Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.W32.AIDetectNet.01.19723.25833

Overview

General Information

Sample Name:SecuriteInfo.com.W32.AIDetectNet.01.19723.25833 (renamed file extension from 25833 to exe)
Analysis ID:615403
MD5:a27c8ee8b37605f3c05e4eb4d614f359
SHA1:6a8b97217d52a752075b08207bad7d7c867a8854
SHA256:910a6e4138cb422bf570130f05cdb463d726c0eddb2882bdc6e42fb1daace384
Tags:AgentTeslaexe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected AgentTesla
Yara detected AntiVM3
Tries to steal Mail credentials (via file / registry access)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
.NET source code contains very large array initializations
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Yara detected Credential Stealer
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Uses FTP
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "FTP", "FTP Host": "ftp://ftp.unitelha.com/", "Username": "kilop@unitelha.com", "Password": "Wljp?j]gQwC?"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000000.371685383.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000002.00000000.371685383.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
      00000001.00000002.376573034.0000000003BA5000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000001.00000002.376573034.0000000003BA5000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
          00000001.00000002.378112998.0000000003DD6000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 17 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3dd6c40.9.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3dd6c40.9.raw.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3dd6c40.9.raw.unpackMALWARE_Win_AgentTeslaV3AgentTeslaV3 infostealer payloadditekSHen
                • 0x327e8:$s10: logins
                • 0x66a08:$s10: logins
                • 0x3224f:$s11: credential
                • 0x6646f:$s11: credential
                • 0x2e82e:$g1: get_Clipboard
                • 0x62a4e:$g1: get_Clipboard
                • 0x2e83c:$g2: get_Keyboard
                • 0x62a5c:$g2: get_Keyboard
                • 0x2e849:$g3: get_Password
                • 0x62a69:$g3: get_Password
                • 0x2fb58:$g4: get_CtrlKeyDown
                • 0x63d78:$g4: get_CtrlKeyDown
                • 0x2fb68:$g5: get_ShiftKeyDown
                • 0x63d88:$g5: get_ShiftKeyDown
                • 0x2fb79:$g6: get_AltKeyDown
                • 0x63d99:$g6: get_AltKeyDown
                2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.6.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.6.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                    Click to see the 30 entries

                    Sigma Signatures

                    There are no malicious signatures, click here to show all signatures.

                    Source: Process startedAuthor: frack113: Data: Command: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, CommandLine: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, NewProcessName: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, OriginalFileName: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe" , ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, ParentProcessId: 5840, ParentProcessName: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, ProcessCommandLine: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, ProcessId: 2508, ProcessName: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.12.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "FTP Host": "ftp://ftp.unitelha.com/", "Username": "kilop@unitelha.com", "Password": "Wljp?j]gQwC?"}
                    Multi AV Scanner detection for submitted file
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exeVirustotal: Detection: 27%Perma Link
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exeReversingLabs: Detection: 21%
                    Machine Learning detection for sample
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exeJoe Sandbox ML: detected
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.12.unpackAvira: Label: TR/Spy.Gen8
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.10.unpackAvira: Label: TR/Spy.Gen8
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.6.unpackAvira: Label: TR/Spy.Gen8
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.4.unpackAvira: Label: TR/Spy.Gen8
                    Source: 2.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.8.unpackAvira: Label: TR/Spy.Gen8
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                    Source: Joe Sandbox ViewASN Name: ALMOUROLTECPT ALMOUROLTECPT
                    Source: unknownFTP traffic detected: 130.185.84.152:21 -> 192.168.2.6:49741 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 23 of 50 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 23 of 50 allowed.220-Local time is now 06:01. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 23 of 50 allowed.220-Local time is now 06:01. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 23 of 50 allowed.220-Local time is now 06:01. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 23 of 50 allowed.220-Local time is now 06:01. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000002.633680403.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ftp://ftp.unitelha.com/kilop
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000002.633680403.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000002.633680403.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://DynDns.comDynDNSnamejidpasswordPsi/Psi
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000002.633680403.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://MaQvjL.com
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000002.634279983.0000000003338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ftp.unitelha.com
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000002.634267246.000000000332C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000002.633680403.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www
                    Source: unknownDNS traffic detected: queries for: ftp.unitelha.com
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000001.00000002.374500466.0000000000E4B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3dd6c40.9.raw.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                    Source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3bdb5e8.6.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                    Source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3dd6c40.9.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                    Source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3ba53c8.7.raw.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                    Source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3ba53c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                    Source: 2.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                    Source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3bdb5e8.6.raw.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                    Source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3bdb5e8.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                    .NET source code contains very large array initializations
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.12.unpack, u003cPrivateImplementationDetailsu003eu007bC218DA29u002d3671u002d4142u002dBD88u002d09FBD8C3393Cu007d/u00304B15681u002dD571u002d4C21u002d938Du002dC3C29594E26A.csLarge array initialization: .cctor: array initializer size 11605
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.10.unpack, u003cPrivateImplementationDetailsu003eu007bC218DA29u002d3671u002d4142u002dBD88u002d09FBD8C3393Cu007d/u00304B15681u002dD571u002d4C21u002d938Du002dC3C29594E26A.csLarge array initialization: .cctor: array initializer size 11605
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.6.unpack, u003cPrivateImplementationDetailsu003eu007bC218DA29u002d3671u002d4142u002dBD88u002d09FBD8C3393Cu007d/u00304B15681u002dD571u002d4C21u002d938Du002dC3C29594E26A.csLarge array initialization: .cctor: array initializer size 11605
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.4.unpack, u003cPrivateImplementationDetailsu003eu007bC218DA29u002d3671u002d4142u002dBD88u002d09FBD8C3393Cu007d/u00304B15681u002dD571u002d4C21u002d938Du002dC3C29594E26A.csLarge array initialization: .cctor: array initializer size 11605
                    Source: 2.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007bC218DA29u002d3671u002d4142u002dBD88u002d09FBD8C3393Cu007d/u00304B15681u002dD571u002d4C21u002d938Du002dC3C29594E26A.csLarge array initialization: .cctor: array initializer size 11605
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                    Source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3dd6c40.9.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                    Source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3bdb5e8.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                    Source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3dd6c40.9.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                    Source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3ba53c8.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                    Source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3ba53c8.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                    Source: 2.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                    Source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3bdb5e8.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                    Source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3bdb5e8.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 1_2_0292A0781_2_0292A078
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 1_2_0292A9C81_2_0292A9C8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 1_2_02929AD81_2_02929AD8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 1_2_0292A9BA1_2_0292A9BA
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 1_2_0292EEB01_2_0292EEB0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 1_2_02929AC81_2_02929AC8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 1_2_061A00061_2_061A0006
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 1_2_061A00401_2_061A0040
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 1_2_061A2E501_2_061A2E50
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 1_2_00722FF11_2_00722FF1
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_02DFF3C82_2_02DFF3C8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_02DFF0802_2_02DFF080
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_0675D2282_2_0675D228
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_0675CB902_2_0675CB90
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_067598502_2_06759850
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_0675E0482_2_0675E048
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_067565A02_2_067565A0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_06751F282_2_06751F28
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_067500402_2_06750040
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_067574B92_2_067574B9
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_067575B82_2_067575B8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_0676DF212_2_0676DF21
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_067681842_2_06768184
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_00BF2FF12_2_00BF2FF1
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000001.00000002.376573034.0000000003BA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekqdUkOuMkGzolndCdJfRkglQYHUXM.exe4 vs SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000001.00000002.376573034.0000000003BA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDotNetZipAdditionalPlatforms.dllZ vs SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000001.00000002.378112998.0000000003DD6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekqdUkOuMkGzolndCdJfRkglQYHUXM.exe4 vs SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000001.00000002.379999331.0000000005DB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDotNetZipAdditionalPlatforms.dllZ vs SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000001.00000002.374500466.0000000000E4B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000001.00000002.379121625.00000000051C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameFuncAttribute.dll" vs SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000001.00000002.375072023.0000000002AB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekqdUkOuMkGzolndCdJfRkglQYHUXM.exe4 vs SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000000.371685383.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekqdUkOuMkGzolndCdJfRkglQYHUXM.exe4 vs SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000002.632747327.00000000010F8000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000002.632876241.000000000136A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exeBinary or memory string: OriginalFilenameCALLC.exe8 vs SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exeVirustotal: Detection: 27%
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exeReversingLabs: Detection: 21%
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe"
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.logJump to behavior
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@1/1
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeMutant created: \Sessions\1\BaseNamedObjects\PwWjJazXCWbBZRHqXuEfC
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.12.unpack, A/F1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.12.unpack, A/F1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.10.unpack, A/F1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.10.unpack, A/F1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.6.unpack, A/F1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.6.unpack, A/F1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 1_2_0072A39B push cs; ret 1_2_0072A3B8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_00BFA39B push cs; ret 2_2_00BFA3B8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_02DF3480 push FFFFFF8Bh; iretd 2_2_02DF348A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_0676142F push edi; retn 0000h2_2_06761431
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.87323976123
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: 00000001.00000002.375601643.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.375072023.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe PID: 5840, type: MEMORYSTR
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000001.00000002.375601643.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000001.00000002.375072023.0000000002AB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000001.00000002.375601643.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000001.00000002.375072023.0000000002AB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe TID: 2460Thread sleep time: -45733s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe TID: 5160Thread sleep time: -21213755684765971s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe TID: 68Thread sleep count: 5966 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe TID: 68Thread sleep count: 2777 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeWindow / User API: threadDelayed 5966Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeWindow / User API: threadDelayed 2777Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeThread delayed: delay time: 45733Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000001.00000002.375072023.0000000002AB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000001.00000002.375072023.0000000002AB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000001.00000002.375072023.0000000002AB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000002.632974126.00000000013CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000001.00000002.375072023.0000000002AB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeCode function: 2_2_0675E048 LdrInitializeThunk,2_2_0675E048
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3dd6c40.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.12.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3bdb5e8.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3dd6c40.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3ba53c8.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3bdb5e8.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000000.371685383.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.376573034.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.378112998.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.371337269.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.372498524.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.372086381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.632505310.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.633680403.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe PID: 5840, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe PID: 2508, type: MEMORYSTR
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: Yara matchFile source: 00000002.00000002.633680403.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe PID: 2508, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3dd6c40.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.12.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3bdb5e8.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3dd6c40.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3ba53c8.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.3bdb5e8.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000000.371685383.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.376573034.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.378112998.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.371337269.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.372498524.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.372086381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.632505310.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.633680403.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe PID: 5840, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe PID: 2508, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid Accounts211
                    Windows Management Instrumentation                    		Path Interception11
                    Process Injection                    		1
                    Masquerading                    		1
                    OS Credential Dumping                    		211
                    Security Software Discovery                    		Remote Services1
                    Email Collection                    		1
                    Exfiltration Over Alternative Protocol                    		1
                    Encrypted Channel                    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                    Disable or Modify Tools                    		1
                    Input Capture                    		1
                    Process Discovery                    		Remote Desktop Protocol1
                    Input Capture                    		Exfiltration Over Bluetooth1
                    Non-Application Layer Protocol                    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)131
                    Virtualization/Sandbox Evasion                    		Security Account Manager131
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin Shares11
                    Archive Collected Data                    		Automated Exfiltration11
                    Application Layer Protocol                    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object Model1
                    Data from Local System                    		Scheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                    Deobfuscate/Decode Files or Information                    		LSA Secrets1
                    Remote System Discovery                    		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRc.common2
                    Obfuscated Files or Information                    		Cached Domain Credentials114
                    System Information Discovery                    		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup Items3
                    Software Packing                    		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    SecuriteInfo.com.W32.AIDetectNet.01.19723.exe28%VirustotalBrowse
                    SecuriteInfo.com.W32.AIDetectNet.01.19723.exe21%ReversingLabsWin32.Trojan.AgentTesla
                    SecuriteInfo.com.W32.AIDetectNet.01.19723.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    SourceDetectionScannerLabelLinkDownload
                    2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.12.unpack100%AviraTR/Spy.Gen8Download File
                    2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.10.unpack100%AviraTR/Spy.Gen8Download File
                    2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.6.unpack100%AviraTR/Spy.Gen8Download File
                    2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.4.unpack100%AviraTR/Spy.Gen8Download File
                    2.2.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File
                    2.0.SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.400000.8.unpack100%AviraTR/Spy.Gen8Download File

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                    http://MaQvjL.com0%Avira URL Cloudsafe
                    http://ftp.unitelha.com0%Avira URL Cloudsafe
                    ftp://ftp.unitelha.com/kilop0%Avira URL Cloudsafe
                    https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www0%URL Reputationsafe
                    http://DynDns.comDynDNSnamejidpasswordPsi/Psi0%URL Reputationsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    ftp.unitelha.com
                    		130.185.84.152
                    		truetrue
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://127.0.0.1:HTTP/1.1SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000002.633680403.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://MaQvjL.comSecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000002.633680403.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://ftp.unitelha.comSecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000002.634279983.0000000003338000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000002.634267246.000000000332C000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        ftp://ftp.unitelha.com/kilopSecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000002.633680403.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://wwwSecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000002.633680403.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://DynDns.comDynDNSnamejidpasswordPsi/PsiSecuriteInfo.com.W32.AIDetectNet.01.19723.exe, 00000002.00000002.633680403.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        130.185.84.152
                        		ftp.unitelha.comPortugal
                        		24768ALMOUROLTECPTtrue

                        General Information

                        Joe Sandbox Version:34.0.0 Boulder Opal
                        Analysis ID:615403
                        Start date and time: 26/04/202207:00:272022-04-26 07:00:27 +02:00
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 9m 53s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Sample file name:SecuriteInfo.com.W32.AIDetectNet.01.19723.25833 (renamed file extension from 25833 to exe)
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                        Number of analysed new started processes analysed:18
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • HDC enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal100.troj.spyw.evad.winEXE@3/1@1/1
                        EGA Information:
                        • Successful, ratio: 50%
                        HDC Information:
                        • Successful, ratio: 0.2% (good quality ratio 0.1%)
                        • Quality average: 48%
                        • Quality standard deviation: 33%
                        HCA Information:
                        • Successful, ratio: 94%
                        • Number of executed functions: 129
                        • Number of non-executed functions: 4
                        Cookbook Comments:
                        • Adjust boot time
                        • Enable AMSI

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                        • Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, client.wns.windows.com, fs.microsoft.com, sls.update.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                        • Execution Graph export aborted for target SecuriteInfo.com.W32.AIDetectNet.01.19723.exe, PID 5840 because it is empty
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        07:01:38API Interceptor797x Sleep call for process: SecuriteInfo.com.W32.AIDetectNet.01.19723.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        130.185.84.152SecuriteInfo.com.W32.AIDetectNet.01.17159.exeGet hashmaliciousBrowse

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          ftp.unitelha.comSecuriteInfo.com.W32.AIDetectNet.01.17159.exeGet hashmaliciousBrowse
                          • 130.185.84.152

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          ALMOUROLTECPTSecuriteInfo.com.W32.AIDetectNet.01.17159.exeGet hashmaliciousBrowse
                          • 130.185.84.152
                          DHL Shipping documents.xlsxGet hashmaliciousBrowse
                          • 94.46.173.92
                          evfGvgdlA7.exeGet hashmaliciousBrowse
                          • 94.46.173.92
                          DHL Receipt_AWB2045829822.xlsxGet hashmaliciousBrowse
                          • 94.46.173.92
                          Shipment Documents.xlsxGet hashmaliciousBrowse
                          • 94.46.173.92
                          BuFulO5YOIGet hashmaliciousBrowse
                          • 94.46.31.166
                          Quotation#QO210421A87356_pdf.exeGet hashmaliciousBrowse
                          • 94.46.176.210
                          NewPurchaseOrder.exeGet hashmaliciousBrowse
                          • 94.46.170.205
                          PurchaseOrderBKKR088891-pdf.exeGet hashmaliciousBrowse
                          • 94.46.170.205
                          DHLinvoiceBKKR0057891.exeGet hashmaliciousBrowse
                          • 94.46.170.205
                          DHLinvoiceBKKR00578912.exeGet hashmaliciousBrowse
                          • 94.46.170.205
                          Invoice_DDTN.201-pdf.exeGet hashmaliciousBrowse
                          • 94.46.170.205
                          Invitation PQ Documents Submission QTN.(#U007eMB).docGet hashmaliciousBrowse
                          • 130.185.84.218
                          28f4003888bd4b8634f8e5c67f04ccea.dllGet hashmaliciousBrowse
                          • 94.46.170.132
                          Q5aTyWyoCtGet hashmaliciousBrowse
                          • 94.46.181.131
                          fax 4044.xlsmGet hashmaliciousBrowse
                          • 94.46.23.119
                          check 24994.xlsmGet hashmaliciousBrowse
                          • 94.46.23.119
                          bill 04050.xlsmGet hashmaliciousBrowse
                          • 94.46.23.119
                          scan of fax 096859.xlsmGet hashmaliciousBrowse
                          • 94.46.23.119
                          scan of invoice 91510.xlsmGet hashmaliciousBrowse
                          • 94.46.23.119

