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a867bcec0a471f06ede4bafeec277160f456f9bb0bb53ea2ae0e00e7ea15d3da
Instruction ID: 9b14695bf3bc6fa09298b1e95532fc732abfd8e70d95f25843972ad783ee0fe6
Opcode Fuzzy Hash: a867bcec0a471f06ede4bafeec277160f456f9bb0bb53ea2ae0e00e7ea15d3da
Instruction Fuzzy Hash: 84D04274900368CFCB20CF50C9889A9BBB1EB59316F104199D80567314C731AE81CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0172D7EB Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f62447e18ca8a1b1b9548ff1fe5917d46622fb191f3a33555c3e06883ebdf69f
Instruction ID: 1a24c334ce0aff3ebe8eaca559cf6db032bb6195822bc036ccf8094dabba169b
Opcode Fuzzy Hash: f62447e18ca8a1b1b9548ff1fe5917d46622fb191f3a33555c3e06883ebdf69f
Instruction Fuzzy Hash: 54D0C974C0822DCBDB64CFA4C880BAEF379AF15300F209099C069B3601D7345945CF19

Uniqueness

Uniqueness Score: -1.00%

Function 0172CE5B Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd7c70a034f2b7009a134a707afb5f41c244674a4e60b36ec8a5deccfe52616f
Instruction ID: 4df925fd48b0b24c616d99898d27d01d325475297ed10b0bb1ba96d7df6cec0e
Opcode Fuzzy Hash: fd7c70a034f2b7009a134a707afb5f41c244674a4e60b36ec8a5deccfe52616f
Instruction Fuzzy Hash: 77C01274C042198ACB50CF54C441BAEB7B9AF65300F2090D58098B3200D7304A45CB19

Uniqueness

Uniqueness Score: -1.00%

Function 0172DBFB Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.445668652.0000000001720000.00000040.00000001.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1720000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc73d0ed562ac1d2f3be4d17a7a9ff5cdcf5152ef1dc68aafbe302969fdf277a
Instruction ID: 4957315ae44c93989876111cff6553a5a8698bf25718fed68b13c5c040d28faf
Opcode Fuzzy Hash: dc73d0ed562ac1d2f3be4d17a7a9ff5cdcf5152ef1dc68aafbe302969fdf277a
Instruction Fuzzy Hash: 65C08CB08043198ADB50DF609840BBDB2B9AB2B300F30A0D8814CB3200D7308940CF09

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software, such as Team Viewer, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks. These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment. Remote access tools like VNC, Ammyy, and Teamviewer are used frequently when compared with other legitimate software commonly used by adversaries.
Tactics:	Command and Control
Data Sources:	Network intrusion detection system, Network protocol analysis, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report yAbf8Z3qA5.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

AV Detection

E-Banking Fraud

System Summary

Stealing of Sensitive Information

Remote Access Functionality

Jbx Signature Overview

AV Detection

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe

C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\yAbf8Z3qA5.exe.log

C:\Users\user\AppData\Local\Temp\tmp41AB.tmp

C:\Users\user\AppData\Local\Temp\tmp4BCD.tmp

C:\Users\user\AppData\Local\Temp\tmp6807.tmp

C:\Users\user\AppData\Local\Temp\tmp6F7A.tmp

C:\Users\user\AppData\Local\Temp\tmpFF62.tmp

C:\Users\user\AppData\Roaming\BYTkrh.exe

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat

Windows Analysis Report
yAbf8Z3qA5.exe

Function 02311D91 Relevance: 2.7, Strings: 2, Instructions: 165
COMMON

Function 02311DA0 Relevance: 2.7, Strings: 2, Instructions: 164
COMMON

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre