Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe

Overview

General Information

Sample Name:3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe
Analysis ID:679465
MD5:19230db458718df6fa70d9817925ac7a
SHA1:04eba42e98b996b5b9e1783e37de8b45c42d56f4
SHA256:3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3
Tags:exeNanoCoreRAT
Infos:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Detected Nanocore Rat
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Yara detected Nanocore RAT
Snort IDS alert for network traffic
Connects to many ports of the same IP (likely port scanning)
Protects its processes via BreakOnTermination flag
Machine Learning detection for sample
May check the online IP address of the machine
.NET source code contains potential unpacker
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Installs a raw input device (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Drops PE files
Detected TCP or UDP traffic on non-standard ports

Classification

Process Tree

  • System is w10x64
  • dhcpmon.exe (PID: 4428 cmdline: "C:\Program Files\DHCP Monitor\dhcpmon.exe" MD5: 19230DB458718DF6FA70D9817925AC7A)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "48fc9f6c-a1d6-42de-93fe-7ff2a24a", "Group": "New Connections", "Domain1": "trustedvpnconnection.anondns.net", "Domain2": "windowsmanager.freemyip.com", "Port": 38952, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Enable", "SetCriticalProcess": "Enable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x1018d:$x1: NanoCore.ClientPluginHost
  • 0x101ca:$x2: IClientNetworkHost
  • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
  • 0xff05:$x1: NanoCore Client.exe
  • 0x1018d:$x2: NanoCore.ClientPluginHost
  • 0x117c6:$s1: PluginCommand
  • 0x117ba:$s2: FileCommand
  • 0x1266b:$s3: PipeExists
  • 0x18422:$s4: PipeCreated
  • 0x101b7:$s5: IClientLoggingHost
3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeMALWARE_Win_NanoCoreDetects NanoCoreditekSHen
    • 0xfef5:$x1: NanoCore Client
    • 0xff05:$x1: NanoCore Client
    • 0x1014d:$x2: NanoCore.ClientPlugin
    • 0x1018d:$x3: NanoCore.ClientPluginHost
    • 0x10142:$i1: IClientApp
    • 0x10163:$i2: IClientData
    • 0x1016f:$i3: IClientNetwork
    • 0x1017e:$i4: IClientAppHost
    • 0x101a7:$i5: IClientDataHost
    • 0x101b7:$i6: IClientLoggingHost
    • 0x101ca:$i7: IClientNetworkHost
    • 0x101dd:$i8: IClientUIHost
    • 0x101eb:$i9: IClientNameObjectCollection
    • 0x10207:$i10: IClientReadOnlyNameObjectCollection
    • 0xff54:$s1: ClientPlugin
    • 0x10156:$s1: ClientPlugin
    • 0x1064a:$s2: EndPoint
    • 0x10653:$s3: IPAddress
    • 0x1065d:$s4: IPEndPoint
    • 0x12093:$s6: get_ClientSettings
    • 0x12637:$s7: get_Connected
    3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0xfef5:$a: NanoCore
    • 0xff05:$a: NanoCore
    • 0x10139:$a: NanoCore
    • 0x1014d:$a: NanoCore
    • 0x1018d:$a: NanoCore
    • 0xff54:$b: ClientPlugin
    • 0x10156:$b: ClientPlugin
    • 0x10196:$b: ClientPlugin
    • 0x1007b:$c: ProjectData
    • 0x10a82:$d: DESCrypto
    • 0x1844e:$e: KeepAlive
    • 0x1643c:$g: LogClientMessage
    • 0x12637:$i: get_Connected
    • 0x10db8:$j: #=q
    • 0x10de8:$j: #=q
    • 0x10e04:$j: #=q
    • 0x10e34:$j: #=q
    • 0x10e50:$j: #=q
    • 0x10e6c:$j: #=q
    • 0x10e9c:$j: #=q
    • 0x10eb8:$j: #=q
    Click to see the 1 entries

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Program Files\DHCP Monitor\dhcpmon.exeNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0x1018d:$x1: NanoCore.ClientPluginHost
    • 0x101ca:$x2: IClientNetworkHost
    • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    C:\Program Files\DHCP Monitor\dhcpmon.exeNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
    • 0xff05:$x1: NanoCore Client.exe
    • 0x1018d:$x2: NanoCore.ClientPluginHost
    • 0x117c6:$s1: PluginCommand
    • 0x117ba:$s2: FileCommand
    • 0x1266b:$s3: PipeExists
    • 0x18422:$s4: PipeCreated
    • 0x101b7:$s5: IClientLoggingHost
    C:\Program Files\DHCP Monitor\dhcpmon.exeJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      C:\Program Files\DHCP Monitor\dhcpmon.exeMALWARE_Win_NanoCoreDetects NanoCoreditekSHen
      • 0xfef5:$x1: NanoCore Client
      • 0xff05:$x1: NanoCore Client
      • 0x1014d:$x2: NanoCore.ClientPlugin
      • 0x1018d:$x3: NanoCore.ClientPluginHost
      • 0x10142:$i1: IClientApp
      • 0x10163:$i2: IClientData
      • 0x1016f:$i3: IClientNetwork
      • 0x1017e:$i4: IClientAppHost
      • 0x101a7:$i5: IClientDataHost
      • 0x101b7:$i6: IClientLoggingHost
      • 0x101ca:$i7: IClientNetworkHost
      • 0x101dd:$i8: IClientUIHost
      • 0x101eb:$i9: IClientNameObjectCollection
      • 0x10207:$i10: IClientReadOnlyNameObjectCollection
      • 0xff54:$s1: ClientPlugin
      • 0x10156:$s1: ClientPlugin
      • 0x1064a:$s2: EndPoint
      • 0x10653:$s3: IPAddress
      • 0x1065d:$s4: IPEndPoint
      • 0x12093:$s6: get_ClientSettings
      • 0x12637:$s7: get_Connected
      C:\Program Files\DHCP Monitor\dhcpmon.exeNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0xfef5:$a: NanoCore
      • 0xff05:$a: NanoCore
      • 0x10139:$a: NanoCore
      • 0x1014d:$a: NanoCore
      • 0x1018d:$a: NanoCore
      • 0xff54:$b: ClientPlugin
      • 0x10156:$b: ClientPlugin
      • 0x10196:$b: ClientPlugin
      • 0x1007b:$c: ProjectData
      • 0x10a82:$d: DESCrypto
      • 0x1844e:$e: KeepAlive
      • 0x1643c:$g: LogClientMessage
      • 0x12637:$i: get_Connected
      • 0x10db8:$j: #=q
      • 0x10de8:$j: #=q
      • 0x10e04:$j: #=q
      • 0x10e34:$j: #=q
      • 0x10e50:$j: #=q
      • 0x10e6c:$j: #=q
      • 0x10e9c:$j: #=q
      • 0x10eb8:$j: #=q
      Click to see the 1 entries

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xe75:$x1: NanoCore.ClientPluginHost
      • 0xe8f:$x2: IClientNetworkHost
      00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmpNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xe75:$x2: NanoCore.ClientPluginHost
      • 0x1261:$s3: PipeExists
      • 0x1136:$s4: PipeCreated
      • 0xeb0:$s5: IClientLoggingHost
      00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmpMALWARE_Win_NanoCoreDetects NanoCoreditekSHen
      • 0xe38:$x2: NanoCore.ClientPlugin
      • 0xe75:$x3: NanoCore.ClientPluginHost
      • 0xe5a:$i1: IClientApp
      • 0xe4e:$i2: IClientData
      • 0xe29:$i3: IClientNetwork
      • 0xec3:$i4: IClientAppHost
      • 0xe65:$i5: IClientDataHost
      • 0xeb0:$i6: IClientLoggingHost
      • 0xe8f:$i7: IClientNetworkHost
      • 0xea2:$i8: IClientUIHost
      • 0xed2:$i9: IClientNameObjectCollection
      • 0xef7:$i10: IClientReadOnlyNameObjectCollection
      • 0xe41:$s1: ClientPlugin
      • 0x177c:$s1: ClientPlugin
      • 0x1789:$s1: ClientPlugin
      • 0x11f9:$s6: get_ClientSettings
      • 0x1249:$s7: get_Connected
      00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmpWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
      • 0xe75:$a1: NanoCore.ClientPluginHost
      • 0xe38:$a2: NanoCore.ClientPlugin
      • 0x120c:$b1: get_BuilderSettings
      • 0xec3:$b4: IClientAppHost
      • 0x127d:$b6: AddHostEntry
      • 0x12ec:$b7: LogClientException
      • 0x1261:$b8: PipeExists
      • 0xeb0:$b9: IClientLoggingHost
      00000000.00000000.334105407.0000000000BD2000.00000002.00000001.01000000.00000003.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xff8d:$x1: NanoCore.ClientPluginHost
      • 0xffca:$x2: IClientNetworkHost
      • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      Click to see the 27 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0x1018d:$x1: NanoCore.ClientPluginHost
      • 0x101ca:$x2: IClientNetworkHost
      • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xff05:$x1: NanoCore Client.exe
      • 0x1018d:$x2: NanoCore.ClientPluginHost
      • 0x117c6:$s1: PluginCommand
      • 0x117ba:$s2: FileCommand
      • 0x1266b:$s3: PipeExists
      • 0x18422:$s4: PipeCreated
      • 0x101b7:$s5: IClientLoggingHost
      0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpackMALWARE_Win_NanoCoreDetects NanoCoreditekSHen
        • 0xfef5:$x1: NanoCore Client
        • 0xff05:$x1: NanoCore Client
        • 0x1014d:$x2: NanoCore.ClientPlugin
        • 0x1018d:$x3: NanoCore.ClientPluginHost
        • 0x10142:$i1: IClientApp
        • 0x10163:$i2: IClientData
        • 0x1016f:$i3: IClientNetwork
        • 0x1017e:$i4: IClientAppHost
        • 0x101a7:$i5: IClientDataHost
        • 0x101b7:$i6: IClientLoggingHost
        • 0x101ca:$i7: IClientNetworkHost
        • 0x101dd:$i8: IClientUIHost
        • 0x101eb:$i9: IClientNameObjectCollection
        • 0x10207:$i10: IClientReadOnlyNameObjectCollection
        • 0xff54:$s1: ClientPlugin
        • 0x10156:$s1: ClientPlugin
        • 0x1064a:$s2: EndPoint
        • 0x10653:$s3: IPAddress
        • 0x1065d:$s4: IPEndPoint
        • 0x12093:$s6: get_ClientSettings
        • 0x12637:$s7: get_Connected
        0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpackNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
        • 0xfef5:$a: NanoCore
        • 0xff05:$a: NanoCore
        • 0x10139:$a: NanoCore
        • 0x1014d:$a: NanoCore
        • 0x1018d:$a: NanoCore
        • 0xff54:$b: ClientPlugin
        • 0x10156:$b: ClientPlugin
        • 0x10196:$b: ClientPlugin
        • 0x1007b:$c: ProjectData
        • 0x10a82:$d: DESCrypto
        • 0x1844e:$e: KeepAlive
        • 0x1643c:$g: LogClientMessage
        • 0x12637:$i: get_Connected
        • 0x10db8:$j: #=q
        • 0x10de8:$j: #=q
        • 0x10e04:$j: #=q
        • 0x10e34:$j: #=q
        • 0x10e50:$j: #=q
        • 0x10e6c:$j: #=q
        • 0x10e9c:$j: #=q
        • 0x10eb8:$j: #=q
        Click to see the 81 entries