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe.log

                          Download File
                          Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):2271
                          Entropy (8bit):5.364115343032043
                          Encrypted:false
                          SSDEEP:48:MxHKXeHKlEHU0YHKhQnouHIW7HKjntHoxHhAHKzvmHKiQHKx1qHxvAHj:iqXeqm00YqhQnouRqjntIxHeqz+qBqxz
                          MD5:2AC349459A771367D95FB2E5271E538F
                          SHA1:FC9D5F6DDFC0D588E344C98EBC48E37C5E587E77
                          SHA-256:0F36341CBF0410D1ACE0A351ABCA5343D2073F92ABC2B54C1E92767B9FCF0074
                          SHA-512:9DF1CAC11964291805C7914E319A1C6F73FFCF458EBD32BD615ECD65FB94BC6880461FF60F6589CAB2A165A6C4DCDA83F50E18D965413A0D48A59A1E51B7EAC6
                          Malicious:true
                          Reputation:low
                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi

                          Static File Info

                          General

                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                          Entropy (8bit):7.856549843950473
                          TrID:
                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                          • Win32 Executable (generic) a (10002005/4) 49.78%
                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                          • Win16/32 Executable Delphi generic (2074/23) 0.01%
                          • Generic Win/DOS Executable (2004/3) 0.01%
                          File name:SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                          File size:650240
                          MD5:a27c8ee8b37605f3c05e4eb4d614f359
                          SHA1:6a8b97217d52a752075b08207bad7d7c867a8854
                          SHA256:910a6e4138cb422bf570130f05cdb463d726c0eddb2882bdc6e42fb1daace384
                          SHA512:769fe817c1616f80672a63ad8a8464c26aa4374e569343df04feab22a3a1193eac5f7eee5fb3afaa94ed28792da492659c2b02220f0197c1b89641a0d7f9f536
                          SSDEEP:12288:STId9kv1FSJqWFQGPHIn0M8h/1JlK4IIIIQqJqi+p:rd9gSqHGPa0L/1JUiIIci0
                          TLSH:C8D4122BF354B212CEB507B644567C9199FBBE272137DB8F548C7A29E6333E08A53061
                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ogb..............0.............J.... ........@.. .......................@............@................................

                          File Icon

                          Icon Hash:00828e8e8686b000

                          Static PE Info

                          General

                          Entrypoint:0x49fb4a
                          Entrypoint Section:.text
                          Digitally signed:false
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                          Time Stamp:0x62674F11 [Tue Apr 26 01:46:57 2022 UTC]
                          TLS Callbacks:
                          CLR (.Net) Version:v4.0.30319
                          OS Version Major:4
                          OS Version Minor:0
                          File Version Major:4
                          File Version Minor:0
                          Subsystem Version Major:4
                          Subsystem Version Minor:0
                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                          Entrypoint Preview

                          Instruction
                          jmp dword ptr [00402000h]
                          and byte ptr [eax], al
                          or al, byte ptr [eax]
                          or eax, 2D000900h
                          add byte ptr [eax], dh
                          add byte ptr [ecx], dh
                          add byte ptr [edx], dh
                          add byte ptr [ebx], dh
                          add byte ptr [eax+eax], dh
                          xor eax, 37003600h
                          add byte ptr [eax], bh
                          add byte ptr [ecx], bh
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al

                          Data Directories

                          NameVirtual AddressVirtual Size Is in Section
                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IMPORT0x9faf80x4f.text
                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xa00000x5b0.rsrc
                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xa20000xc.reloc
                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                          Sections

                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                          .text0x20000x9db700x9dc00False0.908947541105data7.87323976123IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                          .rsrc0xa00000x5b00x800False0.318359375data3.30301138268IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .reloc0xa20000xc0x400False0.025390625data0.0558553080537IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                          Resources

                          NameRVASizeTypeLanguageCountry
                          RT_VERSION0xa00900x320data
                          RT_MANIFEST0xa03c00x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                          Imports

                          DLLImport
                          mscoree.dll_CorExeMain

                          Version Infos

                          DescriptionData
                          Translation0x0000 0x04b0
                          LegalCopyrightCopyright Soltys 2010
                          Assembly Version1.0.0.0
                          InternalNameCALLC.exe
                          FileVersion1.0.0.0
                          CompanyName
                          LegalTrademarks
                          Comments
                          ProductNamedotXMLTools
                          ProductVersion1.0.0.0
                          FileDescriptiondotXMLTools
                          OriginalFilenameCALLC.exe

                          Network Behavior

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Apr 26, 2022 07:01:56.847805023 CEST4974121192.168.2.6130.185.84.152
                          Apr 26, 2022 07:01:56.895060062 CEST2149741130.185.84.152192.168.2.6
                          Apr 26, 2022 07:01:56.895224094 CEST4974121192.168.2.6130.185.84.152
                          Apr 26, 2022 07:01:56.915653944 CEST4974121192.168.2.6130.185.84.152
                          Apr 26, 2022 07:01:56.945121050 CEST2149741130.185.84.152192.168.2.6
                          Apr 26, 2022 07:01:56.945218086 CEST4974121192.168.2.6130.185.84.152
                          Apr 26, 2022 07:01:56.963036060 CEST2149741130.185.84.152192.168.2.6
                          Apr 26, 2022 07:01:56.963162899 CEST4974121192.168.2.6130.185.84.152
                          Apr 26, 2022 07:01:56.963299990 CEST2149741130.185.84.152192.168.2.6
                          Apr 26, 2022 07:01:56.963385105 CEST4974121192.168.2.6130.185.84.152

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Apr 26, 2022 07:01:56.730844975 CEST5095853192.168.2.68.8.8.8
                          Apr 26, 2022 07:01:56.757020950 CEST53509588.8.8.8192.168.2.6

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                          Apr 26, 2022 07:01:56.730844975 CEST192.168.2.68.8.8.80xcc6cStandard query (0)ftp.unitelha.comA (IP address)IN (0x0001)

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                          Apr 26, 2022 07:01:56.757020950 CEST8.8.8.8192.168.2.60xcc6cNo error (0)ftp.unitelha.com130.185.84.152A (IP address)IN (0x0001)

                          FTP Packets

                          TimestampSource PortDest PortSource IPDest IPCommands
                          Apr 26, 2022 07:01:56.945121050 CEST2149741130.185.84.152192.168.2.6220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 23 of 50 allowed.
                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 23 of 50 allowed.220-Local time is now 06:01. Server port: 21.
                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 23 of 50 allowed.220-Local time is now 06:01. Server port: 21.220-This is a private system - No anonymous login
                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 23 of 50 allowed.220-Local time is now 06:01. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 23 of 50 allowed.220-Local time is now 06:01. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                          Apr 26, 2022 07:01:56.963036060 CEST2149741130.185.84.152192.168.2.6220 Logout.

                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:1
                          Start time:07:01:36
                          Start date:26/04/2022
                          Path:C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe"
                          Imagebase:0x720000
                          File size:650240 bytes
                          MD5 hash:A27C8EE8B37605F3C05E4EB4D614F359
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:.Net C# or VB.NET
                          Yara matches:
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.376573034.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000001.00000002.376573034.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.378112998.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000001.00000002.378112998.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000001.00000002.375601643.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000001.00000002.375072023.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          Reputation:low

                          General

                          Target ID:2
                          Start time:07:01:39
                          Start date:26/04/2022
                          Path:C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
                          Imagebase:0xbf0000
                          File size:650240 bytes
                          MD5 hash:A27C8EE8B37605F3C05E4EB4D614F359
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:.Net C# or VB.NET
                          Yara matches:
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000000.371685383.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000002.00000000.371685383.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000000.371337269.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000002.00000000.371337269.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000000.372498524.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000002.00000000.372498524.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000000.372086381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000002.00000000.372086381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.632505310.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000002.00000002.632505310.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.633680403.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.633680403.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          Reputation:low

                          Disassembly

                          Reset < >

                            Executed Functions

                            Function 0292A9C8 Relevance: .3, Instructions: 310COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b5e3a61e31261629f8d37a5358234ca42612926e95149a847c92b09b363f3f13
                            • Instruction ID: 2a2c937f0ef1354782d730aadbf755b5e1838969499e19dd11c3c9406638a54d
                            • Opcode Fuzzy Hash: b5e3a61e31261629f8d37a5358234ca42612926e95149a847c92b09b363f3f13
                            • Instruction Fuzzy Hash: 9EC14B71D042298FDB04DFB9C9447AEBBF6AF49318F14D469D418A734AEB348949CF60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02929AC8 Relevance: .3, Instructions: 271COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b7f90b58dccecd20423bb9e5dbe3310ac4a80fcb663aa520993b21fb9935f1d0
                            • Instruction ID: 20b85f284f97a56e3041c93f2db2a85faadda68fc1dfd788e00f20b48b4b8a5c
                            • Opcode Fuzzy Hash: b7f90b58dccecd20423bb9e5dbe3310ac4a80fcb663aa520993b21fb9935f1d0
                            • Instruction Fuzzy Hash: 8BD10830D2064ADACB11EF64C990ADDB7B1FF95300F508B9AE14937265EB70AAC5CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02929AD8 Relevance: .3, Instructions: 264COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b3e9fa9e3e078ebebbd21cdbe51fb3e79513d1c8ab8204e691dff389465f80bc
                            • Instruction ID: d82e1837aa799dba0ca9765f65bdf2bb06595b414626b97ea28e4104d016cc8d
                            • Opcode Fuzzy Hash: b3e9fa9e3e078ebebbd21cdbe51fb3e79513d1c8ab8204e691dff389465f80bc
                            • Instruction Fuzzy Hash: 70D1F830D2064ADACB11EF64C990A9DB7B1FF95300F508B9AE14937265EB70AAC5CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0292A9BA Relevance: .3, Instructions: 263COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 93e035d758a58e8e235962944355579ad36d6b87eff633ac9eaabd077686ae79
                            • Instruction ID: 1b2f23fa4e020d28577e1ac2c725ed2f7a91bceaa141e90ac9553704b9465309
                            • Opcode Fuzzy Hash: 93e035d758a58e8e235962944355579ad36d6b87eff633ac9eaabd077686ae79
                            • Instruction Fuzzy Hash: 85B13B71D042298FDB04DFA9C9447AEFBF6AF49308F14D46AD418A735AEB348949CF60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0292A078 Relevance: .2, Instructions: 221COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5b3231e76d5e3db823414bb84cdf1a57469599bc2c8a9d3488ae46de919c34c5
                            • Instruction ID: dbcee4b446bd52f177cb3f0085484a0aefd7141276dfc9b6a1f5a4bac82f1931
                            • Opcode Fuzzy Hash: 5b3231e76d5e3db823414bb84cdf1a57469599bc2c8a9d3488ae46de919c34c5
                            • Instruction Fuzzy Hash: D5912872D09228CFDB14DFA9C8457EDBBB6BF89314F148469D508B724AEB341A89CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02928AC9 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: -Xg
                            • API String ID: 0-1851797254
                            • Opcode ID: 2549e2ede3f33875191e5933fe4007bc32c672f90aacce80ccc93d9faa1c83dd
                            • Instruction ID: fdde425ee51fd0afbadfa06a6579ab4c3134f4583dbab8c0621341996c93ab07
                            • Opcode Fuzzy Hash: 2549e2ede3f33875191e5933fe4007bc32c672f90aacce80ccc93d9faa1c83dd
                            • Instruction Fuzzy Hash: 4C214E396002109FC711EF78D849ADFBBF6EF80214B44846DE50ADB7A1EB35E9058BA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 061A0769 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.380253540.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_61a0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: o
                            • API String ID: 0-252678980
                            • Opcode ID: 943b5484c007b4b0ab3a7eae0ce43fc7c7712b827d5ac50add2fb61c265590d1
                            • Instruction ID: cf014a438acd274de2e429a081d6b97683e6accaab45efea9ef50c41c944584d
                            • Opcode Fuzzy Hash: 943b5484c007b4b0ab3a7eae0ce43fc7c7712b827d5ac50add2fb61c265590d1
                            • Instruction Fuzzy Hash: E8F074749112A8CFDBA4DF24DD497ED7BBABB49306F4044E9E80AA2240CB705E80CE40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0292AEB0 Relevance: .2, Instructions: 189COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e783c9df40915d6095547a8cf530138776ff27a9782c7833d22df8b13ee072a8
                            • Instruction ID: 85c4fbb3f0980fed56497460ed0edf69dc40c9865eb5b3486accded09f754cbf
                            • Opcode Fuzzy Hash: e783c9df40915d6095547a8cf530138776ff27a9782c7833d22df8b13ee072a8
                            • Instruction Fuzzy Hash: 6851E273B042258FCB15DF78C9512AEBBB2AF88208F110579D506E7398EF39DD458B91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0292A15B Relevance: .2, Instructions: 183COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9fee1af679befaf6316d384ca173422c4bf1c15a66170be6a38d272b0adb64d0
                            • Instruction ID: ecbcac300d15c108bb4fa4662cd5844cba03e876a19659b5cb55a86914349eba
                            • Opcode Fuzzy Hash: 9fee1af679befaf6316d384ca173422c4bf1c15a66170be6a38d272b0adb64d0
                            • Instruction Fuzzy Hash: 12710272D09228CFDB10DFA8C8457EDBBB6BF49314F209459D509B724AEB745A89CF10
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02924CA0 Relevance: .2, Instructions: 155COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e7cc35aa15f672329ad8e1dc08308cea7d3532c5bf850f77fac70e2324b7b160
                            • Instruction ID: e652ac6f639e2d0d84acd068061b3288b40ac61a29762e7bfa9c5d17b2b0bd25
                            • Opcode Fuzzy Hash: e7cc35aa15f672329ad8e1dc08308cea7d3532c5bf850f77fac70e2324b7b160
                            • Instruction Fuzzy Hash: CB51C135B002158FCB15EB79C848A6EBBB7FFC4224B158929E529DB390EB30DD0587A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02924DAA Relevance: .1, Instructions: 141COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 92c7fb2e869e77fbc9e4d16a96ab61d1133e91bbf1d5e8d5865217ea8bd3004f
                            • Instruction ID: 1d699527e1a06b534f6e06dcf16dc5c4296220c3abba7a10338c92a197ff551c
                            • Opcode Fuzzy Hash: 92c7fb2e869e77fbc9e4d16a96ab61d1133e91bbf1d5e8d5865217ea8bd3004f
                            • Instruction Fuzzy Hash: F951D474D04228CFEB08CFA9D9446EEBBB6BF89300F10942AE51AB7254DB745945CF54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02924DB8 Relevance: .1, Instructions: 140COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b263c0408c83176798739155159022f1103e3bbaf54777bd5b2f373c82e25f88
                            • Instruction ID: aa1e9a467cfd6a85ff94cf579af36fa0bc3e01da18e8c7d7a4e380dcfe9cf258
                            • Opcode Fuzzy Hash: b263c0408c83176798739155159022f1103e3bbaf54777bd5b2f373c82e25f88
                            • Instruction Fuzzy Hash: FC51F474D04228CFEB04CFA5D8446EEBBB6BF89300F10A42AE51AB7354DB745949CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029246C2 Relevance: .1, Instructions: 108COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: efe19665553eb051ffd2967241a5750011c229d8e96ea04e34ed878f95289d49
                            • Instruction ID: 0d5c16b5cde0bb8837f27656b2242bb7b6fcb74b742d3a5e18612eb1d8bb29f3
                            • Opcode Fuzzy Hash: efe19665553eb051ffd2967241a5750011c229d8e96ea04e34ed878f95289d49
                            • Instruction Fuzzy Hash: 32411974E00229DFCB04DFA8D844AAEB7B6FF88304F118529E415A7354DB34A945CFA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02928BD4 Relevance: .1, Instructions: 102COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 786a929b597eacc7401e069b7e1165b7bd4886053adee015ba4121274fd122f7
                            • Instruction ID: 4188b1bd8f2c2628aac645250b8682efed991b20e57f3f921d67a7906c4cb090
                            • Opcode Fuzzy Hash: 786a929b597eacc7401e069b7e1165b7bd4886053adee015ba4121274fd122f7
                            • Instruction Fuzzy Hash: AF4132B1D01218CFDB10CFA9C984ADDBBB5FF58304F25841AD508BB215D774AA4ACFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02928BE0 Relevance: .1, Instructions: 96COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b9fe28b72e8687cc7e0c773f2592910f609883debe48a7cc6dfbf9d34551d9b8
                            • Instruction ID: 93e9239edc84bf646a2e5e46a9db6e982b7dae86f684a4b6ed24ba63972a0c69
                            • Opcode Fuzzy Hash: b9fe28b72e8687cc7e0c773f2592910f609883debe48a7cc6dfbf9d34551d9b8
                            • Instruction Fuzzy Hash: 224102B1D01218CBDB10CFA9C584ADEFBB5FF58304F25842AD509BB254D774AA4ACFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02924480 Relevance: .1, Instructions: 88COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dcf4498bd813f0584fbdeefb994157ee10b48d72127fb27b32792ad50362e7d9
                            • Instruction ID: 1a706be877c174b81747e17c58ca326892249745481b7111a21987b17038f9c2
                            • Opcode Fuzzy Hash: dcf4498bd813f0584fbdeefb994157ee10b48d72127fb27b32792ad50362e7d9
                            • Instruction Fuzzy Hash: 44314674E0022C9BDF04DFA8D854AEEBBB2FF88304F10842AD505773A4DB395A519BA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02924188 Relevance: .1, Instructions: 84COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e58cabd0e3e82f8c4ef0d4926468eface99a657b839b0606847aae1cf8d91cb1
                            • Instruction ID: 3cb5a9856cd535336d3ef50f5a19e162ccdbdd5faa3f7beb851537b774ff4056
                            • Opcode Fuzzy Hash: e58cabd0e3e82f8c4ef0d4926468eface99a657b839b0606847aae1cf8d91cb1
                            • Instruction Fuzzy Hash: 4731CE74E002199FCB04DFAAD944AEEBBF2BF89304F14906AD515A7264DB345A46CFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02924490 Relevance: .1, Instructions: 83COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4cdc89e1982bfdd0c1d7b538fe35f6ce417dc397033dc2f942ca23e2c0ee9bda
                            • Instruction ID: 04f34f0617165544611e950fa34ab70c6192b8447bdb4eeb3cff2655963c7471
                            • Opcode Fuzzy Hash: 4cdc89e1982bfdd0c1d7b538fe35f6ce417dc397033dc2f942ca23e2c0ee9bda
                            • Instruction Fuzzy Hash: A2312774E0122C9BDF04DFA9D854AEEBBB2FF88304F108429D50577394DB355911DBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 061A6258 Relevance: .1, Instructions: 79COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.380253540.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_61a0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 74c9f09a10704f036b708f9efdef5073056d7230291e3408aa23311206e14bd1
                            • Instruction ID: 08b6f801a40895cb551e5c24904610ec770b74302ecc7d85b827eada8f613065
                            • Opcode Fuzzy Hash: 74c9f09a10704f036b708f9efdef5073056d7230291e3408aa23311206e14bd1
                            • Instruction Fuzzy Hash: 0731E775E0121D9FCB44DFA9C844AEEBBF2EF88204F10802AD515B7364EB355A41CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02924179 Relevance: .1, Instructions: 77COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3311b82757d2c4d550c6bcd48fafda89fd6b6973a1a2695e70d9d3515830fba6
                            • Instruction ID: 0ae535435b41bb7a757a5c406b9eb38962aef51f2fc4e77ce9b2430f16328b09
                            • Opcode Fuzzy Hash: 3311b82757d2c4d550c6bcd48fafda89fd6b6973a1a2695e70d9d3515830fba6
                            • Instruction Fuzzy Hash: 16310374E042189FCB04DFAAD844AEEBBF2FF89314F14906AD404B7264DB345A45CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02928684 Relevance: .1, Instructions: 67COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 73459048381b2e3980e3dea703eed8c9658af438d181ca5d02c6983186675b3d
                            • Instruction ID: fcb0265194ccc7ecf04498d68c42795f86c517b60db45afc7170d320afa16318
                            • Opcode Fuzzy Hash: 73459048381b2e3980e3dea703eed8c9658af438d181ca5d02c6983186675b3d
                            • Instruction Fuzzy Hash: 4031D3B0D01318DFDB20CF99D588B9EBBF5BB48318F148459E408BB254C7B85989CFA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02928964 Relevance: .1, Instructions: 66COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a11bbe988af138b8a59949dfe1b2496624ed289826a55d811f25ca736efa5641
                            • Instruction ID: 6afd883ad1f0eab8f8188f6e4a9ea24c5a12a6c4ebfe4b8c1107e5242c16fe99
                            • Opcode Fuzzy Hash: a11bbe988af138b8a59949dfe1b2496624ed289826a55d811f25ca736efa5641
                            • Instruction Fuzzy Hash: 7731F2B1D01218DFDB20CF99C5897DEBBF4BB08318F14841AE404BB254C7B89989CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029287B1 Relevance: .1, Instructions: 60COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cdcb4860d3dbb7c10498f4718058c42c37d2ec3625bf678b31e8b3f3b544e140
                            • Instruction ID: d15c9dc61870d020fb5a1f6ab738f7a44fc48522729c69479aa7d6228be81995
                            • Opcode Fuzzy Hash: cdcb4860d3dbb7c10498f4718058c42c37d2ec3625bf678b31e8b3f3b544e140
                            • Instruction Fuzzy Hash: 4C117375A002155B9B11EF7988446BFBBFBFBC4260B148928E469E7344EF30990987A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02920598 Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3f6a2fbb0caaddaf19871b99e93f58ee8fb451a1364aaf6820b5e3263c23505e
                            • Instruction ID: 9d8de06e7a48a8fb58e98b119409537f19fbd90908d07f4f502b0547598b612c
                            • Opcode Fuzzy Hash: 3f6a2fbb0caaddaf19871b99e93f58ee8fb451a1364aaf6820b5e3263c23505e
                            • Instruction Fuzzy Hash: 1F113D70D11218DFCB04EFA9D844AADBBF1FF8A314F0491AAD459A3368EB305A41CF54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02925AB0 Relevance: .1, Instructions: 58COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8ba42248b8fd419c8daa2a576b81298ed1f805b41c6a66b86b0b2ed574793d15
                            • Instruction ID: abc318e696d9862384b24396d5ad44be8f320c67954c5605d1523d684ec905f2
                            • Opcode Fuzzy Hash: 8ba42248b8fd419c8daa2a576b81298ed1f805b41c6a66b86b0b2ed574793d15
                            • Instruction Fuzzy Hash: BD117331B002258B8B14EBB898516FEB7F6AFC9254F544039C504EB388EB35DD19CB95
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029204F0 Relevance: .1, Instructions: 52COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d67fc7a4c8d26bc561146fd80ecf7e939b86b621eb20030aa536958231c042c0
                            • Instruction ID: 449f61faf0a4e7173a958009093c28ac14f36492601f578672fac1293d402dcd
                            • Opcode Fuzzy Hash: d67fc7a4c8d26bc561146fd80ecf7e939b86b621eb20030aa536958231c042c0
                            • Instruction Fuzzy Hash: 11116670E01208EFCB04EFA9C441BBEBBB6FF49304F1445A9C814A7395DB346A46CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 061A6480 Relevance: .0, Instructions: 50COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.380253540.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_61a0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c57af6fc573e73e673ce68dc14e84dceed9332509bb68c4c5d8de904f200387a
                            • Instruction ID: a51396114709a521779ee1bece39f2c360c7a60d888aa7e2c59323cd794378e6
                            • Opcode Fuzzy Hash: c57af6fc573e73e673ce68dc14e84dceed9332509bb68c4c5d8de904f200387a
                            • Instruction Fuzzy Hash: C9115274E042089BEB08DFAAD5556AEBBFAEF89700F15C029E509A7355EF301805CFD0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02928690 Relevance: .0, Instructions: 47COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6ecfb6c37e7c988df720ab7b58099127c0994f9b9ce82312105fb9394c84c6db
                            • Instruction ID: adaa94eccaffa09a13fe0a9a8fe33efd6bc63608b48a2b91bab041546cad348c
                            • Opcode Fuzzy Hash: 6ecfb6c37e7c988df720ab7b58099127c0994f9b9ce82312105fb9394c84c6db
                            • Instruction Fuzzy Hash: 771125B19002088FDB20DF9AD488BDEFBF8EB48324F108419D515A7200C374A948CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029291C0 Relevance: .0, Instructions: 47COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: daf5106fd28e05c87cff80a67844ab1754404522ec3644ce272da2e2cd94b490
                            • Instruction ID: 43532204df9ac825e8f8b64494d49b6bc45506d490b405d097e5ba5577e146c9
                            • Opcode Fuzzy Hash: daf5106fd28e05c87cff80a67844ab1754404522ec3644ce272da2e2cd94b490
                            • Instruction Fuzzy Hash: 7C1106B1D002489FDB20DF9AD449BDEFBF8EB58324F14881AD555A7340C774A948CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029205A8 Relevance: .0, Instructions: 40COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4037d47065bef42c3a99654e244e8547c3f572592492a0e3c729e49d3152e7d4
                            • Instruction ID: a56a98c09f771416409984c32f0bd9c1c3bc524baf4f423c4db5335369f330f1
                            • Opcode Fuzzy Hash: 4037d47065bef42c3a99654e244e8547c3f572592492a0e3c729e49d3152e7d4
                            • Instruction Fuzzy Hash: 5201C870D112199FDB44EFAAD944AADBBF1FF89304F0095AAD419E3364EB305941CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029245B2 Relevance: .0, Instructions: 38COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b13d49ec0e531983489d1f6be35dea96dc28e87b08c1efa6ac831fc566ed7a2a
                            • Instruction ID: 8ec4991341096e4b3c5a5f1988545ecd9d73e107fbfbd46cace9770e5f0d4342
                            • Opcode Fuzzy Hash: b13d49ec0e531983489d1f6be35dea96dc28e87b08c1efa6ac831fc566ed7a2a
                            • Instruction Fuzzy Hash: E401E8B5D15218DFCB40DFA8EA44B5CBBF4FB09309F1195A5D404E7369E7309A49CB11
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029245C0 Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 28bb7f038718bf2ccf93ec2c9b0997a6c76ed76f68de3ad5491ce944177b6c2a
                            • Instruction ID: ea13fb7a334d40f0030233d00a411498235e6b35be5b1752ccb181c1efc4e0b7
                            • Opcode Fuzzy Hash: 28bb7f038718bf2ccf93ec2c9b0997a6c76ed76f68de3ad5491ce944177b6c2a
                            • Instruction Fuzzy Hash: FC014B70E15208DFCB40DFA8D684A9CB7F4FB08308F2195A5D804A7368D7309E45DF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0292900C Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 714b868de090ea95db15f34da5d2d6ce72cf25fd3db45b7dced0bfb84dc5051c
                            • Instruction ID: ab571ce3c1532da9eb9c60957afb41a0dba3763cf37744a25540fb17d4177892
                            • Opcode Fuzzy Hash: 714b868de090ea95db15f34da5d2d6ce72cf25fd3db45b7dced0bfb84dc5051c
                            • Instruction Fuzzy Hash: EC012C7084022DDFEB14CF69C5487EEBBF5FF48364F248629E425AA2A4D7744A49CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 061A6A20 Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.380253540.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_61a0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dd818da5e9a8980500ed3d183a17b4a2c6e3c333ddade8770035cd21c4476e25
                            • Instruction ID: 0c3f2b3c0fd222f3af6d3877e4410a2c61f084db613d914a6ed6963d458a96a6
                            • Opcode Fuzzy Hash: dd818da5e9a8980500ed3d183a17b4a2c6e3c333ddade8770035cd21c4476e25
                            • Instruction Fuzzy Hash: FCF04F34A142089FD744FFA8E445B6EBBB9E749304F10C459E509A3359EB349944CFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0292A1E7 Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5b30bf4e804114cbe62b4211f30174cd3e4c5b7ff6fe98db97499fc7f31768ec
                            • Instruction ID: 1d3ce2873bab797a40bda885ee10808a20da51289aaf6ab987c9d8c7f9e74d94
                            • Opcode Fuzzy Hash: 5b30bf4e804114cbe62b4211f30174cd3e4c5b7ff6fe98db97499fc7f31768ec
                            • Instruction Fuzzy Hash: 62F0A475A0C07D8BDF01EBFCCD017AE76B5AB54318F208061C508A734EF6354A468B21
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02924828 Relevance: .0, Instructions: 35COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 40df7c308feb2e4eedd9b2f078f143db6e4d1de2225d69518b4cda859e299e2b
                            • Instruction ID: 49d8a6ece93adabec6913d6677e7c5ce9daa115108101ecb07ab7e435f63ebec
                            • Opcode Fuzzy Hash: 40df7c308feb2e4eedd9b2f078f143db6e4d1de2225d69518b4cda859e299e2b
                            • Instruction Fuzzy Hash: ABF02B399192E8DFCB01CFA4DC918DCBF71EF86254F0951DAC010AB2A2C3289406C710
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029290A8 Relevance: .0, Instructions: 35COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 102811a4f8245c18b981f3ee6a68a335c1e75f75c6ce7a4d1edc15bff08386b6
                            • Instruction ID: b531b9ff77e27c5f3685bf3077fa16dd584ed2993d71942324a41b5b89941e2a
                            • Opcode Fuzzy Hash: 102811a4f8245c18b981f3ee6a68a335c1e75f75c6ce7a4d1edc15bff08386b6
                            • Instruction Fuzzy Hash: BCF0E2767040205FD304CBADD890E67BBEDEFCD2607194575F108CB311C9308D0187A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02929018 Relevance: .0, Instructions: 34COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1dde401ddbda4895040761e9830f016b10a8e1af97a49afd6683be84f39d86cd
                            • Instruction ID: b6a6fbd8c70a403f2c048071e171ec02e3a2cc85f55343a07c136c0c11dfc60f
                            • Opcode Fuzzy Hash: 1dde401ddbda4895040761e9830f016b10a8e1af97a49afd6683be84f39d86cd
                            • Instruction Fuzzy Hash: 4501FB7084022DDFEB14CF6AC4043EEBBF5FF48364F208625E825AA294D7754A48CF94
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029251D8 Relevance: .0, Instructions: 34COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fef84b01850bcd4887a57f14d7084caf9329232847992c945701be780bfe5507
                            • Instruction ID: 92f6f48fc7af7555bb46dbb6f6a1bf360a55f7a04f9daade158594ca61e72481
                            • Opcode Fuzzy Hash: fef84b01850bcd4887a57f14d7084caf9329232847992c945701be780bfe5507
                            • Instruction Fuzzy Hash: A4F02866C4928A5FDB11DF78DA4639CBF74AF02204FA806AAD8D0973D6E3348645C341
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02920448 Relevance: .0, Instructions: 32COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9f418c56e4294c8946bbc1130deb0cbc521f011f7a102389bc573157029367f1
                            • Instruction ID: 5556edc1669ff190ed19d177f7063e9705c74ee6c02c9abc456211668a894168
                            • Opcode Fuzzy Hash: 9f418c56e4294c8946bbc1130deb0cbc521f011f7a102389bc573157029367f1
                            • Instruction Fuzzy Hash: 74F0F470D05208EFCB08EFB9E45499DBBB5EB4A305F1091AED409A3350EB355A45CF24
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029290B8 Relevance: .0, Instructions: 32COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c5ebdc98af4c0ac7f448b949deb5ecbd7f95390840c70b17d7cf722b21383543
                            • Instruction ID: 69c29f4e817e8dfaec055c1d5f555eff0fbd30bc6ef5f473e2a4e4bd3e232ec2
                            • Opcode Fuzzy Hash: c5ebdc98af4c0ac7f448b949deb5ecbd7f95390840c70b17d7cf722b21383543
                            • Instruction Fuzzy Hash: 22E03972B041246F5304DAAED884C6BBBEEEBCD6B4355813AF60CC7311DA309D0086A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0292A96F Relevance: .0, Instructions: 25COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d1381cd636fff9e58a8330de6b86f39581fed125776553f5e05e23b36544f53d
                            • Instruction ID: 86764322c873af6357f9075b06f86838653302a602eb2d0aa40dee98d6d291fa
                            • Opcode Fuzzy Hash: d1381cd636fff9e58a8330de6b86f39581fed125776553f5e05e23b36544f53d
                            • Instruction Fuzzy Hash: 42E06D74D0520CEFD751DFB9D845B8CBBB4EF48304F0081AAA814A3344EB385A80CF40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0292AE58 Relevance: .0, Instructions: 25COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4444ad782771581405e4e9f6bab387b6436d8c7c90c041c3e519bb7c68394861
                            • Instruction ID: b905d6dc5e79ffafac3009226c578ce872533cb086f41b26c3a57001fc61412a
                            • Opcode Fuzzy Hash: 4444ad782771581405e4e9f6bab387b6436d8c7c90c041c3e519bb7c68394861
                            • Instruction Fuzzy Hash: E1F01530D0420CAFDB11DFB4D94678DBBB4EB08304F1481A9E844A3244D7395A85CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02928F76 Relevance: .0, Instructions: 24COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1cec2fb47ea4c6287dada95f1c0f093769d77bd801b216ea97fb671048477dfe
                            • Instruction ID: 1ead1500fd4d7b51876ef2393019060303e8f453a8d0983ac55b6d27654d35ab
                            • Opcode Fuzzy Hash: 1cec2fb47ea4c6287dada95f1c0f093769d77bd801b216ea97fb671048477dfe
                            • Instruction Fuzzy Hash: 50E08CB7D00038978B10AAE8FE019EEFF35EB98A72B814233E610E6504C3350725DBD0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02928A70 Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cd0887531fb4f20a81fa04bdeaf9265d22379cb1ab29b94f128f19b8e1646f0d
                            • Instruction ID: 9c34677adfc2ad72e6644c2aaa17a4377e7d2437ad4229d3d6bc41f11e345211
                            • Opcode Fuzzy Hash: cd0887531fb4f20a81fa04bdeaf9265d22379cb1ab29b94f128f19b8e1646f0d
                            • Instruction Fuzzy Hash: 1BE0ED34A19208EFC701EF64E95284DBBB5EB41204B1044A9DC44D7282DA389E02DBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0292463A Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1a8e315f81bfd89514ac23f6b3d08f7dd7bdfb35e69397c6da37e34c2fc3ec6e
                            • Instruction ID: 30b0636f6bfc3c72f4450fa8893778cd61db72260ea3a00268e411be100446e1
                            • Opcode Fuzzy Hash: 1a8e315f81bfd89514ac23f6b3d08f7dd7bdfb35e69397c6da37e34c2fc3ec6e
                            • Instruction Fuzzy Hash: C4E09275919108DFC745EFA4EA46B9C77B1FB00208F104A99E004A3290E7345E01DB10
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 061A192A Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.380253540.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_61a0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d36d0c56e50608f01cc4fe92b502a2493e3cb82b426de0e13ebb13ec28e86736
                            • Instruction ID: e0b9e5ff3d4958953cf24c5ea5d99d0205fbef386b2f5056dd8a1f7f1f5c13cf
                            • Opcode Fuzzy Hash: d36d0c56e50608f01cc4fe92b502a2493e3cb82b426de0e13ebb13ec28e86736
                            • Instruction Fuzzy Hash: C7F07434911668CFDBA5DF14DC597AD7BF9AB48306F4095D9D04AA6241DB709BC08F40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 061A6430 Relevance: .0, Instructions: 21COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.380253540.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_61a0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 54fdd35fb1ed32c73b8c1c9ade6b06cb00ce0897c5cb8329c0b1d2f03fdbb25d
                            • Instruction ID: bf27cd3f44ce9926b35d8c7d821a14b776588449299f563261f1caa3ff005f30
                            • Opcode Fuzzy Hash: 54fdd35fb1ed32c73b8c1c9ade6b06cb00ce0897c5cb8329c0b1d2f03fdbb25d
                            • Instruction Fuzzy Hash: 47E0C974D04208AFCB84DFA8D445A9CBBB5EB48304F10C0A9981893340D7319A51DF81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 061A6AF0 Relevance: .0, Instructions: 21COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.380253540.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_61a0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 54fdd35fb1ed32c73b8c1c9ade6b06cb00ce0897c5cb8329c0b1d2f03fdbb25d
                            • Instruction ID: a3c992b95ef79626b5e7a339e1ae729b186b17c09adbfe32513174f968696d64
                            • Opcode Fuzzy Hash: 54fdd35fb1ed32c73b8c1c9ade6b06cb00ce0897c5cb8329c0b1d2f03fdbb25d
                            • Instruction Fuzzy Hash: E8E0C974E04208AFCB44DFA8D441A9CBBB5EB48314F10C1A9AC1893340D7319A51DF80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02924648 Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 084a619e4436e942c82eb82fb34755a270a189378f6bcc933802646d84bca1b9
                            • Instruction ID: 8a566c66771b20931be410a964ddc4412325213718217c1d81571ae57a13d8c9
                            • Opcode Fuzzy Hash: 084a619e4436e942c82eb82fb34755a270a189378f6bcc933802646d84bca1b9
                            • Instruction Fuzzy Hash: 23E0863090920DEFCB01FFB4E945A5D77B5EB05208F104999D405D3291EB315E01DB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029204A8 Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cffcc91e005d477dab5116c9061acc223653eeb2c8b93f4901f44e20b27466db
                            • Instruction ID: aafe9cab366ed535fada2ab7eeccce3c4ab264b66c73e86837259f53933d0b38
                            • Opcode Fuzzy Hash: cffcc91e005d477dab5116c9061acc223653eeb2c8b93f4901f44e20b27466db
                            • Instruction Fuzzy Hash: 0CE0C27050F3989FC302EBA0A850B1A7F38AB03108F0441DBC004872A2E7710A05D7B6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02928A80 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d2415e1661c4913caf7740f36fcd0863aedfdebcb108f4e78c1c3a116daf74c6
                            • Instruction ID: 72392da06634aa4a3abbe93279704f4f203ec5b7e534307fade36bd6a7ed2a14
                            • Opcode Fuzzy Hash: d2415e1661c4913caf7740f36fcd0863aedfdebcb108f4e78c1c3a116daf74c6
                            • Instruction Fuzzy Hash: 3AE0867461110CEF8740FFB4D94285DB7B5EB4520471145A5DC44D3345DB399F02DFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 061A60B8 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.380253540.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_61a0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7335dc7a570e3105be28980966e414115b283a28da808fb764c4d38e5e48b612
                            • Instruction ID: 5b5907652e0ed096b8157913b377459eaca7b00270bc4e9b5951a57162e3efd5
                            • Opcode Fuzzy Hash: 7335dc7a570e3105be28980966e414115b283a28da808fb764c4d38e5e48b612
                            • Instruction Fuzzy Hash: 86E04670E0430CEFCB48EFA8E44469DBBB5EB48304F1081AAD808A3340E7355A84CF80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0292EE68 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: aec7597ec351a5b1377ea08244e0b4f5a869919f54f5b6be8c27610578d5a53d
                            • Instruction ID: 3db8f04c982a617b25f7b3889f068489e571a967253aefd2c70b09dc9f57516f
                            • Opcode Fuzzy Hash: aec7597ec351a5b1377ea08244e0b4f5a869919f54f5b6be8c27610578d5a53d
                            • Instruction Fuzzy Hash: F3D02B7141510CDFC700EFB4D44878E7BFCEB05204F0040A9E50AC3150EF311A84D781
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 061A6F38 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.380253540.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_61a0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 09294c60d8cf6d7f22222d07ce1896da7ee083d92fb7ea2e86296e3596aecb98
                            • Instruction ID: 1877625d180862eb9dbd8cb6f7211247fe7d307d03c6b7f5c2181e74039cb068
                            • Opcode Fuzzy Hash: 09294c60d8cf6d7f22222d07ce1896da7ee083d92fb7ea2e86296e3596aecb98
                            • Instruction Fuzzy Hash: 97E0E67490420CEBCB04DF94E941A5DBF75EB55315F14C1ADDC0417340D7315E55DB95
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 061A5654 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.380253540.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_61a0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 715b367619c660b0c40fa038bf5dbeb487b91ad551d8e6bdb01af80f4bdcbf04
                            • Instruction ID: 1e1d847116cc424056f8bff15bd84edf345d852e992995e9618b964631030d56
                            • Opcode Fuzzy Hash: 715b367619c660b0c40fa038bf5dbeb487b91ad551d8e6bdb01af80f4bdcbf04
                            • Instruction Fuzzy Hash: 28F0FA74905268CFEBA5DF28DD4ABD9BBB5BB48305F0085EAD40DA2251DB705E81CF40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 061A6748 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.380253540.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_61a0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7be169d38b5ad450b51fd2e93c244f5c30efff65a4b4151b848058c161918baf
                            • Instruction ID: 5ab26a6b0b144d39e93a329b7c9e56dc03059fd6d5411d388558d4fbf2bd0f2a
                            • Opcode Fuzzy Hash: 7be169d38b5ad450b51fd2e93c244f5c30efff65a4b4151b848058c161918baf
                            • Instruction Fuzzy Hash: 69D05B7191910CDFCB45EFF4D54479E77B9DB05604F5044A9D50993150EF311B44DB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 061A69D8 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.380253540.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_61a0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 09294c60d8cf6d7f22222d07ce1896da7ee083d92fb7ea2e86296e3596aecb98
                            • Instruction ID: 490624d50351927dae8e16892012c2b6fe0123b3086bcb8f2b351103cd38c5f9
                            • Opcode Fuzzy Hash: 09294c60d8cf6d7f22222d07ce1896da7ee083d92fb7ea2e86296e3596aecb98
                            • Instruction Fuzzy Hash: 14E0863490420CEFC704DF94D941A5CBF75EB44304F10C1A9DC0413340C7315A91DB85
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 061A6218 Relevance: .0, Instructions: 17COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.380253540.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_61a0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 29ad97ee9eae9dc971d02ddaf1a6c096c97bc00b5ae9de5a9f175f58b7705fb7
                            • Instruction ID: d6d797e5414eb008f960c7c3abca123c9fcc68b0c102ddb248b3f61e1ea36315
                            • Opcode Fuzzy Hash: 29ad97ee9eae9dc971d02ddaf1a6c096c97bc00b5ae9de5a9f175f58b7705fb7
                            • Instruction Fuzzy Hash: 0AE01274D1520CDFC744EFB8D44A79CBFB4AB04205F1080E9DC48A3380EB305A84CB41
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02928F80 Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                            • Instruction ID: af099bf37c0ac670ccb695fb123ee7c5bd044eb61b7ad1a7781d93e1f492c19a
                            • Opcode Fuzzy Hash: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                            • Instruction Fuzzy Hash: 9DD05272C00138AB8B10AFE99C088EFFF79EF08A60B418122E914AB100D3700A20CBD0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02925218 Relevance: .0, Instructions: 15COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b1a7644660a9ef91f2062db83992b3f04cb75067837ac23c26ffc50f7d4b26ac
                            • Instruction ID: bfa1ea6b98e89a5abc9b188e2cf57cb6d2e733f3d29c6c2c5f22f8e730d26503
                            • Opcode Fuzzy Hash: b1a7644660a9ef91f2062db83992b3f04cb75067837ac23c26ffc50f7d4b26ac
                            • Instruction Fuzzy Hash: 16D05E34C1521CEFD705EFA4E44666CBF74AB05206F4001A9E84062284EB300A84D751
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029204B8 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 92db21641a7b82e2fce344543bdf440f7f188d7c6ed376570cf5713845e9242b
                            • Instruction ID: c373e5723f7933ee36b9c9274c80bc107d9e94535cf52ebfba2b2036cad4fe10
                            • Opcode Fuzzy Hash: 92db21641a7b82e2fce344543bdf440f7f188d7c6ed376570cf5713845e9242b
                            • Instruction Fuzzy Hash: F3C0127090A21CEBC704FBA5E901F6EB76CE70524DF104199950853254EB315A00D6A5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02925A77 Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2091ffdd6985b2a5ad2a838e3ccb765179c62955b843573390a9c0aaf9ed33cf
                            • Instruction ID: 6a95facd048c2229eb64ba68bc3c2a7ca92191532f9488523c9d3958d776d09a
                            • Opcode Fuzzy Hash: 2091ffdd6985b2a5ad2a838e3ccb765179c62955b843573390a9c0aaf9ed33cf
                            • Instruction Fuzzy Hash: 82C04C3B0060406FDB42EB85CD45FC57FA2EB55310F849551E18455135D72AD62AAB11
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02924C80 Relevance: .0, Instructions: 9COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b5064329d3dab5b3d3e6bf6e191c501cfb65ac6a96110575dafac9e5bcf1dd6d
                            • Instruction ID: 0f80b3fcfd011699d05eb907628aeeb8432cc8cca5503f72cf749a3e5b99c753
                            • Opcode Fuzzy Hash: b5064329d3dab5b3d3e6bf6e191c501cfb65ac6a96110575dafac9e5bcf1dd6d
                            • Instruction Fuzzy Hash: 3AC09B3E109015EF4642E759C59DC557AA2FF557107C19C52E24445034CB35C51CDF13
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02924F90 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c89072c4758392cf68280cbe7b0ee45d9035b515b665459dbbe426a2e485e3dc
                            • Instruction ID: bd17d0b31d5b5dbf121cfe1fd324e2c47992d138c5c5524348157a3f4e79db4c
                            • Opcode Fuzzy Hash: c89072c4758392cf68280cbe7b0ee45d9035b515b665459dbbe426a2e485e3dc
                            • Instruction Fuzzy Hash: FFA001B72200218AE706CF7CE895F9A37A4A721A00F204A86D01082050CA2AA28ACE54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Non-executed Functions