        Sigma Signatures

        AV Detection

        barindex
        Sigma detected: NanoCore
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, ProcessId: 4484, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        E-Banking Fraud

        barindex
        Sigma detected: NanoCore
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, ProcessId: 4484, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Stealing of Sensitive Information

        barindex
        Sigma detected: NanoCore
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, ProcessId: 4484, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Remote Access Functionality

        barindex
        Sigma detected: NanoCore
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, ProcessId: 4484, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Snort Signatures

        Timestamp:192.168.2.7107.150.23.18449849389522816766 08/05/22-20:40:14.466547
        SID:2816766
        Source Port:49849
        Destination Port:38952
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeVirustotal: Detection: 79%Perma Link
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeMetadefender: Detection: 88%Perma Link
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeReversingLabs: Detection: 100%
        Antivirus / Scanner detection for submitted sample
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeAvira: detected
        Antivirus detection for dropped file
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeAvira: detection malicious, Label: TR/Dropper.MSIL.Gen7
        Multi AV Scanner detection for dropped file
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeMetadefender: Detection: 88%Perma Link
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeReversingLabs: Detection: 100%
        Yara detected Nanocore RAT
        Source: Yara matchFile source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, type: SAMPLE
        Source: Yara matchFile source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.2cde240.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.2ce3318.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.12c98235.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.2ce3318.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.12c9079e.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.12c955d4.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc2c61.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.2ce5f79.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32dd541.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.12c955d4.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32a6f48.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000000.334105407.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.400423708.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.400861737.0000000012C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000003.343362385.000000001BE11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.605781173.0000000003291000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe PID: 4484, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 4428, type: MEMORYSTR
        Source: Yara matchFile source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPED
        Machine Learning detection for sample
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeJoe Sandbox ML: detected
        Machine Learning detection for dropped file
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeJoe Sandbox ML: detected
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 00000003.00000002.400423708.0000000002C81000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "48fc9f6c-a1d6-42de-93fe-7ff2a24a", "Group": "New Connections", "Domain1": "trustedvpnconnection.anondns.net", "Domain2": "windowsmanager.freemyip.com", "Port": 38952, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Enable", "SetCriticalProcess": "Enable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000"}
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeFile opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_88df21dd2faf7c49\MSVCR80.dllJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeDirectory created: C:\Program Files\DHCP MonitorJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeDirectory created: C:\Program Files\DHCP Monitor\dhcpmon.exeJump to behavior

        Networking

        barindex
        Snort IDS alert for network traffic
        Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.7:49849 -> 107.150.23.184:38952
        Connects to many ports of the same IP (likely port scanning)
        Source: global trafficTCP traffic: 103.240.234.185 ports 2,3,5,8,38952,9
        Source: global trafficTCP traffic: 107.150.23.184 ports 2,3,5,8,38952,9
        May check the online IP address of the machine
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeDNS query: name: windowsmanager.freemyip.com
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeDNS query: name: windowsmanager.freemyip.com
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeDNS query: name: windowsmanager.freemyip.com
        Source: unknownDNS query: name: windowsmanager.freemyip.com
        C2 URLs / IPs found in malware configuration
        Source: Malware configuration extractorURLs: windowsmanager.freemyip.com
        Source: Malware configuration extractorURLs: trustedvpnconnection.anondns.net
        Source: Joe Sandbox ViewASN Name: ASN-QUADRANET-GLOBALUS ASN-QUADRANET-GLOBALUS
        Source: global trafficTCP traffic: 192.168.2.7:49768 -> 107.150.23.184:38952
        Source: global trafficTCP traffic: 192.168.2.7:49771 -> 103.240.234.185:38952
        Source: unknownDNS traffic detected: queries for: trustedvpnconnection.anondns.net
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.605781173.0000000003291000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: GetRawInputData

        E-Banking Fraud

        barindex
        Yara detected Nanocore RAT
        Source: Yara matchFile source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, type: SAMPLE
        Source: Yara matchFile source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.2cde240.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.2ce3318.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.12c98235.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.2ce3318.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.12c9079e.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.12c955d4.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc2c61.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.2ce5f79.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32dd541.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.12c955d4.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32a6f48.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000000.334105407.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.400423708.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.400861737.0000000012C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000003.343362385.000000001BE11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.605781173.0000000003291000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe PID: 4484, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 4428, type: MEMORYSTR
        Source: Yara matchFile source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPED

        Operating System Destruction

        barindex
        Protects its processes via BreakOnTermination flag
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: 01 00 00 00 Jump to behavior

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, type: SAMPLEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, type: SAMPLEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, type: SAMPLEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, type: SAMPLEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 3.2.dhcpmon.exe.2cde240.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 3.2.dhcpmon.exe.2cde240.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 3.2.dhcpmon.exe.2cde240.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1070000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1070000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1070000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 3.2.dhcpmon.exe.2ce3318.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 3.2.dhcpmon.exe.2ce3318.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 3.2.dhcpmon.exe.2ce3318.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 3.2.dhcpmon.exe.12c98235.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 3.2.dhcpmon.exe.12c98235.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 3.2.dhcpmon.exe.12c98235.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 3.2.dhcpmon.exe.2ce3318.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 3.2.dhcpmon.exe.2ce3318.2.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 3.2.dhcpmon.exe.2ce3318.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 3.2.dhcpmon.exe.12c9079e.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 3.2.dhcpmon.exe.12c9079e.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 3.2.dhcpmon.exe.12c9079e.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 3.2.dhcpmon.exe.12c9079e.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 3.2.dhcpmon.exe.12c955d4.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 3.2.dhcpmon.exe.12c955d4.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 3.2.dhcpmon.exe.12c955d4.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc2c61.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc2c61.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc2c61.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 3.2.dhcpmon.exe.2ce5f79.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 3.2.dhcpmon.exe.2ce5f79.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 3.2.dhcpmon.exe.2ce5f79.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32dd541.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32dd541.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32dd541.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 3.2.dhcpmon.exe.12c955d4.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 3.2.dhcpmon.exe.12c955d4.4.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 3.2.dhcpmon.exe.12c955d4.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32a6f48.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32a6f48.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32a6f48.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
        Source: 00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 00000000.00000000.334105407.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000000.334105407.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000000.00000000.334105407.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 00000003.00000002.400423708.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000003.00000002.400423708.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 00000003.00000002.400861737.0000000012C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000003.00000002.400861737.0000000012C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 00000000.00000003.343362385.000000001BE11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000003.343362385.000000001BE11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000000.00000003.343362385.000000001BE11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
        Source: 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 00000000.00000002.605781173.0000000003291000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: Process Memory Space: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe PID: 4484, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe PID: 4484, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe PID: 4484, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: Process Memory Space: dhcpmon.exe PID: 4428, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: dhcpmon.exe PID: 4428, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPEDMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPEDMatched rule: Detects NanoCore Author: ditekSHen
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPEDMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPEDMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, type: SAMPLEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, type: SAMPLEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, type: SAMPLEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, type: SAMPLEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, type: SAMPLEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3.2.dhcpmon.exe.2cde240.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 3.2.dhcpmon.exe.2cde240.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3.2.dhcpmon.exe.2cde240.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 3.2.dhcpmon.exe.2cde240.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1070000.0.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1070000.0.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1070000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1070000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 3.2.dhcpmon.exe.2ce3318.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3.2.dhcpmon.exe.2ce3318.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3.2.dhcpmon.exe.2ce3318.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 3.2.dhcpmon.exe.2ce3318.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 3.2.dhcpmon.exe.12c98235.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3.2.dhcpmon.exe.12c98235.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3.2.dhcpmon.exe.12c98235.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 3.2.dhcpmon.exe.12c98235.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 3.2.dhcpmon.exe.2ce3318.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3.2.dhcpmon.exe.2ce3318.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3.2.dhcpmon.exe.2ce3318.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 3.2.dhcpmon.exe.2ce3318.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 3.2.dhcpmon.exe.12c9079e.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3.2.dhcpmon.exe.12c9079e.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3.2.dhcpmon.exe.12c9079e.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 3.2.dhcpmon.exe.12c9079e.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 3.2.dhcpmon.exe.12c9079e.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 3.2.dhcpmon.exe.12c955d4.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3.2.dhcpmon.exe.12c955d4.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3.2.dhcpmon.exe.12c955d4.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 3.2.dhcpmon.exe.12c955d4.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc2c61.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc2c61.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc2c61.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc2c61.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 3.2.dhcpmon.exe.2ce5f79.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3.2.dhcpmon.exe.2ce5f79.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3.2.dhcpmon.exe.2ce5f79.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 3.2.dhcpmon.exe.2ce5f79.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32dd541.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32dd541.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32dd541.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32dd541.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 3.2.dhcpmon.exe.12c955d4.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3.2.dhcpmon.exe.12c955d4.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 3.2.dhcpmon.exe.12c955d4.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 3.2.dhcpmon.exe.12c955d4.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32a6f48.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32a6f48.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32a6f48.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32a6f48.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 00000000.00000000.334105407.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 00000000.00000000.334105407.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000000.00000000.334105407.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 00000003.00000002.400423708.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000003.00000002.400423708.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 00000003.00000002.400861737.0000000012C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000003.00000002.400861737.0000000012C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 00000000.00000003.343362385.000000001BE11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 00000000.00000003.343362385.000000001BE11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000000.00000003.343362385.000000001BE11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 00000000.00000002.605781173.0000000003291000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: Process Memory Space: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe PID: 4484, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: Process Memory Space: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe PID: 4484, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe PID: 4484, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: Process Memory Space: dhcpmon.exe PID: 4428, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: dhcpmon.exe PID: 4428, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPEDMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPEDMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPEDMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPEDMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPEDMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeCode function: 0_2_00007FF8590C9A3D0_2_00007FF8590C9A3D
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeCode function: 0_2_00007FF8590CED0A0_2_00007FF8590CED0A
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeCode function: 0_2_00007FF8590CADD50_2_00007FF8590CADD5
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeCode function: 0_2_00007FF8590C41D10_2_00007FF8590C41D1
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeCode function: 0_2_00007FF8590C1B710_2_00007FF8590C1B71
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeCode function: 0_2_00007FF8590C4DAA0_2_00007FF8590C4DAA
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeCode function: 0_2_00007FF8590C301D0_2_00007FF8590C301D
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeCode function: 3_2_00007FF8590C1B713_2_00007FF8590C1B71
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeCode function: 3_2_00007FF8590C41D13_2_00007FF8590C41D1
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeCode function: 3_2_00007FF8590C4DAA3_2_00007FF8590C4DAA
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeCode function: 3_2_00007FF8590C301D3_2_00007FF8590C301D
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.605651544.0000000002E20000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.610148456.00000000132B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.602881180.00000000010B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.605781173.0000000003291000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.605781173.0000000003291000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.605781173.0000000003291000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeStatic PE information: Section: .rsrc ZLIB complexity 0.9952420112781954
        Source: dhcpmon.exe.0.drStatic PE information: Section: .rsrc ZLIB complexity 0.9952420112781954
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeVirustotal: Detection: 79%
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeMetadefender: Detection: 88%
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeReversingLabs: Detection: 100%
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeFile read: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeJump to behavior
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe "C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe"
        Source: unknownProcess created: C:\Program Files\DHCP Monitor\dhcpmon.exe "C:\Program Files\DHCP Monitor\dhcpmon.exe"
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeFile created: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9AJump to behavior
        Source: classification engineClassification label: mal100.troj.evad.winEXE@2/4@10/2
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: dhcpmon.exe.0.dr, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: dhcpmon.exe.0.dr, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\077cf2bd55145d691314f0889d7a1997\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\077cf2bd55145d691314f0889d7a1997\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{48fc9f6c-a1d6-42de-93fe-7ff2a24a16fa}
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeFile created: C:\Program Files\DHCP MonitorJump to behavior
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: dhcpmon.exe.0.dr, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: dhcpmon.exe.0.dr, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: dhcpmon.exe.0.dr, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeFile opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_88df21dd2faf7c49\MSVCR80.dllJump to behavior
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeDirectory created: C:\Program Files\DHCP MonitorJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeDirectory created: C:\Program Files\DHCP Monitor\dhcpmon.exeJump to behavior