                            Function 061A2E50 Relevance: 2.6, Strings: 2, Instructions: 122COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.380253540.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_61a0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: 4$UUUU
                            • API String ID: 0-1342272125
                            • Opcode ID: b6ba8fbaa526b82b8365dfa6bbba0fa111bcb7d6c27992aad8dd83ea4ffe77e5
                            • Instruction ID: 94ca28285ed82d4b1b28f4e2b2bb805342f8657d8b1987939e8d15bc1490743e
                            • Opcode Fuzzy Hash: b6ba8fbaa526b82b8365dfa6bbba0fa111bcb7d6c27992aad8dd83ea4ffe77e5
                            • Instruction Fuzzy Hash: 6E51AF70E116288FDBA4CFACC98478DB7F2BF88304F5485AAD518EB205D7349A85CF14
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 061A0040 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.380253540.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_61a0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: 6
                            • API String ID: 0-498629140
                            • Opcode ID: e021c9d765603e1f4489e0d5b30bab8a090b1b42552378d8c67cabce03a79c37
                            • Instruction ID: dad207ebd7272c94f38ff93c4ef9e5acdf3178c11f2a3cda99cfdccea32db242
                            • Opcode Fuzzy Hash: e021c9d765603e1f4489e0d5b30bab8a090b1b42552378d8c67cabce03a79c37
                            • Instruction Fuzzy Hash: D4412B71D05A188BEB5CCF6BCD4479AFAF3BFC8205F14C1BA880CAA254EB7009859F11
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0292EEB0 Relevance: .2, Instructions: 160COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.374904612.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2920000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dc98b5d00f2ef0c751d742b3c4ba50f5c4efffb779c2641bd319f7b9e655306a
                            • Instruction ID: e5323b59e11142f1cd537cefd6a9f780937a8122b1619122399eb7f0cf25aac1
                            • Opcode Fuzzy Hash: dc98b5d00f2ef0c751d742b3c4ba50f5c4efffb779c2641bd319f7b9e655306a
                            • Instruction Fuzzy Hash: FA612A71E146098FD748EF6AE845A9E7BF3AFC4204F14C829E1089B368EB749945CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 061A0006 Relevance: .1, Instructions: 113COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.380253540.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_61a0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1b5d04ef5a6b8b8a4976f6c3f802da956cb20290a30f1bd0cd40c2e82cc6cd28
                            • Instruction ID: 5f84a1ca00541ef6917cbdaaba181552a9b66aa0ab0e02eca93ac179713d3d03
                            • Opcode Fuzzy Hash: 1b5d04ef5a6b8b8a4976f6c3f802da956cb20290a30f1bd0cd40c2e82cc6cd28
                            • Instruction Fuzzy Hash: 60416071D056588FE75DCF6B8C4129AFBF3AFC9205F18C1FAC84CAA265EA3405868F11
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Execution Graph