        Data Obfuscation

        barindex
        .NET source code contains potential unpacker
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: dhcpmon.exe.0.dr, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: dhcpmon.exe.0.dr, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: dhcpmon.exe.0.dr, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: dhcpmon.exe.0.dr, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeFile created: C:\Program Files\DHCP Monitor\dhcpmon.exeJump to dropped file
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DHCP MonitorJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DHCP MonitorJump to behavior

        Hooking and other Techniques for Hiding and Protection

        barindex
        Hides that the sample has been downloaded from the Internet (zone.identifier)
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeFile opened: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe:Zone.Identifier read attributes | deleteJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe TID: 784Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exe TID: 2892Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeWindow / User API: foregroundWindowGot 675Jump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.520186274.000000000119D000.00000004.00000020.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.605319418.000000000119D000.00000004.00000020.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.356493921.000000000119D000.00000004.00000020.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.355017461.0000000001190000.00000004.00000020.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.377610447.000000000119D000.00000004.00000020.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.378577400.000000000119D000.00000004.00000020.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.379557260.000000000119D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeMemory allocated: page read and write | page guardJump to behavior
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.611612417.000000001BE3B000.00000004.00000020.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.578604449.000000001BE3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerreemyip.comYD
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.462735221.000000001BE3A000.00000004.00000020.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.417334006.000000001BE38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager~D
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.608539232.0000000003501000.00000004.00000800.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.607181488.00000000033AB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.611612417.000000001BE3B000.00000004.00000020.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.462735221.000000001BE3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managertion.anondns.net
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.462735221.000000001BE3A000.00000004.00000020.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.417334006.000000001BE38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program ManageruserDesktopenSurveillanceExClientPlugin.resources.EXE
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.462735221.000000001BE3A000.00000004.00000020.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.417334006.000000001BE38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerreemyip.comQE
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.611612417.000000001BE3B000.00000004.00000020.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.578604449.000000001BE3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerreemyip.com
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.462735221.000000001BE3A000.00000004.00000020.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.519999901.000000001BE3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managertion.anondns.net@
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.417334006.000000001BE38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managertion.anondns.netYD
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.578604449.000000001BE3A000.00000004.00000020.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.462735221.000000001BE3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerreemyip.com0E
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.578604449.000000001BE3A000.00000004.00000020.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.519999901.000000001BE3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.417334006.000000001BE38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managertion.anondns.netvE
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.611612417.000000001BE3B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managertion.anondns.netQE
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.608539232.0000000003501000.00000004.00000800.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.607181488.00000000033AB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerxJ
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.611612417.000000001BE3B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managertion.anondns.net0E
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.611612417.000000001BE3B000.00000004.00000020.00020000.00000000.sdmp, 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.578604449.000000001BE3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerreemyip.com~D
        Source: C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected Nanocore RAT
        Source: Yara matchFile source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, type: SAMPLE
        Source: Yara matchFile source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.2cde240.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.2ce3318.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.12c98235.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.2ce3318.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.12c9079e.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.12c955d4.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc2c61.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.2ce5f79.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32dd541.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.12c955d4.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32a6f48.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000000.334105407.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.400423708.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.400861737.0000000012C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000003.343362385.000000001BE11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.605781173.0000000003291000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe PID: 4484, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 4428, type: MEMORYSTR
        Source: Yara matchFile source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPED

        Remote Access Functionality

        barindex
        Detected Nanocore Rat
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000000.334105407.0000000000BD2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000003.343362385.000000001BE11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.605781173.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.605781173.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 00000003.00000002.400423708.0000000002C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 00000003.00000002.400423708.0000000002C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: dhcpmon.exe, 00000003.00000002.400861737.0000000012C90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 00000003.00000002.400861737.0000000012C90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exeString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe.0.drString found in binary or memory: NanoCore.ClientPluginHost
        Yara detected Nanocore RAT
        Source: Yara matchFile source: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, type: SAMPLE
        Source: Yara matchFile source: 0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.2cde240.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.2ce3318.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc0000.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.12c98235.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.2ce3318.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.12c9079e.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.12c955d4.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.1bdc2c61.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32da8e0.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.2ce5f79.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32dd541.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.dhcpmon.exe.12c955d4.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.32a6f48.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000000.334105407.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.400423708.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.400861737.0000000012C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000003.343362385.000000001BE11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.605781173.0000000003291000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe PID: 4484, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 4428, type: MEMORYSTR
        Source: Yara matchFile source: C:\Program Files\DHCP Monitor\dhcpmon.exe, type: DROPPED

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsWindows Management Instrumentation1
        Registry Run Keys / Startup Folder        		2
        Process Injection        		3
        Masquerading        		11
        Input Capture        		11
        Security Software Discovery        		Remote Services11
        Input Capture        		Exfiltration Over Other Network Medium1
        Encrypted Channel        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        Registry Run Keys / Startup Folder        		1
        Disable or Modify Tools        		LSASS Memory2
        Process Discovery        		Remote Desktop Protocol11
        Archive Collected Data        		Exfiltration Over Bluetooth1
        Non-Standard Port        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)21
        Virtualization/Sandbox Evasion        		Security Account Manager21
        Virtualization/Sandbox Evasion        		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
        Remote Access Software        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)2
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object ModelInput CaptureScheduled Transfer1
        Non-Application Layer Protocol        		SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets1
        Remote System Discovery        		SSHKeyloggingData Transfer Size Limits11
        Application Layer Protocol        		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.common1
        Hidden Files and Directories        		Cached Domain Credentials1
        System Network Configuration Discovery        		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup Items12
        Software Packing        		DCSync2
        System Information Discovery        		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe80%VirustotalBrowse
        3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe89%MetadefenderBrowse
        3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe100%ReversingLabsByteCode-MSIL.Backdoor.NanoCore
        3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe100%AviraTR/Dropper.MSIL.Gen7
        3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Program Files\DHCP Monitor\dhcpmon.exe100%AviraTR/Dropper.MSIL.Gen7
        C:\Program Files\DHCP Monitor\dhcpmon.exe100%Joe Sandbox ML
        C:\Program Files\DHCP Monitor\dhcpmon.exe89%MetadefenderBrowse
        C:\Program Files\DHCP Monitor\dhcpmon.exe100%ReversingLabsByteCode-MSIL.Backdoor.NanoCore

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        0.0.3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe.bd0000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File

        Domains

        SourceDetectionScannerLabelLink
        trustedvpnconnection.anondns.net2%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        trustedvpnconnection.anondns.net0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        trustedvpnconnection.anondns.net
        		107.150.23.184
        		truetrueunknown
        windowsmanager.freemyip.com
        		103.240.234.185
        		truefalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          windowsmanager.freemyip.comfalse
            		high
            trustedvpnconnection.anondns.nettrue
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            103.240.234.185
            		windowsmanager.freemyip.comIndia
            		132453TRIPLE-PLAY-INTRIPLEPLAYBROADBANDPRIVATELIMITEDINfalse
            107.150.23.184
            		trustedvpnconnection.anondns.netUnited States
            		8100ASN-QUADRANET-GLOBALUStrue

            General Information

            Joe Sandbox Version:35.0.0 Citrine
            Analysis ID:679465
            Start date and time: 05/08/202220:37:162022-08-05 20:37:16 +02:00
            Joe Sandbox Product:CloudBasic
            Overall analysis duration:0h 6m 1s
            Hypervisor based Inspection enabled:false
            Report type:full
            Sample file name:3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
            Number of analysed new started processes analysed:17
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • HDC enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal100.troj.evad.winEXE@2/4@10/2
            EGA Information:Failed
            HDC Information:Failed
            HCA Information:
            • Successful, ratio: 94%
            • Number of executed functions: 152
            • Number of non-executed functions: 1
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Adjust boot time
            • Enable AMSI

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
            • Excluded IPs from analysis (whitelisted): 23.211.6.115
            • Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, client.wns.windows.com, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
            • Execution Graph export aborted for target 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe, PID 4484 because it is empty
            • Execution Graph export aborted for target dhcpmon.exe, PID 4428 because it is empty
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtAllocateVirtualMemory calls found.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            20:38:25API Interceptor581x Sleep call for process: 3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe modified
            20:38:26AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files\DHCP Monitor\dhcpmon.exe

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            ASN-QUADRANET-GLOBALUShttp://go.m1.clatidwebservices.com/track/click/SlC9G_G0MgOQGsTNnu0EyJxJ-Ao/1/aHR0cHM6Ly9wc2N0ZWxlLmNvbT9lPVpITjBhV3hsYzBCM2FXTnJaWEp6YldsMGFDNWpiMjA9Get hashmaliciousBrowse
            • 96.44.175.237
            https://uspmodadd.com/0C9zGet hashmaliciousBrowse
            • 155.94.146.50
            iuRSc6knn3.exeGet hashmaliciousBrowse
            • 107.167.43.20
            http://go.m1.clatidwebservices.com/track/click/SlC9G_G0MgOQGsTNnu0EyJxJ-Ao/1/aHR0cHM6Ly9wc2N0ZWxlLmNvbT9lPWFtWnlZVzVqYVhOQWRIWmpMbTl5Wnc9PQ==Get hashmaliciousBrowse
            • 96.44.175.236
            http://efba59ba2e983.qpostie18.com/track/click/SlC9LvG0MvOQGsT6nu0EyJxJ_7Q/1/aHR0cHM6Ly9wc2N0ZWxlLmNvbT9lPWFtOXVMbWR5WldWc1pYbEFlVzluYVhCeWIyUjFZM1J6TG1OdmJRPT0=Get hashmaliciousBrowse
            • 96.44.175.236
            https://jw3sj9du.app.link/Get hashmaliciousBrowse
            • 204.44.125.124
            z2N6BHLnUsGet hashmaliciousBrowse
            • 173.205.82.51
            Mgfr045uGC.exeGet hashmaliciousBrowse
            • 104.223.20.133
            https://meatpocalypsewhiskeyandwinefe.ml/wp-contacto/redir/?m=corrections@pitchfork.com/Get hashmaliciousBrowse
            • 104.223.93.113
            bfr85PQw5t.exeGet hashmaliciousBrowse
            • 45.87.61.202
            172NCO286g.exeGet hashmaliciousBrowse
            • 104.223.20.133
            Order.docGet hashmaliciousBrowse
            • 104.223.20.133
            36824H4K8L0S8.htmlGet hashmaliciousBrowse
            • 104.238.57.153
            SecuriteInfo.com.Trojan.MSIL.AgentTesla.CKH.MTB.21747.exeGet hashmaliciousBrowse
            • 192.161.187.200
            https://mso.m0367d6378b355472d879736b7350.live/?username=sharon.osborne@bbc.co.ukGet hashmaliciousBrowse
            • 104.194.214.142
            https://packaddranew.com/rqCYGet hashmaliciousBrowse
            • 198.55.106.243
            PO450008945.exeGet hashmaliciousBrowse
            • 104.223.106.33
            transferencia.vbsGet hashmaliciousBrowse
            • 185.174.102.227
            Transferencia.vbsGet hashmaliciousBrowse
            • 185.174.102.227
            sEpt5mKGOJGet hashmaliciousBrowse
            • 104.223.82.206

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Program Files\DHCP Monitor\dhcpmon.exe

            Download File
            Process:C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):185856
            Entropy (8bit):7.338133299220304
            Encrypted:false
            SSDEEP:3072:GzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HISp9Jzf+hpWavwPJLehxm:GLV6Bta6dtJmakIM5PJr+hz2JGm
            MD5:19230DB458718DF6FA70D9817925AC7A
            SHA1:04EBA42E98B996B5B9E1783E37DE8B45C42D56F4
            SHA-256:3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095D995F019197F42439D3
            SHA-512:81B7C7E56D37AC11294EC815CA90E84C528385941CAF410F205AE6C181CA5E7A47E4DD8D572DF9E5E6AC3A0CAF58768D6049755C030AA67B8B2101B7AF401712
            Malicious:true
            Yara Hits:
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, Author: Joe Security
            • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, Author: ditekSHen
            • Rule: NanoCore, Description: unknown, Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, Author: unknown
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Metadefender, Detection: 89%, Browse
            • Antivirus: ReversingLabs, Detection: 100%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.T................................. ........@.. .......................@..............................................8...W.... ..`............................................................................ ............... ..H............text........ ...................... ..`.reloc..............................@..B.rsrc...`.... ......................@..@................t.......H...........T............................................................0..Q........o5.......*.o6....-.&......3+..+.... ....3......1..... 2.... ....3.... .......*.*....0..E.......s7....-(&s8....-&&s9....,$&s:........s;........*.....+.....+.....+.....0..........~....o<...*..0..........~....o=...*..0..........~....o>...*..0..........~....o?...*..0..........~....o@...*..0.............-.&(A...*&+...0..$.......~B........-.(...+.-.&+..B...+.~B...*.0.............-.&(A...*&+...0..