                            Execution Coverage:12.3%
                            Dynamic/Decrypted Code Coverage:100%
                            Signature Coverage:7.5%
                            Total number of Nodes:53
                            Total number of Limit Nodes:3
                            execution_graph 37305 67595c0 37306 67595df LdrInitializeThunk 37305->37306 37308 6759630 37306->37308 37309 675e048 37312 675e06d 37309->37312 37310 675e1e7 37311 675e7cc LdrInitializeThunk 37311->37312 37312->37310 37312->37311 37244 2dfadd0 37245 2dfadee 37244->37245 37248 2df9dc0 37245->37248 37247 2dfae25 37250 2dfc8f0 LoadLibraryA 37248->37250 37251 2dfc9cc 37250->37251 37252 2df4540 37253 2df4554 37252->37253 37256 2df478a 37253->37256 37263 2df485f 37256->37263 37267 2df4870 37256->37267 37271 2df4986 37256->37271 37275 2df49e8 37256->37275 37280 2df496c 37256->37280 37264 2df4870 37263->37264 37265 2df49ab 37264->37265 37284 2df4c67 37264->37284 37268 2df48b4 37267->37268 37269 2df49ab 37268->37269 37270 2df4c67 2 API calls 37268->37270 37270->37269 37272 2df4999 37271->37272 37273 2df49ab 37271->37273 37274 2df4c67 2 API calls 37272->37274 37273->37273 37274->37273 37276 2df49ee 37275->37276 37297 2df4f1f 37276->37297 37301 2df4f30 37276->37301 37277 2df455d 37281 2df491f 37280->37281 37282 2df49ab 37281->37282 37283 2df4c67 2 API calls 37281->37283 37283->37282 37285 2df4c86 37284->37285 37289 2df4cb9 37285->37289 37293 2df4cc8 37285->37293 37286 2df4c96 37286->37265 37290 2df4d02 37289->37290 37291 2df4d2c RtlEncodePointer 37290->37291 37292 2df4d55 37290->37292 37291->37292 37292->37286 37294 2df4d02 37293->37294 37295 2df4d2c RtlEncodePointer 37294->37295 37296 2df4d55 37294->37296 37295->37296 37296->37286 37298 2df4f2a 37297->37298 37298->37277 37299 2df4fd7 RtlEncodePointer 37298->37299 37300 2df5000 37298->37300 37299->37300 37300->37277 37302 2df4f3e 37301->37302 37302->37277 37303 2df4fd7 RtlEncodePointer 37302->37303 37304 2df5000 37302->37304 37303->37304 37304->37277