            C:\Program Files\DHCP Monitor\dhcpmon.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe
            File Type:ASCII text, with CRLF line terminators
            Category:modified
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Reputation:high, very likely benign file
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\dhcpmon.exe.log

            Download File
            Process:C:\Program Files\DHCP Monitor\dhcpmon.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):525
            Entropy (8bit):5.278948378331044
            Encrypted:false
            SSDEEP:12:Q3LaJcP0kaHYGLi1B01kKVdisk70/9UkB9tv:MLfaYgioQcpBT
            MD5:9AF7671D4ABE5659B81446667F85255E
            SHA1:4EEB5A2CD0A635EEDE03D35E56A6DE775A61761C
            SHA-256:6EA3C77011EEF418C5D3D2B00D1E4602390CB747B347AB8542A89AAD6136779A
            SHA-512:CAB4891DB9592138F748A59DC44E82BF9664CDF80084B982BE2BEE2DEC57CA26AE71C9B10F2AF9944B86579F89D44660851C0AAC25BFB13ACF719612A25B854B
            Malicious:false
            Reputation:moderate, very likely benign file
            Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_64\System\1201f26cb986c93f55044bb4fa22b294\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b12bbcf27f41d96fe44360ae0b566f9b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\454c09ea87bde1d5f545d60232083b79\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\76002c3c0a2b9f0c8687ad35e8d9d309\Microsoft.VisualBasic.ni.dll",0..

            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

            Download File
            Process:C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe
            File Type:data
            Category:dropped
            Size (bytes):8
            Entropy (8bit):3.0
            Encrypted:false
            SSDEEP:3:hStn:hStn
            MD5:DE177069969E9BB8B4758569EEBE9897
            SHA1:AC6645CC17D55DEA53696245DE5F0B3494DFD7CB
            SHA-256:2B3A2465A7F72968FBE13C3DA46DCD69C804AF529D809F9B48030A67BC4D2096
            SHA-512:41692E87D0092D470527B7A164C9858F86DED52D74DDA3F4C521EF43FB4473C39DA6848B7260A16F567E4A2736B29D846A6FD430EBBC2D51BA275EF4289E5F34
            Malicious:true
            Reputation:low
            Preview:U...]w.H

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Entropy (8bit):7.338133299220304
            TrID:
            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            • Win32 Executable (generic) a (10002005/4) 49.78%
            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
            • Generic Win/DOS Executable (2004/3) 0.01%
            • DOS Executable Generic (2002/1) 0.01%
            File name:3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe
            File size:185856
            MD5:19230db458718df6fa70d9817925ac7a
            SHA1:04eba42e98b996b5b9e1783e37de8b45c42d56f4
            SHA256:3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3
            SHA512:81b7c7e56d37ac11294ec815ca90e84c528385941caf410f205ae6c181ca5e7a47e4dd8d572df9e5e6ac3a0caf58768d6049755c030aa67b8b2101b7af401712
            SSDEEP:3072:GzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HISp9Jzf+hpWavwPJLehxm:GLV6Bta6dtJmakIM5PJr+hz2JGm
            TLSH:F704BE167BA98A3FE2DE8679611202138379C2E398D3F3EE28D415B74F527E40A471D7
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.T................................. ........@.. .......................@.............................................

            File Icon

            Icon Hash:00828e8e8686b000

            Static PE Info

            General

            Entrypoint:0x41e792
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            DLL Characteristics:
            Time Stamp:0x54E927A1 [Sun Feb 22 00:49:37 2015 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

            Entrypoint Preview

            Instruction
            jmp dword ptr [00402000h]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x1e7380x57.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x220000x10860.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x200000xc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000x1c7980x1c800False0.5944867050438597data6.598052977750881IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .reloc0x200000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
            .rsrc0x220000x108600x10a00False0.9952420112781954data7.996067726488766IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountry
            RT_RCDATA0x220580x10808TIM image, Pixel at (39306,49598) Size=36835x31543

            Imports

            DLLImport
            mscoree.dll_CorExeMain

            Network Behavior

            Snort IDS Alerts

            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
            192.168.2.7107.150.23.18449849389522816766 08/05/22-20:40:14.466547TCP2816766ETPRO TROJAN NanoCore RAT CnC 74984938952192.168.2.7107.150.23.184

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Aug 5, 2022 20:38:28.829078913 CEST4976838952192.168.2.7107.150.23.184
            Aug 5, 2022 20:38:28.968051910 CEST3895249768107.150.23.184192.168.2.7
            Aug 5, 2022 20:38:28.968183994 CEST4976838952192.168.2.7107.150.23.184
            Aug 5, 2022 20:38:29.106542110 CEST3895249768107.150.23.184192.168.2.7
            Aug 5, 2022 20:38:29.106643915 CEST4976838952192.168.2.7107.150.23.184
            Aug 5, 2022 20:38:30.610466003 CEST4976838952192.168.2.7107.150.23.184
            Aug 5, 2022 20:38:30.614809990 CEST4976838952192.168.2.7107.150.23.184
            Aug 5, 2022 20:38:30.748557091 CEST3895249768107.150.23.184192.168.2.7
            Aug 5, 2022 20:38:41.015100956 CEST4976938952192.168.2.7107.150.23.184
            Aug 5, 2022 20:38:41.150487900 CEST3895249769107.150.23.184192.168.2.7
            Aug 5, 2022 20:38:41.150779009 CEST4976938952192.168.2.7107.150.23.184
            Aug 5, 2022 20:38:41.154351950 CEST4976938952192.168.2.7107.150.23.184
            Aug 5, 2022 20:38:41.285633087 CEST3895249769107.150.23.184192.168.2.7
            Aug 5, 2022 20:38:41.285876036 CEST4976938952192.168.2.7107.150.23.184
            Aug 5, 2022 20:38:41.288777113 CEST3895249769107.150.23.184192.168.2.7
            Aug 5, 2022 20:38:41.420459986 CEST3895249769107.150.23.184192.168.2.7
            Aug 5, 2022 20:38:45.701688051 CEST4977038952192.168.2.7107.150.23.184
            Aug 5, 2022 20:38:45.839704990 CEST3895249770107.150.23.184192.168.2.7
            Aug 5, 2022 20:38:45.839844942 CEST4977038952192.168.2.7107.150.23.184
            Aug 5, 2022 20:38:45.840534925 CEST4977038952192.168.2.7107.150.23.184
            Aug 5, 2022 20:38:45.977673054 CEST3895249770107.150.23.184192.168.2.7
            Aug 5, 2022 20:38:45.977773905 CEST4977038952192.168.2.7107.150.23.184
            Aug 5, 2022 20:38:45.977945089 CEST4977038952192.168.2.7107.150.23.184
            Aug 5, 2022 20:38:45.978037119 CEST3895249770107.150.23.184192.168.2.7
            Aug 5, 2022 20:38:46.117453098 CEST3895249770107.150.23.184192.168.2.7
            Aug 5, 2022 20:38:50.408772945 CEST4977138952192.168.2.7103.240.234.185
            Aug 5, 2022 20:38:53.431035995 CEST4977138952192.168.2.7103.240.234.185
            Aug 5, 2022 20:38:59.431571960 CEST4977138952192.168.2.7103.240.234.185
            Aug 5, 2022 20:39:19.419148922 CEST4979538952192.168.2.7103.240.234.185
            Aug 5, 2022 20:39:22.433531046 CEST4979538952192.168.2.7103.240.234.185
            Aug 5, 2022 20:39:28.449608088 CEST4979538952192.168.2.7103.240.234.185
            Aug 5, 2022 20:39:46.517293930 CEST4980138952192.168.2.7103.240.234.185
            Aug 5, 2022 20:39:49.529542923 CEST4980138952192.168.2.7103.240.234.185
            Aug 5, 2022 20:39:55.530047894 CEST4980138952192.168.2.7103.240.234.185
            Aug 5, 2022 20:40:13.142242908 CEST4984938952192.168.2.7107.150.23.184
            Aug 5, 2022 20:40:13.298645973 CEST3895249849107.150.23.184192.168.2.7
            Aug 5, 2022 20:40:13.299547911 CEST4984938952192.168.2.7107.150.23.184
            Aug 5, 2022 20:40:13.437721014 CEST3895249849107.150.23.184192.168.2.7
            Aug 5, 2022 20:40:13.438057899 CEST4984938952192.168.2.7107.150.23.184
            Aug 5, 2022 20:40:14.466547012 CEST4984938952192.168.2.7107.150.23.184
            Aug 5, 2022 20:40:14.470855951 CEST4984938952192.168.2.7107.150.23.184
            Aug 5, 2022 20:40:14.604657888 CEST3895249849107.150.23.184192.168.2.7
            Aug 5, 2022 20:40:18.694559097 CEST4985238952192.168.2.7107.150.23.184
            Aug 5, 2022 20:40:18.832927942 CEST3895249852107.150.23.184192.168.2.7
            Aug 5, 2022 20:40:18.833086014 CEST4985238952192.168.2.7107.150.23.184
            Aug 5, 2022 20:40:18.836261988 CEST4985238952192.168.2.7107.150.23.184
            Aug 5, 2022 20:40:18.971246004 CEST3895249852107.150.23.184192.168.2.7
            Aug 5, 2022 20:40:18.971388102 CEST4985238952192.168.2.7107.150.23.184
            Aug 5, 2022 20:40:18.974176884 CEST3895249852107.150.23.184192.168.2.7
            Aug 5, 2022 20:40:19.109217882 CEST3895249852107.150.23.184192.168.2.7
            Aug 5, 2022 20:40:23.113821983 CEST4985738952192.168.2.7107.150.23.184
            Aug 5, 2022 20:40:23.250895023 CEST3895249857107.150.23.184192.168.2.7
            Aug 5, 2022 20:40:23.251301050 CEST4985738952192.168.2.7107.150.23.184
            Aug 5, 2022 20:40:23.258479118 CEST4985738952192.168.2.7107.150.23.184
            Aug 5, 2022 20:40:23.388638020 CEST3895249857107.150.23.184192.168.2.7
            Aug 5, 2022 20:40:23.389893055 CEST4985738952192.168.2.7107.150.23.184
            Aug 5, 2022 20:40:23.390088081 CEST4985738952192.168.2.7107.150.23.184
            Aug 5, 2022 20:40:23.395747900 CEST3895249857107.150.23.184192.168.2.7
            Aug 5, 2022 20:40:23.526555061 CEST3895249857107.150.23.184192.168.2.7
            Aug 5, 2022 20:40:27.595036983 CEST4986238952192.168.2.7103.240.234.185
            Aug 5, 2022 20:40:30.745759964 CEST4986238952192.168.2.7103.240.234.185
            Aug 5, 2022 20:40:36.761852026 CEST4986238952192.168.2.7103.240.234.185