                            Executed Functions

                            Function 0675E048 Relevance: 2.3, APIs: 1, Instructions: 760libraryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 34 675e048-675e14e 51 675e1a5-675e1af 34->51 52 675e150-675e191 34->52 55 675e1b5-675e1d0 51->55 52->51 57 675e193-675e1a3 52->57 233 675e1d2 call 675f020 55->233 234 675e1d2 call 675f018 55->234 57->55 59 675e1d7-675e1e5 62 675e1f5-675e5a2 59->62 63 675e1e7-675ebcd 59->63 102 675eb8d-675ebb0 62->102 103 675e5a8-675e5b5 62->103 104 675ebb5-675ebbf 102->104 103->104 105 675e5bb-675e626 103->105 105->102 116 675e62c-675e661 105->116 119 675e663-675e688 116->119 120 675e68a-675e692 116->120 123 675e695-675e6de 119->123 120->123 128 675eb74-675eb7a 123->128 129 675e6e4-675e703 123->129 128->102 130 675eb7c-675eb85 128->130 235 675e708 call 675f790 129->235 236 675e708 call 675f798 129->236 130->105 131 675eb8b 130->131 131->104 133 675e70d-675e73c 133->128 136 675e742-675e74c 133->136 136->128 137 675e752-675e765 136->137 137->128 138 675e76b-675e792 137->138 142 675eb35-675eb58 138->142 143 675e798-675e79b 138->143 151 675eb5d-675eb63 142->151 143->142 144 675e7a1-675e7db LdrInitializeThunk 143->144 154 675e7e1-675e830 144->154 151->102 152 675eb65-675eb6e 151->152 152->128 152->138 162 675e975-675e97b 154->162 163 675e836-675e86f 154->163 164 675e97d-675e97f 162->164 165 675e989 162->165 167 675e991-675e997 163->167 179 675e875-675e8ab 163->179 164->165 165->167 168 675e9a5-675e9a8 167->168 169 675e999-675e99b 167->169 171 675e9b3-675e9b9 168->171 169->168 173 675e9c7-675e9ca 171->173 174 675e9bb-675e9bd 171->174 176 675e919-675e949 173->176 174->173 181 675e94b-675e96a 176->181 185 675e8b1-675e8d4 179->185 186 675e9cf-675e9fd 179->186 189 675e970 181->189 190 675ea02-675ea54 181->190 185->186 195 675e8da-675e90d 185->195 186->181 189->151 208 675ea56-675ea5c 190->208 209 675ea5e-675ea64 190->209 195->171 206 675e913 195->206 206->176 212 675ea75-675ea93 208->212 210 675ea66-675ea68 209->210 211 675ea72 209->211 210->211 211->212 216 675ea95-675eaa5 212->216 217 675eab7-675eb33 212->217 216->217 220 675eaa7-675eab0 216->220 217->151 220->217 233->59 234->59 235->133 236->133
                            APIs
                            Memory Dump Source
                            • Source File: 00000002.00000002.635298278.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6750000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 95938f3e53939bc7efeddfefc89505a45a146fd601ac81655093bc2e642e0916
                            • Instruction ID: 90ab38782c0ea69d042aec3f99e22c08b3231643a0d9f35edb698966d9a1f2cd
                            • Opcode Fuzzy Hash: 95938f3e53939bc7efeddfefc89505a45a146fd601ac81655093bc2e642e0916
                            • Instruction Fuzzy Hash: D8623731E006198FCB64EF78C8546ADB7F1AF89304F1185A9D54AAB350EF70AE85CF81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0676DF21 Relevance: 1.8, Strings: 1, Instructions: 540COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: jjj
                            • API String ID: 0-2289343631
                            • Opcode ID: aa0eae5093d27c2c53fda531e9e003a50d965c6db8d60edb821c2f12141b66fe
                            • Instruction ID: de7abb40f07780cb32022b1fbb6328a2c3955b593c121462e3dab2be8dc67a5e
                            • Opcode Fuzzy Hash: aa0eae5093d27c2c53fda531e9e003a50d965c6db8d60edb821c2f12141b66fe
                            • Instruction Fuzzy Hash: 0712C234F142149FEBA4DB69C884BBDBBB2AF85314F148429F919EB281CB75DC41CB61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06768184 Relevance: .6, Instructions: 646COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 2806 6768184-6768196 2807 676819a-67681a7 2806->2807 2808 6768198-6768199 2806->2808 2809 67681cc-6768209 2807->2809 2810 67681a9-67681b3 2807->2810 2808->2807 2814 676820b-676820e 2809->2814 2811 67681b5-67681c6 2810->2811 2812 67681c8-67681cb 2810->2812 2811->2812 2816 6768210-6768214 2814->2816 2817 6768229-676822c 2814->2817 2818 676821a-676821e 2816->2818 2819 6768aa8-6768acc 2816->2819 2820 676823e-6768241 2817->2820 2821 676822e-6768239 2817->2821 2822 6768224 2818->2822 2823 676867b-676867f 2818->2823 2843 6768af1-6768b03 2819->2843 2844 6768ace-6768ad8 2819->2844 2824 6768247-676830d 2820->2824 2825 676832e-6768331 2820->2825 2821->2820 2822->2817 2823->2819 2827 6768685-6768689 2823->2827 2953 6768316-6768329 2824->2953 2829 6768337-67683e9 2825->2829 2830 676847f-6768482 2825->2830 2832 676868f 2827->2832 2833 67684c9-67684cd 2827->2833 3022 67683eb call 2df2d9f 2829->3022 3023 67683eb call 2df2de0 2829->3023 2834 67684c4-67684c7 2830->2834 2835 6768484-676848b 2830->2835 2840 6768694-6768697 2832->2840 2833->2819 2839 67684d3-67684d7 2833->2839 2834->2833 2838 67684e2-67684e5 2834->2838 2835->2819 2841 6768491-67684bf 2835->2841 2847 67684e7-67684ee 2838->2847 2848 6768504-6768507 2838->2848 2845 67688b1-67688d4 2839->2845 2846 67684dd 2839->2846 2849 676869e-67686a1 2840->2849 2850 6768699 2840->2850 2841->2834 2853 6768aed-6768af0 2844->2853 2854 6768ada-6768aeb 2844->2854 2905 67688d9-67688dc 2845->2905 2846->2838 2847->2819 2855 67684f4-67684ff 2847->2855 2859 6768522-6768525 2848->2859 2860 6768509-676850d 2848->2860 2856 67686a7-6768770 2849->2856 2857 67687d4-67687d7 2849->2857 2850->2849 2854->2853 2855->2848 2856->2819 2998 6768776-676877e 2856->2998 2864 67687f0-67687f3 2857->2864 2865 67687d9-67687eb 2857->2865 2861 6768527-6768559 2859->2861 2862 676855e-6768561 2859->2862 2860->2819 2867 6768513-6768517 2860->2867 2861->2862 2877 6768563-676856a 2862->2877 2878 6768580-6768583 2862->2878 2873 67687f5-67687f9 2864->2873 2874 676880e-6768811 2864->2874 2865->2864 2871 676863f-6768643 2867->2871 2872 676851d 2867->2872 2871->2819 2888 6768649-676864d 2871->2888 2872->2859 2873->2819 2883 67687ff-6768803 2873->2883 2885 6768886-6768889 2874->2885 2886 6768813-6768833 2874->2886 2877->2819 2887 6768570-676857b 2877->2887 2889 6768585-6768588 2878->2889 2890 676859a-676859d 2878->2890 2894 676888b-67688a7 2883->2894 2896 6768809 2883->2896 2893 67688ac-67688af 2885->2893 2885->2894 2886->2819 2936 6768839-6768881 2886->2936 2887->2878 2888->2821 2898 6768653 2888->2898 2900 6768592-6768595 2889->2900 2891 676859f-67685a6 2890->2891 2892 67685bc-67685bf 2890->2892 2891->2819 2902 67685ac-67685b7 2891->2902 2903 67685c1-67685d3 2892->2903 2904 67685d8-67685db 2892->2904 2893->2845 2893->2905 2894->2893 2896->2874 2910 6768658-676865b 2898->2910 2900->2890 2902->2892 2903->2904 2913 67685dd-6768620 call 67625e8 * 2 call 67637b0 2904->2913 2914 676863a-676863d 2904->2914 2916 676891e-6768921 2905->2916 2917 67688de-67688e5 2905->2917 2919 6768676-6768679 2910->2919 2920 676865d-6768661 2910->2920 2980 6768626-6768635 2913->2980 2981 6768aa3 2913->2981 2914->2871 2914->2910 2928 6768927-67689e7 2916->2928 2929 6768a43-6768a46 2916->2929 2917->2819 2925 67688eb-6768919 2917->2925 2919->2823 2919->2840 2920->2819 2921 6768667-676866b 2920->2921 2921->2873 2930 6768671 2921->2930 2925->2916 2928->2819 3014 67689ed-67689f5 2928->3014 2931 6768a61-6768a63 2929->2931 2932 6768a48-6768a4f 2929->2932 2930->2919 2940 6768a65 2931->2940 2941 6768a6a-6768a6d 2931->2941 2932->2819 2939 6768a51-6768a5c 2932->2939 2936->2885 2939->2931 2940->2941 2941->2814 2945 6768a73-6768aa2 2941->2945 2953->2825 2980->2914 2981->2819 2994 67683f0-6768420 2994->2819 3007 6768426-676842e 2994->3007 2998->2819 3000 6768784-676878c 2998->3000 3000->2819 3002 6768792-676879a 3000->3002 3002->2819 3004 67687a0-67687a8 3002->3004 3004->2819 3006 67687ae-67687c8 3004->3006 3010 67687cf 3006->3010 3007->2819 3009 6768434-676843c 3007->3009 3009->2819 3011 6768442-676844a 3009->3011 3010->2857 3011->2819 3013 6768450-6768458 3011->3013 3013->2819 3015 676845e-676847a 3013->3015 3014->2819 3016 67689fb-6768a03 3014->3016 3015->2830 3016->2819 3017 6768a09-6768a11 3016->3017 3017->2819 3019 6768a17-6768a1f 3017->3019 3019->2819 3020 6768a25-6768a3e 3019->3020 3020->2929 3022->2994 3023->2994
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e8a8b839336486084deeb77a807d9c33e53b98140eb083508675ad4a1e83bda3
                            • Instruction ID: 295b0fda65fe2897c346a5d7944b0d318bb8de4420e4051cd9d95418c5a97344
                            • Opcode Fuzzy Hash: e8a8b839336486084deeb77a807d9c33e53b98140eb083508675ad4a1e83bda3
                            • Instruction Fuzzy Hash: 7842F430F142488FEB64DB69C85476DBBB2AF85304F14C56DE909AF286DB34DC85CB62
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06759561 Relevance: 1.7, APIs: 1, Instructions: 192libraryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 439 6759561-6759568 440 6759509 439->440 441 675956a-675957f 439->441 442 6759510 440->442 443 67595a4-67595f7 441->443 444 6759581-675958b 441->444 499 6759516 call 6764de8 442->499 500 6759516 call 6764dd8 442->500 458 67595ff-6759605 443->458 445 67595a0-67595a3 444->445 446 675958d-675959e 444->446 446->445 448 675951b-675955b 459 675960c 458->459 460 6759613-675962a LdrInitializeThunk 459->460 461 6759630-675964a 460->461 462 6759773-6759790 460->462 461->462 465 6759650-675966a 461->465 473 6759795-675979e 462->473 469 6759670 465->469 470 675966c-675966e 465->470 471 6759673-67596ce 469->471 470->471 480 67596d4 471->480 481 67596d0-67596d2 471->481 482 67596d7-6759771 480->482 481->482 482->473 499->448 500->448
                            APIs
                            Memory Dump Source
                            • Source File: 00000002.00000002.635298278.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6750000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: e6096e2e2ea4ff6be81b42362a4f1776baa8861ac045e6235511d927409745cc
                            • Instruction ID: e9031c69273d9725e2c7930458e5712e1429e3b815acf4fefd1ad4ac36c6a29b
                            • Opcode Fuzzy Hash: e6096e2e2ea4ff6be81b42362a4f1776baa8861ac045e6235511d927409745cc
                            • Instruction Fuzzy Hash: 7961BF31B00205DFCB44EF74D845AAEB7E5EF84204F158969EA16DB391EF70E819CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 067595C0 Relevance: 1.6, APIs: 1, Instructions: 148libraryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 501 67595c0-675962a LdrInitializeThunk 509 6759630-675964a 501->509 510 6759773-6759790 501->510 509->510 513 6759650-675966a 509->513 521 6759795-675979e 510->521 517 6759670 513->517 518 675966c-675966e 513->518 519 6759673-67596ce 517->519 518->519 528 67596d4 519->528 529 67596d0-67596d2 519->529 530 67596d7-6759771 528->530 529->530 530->521
                            APIs
                            Memory Dump Source
                            • Source File: 00000002.00000002.635298278.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6750000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 8e1d0797942061602968ed343af52f90c6a0a0f77a375b4dfe2eb429982ef920
                            • Instruction ID: dd171c27ab5a90ea4aa2b9d8398fa1b1a9c0ce6baaf7578fd32da5b9ff4f7e69
                            • Opcode Fuzzy Hash: 8e1d0797942061602968ed343af52f90c6a0a0f77a375b4dfe2eb429982ef920
                            • Instruction Fuzzy Hash: 4651A271F102059FCB44EFB4D848AAEB7E6FF84208F558969DA169B350EF70D814CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02DF9DC0 Relevance: 1.6, APIs: 1, Instructions: 89libraryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 547 2df9dc0-2dfc947 549 2dfc949-2dfc953 547->549 550 2dfc980-2dfc9ca LoadLibraryA 547->550 549->550 551 2dfc955-2dfc957 549->551 555 2dfc9cc-2dfc9d2 550->555 556 2dfc9d3-2dfca04 550->556 553 2dfc97a-2dfc97d 551->553 554 2dfc959-2dfc963 551->554 553->550 557 2dfc967-2dfc976 554->557 558 2dfc965 554->558 555->556 562 2dfca06-2dfca0a 556->562 563 2dfca14 556->563 557->557 559 2dfc978 557->559 558->557 559->553 562->563 564 2dfca0c 562->564 565 2dfca15 563->565 564->563 565->565
                            APIs
                            • LoadLibraryA.KERNELBASE(?), ref: 02DFC9BA
                            Memory Dump Source
                            • Source File: 00000002.00000002.633291472.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_2df0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: LibraryLoad
                            • String ID:
                            • API String ID: 1029625771-0
                            • Opcode ID: 3de00c0a2e61c599bb4c7a7b8164af0be1bb88a0667cf4e148e3e4a4f45a882d
                            • Instruction ID: 87cb1ed8f9b07f5edfcd9b30d494eb6e1afb8cffa680e8628a1e1e6f42e136fa
                            • Opcode Fuzzy Hash: 3de00c0a2e61c599bb4c7a7b8164af0be1bb88a0667cf4e148e3e4a4f45a882d
                            • Instruction Fuzzy Hash: E43143B0D2024D9FDB54CFA8C88579EFBF1BB08314F15812AE856A7380D7749895CF99
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02DFC8E4 Relevance: 1.6, APIs: 1, Instructions: 88libraryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 566 2dfc8e4-2dfc947 567 2dfc949-2dfc953 566->567 568 2dfc980-2dfc9ca LoadLibraryA 566->568 567->568 569 2dfc955-2dfc957 567->569 573 2dfc9cc-2dfc9d2 568->573 574 2dfc9d3-2dfca04 568->574 571 2dfc97a-2dfc97d 569->571 572 2dfc959-2dfc963 569->572 571->568 575 2dfc967-2dfc976 572->575 576 2dfc965 572->576 573->574 580 2dfca06-2dfca0a 574->580 581 2dfca14 574->581 575->575 577 2dfc978 575->577 576->575 577->571 580->581 582 2dfca0c 580->582 583 2dfca15 581->583 582->581 583->583
                            APIs
                            • LoadLibraryA.KERNELBASE(?), ref: 02DFC9BA
                            Memory Dump Source
                            • Source File: 00000002.00000002.633291472.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_2df0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: LibraryLoad
                            • String ID:
                            • API String ID: 1029625771-0
                            • Opcode ID: 1f50dbf05350176e152b732513d6323481979e7c848e41a96536becfdde82370
                            • Instruction ID: ea007ce8944a8da27418b6f27f4555572d410a305ab95582830df7bc7ba826c0
                            • Opcode Fuzzy Hash: 1f50dbf05350176e152b732513d6323481979e7c848e41a96536becfdde82370
                            • Instruction Fuzzy Hash: B33173B0D202499FDB14CFA8D88579EFBF1BB08304F15812AE856A7380D7749895CF9A
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02DF4F1F Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 1203 2df4f1f-2df4f28 1204 2df4f8f-2df4fb8 call 2df4da0 call 2df4df8 1203->1204 1205 2df4f2a-2df4f3e call 2df4838 1203->1205 1214 2df4fbe 1204->1214 1215 2df4fba-2df4fbc 1204->1215 1213 2df4f4e-2df4f66 call 2df4a88 1205->1213 1213->1204 1216 2df4fc3-2df4fcb 1214->1216 1215->1216 1218 2df4fcd-2df4ffe RtlEncodePointer 1216->1218 1219 2df5027-2df5039 1216->1219 1222 2df5007-2df501d 1218->1222 1223 2df5000-2df5006 1218->1223 1222->1219 1223->1222
                            APIs
                            • RtlEncodePointer.NTDLL(00000000), ref: 02DF4FED
                            Memory Dump Source
                            • Source File: 00000002.00000002.633291472.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_2df0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: EncodePointer
                            • String ID:
                            • API String ID: 2118026453-0
                            • Opcode ID: 94bc06d23a40f0968d2e5b256039f02ed3cccf6ab6a1e3b1d2ba3d31f73d4b2f
                            • Instruction ID: c34c843990d257e00d35032b87441d49b2086304694804e0a672ed7a83328b02
                            • Opcode Fuzzy Hash: 94bc06d23a40f0968d2e5b256039f02ed3cccf6ab6a1e3b1d2ba3d31f73d4b2f
                            • Instruction Fuzzy Hash: 6221BD708103458FEBA0DFA8D84D79ABBF4FB04318F12842AD608AB791CB759949CF65
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02DF4CB9 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 1225 2df4cb9-2df4d0a 1228 2df4d0c-2df4d0e 1225->1228 1229 2df4d10 1225->1229 1230 2df4d15-2df4d20 1228->1230 1229->1230 1231 2df4d22-2df4d53 RtlEncodePointer 1230->1231 1232 2df4d81-2df4d8e 1230->1232 1234 2df4d5c-2df4d7c 1231->1234 1235 2df4d55-2df4d5b 1231->1235 1234->1232 1235->1234
                            APIs
                            • RtlEncodePointer.NTDLL(00000000), ref: 02DF4D42
                            Memory Dump Source
                            • Source File: 00000002.00000002.633291472.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_2df0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: EncodePointer
                            • String ID:
                            • API String ID: 2118026453-0
                            • Opcode ID: 2d7f322b2ef60b362a896cef1e48119155da69d0258bce5a7122b5f5d64d306e
                            • Instruction ID: 3102af39e446f1da5104b66200a1e58708917d4e60a3d1055190541200ddb21b
                            • Opcode Fuzzy Hash: 2d7f322b2ef60b362a896cef1e48119155da69d0258bce5a7122b5f5d64d306e
                            • Instruction Fuzzy Hash: 1B21F7B18013458FEB90DFA8C94D39FBBF4FB08308F14842AC545A7A41CB38A80ACF64
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02DF4CC8 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 1237 2df4cc8-2df4d0a 1240 2df4d0c-2df4d0e 1237->1240 1241 2df4d10 1237->1241 1242 2df4d15-2df4d20 1240->1242 1241->1242 1243 2df4d22-2df4d53 RtlEncodePointer 1242->1243 1244 2df4d81-2df4d8e 1242->1244 1246 2df4d5c-2df4d7c 1243->1246 1247 2df4d55-2df4d5b 1243->1247 1246->1244 1247->1246
                            APIs
                            • RtlEncodePointer.NTDLL(00000000), ref: 02DF4D42
                            Memory Dump Source
                            • Source File: 00000002.00000002.633291472.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_2df0000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: EncodePointer
                            • String ID:
                            • API String ID: 2118026453-0
                            • Opcode ID: 49f4ca2d67aca90ddb264f971d2984881709a15c5b3e49daa9434b34fa067b0a
                            • Instruction ID: 0939758eafacc6c8800d8bf4995c50a0eebe1d990ccdb9c9b3c41ab3be43ce79
                            • Opcode Fuzzy Hash: 49f4ca2d67aca90ddb264f971d2984881709a15c5b3e49daa9434b34fa067b0a