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Aug 5, 2022 20:38:28.789407969 CEST6033553192.168.2.78.8.8.8
            Aug 5, 2022 20:38:28.808698893 CEST53603358.8.8.8192.168.2.7
            Aug 5, 2022 20:38:40.773046970 CEST6097853192.168.2.78.8.8.8
            Aug 5, 2022 20:38:40.792588949 CEST53609788.8.8.8192.168.2.7
            Aug 5, 2022 20:38:45.671798944 CEST6355753192.168.2.78.8.8.8
            Aug 5, 2022 20:38:45.700026035 CEST53635578.8.8.8192.168.2.7
            Aug 5, 2022 20:38:50.213223934 CEST6099653192.168.2.78.8.8.8
            Aug 5, 2022 20:38:50.405513048 CEST53609968.8.8.8192.168.2.7
            Aug 5, 2022 20:39:19.397521973 CEST6498053192.168.2.78.8.8.8
            Aug 5, 2022 20:39:19.416487932 CEST53649808.8.8.8192.168.2.7
            Aug 5, 2022 20:39:46.329189062 CEST5985653192.168.2.78.8.8.8
            Aug 5, 2022 20:39:46.515556097 CEST53598568.8.8.8192.168.2.7
            Aug 5, 2022 20:40:13.109174967 CEST5987453192.168.2.78.8.8.8
            Aug 5, 2022 20:40:13.138044119 CEST53598748.8.8.8192.168.2.7
            Aug 5, 2022 20:40:18.658930063 CEST6271153192.168.2.78.8.8.8
            Aug 5, 2022 20:40:18.692895889 CEST53627118.8.8.8192.168.2.7
            Aug 5, 2022 20:40:23.092725992 CEST4917053192.168.2.78.8.8.8
            Aug 5, 2022 20:40:23.112503052 CEST53491708.8.8.8192.168.2.7
            Aug 5, 2022 20:40:27.403865099 CEST6238153192.168.2.78.8.8.8
            Aug 5, 2022 20:40:27.594279051 CEST53623818.8.8.8192.168.2.7

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
            Aug 5, 2022 20:38:28.789407969 CEST192.168.2.78.8.8.80xbd92Standard query (0)trustedvpnconnection.anondns.netA (IP address)IN (0x0001)
            Aug 5, 2022 20:38:40.773046970 CEST192.168.2.78.8.8.80xd24fStandard query (0)trustedvpnconnection.anondns.netA (IP address)IN (0x0001)
            Aug 5, 2022 20:38:45.671798944 CEST192.168.2.78.8.8.80xb572Standard query (0)trustedvpnconnection.anondns.netA (IP address)IN (0x0001)
            Aug 5, 2022 20:38:50.213223934 CEST192.168.2.78.8.8.80x49c3Standard query (0)windowsmanager.freemyip.comA (IP address)IN (0x0001)
            Aug 5, 2022 20:39:19.397521973 CEST192.168.2.78.8.8.80x6697Standard query (0)windowsmanager.freemyip.comA (IP address)IN (0x0001)
            Aug 5, 2022 20:39:46.329189062 CEST192.168.2.78.8.8.80xb66Standard query (0)windowsmanager.freemyip.comA (IP address)IN (0x0001)
            Aug 5, 2022 20:40:13.109174967 CEST192.168.2.78.8.8.80xe3e5Standard query (0)trustedvpnconnection.anondns.netA (IP address)IN (0x0001)
            Aug 5, 2022 20:40:18.658930063 CEST192.168.2.78.8.8.80x1718Standard query (0)trustedvpnconnection.anondns.netA (IP address)IN (0x0001)
            Aug 5, 2022 20:40:23.092725992 CEST192.168.2.78.8.8.80x3794Standard query (0)trustedvpnconnection.anondns.netA (IP address)IN (0x0001)
            Aug 5, 2022 20:40:27.403865099 CEST192.168.2.78.8.8.80xbfceStandard query (0)windowsmanager.freemyip.comA (IP address)IN (0x0001)

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
            Aug 5, 2022 20:38:28.808698893 CEST8.8.8.8192.168.2.70xbd92No error (0)trustedvpnconnection.anondns.net107.150.23.184A (IP address)IN (0x0001)
            Aug 5, 2022 20:38:40.792588949 CEST8.8.8.8192.168.2.70xd24fNo error (0)trustedvpnconnection.anondns.net107.150.23.184A (IP address)IN (0x0001)
            Aug 5, 2022 20:38:45.700026035 CEST8.8.8.8192.168.2.70xb572No error (0)trustedvpnconnection.anondns.net107.150.23.184A (IP address)IN (0x0001)
            Aug 5, 2022 20:38:50.405513048 CEST8.8.8.8192.168.2.70x49c3No error (0)windowsmanager.freemyip.com103.240.234.185A (IP address)IN (0x0001)
            Aug 5, 2022 20:39:19.416487932 CEST8.8.8.8192.168.2.70x6697No error (0)windowsmanager.freemyip.com103.240.234.185A (IP address)IN (0x0001)
            Aug 5, 2022 20:39:46.515556097 CEST8.8.8.8192.168.2.70xb66No error (0)windowsmanager.freemyip.com103.240.234.185A (IP address)IN (0x0001)
            Aug 5, 2022 20:40:13.138044119 CEST8.8.8.8192.168.2.70xe3e5No error (0)trustedvpnconnection.anondns.net107.150.23.184A (IP address)IN (0x0001)
            Aug 5, 2022 20:40:18.692895889 CEST8.8.8.8192.168.2.70x1718No error (0)trustedvpnconnection.anondns.net107.150.23.184A (IP address)IN (0x0001)
            Aug 5, 2022 20:40:23.112503052 CEST8.8.8.8192.168.2.70x3794No error (0)trustedvpnconnection.anondns.net107.150.23.184A (IP address)IN (0x0001)
            Aug 5, 2022 20:40:27.594279051 CEST8.8.8.8192.168.2.70xbfceNo error (0)windowsmanager.freemyip.com103.240.234.185A (IP address)IN (0x0001)

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:20:38:19
            Start date:05/08/2022
            Path:C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe
            Wow64 process (32bit):false
            Commandline:"C:\Users\user\Desktop\3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.exe"
            Imagebase:0xbd0000
            File size:185856 bytes
            MD5 hash:19230DB458718DF6FA70D9817925AC7A
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Yara matches:
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
            • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
            • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.602638271.0000000001070000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000000.334105407.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000000.334105407.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000000.00000000.334105407.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000000.334105407.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000003.343362385.000000001BE11000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000003.343362385.000000001BE11000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000000.00000003.343362385.000000001BE11000.00000004.00000020.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000003.343362385.000000001BE11000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
            • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
            • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.611316790.000000001BDC0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.605781173.0000000003291000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.605781173.0000000003291000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
            Reputation:low

            General

            Target ID:3
            Start time:20:38:35
            Start date:05/08/2022
            Path:C:\Program Files\DHCP Monitor\dhcpmon.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\DHCP Monitor\dhcpmon.exe"
            Imagebase:0x700000
            File size:185856 bytes
            MD5 hash:19230DB458718DF6FA70D9817925AC7A
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Yara matches:
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000003.00000002.400423708.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000003.00000002.400423708.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000003.00000002.400423708.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000003.00000002.400861737.0000000012C90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000003.00000002.400861737.0000000012C90000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000003.00000002.400861737.0000000012C90000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, Author: Joe Security
            • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, Author: ditekSHen
            • Rule: NanoCore, Description: unknown, Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: C:\Program Files\DHCP Monitor\dhcpmon.exe, Author: unknown
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML
            • Detection: 89%, Metadefender, Browse
            • Detection: 100%, ReversingLabs
            Reputation:low