                            • Instruction Fuzzy Hash: 131189B19017058FEB90DFA9C94C79FBBF8EB58314F14842AD505A7B40CB78A948CFA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06764DD8 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 1876 6764dd8-6764dd9 1877 6764e3e-6764e3f 1876->1877 1878 6764ddb-6764e3b 1876->1878 1880 6764e43-6764e4b 1877->1880 1881 6764e41 1877->1881 1878->1881 1884 6764e52-6764e80 1880->1884 1881->1880 1892 6764e82-6764e8c 1884->1892 1893 6764ef8-6764f1c 1884->1893 1897 6764ea4-6764ef6 1892->1897 1898 6764e8e-6764e94 1892->1898 1899 6764f27 1893->1899 1900 6764f1e 1893->1900 1897->1892 1897->1893 1901 6764e96 1898->1901 1902 6764e98-6764e9a 1898->1902 1904 6764f28 1899->1904 1900->1899 1901->1897 1902->1897 1904->1904
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: P@Kk
                            • API String ID: 0-1396601696
                            • Opcode ID: ee89526fc67c0205289c7ef9eb9dd4f6a8b9887d0087bf223e0a72684e3fa913
                            • Instruction ID: aaa6d9b94b04036d07a2c8e6b4b0b6250609bb74549ecdba6d63215cbbc67a4a
                            • Opcode Fuzzy Hash: ee89526fc67c0205289c7ef9eb9dd4f6a8b9887d0087bf223e0a72684e3fa913
                            • Instruction Fuzzy Hash: 9531DE72F002018FDB55AF75D0196AE7BE3AF88245B148829E406DB369DF38CC45CBD1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06764DE8 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 1911 6764de8-6764e4b 1920 6764e52-6764e80 1911->1920 1925 6764e82-6764e8c 1920->1925 1926 6764ef8-6764f1c 1920->1926 1930 6764ea4-6764ef6 1925->1930 1931 6764e8e-6764e94 1925->1931 1932 6764f27 1926->1932 1933 6764f1e 1926->1933 1930->1925 1930->1926 1934 6764e96 1931->1934 1935 6764e98-6764e9a 1931->1935 1937 6764f28 1932->1937 1933->1932 1934->1930 1935->1930 1937->1937
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: P@Kk
                            • API String ID: 0-1396601696
                            • Opcode ID: 39fb0aea6a63057dcedaf6af1a89fe7cccbfade11e6a2080ce188d20c1b13979
                            • Instruction ID: c6c39ba9b2abcde95f82f48e2dbf940c00c1f114ab602efd17eba644c3075ff9
                            • Opcode Fuzzy Hash: 39fb0aea6a63057dcedaf6af1a89fe7cccbfade11e6a2080ce188d20c1b13979
                            • Instruction Fuzzy Hash: F431C031B002018FCB54AF79D418AAE77E7AF88245B148838E406DB365DF38DC45CBD1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06764168 Relevance: .6, Instructions: 558COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 3024 6764168-676417f 3228 6764182 call 6764206 3024->3228 3229 6764182 call 6764420 3024->3229 3230 6764182 call 6764488 3024->3230 3231 6764182 call 6764168 3024->3231 3232 6764182 call 6764108 3024->3232 3025 6764188-67641bb 3029 67641c1-67641ca 3025->3029 3030 676445a-6764464 3025->3030 3031 67641d0-67641e3 3029->3031 3032 676446c-676449f 3029->3032 3036 67641e5 3031->3036 3037 67641ea-67641f8 3031->3037 3035 67644a1-67644a4 3032->3035 3038 67644a6-67644ac 3035->3038 3039 67644b7-67644ba 3035->3039 3040 6764445-6764449 3036->3040 3223 67641fb call 6751f11 3037->3223 3224 67641fb call 6751c68 3037->3224 3225 67641fb call 6751c18 3037->3225 3226 67641fb call 6751b68 3037->3226 3227 67641fb call 6751eda 3037->3227 3043 67644b2 3038->3043 3044 6764593-6764599 3038->3044 3045 67644c1-67644c4 3039->3045 3046 67644bc-67644be 3039->3046 3041 6764467 3040->3041 3042 676444b-6764454 3040->3042 3041->3032 3042->3029 3042->3030 3043->3039 3050 6764631-6764657 3044->3050 3051 676459f-67645a6 3044->3051 3048 67644c6 3045->3048 3049 67644e5-67644e8 3045->3049 3046->3045 3058 67644cc-67644e0 3048->3058 3049->3038 3052 67644ea-67644ed 3049->3052 3066 676467c-67646a7 3050->3066 3067 6764659-6764663 3050->3067 3053 67645ab-67645ae 3051->3053 3056 67644f4-67644f7 3052->3056 3057 67644ef 3052->3057 3060 67645b0 3053->3060 3061 67645bf-67645c2 3053->3061 3054 6764201-6764220 3211 6764223 call 6756825 3054->3211 3212 6764223 call 6756647 3054->3212 3213 6764223 call 67566e7 3054->3213 3214 6764223 call 6756591 3054->3214 3215 6764223 call 67565a0 3054->3215 3216 6764223 call 6756682 3054->3216 3217 6764223 call 6756722 3054->3217 3218 6764223 call 675685d 3054->3218 3219 6764223 call 6756789 3054->3219 3220 6764223 call 6756d68 3054->3220 3221 6764223 call 6756b48 3054->3221 3222 6764223 call 6756abb 3054->3222 3062 6764519-676451c 3056->3062 3063 67644f9-6764514 3056->3063 3057->3056 3058->3049 3068 67645b7-67645ba 3060->3068 3064 67645c4-67645c7 3061->3064 3065 67645ce-67645d1 3061->3065 3074 6764536-6764539 3062->3074 3075 676451e-6764531 3062->3075 3063->3062 3070 676462c 3064->3070 3071 67645c9 3064->3071 3072 67645f2-67645f5 3065->3072 3073 67645d3-67645db 3065->3073 3086 67646cc-67646e0 3066->3086 3087 67646a9-67646b3 3066->3087 3077 6764665-6764676 3067->3077 3078 6764678-676467b 3067->3078 3068->3061 3069 6764229-676422b 3069->3040 3084 6764231-676423c 3069->3084 3070->3050 3071->3065 3082 67645f7-6764605 3072->3082 3083 6764610-6764612 3072->3083 3107 67645e2-67645ed 3073->3107 3079 676453b-6764557 3074->3079 3080 6764558-676455b 3074->3080 3075->3074 3077->3078 3090 6764622-676462b 3080->3090 3091 6764561-6764564 3080->3091 3082->3079 3104 676460b 3082->3104 3088 6764614 3083->3088 3089 6764619-676461c 3083->3089 3084->3041 3105 6764242-676424c 3084->3105 3110 67646c2-67646c6 3086->3110 3111 67646e2-676478d 3086->3111 3097 67646b5-67646bc 3087->3097 3098 67646c8-67646cb 3087->3098 3088->3089 3089->3035 3089->3090 3100 6764566-6764587 3091->3100 3101 676458e-6764591 3091->3101 3097->3110 3100->3064 3119 6764589 3100->3119 3101->3044 3101->3053 3104->3083 3105->3040 3113 6764252-67642b8 3105->3113 3107->3072 3110->3098 3146 6764796-67648ec 3111->3146 3138 67642be-676430f 3113->3138 3139 6764388-67643a3 3113->3139 3119->3101 3167 6764311-676432d 3138->3167 3168 676432f-6764352 3138->3168 3150 67643a5-67643a9 3139->3150 3152 67643ba 3150->3152 3153 67643ab-67643b8 3150->3153 3155 67643bf-67643c1 3152->3155 3153->3155 3157 6764433-6764437 3155->3157 3158 67643c3-67643c5 3155->3158 3157->3041 3162 6764439-676443f 3157->3162 3159 67643c7-67643d1 3158->3159 3160 67643d3 3158->3160 3163 67643d8-67643da 3159->3163 3160->3163 3162->3040 3162->3113 3163->3157 3165 67643dc-67643de 3163->3165 3165->3157 3169 67643e0-676441e 3165->3169 3181 6764354-6764386 3167->3181 3168->3181 3169->3157 3181->3150 3211->3069 3212->3069 3213->3069 3214->3069 3215->3069 3216->3069 3217->3069 3218->3069 3219->3069 3220->3069 3221->3069 3222->3069 3223->3054 3224->3054 3225->3054 3226->3054 3227->3054 3228->3025 3229->3025 3230->3025 3231->3025 3232->3025
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fd2b8493331c5bec3b100f12d4c0313657f15e20337a00f4fa4f449737739088
                            • Instruction ID: 321319eb97edb93588048ccb50175a65aa268552dc62092f3c126c1b6b35e17f
                            • Opcode Fuzzy Hash: fd2b8493331c5bec3b100f12d4c0313657f15e20337a00f4fa4f449737739088
                            • Instruction Fuzzy Hash: CB226C34E102098FCB55EFB9D859AADBBF6EF88304F54892AE905DB354DB349C81CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135E16A Relevance: .4, Instructions: 413COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 3233 135e16a-135e186 3234 135e188 3233->3234 3235 135e18a-135e1a6 3233->3235 3234->3235 3236 135e1a8-135e1a9 3235->3236 3237 135e1aa-135e1c0 3235->3237 3236->3237 3238 135e1c1-135e1c6 3237->3238 3239 135e1cc-135e1e6 3237->3239 3242 135e1c8 3238->3242 3243 135e1ca-135e1cb 3238->3243 3240 135e1e8 3239->3240 3241 135e1ea-135e206 3239->3241 3240->3241 3244 135e208 3241->3244 3245 135e20a-135e246 3241->3245 3242->3243 3243->3239 3244->3245 3246 135e248-135e249 3245->3246 3247 135e24a-135e266 3245->3247 3246->3247 3248 135e268 3247->3248 3249 135e26a-135e286 3247->3249 3248->3249 3250 135e288-135e289 3249->3250 3251 135e28a-135e2a6 3249->3251 3250->3251 3252 135e2a8 3251->3252 3253 135e2aa-135e368 3251->3253 3252->3253 3254 135e38d-135e3a0 3253->3254 3255 135e36a-135e38b 3253->3255 3256 135e3a2-135e3ab 3254->3256 3257 135e3ae-135e3c0 3254->3257 3255->3254 3256->3257 3258 135e3c2-135e3c3 3257->3258 3259 135e3ce-135e3ee 3257->3259 3258->3259 3261 135e3f4 3259->3261 3262 135e47d-135e484 3259->3262 3263 135e3f6-135e402 3261->3263 3262->3263 3264 135e489-135e48e 3263->3264 3265 135e408-135e42a 3263->3265 3264->3265 3267 135e493-135e4a8 3265->3267 3268 135e42c-135e446 3265->3268 3272 135e45f-135e467 3267->3272 3271 135e44e-135e45d 3268->3271 3271->3272 3273 135e4b5 3271->3273 3274 135e469-135e47a 3272->3274 3275 135e4aa-135e4b3 3272->3275 3275->3274
                            Memory Dump Source
                            • Source File: 00000002.00000002.632845820.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_135d000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5e589ecdbcbd8d07f01e180a5074e995e89a24435a02683623d22b99daa91561
                            • Instruction ID: 0759d0184bc7ad9556cf5f8be241414b6b6408b3438603283928a1bb6660c28b
                            • Opcode Fuzzy Hash: 5e589ecdbcbd8d07f01e180a5074e995e89a24435a02683623d22b99daa91561
                            • Instruction Fuzzy Hash: 27914DB658E3C09FD7034B60DC91B81BF70AB57624F1E81E7D884CE5A7D22D894AC762
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0676D090 Relevance: .4, Instructions: 368COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fd9e428040d5baf4928d211cd16bedf4d42ff4f2c0c4164c76e332836de7a07d
                            • Instruction ID: bcbee31e594abcf76a6aa8eeb04b05d2ea81ba9c14e3837c022bdb80a4f9838a
                            • Opcode Fuzzy Hash: fd9e428040d5baf4928d211cd16bedf4d42ff4f2c0c4164c76e332836de7a07d
                            • Instruction Fuzzy Hash: E4D1F270B102088FDB64DF69C844A6EBBF6EF85318F10846AE919DB351DB34EC55CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0676499B Relevance: .4, Instructions: 365COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6fd54cc2040525ae37d69f9226307edbdb9f21e00813fe8a00972716ef502b81
                            • Instruction ID: b2e577af926731ddd657c3aca01420fbe108a6d380e2b6e19562f176ee3f8753
                            • Opcode Fuzzy Hash: 6fd54cc2040525ae37d69f9226307edbdb9f21e00813fe8a00972716ef502b81
                            • Instruction Fuzzy Hash: 09C1EC34B093889FD782977A9C14B667BE6EB86304F15C0B6E908CB396EA24DC09C751
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 067665C8 Relevance: .4, Instructions: 362COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 08aa2e3f3354303017855c1dd8d2fa7ccb8a860177776fc0916370cc517ac59d
                            • Instruction ID: 77e3dfca80445c49f373d25547a8b7b81b85c3533db654300391e235cc743712
                            • Opcode Fuzzy Hash: 08aa2e3f3354303017855c1dd8d2fa7ccb8a860177776fc0916370cc517ac59d
                            • Instruction Fuzzy Hash: 42D1CF34B002098FCB44EFB6D8586AE7BF2AF89304F558469E905DB360EB34DC41CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0676CA30 Relevance: .3, Instructions: 347COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 532f77b8194654e513167291fe5b9a88173d1d656e4e618526213f8a920a55d8
                            • Instruction ID: e1c10f6f4d3324fb26c1a1ee1b8982d8a38e7996fd7d965078b2c7c2ccc3f9d9
                            • Opcode Fuzzy Hash: 532f77b8194654e513167291fe5b9a88173d1d656e4e618526213f8a920a55d8
                            • Instruction Fuzzy Hash: 51C1F530A002059FC742CF6AC884A6ABBEAFF85314F14C666FD59CB351D731E815CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06769210 Relevance: .3, Instructions: 322COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 89e662eacd4e56c1bb4d4c0363cf90557a98dd436ec773198b86233b74b60b7b
                            • Instruction ID: 268bfc9b84b957b8cf999b5bf67be04ab5da683749511f5bd4446335b086151f
                            • Opcode Fuzzy Hash: 89e662eacd4e56c1bb4d4c0363cf90557a98dd436ec773198b86233b74b60b7b
                            • Instruction Fuzzy Hash: E7B16E307145028FEBA59A3BC46473936A6EF85605F1844AAFA13CF3F6DA39CC85C791
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06766F98 Relevance: .3, Instructions: 304COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bce804e9de0690a0d772f8e96a269ee831dff5f90a79b58f9b77648966d34d3f
                            • Instruction ID: 9d419fb74e4df7b1994ee0ad1e668ad968e313481c356477d2bdcbf224cce659
                            • Opcode Fuzzy Hash: bce804e9de0690a0d772f8e96a269ee831dff5f90a79b58f9b77648966d34d3f
                            • Instruction Fuzzy Hash: 76C19D34B00219CFCB59DB75C855B6EB7F2AF88208F1184A9E909EB350EF349D46CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06767D51 Relevance: .3, Instructions: 301COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 177764f0934f39cf1a159f7910c8fbd9010e2fd7759c423b385431b2a8e8191e
                            • Instruction ID: 26f5807bfab45c8791acedd51033c84a3f1da346d3d322cdc2eafde141aea3d8
                            • Opcode Fuzzy Hash: 177764f0934f39cf1a159f7910c8fbd9010e2fd7759c423b385431b2a8e8191e
                            • Instruction Fuzzy Hash: 56A1DE30B102058FDB48AB79D82976E7BE79F89344F158829E906DB391EF38DC468B51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06768DF8 Relevance: .3, Instructions: 281COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fef258262dcedd3630cbe163acec1d20a251b193538e7ff4f750b90ead4f4f36
                            • Instruction ID: bc3600b04b2b22009a5c028c20d4cf776685c7af293524761b1e2e9b229b1b00
                            • Opcode Fuzzy Hash: fef258262dcedd3630cbe163acec1d20a251b193538e7ff4f750b90ead4f4f36
                            • Instruction Fuzzy Hash: F2B19B71A0424A9FCF05CFA9C884AEEBFB6FF89310F148165F905AB351D731A855CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0676A0A8 Relevance: .2, Instructions: 248COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 254b698dfbc71faec1efc97db303d21f7945cb2e37944249aee51dc1bb6840e1
                            • Instruction ID: c5fe2201d0772746c49d831a70be6984da08bf224a92d3c2a89944f229bc0de7
                            • Opcode Fuzzy Hash: 254b698dfbc71faec1efc97db303d21f7945cb2e37944249aee51dc1bb6840e1
                            • Instruction Fuzzy Hash: 3A91AE30B401199FDB58EF66C858A7E7BA7EB88304F148428F91AEB290DB31DC51CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06767858 Relevance: .2, Instructions: 239COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 820d023567ef35e5d4930a20563d1eb2729aca3b6a0cc32215b752fe46a5dd4b
                            • Instruction ID: 80104dded0f15d2bbc0cff7761252d23c040b7ad0ef06916dafc507173512e9a
                            • Opcode Fuzzy Hash: 820d023567ef35e5d4930a20563d1eb2729aca3b6a0cc32215b752fe46a5dd4b
                            • Instruction Fuzzy Hash: D291DF34B1030ACFCB09EFB5D85966D7BF2EF84208B148829E906DB354DF349946CB81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06767E50 Relevance: .2, Instructions: 224COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 83d7430e7d15439a0af53eabb1715558decfb0e5ef2df0049cc77923b3cbb2d3
                            • Instruction ID: 60bdddf5e78eb917e39cc412b8b14ddb2af8e564a787ad1b0a7e5313dad2c7e1
                            • Opcode Fuzzy Hash: 83d7430e7d15439a0af53eabb1715558decfb0e5ef2df0049cc77923b3cbb2d3
                            • Instruction Fuzzy Hash: 84717331F102058FDB58AB79D46977E76E3AFC9344F158928E906DB390EF389C428B91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 067677F9 Relevance: .2, Instructions: 213COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0b5a3d81489777d0a7404b6b741beac711a95c512fcde79ff286e2a1cc1af6ef
                            • Instruction ID: 7e5cc975827d5d2c3e1e1d437100041e8321b6234a89647cb9827bbb30d519a1
                            • Opcode Fuzzy Hash: 0b5a3d81489777d0a7404b6b741beac711a95c512fcde79ff286e2a1cc1af6ef
                            • Instruction Fuzzy Hash: 2971CE30B1171A8FCB48AFB6C45966E77E2EF84208F148839E906DB355EF74D846CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06768B58 Relevance: .2, Instructions: 201COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4b52f97b94591493cd4ec7e9dd39f2973a4206e908382052d2337777d9bb336e
                            • Instruction ID: a800eb4ece21361ff75598afafe023e2a84ac2277691a37467d3ad3bc9f036dd
                            • Opcode Fuzzy Hash: 4b52f97b94591493cd4ec7e9dd39f2973a4206e908382052d2337777d9bb336e
                            • Instruction Fuzzy Hash: 6A711734B502058FCB55DF2AC894A7A7BE5AF59200F1946AAF816CB371DB70DC41CBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0676AD30 Relevance: .2, Instructions: 192COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 20bad98227192f82621eb267751e351cea1b33260ac87cf05b97f936255cfcca
                            • Instruction ID: 6b52544fd0a0fec485a89ad7d470230976dbe442bf84bf10e95c907e15deb00f
                            • Opcode Fuzzy Hash: 20bad98227192f82621eb267751e351cea1b33260ac87cf05b97f936255cfcca
                            • Instruction Fuzzy Hash: EB612B70F002198FDB64CB69C8557BEBBF2AF85304F148069E919AB280DF35DD81CB82
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 067697D0 Relevance: .2, Instructions: 162COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8bc8851b9abe29d2df1dff7442c1ff5a853a22921af0b5e84b85ae3aee4e286b
                            • Instruction ID: 32b661bcc57dff078f1bd889553fcb6a1e5005f5987a92a797c6f788cedf0056
                            • Opcode Fuzzy Hash: 8bc8851b9abe29d2df1dff7442c1ff5a853a22921af0b5e84b85ae3aee4e286b
                            • Instruction Fuzzy Hash: CA617B71E0074A8FDB15CFA6C5406EEFBF2AF8A304F248619E945BB241D770A985CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 067697C1 Relevance: .1, Instructions: 140COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1c9893b8526074033b78b376e391fc154394ef85a6cab6721a6390df1308fee0
                            • Instruction ID: 44160ca29245e25123ad4e72693f2f64ee9fed80a01ffc7d8ab93bbdaa5ada83
                            • Opcode Fuzzy Hash: 1c9893b8526074033b78b376e391fc154394ef85a6cab6721a6390df1308fee0
                            • Instruction Fuzzy Hash: 7A515C71E0074A8FDB15CFA6C5406EDBBF2AF8A304F25861AE945BB241D770A985CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0676813C Relevance: .1, Instructions: 128COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 082fcb36690cb9aa87374a628adc1eccdcc9f4ea4bfea8df78cd820a5ca2f597
                            • Instruction ID: 99922e9aadfc3edd20c9057247d9253ffd7eeb49d8f1067aecf061bd22859291
                            • Opcode Fuzzy Hash: 082fcb36690cb9aa87374a628adc1eccdcc9f4ea4bfea8df78cd820a5ca2f597
                            • Instruction Fuzzy Hash: 24419335F502058FDB58ABB5C42977E76E6AF88344F144828E906D7390DF788C428B92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06768FB3 Relevance: .1, Instructions: 122COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e5e1c9ebcb2fc39e46b71b039beb9fe39fd7ceafc9d7da18cf48e23f3cafbd6b