            Disassembly

            Reset < >

              Executed Functions

              Function 00007FF8590C301D Relevance: 1.1, Instructions: 1061COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e18cc714e18274a35d56897485ef9f09f6b4464631b9ecad7c1b358cf2703aaa
              • Instruction ID: 691c6ba7749459aba58dc26fa962a17ab4635a41413ec56cf7b32379f13e0562
              • Opcode Fuzzy Hash: e18cc714e18274a35d56897485ef9f09f6b4464631b9ecad7c1b358cf2703aaa
              • Instruction Fuzzy Hash: C6722471A1CA8A4FFF59DF288454778BBD1EF5A390F5808BAD44AC72D2DF28E8458740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CED0A Relevance: .9, Instructions: 929COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4bf7631efbd2f42bdb1ade1bdc808d82258d3aba87b0d01ac7d3527bf01cd2fe
              • Instruction ID: 1762175dc5ef45a0b7097de74afd62c0d15e1073b9fbc1f8ad94db1f22e79f8d
              • Opcode Fuzzy Hash: 4bf7631efbd2f42bdb1ade1bdc808d82258d3aba87b0d01ac7d3527bf01cd2fe
              • Instruction Fuzzy Hash: F452E43061C6494FEB45EF28C485AB97BD1FF59350F5809B9E94AC7283DF28E846CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C9A3D Relevance: .8, Instructions: 778COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fdd9b2f237269df104d666d1ee688b90ff3dc6024e7ef420af98a55e9e7e7e9e
              • Instruction ID: 7d1e427c2ef947642d4e84857d35b3caa64209b054c7a7f32699f03b1539649b
              • Opcode Fuzzy Hash: fdd9b2f237269df104d666d1ee688b90ff3dc6024e7ef420af98a55e9e7e7e9e
              • Instruction Fuzzy Hash: 1C52CB70908A8D8FDFA5EF28C888BE97BE0FB29351F14456AD84DCB251DB35E585CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C1B71 Relevance: .4, Instructions: 430COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a875b7e0f97c03866c17ca99095a454016d7a4373a9e7134e051bb937e2620c
              • Instruction ID: f966323a8aa156cc29139c99b204707c1f2796129d5a9d17d52a17eaea154ba5
              • Opcode Fuzzy Hash: 3a875b7e0f97c03866c17ca99095a454016d7a4373a9e7134e051bb937e2620c
              • Instruction Fuzzy Hash: 89D16470A08B8D4FEB95EF2884987B87BE1FF1A351F1500BAD44ECB2A2DF3498458751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CADD5 Relevance: .3, Instructions: 319COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 519722454f60d1fd7a1f8aaafca3cd5d8251d9fd32db70f42ea946a9677f1146
              • Instruction ID: 0c9ea8d003a6c69c048125e78e979abaab51b8a24129caec329b87145edb54aa
              • Opcode Fuzzy Hash: 519722454f60d1fd7a1f8aaafca3cd5d8251d9fd32db70f42ea946a9677f1146
              • Instruction Fuzzy Hash: D0911861E1CA490FEF48AB3C48567B9BAC1EF453A0F58047AE50EC72D3DE28E8464781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C41D1 Relevance: .3, Instructions: 311COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 66be4082ddd0878417faef49c85650b95611dcaf06fe325b02a766332b6b5f73
              • Instruction ID: 0278003c799b53739ee890e909e2a420949da8421436bd54495b4c69375abe0e
              • Opcode Fuzzy Hash: 66be4082ddd0878417faef49c85650b95611dcaf06fe325b02a766332b6b5f73
              • Instruction Fuzzy Hash: 8E91F420A18A4E4FEF95DF2844557BDBAD2FF99390F940579E44EC7192DF28E8458380
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CE862 Relevance: 2.7, Strings: 2, Instructions: 240COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID: gfff$gfff
              • API String ID: 0-3084402119
              • Opcode ID: e9b10adfd88d4a5197cdfbd5ccfa9c1f78dd9724841ce0cd906c9254b8a9443e
              • Instruction ID: 8ae04a6c50c6eadbfd83e1f6f59a7eeaa318b11fc274268394377ee191abfdae
              • Opcode Fuzzy Hash: e9b10adfd88d4a5197cdfbd5ccfa9c1f78dd9724841ce0cd906c9254b8a9443e
              • Instruction Fuzzy Hash: 58611421A0D6860FE74D9A3C98956787FD1EB9A350F0C45FAE44ACB2E3DE18DC4A8341
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C2B2D Relevance: 1.5, Strings: 1, Instructions: 282COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID: 9
              • API String ID: 0-2366072709
              • Opcode ID: ce43352c5d119db7b206a5bea8b5970a22fd500f2ed3f3f3ce763272ae6c1071
              • Instruction ID: b94d815bf2f8f38d14201bf72287ad9d8c5cd43cf251cebbb8f7c5410181a486
              • Opcode Fuzzy Hash: ce43352c5d119db7b206a5bea8b5970a22fd500f2ed3f3f3ce763272ae6c1071
              • Instruction Fuzzy Hash: 4FA14E70908A898FDB95EF2CC084AA9BBE0FF69315F14496EE48DC7252EB35D446CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D1B49 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID: 9
              • API String ID: 0-2366072709
              • Opcode ID: fe20880960916bc98c4e94786d6eb3345719507bce5a5aa3828b0ccc127a171a
              • Instruction ID: 7dddcf909582d8c8d136137a1948a5bcbd2d5f95a0c8063502ba4ef9467946ab
              • Opcode Fuzzy Hash: fe20880960916bc98c4e94786d6eb3345719507bce5a5aa3828b0ccc127a171a
              • Instruction Fuzzy Hash: D751C621F0C6864FEBC9B77850A567D6BD2AF9A2A4F4C04BAD04ECB1C7DE2CE8454741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C139D Relevance: .6, Instructions: 615COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f1d8f615f8662691be2bce7a2b66b1aaaf49d966ddfc83cde1cbe36e66ff0f0f
              • Instruction ID: a5279ad6ae6a8682af1f855c2e262e6c812a66197adc4ce7bf27845eab04e95d
              • Opcode Fuzzy Hash: f1d8f615f8662691be2bce7a2b66b1aaaf49d966ddfc83cde1cbe36e66ff0f0f
              • Instruction Fuzzy Hash: CE02C961B09A895FEBC5EB3C8499678BBE1FF59350B4804BAD10DC7293DF28DC4A8711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C0D48 Relevance: .6, Instructions: 570COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 658262e1d3a4cd2e0bd422e63e7e31124775252844a9f85c2b60cc718aad759d
              • Instruction ID: 45f2bfdb6de6577f46067e564fb72cbd6ff61db6a75ca7c10ed9c0e69391d586
              • Opcode Fuzzy Hash: 658262e1d3a4cd2e0bd422e63e7e31124775252844a9f85c2b60cc718aad759d
              • Instruction Fuzzy Hash: 56E10720B1CA8A4FEB85EB3884996B9BBD1EF59361F1804BED44DC31D3DF58E8468741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C6DF5 Relevance: .4, Instructions: 447COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e23f3b3b959ebfa1e69528daa984a116a7e1b6937dbc51250857aee640f5a83f
              • Instruction ID: ba2871084143faf68a51c442711fb37f6f1493a634b38e49a7e1df9780712b04
              • Opcode Fuzzy Hash: e23f3b3b959ebfa1e69528daa984a116a7e1b6937dbc51250857aee640f5a83f
              • Instruction Fuzzy Hash: CED1C920A0C7894FEB45EB3C8455679BBE1EF5A350F5804BAD44EC71E3DE28EC458751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CC175 Relevance: .4, Instructions: 417COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: deb92e30215be832a1bb7727c2b24ea93cca340951d38088ed32d975bab508d3
              • Instruction ID: cbf84c22c530f0c793c592311f8aecef9409a17de8e2cf5db5b54280f36bf9ae
              • Opcode Fuzzy Hash: deb92e30215be832a1bb7727c2b24ea93cca340951d38088ed32d975bab508d3
              • Instruction Fuzzy Hash: 44C1D420B1C99A4FEF98AA3C905937DBAC1EF597A0F5808B9E44EC71D3DE28E8454345
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C27DD Relevance: .4, Instructions: 405COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6abb67bf2ed6424f9b3e52bcd7d6f7eb892a374ba380423009f8178b9bbc61eb
              • Instruction ID: 7f697c001b71bd8b35f11d41fce3bc652a7173fdd377f590203a5149ddaa5c28
              • Opcode Fuzzy Hash: 6abb67bf2ed6424f9b3e52bcd7d6f7eb892a374ba380423009f8178b9bbc61eb
              • Instruction Fuzzy Hash: 50C1E46190D7C94FE756EB2C84497B9BFD0EF56360F1808BAC08DC7593DF2498498752
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C5169 Relevance: .4, Instructions: 392COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 555d2266e857745c96b10f58a65446e165f3162ef42d6297557f99da37821e6d
              • Instruction ID: 587cb0e6dee2f34fb65c32e8976f587c1812a09e4772160ebb88b4d8898f050a
              • Opcode Fuzzy Hash: 555d2266e857745c96b10f58a65446e165f3162ef42d6297557f99da37821e6d
              • Instruction Fuzzy Hash: B8D17F3460CA4A9FDB44EF2CC088965B7E0FF68355B540A79E44EC7692EB35F8568B80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CE011 Relevance: .4, Instructions: 386COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 20fc6cf4479a743de8c9a2a1acf75986c225bf04eb486ffc210b162d16959aee
              • Instruction ID: 676a2be0e482cbc7f33989832e9d508f61ac3536d62fd977fd72de01a79863d9
              • Opcode Fuzzy Hash: 20fc6cf4479a743de8c9a2a1acf75986c225bf04eb486ffc210b162d16959aee
              • Instruction Fuzzy Hash: 37B19221B18A4A4FEBC5EB3C84596B9BBD1FF99350F54057AD14EC3297DF28E8068381
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CB879 Relevance: .4, Instructions: 382COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9392dd7d52783b038f0f091f1e27116a4f5fb67c12fc812a0d535528b2b6d352
              • Instruction ID: c88fde2798af04528a9d66fb2c16f0dfaa5847ee4bbdcdfd95bc13176eb40e06
              • Opcode Fuzzy Hash: 9392dd7d52783b038f0f091f1e27116a4f5fb67c12fc812a0d535528b2b6d352
              • Instruction Fuzzy Hash: 40D1FD70908A498FDBA4EF28C088B65BBE1FF68351F5449BED44DCB256EB34D485CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C0491 Relevance: .3, Instructions: 321COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c9aa8745a53d0415114c99695a23248878ea7bbf83a4d96de8e467f634634fb0
              • Instruction ID: 953ba2bc063290fa12c2ea17a57d91cef0b3d1d3095e030842d3f91fba048bd8
              • Opcode Fuzzy Hash: c9aa8745a53d0415114c99695a23248878ea7bbf83a4d96de8e467f634634fb0
              • Instruction Fuzzy Hash: 55917131A18A4A8FEF98EF28845577A7BE1FF59350F580479E00EC7192DF28E845CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D58F0 Relevance: .3, Instructions: 306COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 04c49bc98d691ae995ffc6e28b00b386acbc3046c28d65b2074368dd1df5d63d
              • Instruction ID: 9c3c70ba8db666395d6293684332363404fc03f5c6a774a284f934c26360343a
              • Opcode Fuzzy Hash: 04c49bc98d691ae995ffc6e28b00b386acbc3046c28d65b2074368dd1df5d63d
              • Instruction Fuzzy Hash: 27A1807090DB894FEF95EF3888546B87BD1EF1A3A1F1804BAD84DCB196DF34A8488741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CF6D1 Relevance: .3, Instructions: 288COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f1eb3b90974cc0ec11491dc650b1a2e8b445a82292e0307aa0c8570c0df0fb99
              • Instruction ID: 057be800443ed45c5489a7c794b86c4e232f5f7e8a80549e0c287bb00603253f
              • Opcode Fuzzy Hash: f1eb3b90974cc0ec11491dc650b1a2e8b445a82292e0307aa0c8570c0df0fb99
              • Instruction Fuzzy Hash: 0C71247190D6864FEB0A9F28D4847A0BFA0FF16364F5D09FAD149CB1D3DA58D88AC381
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C61A5 Relevance: .3, Instructions: 278COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5f80a8fb6366ba12d5015abacf5bf6126e0d1d410298881bbe9cb56a32b1988d
              • Instruction ID: a362758e37fd9feb49d0a510a9e6a591001946c6732d3523635ab2d6531b108e
              • Opcode Fuzzy Hash: 5f80a8fb6366ba12d5015abacf5bf6126e0d1d410298881bbe9cb56a32b1988d
              • Instruction Fuzzy Hash: F4919E70918A894FEB76EF2898557E87BE0FF4A310F4441A9D84DCB293DF34AA458781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CB431 Relevance: .3, Instructions: 276COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0632d027ad1c8a49eb1605d9c314e5a71001b0422c3748746e6040db827f27e6
              • Instruction ID: 2a612d2484741f7296cf0a565511d075cf9db36d322459f47e2bfb39d3f43f8d
              • Opcode Fuzzy Hash: 0632d027ad1c8a49eb1605d9c314e5a71001b0422c3748746e6040db827f27e6
              • Instruction Fuzzy Hash: 1FA17870908A8D8FDFA5EF28C888BE83BE0FB28355F54456AD84DCB252DB35D585CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C5B65 Relevance: .3, Instructions: 272COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d6e0943b1b18a24dfbed91e7b3d5134ef3e1198ce787b72bb4c63962e3ffc1b8
              • Instruction ID: 9b805475f383f0aba6b7997a679f6759cb5f3017a0dca1babdd8cbcff00f2e88
              • Opcode Fuzzy Hash: d6e0943b1b18a24dfbed91e7b3d5134ef3e1198ce787b72bb4c63962e3ffc1b8
              • Instruction Fuzzy Hash: 0B81947190DB884FEB85EB388459B69BBE0EF5A341F5805BED08DCB2A3DE24D845C711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D2C25 Relevance: .3, Instructions: 262COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c3b78b3cbe0233ee6686afac329c71c4048ee01a82d0396c76e432c414ec44c4
              • Instruction ID: c0f7dc38017269bd696f0a3c00d7293c2c07315e4d0d3a4f61be1732cf5029d8
              • Opcode Fuzzy Hash: c3b78b3cbe0233ee6686afac329c71c4048ee01a82d0396c76e432c414ec44c4
              • Instruction Fuzzy Hash: 2771A311B0CA8A0FEF99AB3C58567B87BD1EF95351F5444BED14DC3297DE28A80B8344
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CC765 Relevance: .2, Instructions: 231COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8d55fffa29b61596cf9f7f44ed7f227e062cd6ceb716f1ea3e6ad163a7232152
              • Instruction ID: e85663c87f6fc9532ccc52bae1feb6997da892cec1bad290fc8c20718168fe68
              • Opcode Fuzzy Hash: 8d55fffa29b61596cf9f7f44ed7f227e062cd6ceb716f1ea3e6ad163a7232152
              • Instruction Fuzzy Hash: E561AF3191C9A94FEB056A38884DAB8BBD0EF173B0F290DB9D45DC71E3DE19E8498641
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C3EE4 Relevance: .2, Instructions: 230COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 673f0096aa953d3c9d155b3ad14e8a16125d76a3958120defa20f8f4ec558935
              • Instruction ID: 24eee067deefe342b23407ab0cf95be6c3bc26f84cbdf3899bd3411c3ac06bae
              • Opcode Fuzzy Hash: 673f0096aa953d3c9d155b3ad14e8a16125d76a3958120defa20f8f4ec558935
              • Instruction Fuzzy Hash: 365101B968918B0FEF68DF29A4892B07BD0EB15315F1875BDD44BCB2C3DE2994068341
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C92E9 Relevance: .2, Instructions: 224COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e6025a75de902cc97a100958d17992b28d07c875e4c66d42afa8bff3f1394777
              • Instruction ID: 4b18e21dba01aeff379d8fb3c355745eba96e404996c3cb634037f9130af86ba
              • Opcode Fuzzy Hash: e6025a75de902cc97a100958d17992b28d07c875e4c66d42afa8bff3f1394777
              • Instruction Fuzzy Hash: 93716F70908A8D8FEFA5EF2888897F97BE0EF19351F14057AD85ECB292DF3495448741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C2D99 Relevance: .2, Instructions: 222COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8ff48d4e26d715ef166e8e99ea174c26c2509c555cc454e6768ab1864495e253
              • Instruction ID: 414b3a73063ef97ace36c273ce02e38c122db86fb7779e5b7dc6d01bfeafdb73
              • Opcode Fuzzy Hash: 8ff48d4e26d715ef166e8e99ea174c26c2509c555cc454e6768ab1864495e253
              • Instruction Fuzzy Hash: 09511879A49A8F8FFF95DF3DA4942746BD1EF68350B0835B9C00ACB6D6DE25C8094700
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CE195 Relevance: .2, Instructions: 217COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b1cc7d6957aff216fec4b813e9840ef9eb298e7a844719ae87d0488efea70573
              • Instruction ID: bc5a14d44f966c6f065f10e61217e409eca395c96ded825a346e240498e928bd
              • Opcode Fuzzy Hash: b1cc7d6957aff216fec4b813e9840ef9eb298e7a844719ae87d0488efea70573
              • Instruction Fuzzy Hash: 4D619621A18A465FEBC5FB388459BB5AB91FF98350F84587DD14EC32C7DF28E80A8744
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C740B Relevance: .2, Instructions: 216COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 182870a38562a05a151decfae2ca02b9fc7fbc54ddb00cb27a09af901f9d4865
              • Instruction ID: 8989b6ffac002119fd4b0d0a9b416c3c6276d9aa1e1ad738110dbfdb8a2ab2a4
              • Opcode Fuzzy Hash: 182870a38562a05a151decfae2ca02b9fc7fbc54ddb00cb27a09af901f9d4865
              • Instruction Fuzzy Hash: 2A618E70909A8D8FEF95EF3888596B97FD0FF29350F5804BAE409C7192EF28E8458741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D5431 Relevance: .2, Instructions: 212COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f6052794884dea90d3bce8db9b02c22ccacf3edece1229eb987fa05565018b2
              • Instruction ID: 522f8da644d1cd01e10de7c7a5600cb2c248d4ae9838d07fe7a4830151e464dd
              • Opcode Fuzzy Hash: 3f6052794884dea90d3bce8db9b02c22ccacf3edece1229eb987fa05565018b2
              • Instruction Fuzzy Hash: 3B71C33060CA865FDB49DF388454BA4BBE1FF05354F5845B9D41EC7196CF28E8098B81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C3CED Relevance: .2, Instructions: 205COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 417a885ce5b63bc29c7f89f6ce1049a499562579ea7adf0a31a1a45e34116866
              • Instruction ID: d203bdf8ceee610e1d8fa64cc016a68adc400b071fd7121f41d90f1975b6faa6
              • Opcode Fuzzy Hash: 417a885ce5b63bc29c7f89f6ce1049a499562579ea7adf0a31a1a45e34116866
              • Instruction Fuzzy Hash: 09510820A1DB850FDB59AB7C58D5A757BD1EF5A360F1908FAE04ACB1D3DE18EC0A8341
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D4081 Relevance: .2, Instructions: 204COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 25661659ff05ea621eef30350dbfdca1887a5557dc6a19c935d526432d752b28
              • Instruction ID: ab617ec7afbf58f6fe0c4add11eec98e0dedf5dda48d41f58cc06250bdcc33fa
              • Opcode Fuzzy Hash: 25661659ff05ea621eef30350dbfdca1887a5557dc6a19c935d526432d752b28
              • Instruction Fuzzy Hash: C751C131A18B884FEB85EB3C8459679BBE0EF5A340F4904BAE44DC72A3DE29D8458741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CA529 Relevance: .2, Instructions: 203COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5cc421d712a3cd8323035e8ec7de85cd6bb4f21857192c725c95975fcac3f0ee
              • Instruction ID: fed3b216b5a77087146570ca7213d6661dd81bee155639971286eddfa7a43818
              • Opcode Fuzzy Hash: 5cc421d712a3cd8323035e8ec7de85cd6bb4f21857192c725c95975fcac3f0ee
              • Instruction Fuzzy Hash: 1C51D851E1DBD90FEB86A63C185A2786F91DF9A7A0B4D00FBD04DC72D3DE18AC4A4351
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C5504 Relevance: .2, Instructions: 202COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 58577397c7dc4455d221d8a382c534f7cd047103e6b25ddd30ba15d4152e7cd7
              • Instruction ID: 6a78cb8280e2729415623a3870629f11df2dd68f4d538b2a58d3894df8d85a84
              • Opcode Fuzzy Hash: 58577397c7dc4455d221d8a382c534f7cd047103e6b25ddd30ba15d4152e7cd7
              • Instruction Fuzzy Hash: CE512525A0CACA0FEB599A3C54992B47F91EF56760F1C09BAE049CB1D3DF18E84A4341
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D1988 Relevance: .2, Instructions: 199COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 42556c6696300acaa671cd43c2febb2e53b34dca944b788ee49d32a154f215de
              • Instruction ID: 6dc30c908c676f32ee50b23ce011b98fbb380445f9f683914bfbcd6404eef345
              • Opcode Fuzzy Hash: 42556c6696300acaa671cd43c2febb2e53b34dca944b788ee49d32a154f215de
              • Instruction Fuzzy Hash: A7518551E0DBC90FEB9AAA3C58566757BE1DFAA750F1C04FAD089C72D3DE14AC098342
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C5190 Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 97f980bc207b544f454d5a322f1575c2b4f8f06020f9d0067d7e5ab3ea03a36b
              • Instruction ID: ed4a4b8ec4ab89914059a9ee8a207ed2ac7e493fd8bc9f1d5d01599672867720
              • Opcode Fuzzy Hash: 97f980bc207b544f454d5a322f1575c2b4f8f06020f9d0067d7e5ab3ea03a36b
              • Instruction Fuzzy Hash: 92516D7160CA4A9FDB48EF1CC488875F7E0FFA8355B54067EE44AC3252EB25E8468B85
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D38DD Relevance: .2, Instructions: 189COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cc5aa26682e23299a5aadbf1ff7acb6126d226780fdd61918534b16286634e47
              • Instruction ID: 6539f2ca26468818a172e36d13108d343c25e32c5bf6e257fb8f6888270e4ee2
              • Opcode Fuzzy Hash: cc5aa26682e23299a5aadbf1ff7acb6126d226780fdd61918534b16286634e47
              • Instruction Fuzzy Hash: A351F63160CB8D4FEB699E1C98457F937D0EB59361F18057AE48DC7282DE38E94A8781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D33D2 Relevance: .2, Instructions: 188COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 47180846b15ec33deff09f908fe4b912a38b97e49e9d84d95d852865be4ba061
              • Instruction ID: e1ec61610432a097af7a9fa62232a78b24b0104cbeead5b499fea59d37a00010
              • Opcode Fuzzy Hash: 47180846b15ec33deff09f908fe4b912a38b97e49e9d84d95d852865be4ba061
              • Instruction Fuzzy Hash: A951A561A1CBC60BEB599B2894523B97BD1FF45354F5844BDE08EC72C3DF2CA8068746
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CCAF1 Relevance: .2, Instructions: 181COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2879bad308d8b06ca1c61ffdfe15603f5b5bcc30e022843f467c57fd77433031
              • Instruction ID: 283eb4d3f28ad725616baefe201c034414692a0c8d6b4242f3a1264091989891
              • Opcode Fuzzy Hash: 2879bad308d8b06ca1c61ffdfe15603f5b5bcc30e022843f467c57fd77433031
              • Instruction Fuzzy Hash: 2851D521A0E7D54FEB86E77848696647FA1EF5B260F5C08FAC08DCB1A3DE189C49C311
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C3F00 Relevance: .2, Instructions: 179COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d612479d95c810b1bfe4364e378c2fa193f64b9abd352382671e0bc8f6148ef
              • Instruction ID: 5b801d760a546b73cde73fb86ed1c797e893b58e13a8a1442412718fa039da42
              • Opcode Fuzzy Hash: 1d612479d95c810b1bfe4364e378c2fa193f64b9abd352382671e0bc8f6148ef
              • Instruction Fuzzy Hash: E6411FBD69410B0BFF6CDF2EE4852B576D0FB1831AB14327DD44BCB282DE29E8064640
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D2F1C Relevance: .2, Instructions: 177COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1791aea76a1f916b5683a3a7d1d1f28a4054c45e139545d9911415882c40a113
              • Instruction ID: 67224d2e7f2d6ecc1ddfc0582d1f001db261eff8bd77f2ba32fb7ec9d396886d
              • Opcode Fuzzy Hash: 1791aea76a1f916b5683a3a7d1d1f28a4054c45e139545d9911415882c40a113
              • Instruction Fuzzy Hash: 5F51812091CB8A4FFF54AA285855B797BD4EF093A4F684DFAD41EC31D2DF28E8448681
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CD131 Relevance: .2, Instructions: 171COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 33461f08f548a0dcfa7b18fa6caa40fbf83b48b0e17ece5103f1ed97a38ddeaa
              • Instruction ID: e0d05fc3c80717f414b23692cdcdf347fc0b51c3464d7796486f217a57ec5cc9
              • Opcode Fuzzy Hash: 33461f08f548a0dcfa7b18fa6caa40fbf83b48b0e17ece5103f1ed97a38ddeaa