                            • Instruction ID: 06234c6d2a85f42e5b1d391510c71a8057729cbbd9bf0ee607b5568f50f0c76b
                            • Opcode Fuzzy Hash: e5e1c9ebcb2fc39e46b71b039beb9fe39fd7ceafc9d7da18cf48e23f3cafbd6b
                            • Instruction Fuzzy Hash: 2141AD31A1424ADFCF05CFA5C848AEEBBB6AF49350F148055FE05AB291D731E954CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0676E5F6 Relevance: .1, Instructions: 116COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f3eb5b8c0e422a82ad05462982bf122eb1f77ac2c2a57d379ca8b73d9e5ec6fe
                            • Instruction ID: e53542081d1be33a8f919404b92878b6b854960117d6e0982a5a9aa54d3af44e
                            • Opcode Fuzzy Hash: f3eb5b8c0e422a82ad05462982bf122eb1f77ac2c2a57d379ca8b73d9e5ec6fe
                            • Instruction Fuzzy Hash: DF315939F682204BEB686639985577F29578BC1320F098478EE0E9F3C1EE798D5583E1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0676DC72 Relevance: .1, Instructions: 113COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7219546680fa1e60a67a95e35d233a3fa586d9ba4167277694f0f34ddf207d9a
                            • Instruction ID: 9ca2f4de03d74a80b228d7164b2eb28ab97de996a30dc400d6c23e55a5d64cb8
                            • Opcode Fuzzy Hash: 7219546680fa1e60a67a95e35d233a3fa586d9ba4167277694f0f34ddf207d9a
                            • Instruction Fuzzy Hash: 1B41B030B106098FDB60DFAAD881AAFB7F2EF94304F10C839E60587651DB30E806CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0676FD70 Relevance: .1, Instructions: 93COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 034a7097998386eb6c5e5e171c300b34d1e8be47183449c489430b245c635e69
                            • Instruction ID: d51fc80eeaeb33e5bb9ab8d6bee27a3b1ff1e8db188e9d5f4872023e342eb561
                            • Opcode Fuzzy Hash: 034a7097998386eb6c5e5e171c300b34d1e8be47183449c489430b245c635e69
                            • Instruction Fuzzy Hash: 7E2121317002008BD390AA3AEC9073A7BDBDBC5225F18843AE90ACB781CF39DC068791
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0676FE18 Relevance: .1, Instructions: 87COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0e200283bb51b66985d183685acac107c1b4d2123f7d20d40df0f92ee2bf54f6
                            • Instruction ID: 12bbd7a716714f907c6feca8d7e1506e9defab6d84a61f59fca9c9693c78278d
                            • Opcode Fuzzy Hash: 0e200283bb51b66985d183685acac107c1b4d2123f7d20d40df0f92ee2bf54f6
                            • Instruction Fuzzy Hash: B621D1307042448FC759AB79985523E3BE3ABC6264B64487DD52ACB381DF39CC078792
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06764108 Relevance: .1, Instructions: 86COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 29a5738b34cddd726a4d6f94ce77ece09d321ab79246d56343a470c1d9f57c82
                            • Instruction ID: 92b108c8defb75c4c6e7f0c3318aa9c7d271058404adb911b7e86b850ff9a791
                            • Opcode Fuzzy Hash: 29a5738b34cddd726a4d6f94ce77ece09d321ab79246d56343a470c1d9f57c82
                            • Instruction Fuzzy Hash: 0D310034A083489FCB44DFA9C8819AEBFF2EF85314F24C066E908EB256E7319805CB54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0676A060 Relevance: .1, Instructions: 79COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0024e529d421b48f42c33f8440f736818be6a897e3d16b460051e476efe5e7bc
                            • Instruction ID: e1d9e4f55a604df2d1610ae0610e709eadf1cc4a1a5349b5a5c2ba04da690ece
                            • Opcode Fuzzy Hash: 0024e529d421b48f42c33f8440f736818be6a897e3d16b460051e476efe5e7bc
                            • Instruction Fuzzy Hash: A021D030B542089FD758DB2AD804B2AB7A6EBC5711F14C579FD19AB351EB31DC01CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0116D3EC Relevance: .1, Instructions: 75COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.632792239.000000000116D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0116D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_116d000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7f2053eef4018b60741a6053da9861bd21028a24e01a568e45f40459973e752b
                            • Instruction ID: eee761de6978687a876a855b263ef354d582069ab76616856deaecd47b65b79f
                            • Opcode Fuzzy Hash: 7f2053eef4018b60741a6053da9861bd21028a24e01a568e45f40459973e752b
                            • Instruction Fuzzy Hash: 3D2148B1604240DFCF09DF54E8C0B66BB69FB84324F24C568E9494B607C337E866C7A2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0135E3DC Relevance: .1, Instructions: 72COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.632845820.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_135d000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8f443ba3bdf85cd1ab8a5fe32d2e2fb951c5d2d691f0693fafc7edd2f710776e
                            • Instruction ID: cb2187626d218e0221363fff99b7f3a6f6951a07e583fb737ef4b889799d6c26
                            • Opcode Fuzzy Hash: 8f443ba3bdf85cd1ab8a5fe32d2e2fb951c5d2d691f0693fafc7edd2f710776e
                            • Instruction Fuzzy Hash: 962103B1504244DFDB41CF14D4C4F16FF65FB84628F24C979DD095A246C33AD946CBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06764488 Relevance: .1, Instructions: 72COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6d50fd21e56eab5cd48be41a64b23ee6498a82d97222ece8f205bd574a40d5c3
                            • Instruction ID: efccf183c1ea4a3ce615be3a090010d2afb1ce82c9422fe2959227329dacf51c
                            • Opcode Fuzzy Hash: 6d50fd21e56eab5cd48be41a64b23ee6498a82d97222ece8f205bd574a40d5c3
                            • Instruction Fuzzy Hash: 8D11E232F201154BCB749EBA949433EB7D6EB85218F54483DE90AD7349DA75CC94C382
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0676C779 Relevance: .1, Instructions: 65COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f5dc803a2525718d3c6f8d7fe2dc1de2895b66968dd1eff65447d92cb2aaa605
                            • Instruction ID: da9ecaf27542892a29875c5c2c4570c9d77892520fff58da687dc421f4b07c29
                            • Opcode Fuzzy Hash: f5dc803a2525718d3c6f8d7fe2dc1de2895b66968dd1eff65447d92cb2aaa605
                            • Instruction Fuzzy Hash: 36215A74E0024D9FDB56DFA6D4A4AEEBFB6BF49204F248029F851E6250DB34D944CF60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06767C40 Relevance: .1, Instructions: 63COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: be46e5234e9b02d4f0f6c469a3c457aa28859b2932a0cf120806b2a6aa9a7df3
                            • Instruction ID: e2516f814f3706509b3fa73f892df0fd5cce0f5867667a056552d335526e89ea
                            • Opcode Fuzzy Hash: be46e5234e9b02d4f0f6c469a3c457aa28859b2932a0cf120806b2a6aa9a7df3
                            • Instruction Fuzzy Hash: 33118C38F101098FCF54DB69C485BAEB7F9EB85258F1049A6E906DB360EB30ED45CB81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06767C50 Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a97947c7ce0e28fbdaf1ca61bc23f18b2e61124a715babeec298fb90232da580
                            • Instruction ID: 69cb24cde5b3a063cf77e431994e1ad3dc6fd6b3ebe23a8c4865c0abf0946440
                            • Opcode Fuzzy Hash: a97947c7ce0e28fbdaf1ca61bc23f18b2e61124a715babeec298fb90232da580
                            • Instruction Fuzzy Hash: 36111834F141098FDF64DB6DC494AAEB3F9EB85258F1049A6E916DB360EB30ED44CB81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0116D3E7 Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.632792239.000000000116D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0116D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_116d000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5a368cc5c02d0b3c716e3061d2d03e1c83b6206fc9b52232e2685b0d252f8fbb
                            • Instruction ID: 8e5cc77794df63c2ec37d61a59fecd1a4566dc7d14db0cd5104ab2a297fbd131
                            • Opcode Fuzzy Hash: 5a368cc5c02d0b3c716e3061d2d03e1c83b6206fc9b52232e2685b0d252f8fbb
                            • Instruction Fuzzy Hash: B6119076504280DFCF16CF54D5C4B56BF61FB84320F28C5A9D8494A616C336D866CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06767370 Relevance: .1, Instructions: 52COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 279fd3e37342bcf7ccfa18539cf40db689aae7f22e9d52e69f5d7932b65f7840
                            • Instruction ID: 31c8deaeeda91bcada907fd2644cf1e891f5aa5401c5eb042dc0353275acc759
                            • Opcode Fuzzy Hash: 279fd3e37342bcf7ccfa18539cf40db689aae7f22e9d52e69f5d7932b65f7840
                            • Instruction Fuzzy Hash: 14113C35F002188FCB84EB7AD8499AEB7F5AF892147518429EA19E7304EF30AD01CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06764D10 Relevance: .1, Instructions: 52COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a56703b0996a350b63b98e6d55d421da81a2ced6cec506cf099a02be03bfd14b
                            • Instruction ID: 37ae79593d9751b9876bc5f3e791634e3a700c2012974844a4a5cc9f41643625
                            • Opcode Fuzzy Hash: a56703b0996a350b63b98e6d55d421da81a2ced6cec506cf099a02be03bfd14b
                            • Instruction Fuzzy Hash: 68112E39F102199F8B90EFB9D8599AE7BF5FB8C2207108425E50AE3314EF309941CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06767B20 Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 232586cf37575b0f6629217d7dea0d6128f7c2db38b35b5663b24e7fd0a5c7ac
                            • Instruction ID: 65e5414606e5f5b2f8f58c5b9864f34fd8a8a0b5c5f30a9305186409233265b6
                            • Opcode Fuzzy Hash: 232586cf37575b0f6629217d7dea0d6128f7c2db38b35b5663b24e7fd0a5c7ac
                            • Instruction Fuzzy Hash: A511703491424EDFCB49EFB8D8969ACBFB1FF81209B414AA9E425EB250DF311A45CF41
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06767B30 Relevance: .0, Instructions: 43COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b79267255ee25701d88c2a3e2cf60dc6d785f1024a5993e8f76d46c40840f4a7
                            • Instruction ID: bcc60191b7f4d504dd8e45e25f18db7ee237ca388f24ed22726fb467b8c6afb4
                            • Opcode Fuzzy Hash: b79267255ee25701d88c2a3e2cf60dc6d785f1024a5993e8f76d46c40840f4a7
                            • Instruction Fuzzy Hash: 00112A74D1020EEFCB44FFA8D8969ACBBB5FF84209B014969E415E7210EF316A04CF41
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06764094 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9bb3df7673af98fb69d0b3b17cc2b7cbbdeb722d49746c9fd1c11a7960356651
                            • Instruction ID: 25dde4f83ac3b7cf4407876c08a7f66da6c6b9c567ea4dc018fa652f8da644b5
                            • Opcode Fuzzy Hash: 9bb3df7673af98fb69d0b3b17cc2b7cbbdeb722d49746c9fd1c11a7960356651
                            • Instruction Fuzzy Hash: 3DE06575E552189F8740DBBE99052AE7FF9EB8C251F54407AE91AE3300EB744901CBE0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06766A3F Relevance: .0, Instructions: 25COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1508dd408e46d0ce8cea910d7ace0aa105f32d26c98d1161a1129debcfb71217
                            • Instruction ID: 6549859c9e0834a54e723325be2443b5d8cbab4ca74beb9169fe2d0895bb1283
                            • Opcode Fuzzy Hash: 1508dd408e46d0ce8cea910d7ace0aa105f32d26c98d1161a1129debcfb71217
                            • Instruction Fuzzy Hash: 5EE0ED35B101148FDFC4FBB9D85989D73F2BF891117518465EA19E7354EE34AC018BA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 067673CF Relevance: .0, Instructions: 25COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 03b034c6d06e9100ef67c90f092e48fe0b87151934b5af94b916a7ad4743f304
                            • Instruction ID: 8c5764840cddfd024fd1587dd03c2c4d809b1074dd6ff89a191e20cae9e40137
                            • Opcode Fuzzy Hash: 03b034c6d06e9100ef67c90f092e48fe0b87151934b5af94b916a7ad4743f304
                            • Instruction Fuzzy Hash: 05E0ED35B001148FDFC5FBB9D85989D77F1AFC9115B018065EA19E7354DE349C118B91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 067640A0 Relevance: .0, Instructions: 25COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2d7e85d2b5d610ad76522ca590f734e547929cb5a3e063967dec6594523db9bf
                            • Instruction ID: 5d4dcdc9b77b7416abd779ee50b6bc2e335d8c3fae14a79227b4394058c8ec02
                            • Opcode Fuzzy Hash: 2d7e85d2b5d610ad76522ca590f734e547929cb5a3e063967dec6594523db9bf
                            • Instruction Fuzzy Hash: F3E01276E041199F8780DBBE98055AE7EF8EA8C211B144576E919D3300EA704911CBD1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06764D71 Relevance: .0, Instructions: 25COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a846d75f72e9f255071619a517850172be60b3f0e50ee590986b105541f0ffc8
                            • Instruction ID: b3e81aa5e755a1e85ffa8b23962ec417624e9a322d84c085d58207f23758c492
                            • Opcode Fuzzy Hash: a846d75f72e9f255071619a517850172be60b3f0e50ee590986b105541f0ffc8
                            • Instruction Fuzzy Hash: 63F09839B50118CFCB549BA9E85999D7BF1FB882217118465E506D3354DF3498918B50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06765128 Relevance: .0, Instructions: 25COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6a8e3be7a2b4ed8e7b82bed5f98a4083162bde2117a976e4a2170d2ec244d990
                            • Instruction ID: 057e055a0002aafaf2d6586d39dd5a35dc536ea4b47091837b6721b9374b797c
                            • Opcode Fuzzy Hash: 6a8e3be7a2b4ed8e7b82bed5f98a4083162bde2117a976e4a2170d2ec244d990
                            • Instruction Fuzzy Hash: 8DF0F870C44309DFDB94EFB9885675EBBB4AB04200F50486AD915E2241E77586408B91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0676F251 Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a1e0fce88d46b3aee1cbf8ca2a5c561f9a325a633cfe548ac5b47c0b2c6d70ab
                            • Instruction ID: c356ea8def19fafb3d631a097f98f46c6cb0d95a9bba4ac8218c458c8eeb77e0
                            • Opcode Fuzzy Hash: a1e0fce88d46b3aee1cbf8ca2a5c561f9a325a633cfe548ac5b47c0b2c6d70ab
                            • Instruction Fuzzy Hash: 0CE08635F400148FC7549E35B4481AD77A3B7C8155B149575E507C3204CE348C124741
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0676FF38 Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3493a3425726504bccc7dc4a386ccb43c1676583bdb1d8092eedd445d6f7c24a
                            • Instruction ID: aa5bcc0e51d31e965d864f25555e343cff5b6ac167bdefd7bb985b194b4ca0cb
                            • Opcode Fuzzy Hash: 3493a3425726504bccc7dc4a386ccb43c1676583bdb1d8092eedd445d6f7c24a
                            • Instruction Fuzzy Hash: 6FE01AB1C0420AAFDB80DF69D84579EBBF4BB04204F508969D419E6241EBB4A606CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0676FD80 Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0db586de36f06757cd0f316097c63246cfe2a7c39e1fe9eb77bd40dc6715ae87
                            • Instruction ID: 7a5016c8ef6405053ce7703e6a166b6e5c18ef41458e7a439ded94c8465b5501
                            • Opcode Fuzzy Hash: 0db586de36f06757cd0f316097c63246cfe2a7c39e1fe9eb77bd40dc6715ae87
                            • Instruction Fuzzy Hash: 80E0CD313553061BE784847AD89077975CB9BD5124B58C135A80887B41D929D80893A9
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06767C00 Relevance: .0, Instructions: 21COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9ee6248efbbc839f708211378fdad1712624a44b9ca10cda6772e3949d130a53
                            • Instruction ID: e2266ce075c7ce1ee7244a1f505913134fb42e66538950456aff23a7441e93ec
                            • Opcode Fuzzy Hash: 9ee6248efbbc839f708211378fdad1712624a44b9ca10cda6772e3949d130a53
                            • Instruction Fuzzy Hash: F2E0C2349201044FDB666636B447374375DD74224EF204E35FC07C7201CB22D4819B40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06765138 Relevance: .0, Instructions: 21COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fb52b0c4d7a4f299debffa4c64329f5d10b77fcada37ce4f6b6e1402808bd049
                            • Instruction ID: 94c8489edae9cb8cb4d70c721934773db975dd40c6f0c39572bc9ac32bf38aa4
                            • Opcode Fuzzy Hash: fb52b0c4d7a4f299debffa4c64329f5d10b77fcada37ce4f6b6e1402808bd049
                            • Instruction Fuzzy Hash: 81E0E5B0D4430ADFDBA4EFB988557AEBBF0AB08204F604969D924E2340E77586408FC1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 067651A0 Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d1f955871700f6daf9da55cd811e0ea7190d60a500244eaac78799e78126cf78
                            • Instruction ID: 9d718220969af3ebd9a958c3857ac8c7a04895d64b707430ce5e159cd0ad7760
                            • Opcode Fuzzy Hash: d1f955871700f6daf9da55cd811e0ea7190d60a500244eaac78799e78126cf78
                            • Instruction Fuzzy Hash: E1D0C2356002008BC621AB26D40896EB3DADFC0524B404C38E91A87600CB31A8458BD1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0676FF48 Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9aa7f596de8c3e813f1262f9fefaed822e48c58f81a9ec6a1ee4eab0ffa26440
                            • Instruction ID: 50e2b9fb56f37a54b41ec5e9ec942a9741569a26e4376c994bd620e62306e3db
                            • Opcode Fuzzy Hash: 9aa7f596de8c3e813f1262f9fefaed822e48c58f81a9ec6a1ee4eab0ffa26440
                            • Instruction Fuzzy Hash: 3DE0ECB0D0421A9FD780EFA9D41179EBBF0BB08204F108969D419E7241EBB49605CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06767C10 Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1e4efe7dd005dfaecb9052afbc81fbb71808a496f87ab062cc908f8042eef563
                            • Instruction ID: 18ffb780fc227d7d5b4d4f8155e4b22e2637d3341bfa1c1f8e620279def245ec
                            • Opcode Fuzzy Hash: 1e4efe7dd005dfaecb9052afbc81fbb71808a496f87ab062cc908f8042eef563
                            • Instruction Fuzzy Hash: A4D0C930A242088FEB692976A456735335EDB45259F604D35F807C7241DB36D8808B00
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 06764F2A Relevance: .0, Instructions: 13COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.635342061.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_2_2_6760000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4344bebf2b62d8ff07c252bde3eb986a7c20435236b35e53b374a745acba7355
                            • Instruction ID: 518e9a5c374eb8f288fca2def52ed8a02f5013b2025f70ecb251c2153b44cfd9
                            • Opcode Fuzzy Hash: 4344bebf2b62d8ff07c252bde3eb986a7c20435236b35e53b374a745acba7355
                            • Instruction Fuzzy Hash: 7ED01237E80104CBCF046FB5F46E0ECB731EF8022AB5008B5D50696151CF354D61CB50
                            Uniqueness

                            Uniqueness Score: -1.00%