              • Instruction Fuzzy Hash: 9851F661D0D6C65FEB959B38545A2B4BFA0EF65350F0C05FAC1088B1D7DF29A80B8741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C7B75 Relevance: .2, Instructions: 169COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 781bfe8e6a09ffdf048a240566a4ecc375504cf4922cf934c5679eff94017a01
              • Instruction ID: ecb57b9964062ffce9c35829e9505b5b3bee1f1b0cd086aa820ca0f0fcbfa1f6
              • Opcode Fuzzy Hash: 781bfe8e6a09ffdf048a240566a4ecc375504cf4922cf934c5679eff94017a01
              • Instruction Fuzzy Hash: 30411831A1C58A8FEB999F2C58953B97BD1EF58360F1D057EE00EC71D2DF28A9458381
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C721D Relevance: .2, Instructions: 168COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2aff860166dbc9972504432ea8be6c773c00c7b9752364fafa7f522b90db75c0
              • Instruction ID: 01feb6cfdaa5cdb73370d26ee9ecf0661f2b97f12420d10e5db8b9c34c7bb411
              • Opcode Fuzzy Hash: 2aff860166dbc9972504432ea8be6c773c00c7b9752364fafa7f522b90db75c0
              • Instruction Fuzzy Hash: 47414921A1D6CA8FEF54AE384495279BBD0EF0A3A0F5C08BAD94FC71D3DE18E8494341
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D59EA Relevance: .2, Instructions: 167COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f0f001f924dcaa40abc407d433536a7f893a92cfce46506023f6a32ec528f536
              • Instruction ID: deb83f9910203e8a252fcd7a20d90eebadac92082fd1d9f37cea2bc2f7edd60e
              • Opcode Fuzzy Hash: f0f001f924dcaa40abc407d433536a7f893a92cfce46506023f6a32ec528f536
              • Instruction Fuzzy Hash: 2C51A021A0DB8A4FEF95AF3888547B87B91EF5A391F5804FAD44DCB193DE28E8058741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CD985 Relevance: .2, Instructions: 165COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 493b4ca9fad2700583c9ccd6b928f00b9133999844225161daf3daa96d388828
              • Instruction ID: 62e2c8446a24bd14818e2c85914bf447715032a94ee5b86a1a1f09d089be14c4
              • Opcode Fuzzy Hash: 493b4ca9fad2700583c9ccd6b928f00b9133999844225161daf3daa96d388828
              • Instruction Fuzzy Hash: C5518170918A8D5FDB91DF288895BE97BE1FF5C350F4905AAE44DC7292CB38E805C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C8CF5 Relevance: .2, Instructions: 162COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e99159d9d11189fc18e1d82f8e82337325e21f252691039ba9621887a99b3d8a
              • Instruction ID: 3f765aaee885c6d58ff567a154768db6ca8618fe470764ad500c780ee9b9f090
              • Opcode Fuzzy Hash: e99159d9d11189fc18e1d82f8e82337325e21f252691039ba9621887a99b3d8a
              • Instruction Fuzzy Hash: 4E411521E0D6C68FEB959E6848552B9BFD0EF657A0F1C04BAD90DC71C2DE2CE8094741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CC021 Relevance: .2, Instructions: 160COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be906caa62ca308f3b94a9238e8cd0d2489ab1a93c56fca85ef34436f8a0db1c
              • Instruction ID: a0b19b7c3f880d3d7bbd6ddc427a80ec39faf08047dde4726eeb76596c523495
              • Opcode Fuzzy Hash: be906caa62ca308f3b94a9238e8cd0d2489ab1a93c56fca85ef34436f8a0db1c
              • Instruction Fuzzy Hash: 2241E77190DA994FDB54DF28C8455B97BE0FF1A360B18097EE84AC3293DF24E8458781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CAA6E Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fa647705f21eefd8cbf88253142e1ded9837d25081bbb21a96dd0ad150dee2b4
              • Instruction ID: 1120378e15aa6d2ee5877e9212b2a58c8f510344ec8c87c7e9ed92bbfddc9b81
              • Opcode Fuzzy Hash: fa647705f21eefd8cbf88253142e1ded9837d25081bbb21a96dd0ad150dee2b4
              • Instruction Fuzzy Hash: A0416D20A2CA9A4FEB59DF288455778BBE2FF49351F4444BAE40EC7197CF28EC458781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D3C25 Relevance: .2, Instructions: 152COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 577a15c2162be935dfd3bfb6bb9e4376a10822b42f7821dd2bc4ba40c0920aa0
              • Instruction ID: 68f37eb30853117deba86aa3055f61582bd61338c1956badb7f70a6e4d5fc392
              • Opcode Fuzzy Hash: 577a15c2162be935dfd3bfb6bb9e4376a10822b42f7821dd2bc4ba40c0920aa0
              • Instruction Fuzzy Hash: 04518230A0C6878BEF989F2484807B5B7D5FF453A4F2859B9D41EC61C2DF28F8598781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D2A65 Relevance: .2, Instructions: 151COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 12567fea75b2eb054473507be5adcef103ce83d853d388ac2ef87c999d618bbd
              • Instruction ID: d46f0ae5458adf2865214609ad9edf644f326a4f6181a88e7d28d9a72c7229b6
              • Opcode Fuzzy Hash: 12567fea75b2eb054473507be5adcef103ce83d853d388ac2ef87c999d618bbd
              • Instruction Fuzzy Hash: 27418E21A0CACA5FEF559E2C98507B97B95FF453B0F1809FAD05EC71D2CB68E8098781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C7FAD Relevance: .1, Instructions: 147COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 174cb36aee6e07a3bf60ef70f6ce40111a2ec53d347e9467129c2f1ac89577c3
              • Instruction ID: 076b6779223a99a4c3c2a87e5afd47b486f033d1f65af40dd5d0ea03ccfed69f
              • Opcode Fuzzy Hash: 174cb36aee6e07a3bf60ef70f6ce40111a2ec53d347e9467129c2f1ac89577c3
              • Instruction Fuzzy Hash: 6C41E73170CA550FEB48AB2C5C5AAB97BD1EF49760F5A00BEE40EC72D3DD18AC064395
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D1716 Relevance: .1, Instructions: 140COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c09b046db0484ea2faea7f0a145e2504631d53fac517671e2d4c257f68944635
              • Instruction ID: ad18b477780f733e1b14adb40953c2e7b70efe4b6965b58dcff0002976639c71
              • Opcode Fuzzy Hash: c09b046db0484ea2faea7f0a145e2504631d53fac517671e2d4c257f68944635
              • Instruction Fuzzy Hash: 5F41AD7180D6CD8FEB85DF28C5446B93BE4FF1A291F5805EAE44ECB0A2DF28D5898740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D12D0 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2efa554baa04553087a20cc6cb0a0a8252e488c34134d26ae313d0a8db523bb0
              • Instruction ID: ddc5303c37d562867fc0cff3f90d7ed99bf0f1aeb120cd706995e4e19bb7ab51
              • Opcode Fuzzy Hash: 2efa554baa04553087a20cc6cb0a0a8252e488c34134d26ae313d0a8db523bb0
              • Instruction Fuzzy Hash: 1441E420A0D7CA4FEB99EA3858156787B95EF46394F5808FAD04ECB4D3DE28E8488351
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CBD48 Relevance: .1, Instructions: 134COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e88dca869b93900c69f0bbd35cbf4385195d0dddd129c6ca42f6c27e90ced4c9
              • Instruction ID: 471210ffa273256615dd36fb5c06f8241c9f39df90bc79a8b3a118b766046651
              • Opcode Fuzzy Hash: e88dca869b93900c69f0bbd35cbf4385195d0dddd129c6ca42f6c27e90ced4c9
              • Instruction Fuzzy Hash: 1D41FA3191CB898FEB82FB38849466ABBD0FF5A780F49057AE54EC7192DF24D844C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C2020 Relevance: .1, Instructions: 132COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f98337f9f18c61fc7f4a2720c7f945a5acc0a72c8e3552c8568c566f3f610fbd
              • Instruction ID: 9646bb9685d50487837558f2e4e0f70ecc601950d110e22f06f724787b1412ba
              • Opcode Fuzzy Hash: f98337f9f18c61fc7f4a2720c7f945a5acc0a72c8e3552c8568c566f3f610fbd
              • Instruction Fuzzy Hash: CA41D070608A8D8FDF95EF2CC494BA47BE1FF59341F5500AAD44DCB292DB34D8458751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D526E Relevance: .1, Instructions: 131COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 72874752cbfccd06971a15e08340afb677c675e9996262311f5e6703b4a88723
              • Instruction ID: c2c9d65f9f675052d743cbe666514c50e7aa23fa88fcf16dcf9f19c844170731
              • Opcode Fuzzy Hash: 72874752cbfccd06971a15e08340afb677c675e9996262311f5e6703b4a88723
              • Instruction Fuzzy Hash: 9B41C22090D7C64FEB929F2498557B93FE4AF07260F4D48FAD84DCB097CB689809C792
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D3EDE Relevance: .1, Instructions: 131COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9cf3508b00992db80e16dbc96515834678a06d7949d7e1a7c22e10b4e67b3e3b
              • Instruction ID: b4433ed1b8dd669d9106294dc3da228ae9d29eab2ff11c7d009162b97613435e
              • Opcode Fuzzy Hash: 9cf3508b00992db80e16dbc96515834678a06d7949d7e1a7c22e10b4e67b3e3b
              • Instruction Fuzzy Hash: DE41902090D3CA4FEB929F3488547B53FA4EF46254F5948FAE44ACB093DB28D909C752
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C582D Relevance: .1, Instructions: 131COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4dddd31122c60f04b607a77b107ec272d5a314e0f4bdfef3877d34222bdaf87d
              • Instruction ID: 3e76b2d64fb62cb902b4cbbfbbb5b4eed77839ec99867d8593631f07d9e68c23
              • Opcode Fuzzy Hash: 4dddd31122c60f04b607a77b107ec272d5a314e0f4bdfef3877d34222bdaf87d
              • Instruction Fuzzy Hash: 83313056E1D78A0FF745A638149B2B97BD0EF566B1F5800BAE54EC71D3DF08D80A4283
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C684D Relevance: .1, Instructions: 131COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c276362e7ccb6c64f34320587ca095136f92bfa0ae13437a870749acbf0229a5
              • Instruction ID: 13c0989898f2ea64418126e61ea3f79fea80298cecdc738b251f04150b6cd544
              • Opcode Fuzzy Hash: c276362e7ccb6c64f34320587ca095136f92bfa0ae13437a870749acbf0229a5
              • Instruction Fuzzy Hash: DD319521A1C78B4FEB559F3844692BDBED1EF452A0F5809BEE10EC7193DE28D8084341
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C5EC5 Relevance: .1, Instructions: 130COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b083e1a76fd29a894025a6a4d2b435c526623413bc15b447c6835f068554f64d
              • Instruction ID: effc4257684481a9700c337e7058f74b7fc5e7f55fea0d2050086b809cd1e10c
              • Opcode Fuzzy Hash: b083e1a76fd29a894025a6a4d2b435c526623413bc15b447c6835f068554f64d
              • Instruction Fuzzy Hash: 1241917060DB895FE785DF188494B6ABBE0EF99350F5405BEF489C7292DF38D8058741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C6011 Relevance: .1, Instructions: 127COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 87a0f1d27942b25774c900be550f95678a99a14c320ea03fad388248dc68d8d1
              • Instruction ID: f55afbb837efb66acccdeb4228d8abde0cc25a3cbfa0d589803b5214ab5f603a
              • Opcode Fuzzy Hash: 87a0f1d27942b25774c900be550f95678a99a14c320ea03fad388248dc68d8d1
              • Instruction Fuzzy Hash: B841B470518A8C8FDBB5DF28C84A7E93BE0FB1A311F54406AD84DCB293CA749549C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C4320 Relevance: .1, Instructions: 126COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 31f819460327687b5f9a07784944a05d86a28091955c099e11f7adbcf1b082f4
              • Instruction ID: b7dc68f1e9e932384ceb04c84f7f2869ec53ed93671f7da6dc486a5e9a3906b5
              • Opcode Fuzzy Hash: 31f819460327687b5f9a07784944a05d86a28091955c099e11f7adbcf1b082f4
              • Instruction Fuzzy Hash: CF31A210B18A5A4BEF95EB2C48457BD72D2EFD9680F944575E04ECB2E7EE2CF8424380
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D5760 Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 41e9c39f80a65f3d351fbd6032ad13392ed6c9a7db6f909d2c0c50323469d5e6
              • Instruction ID: 12b7c2b36e28387704cc0d4c4215e36f82cf5282424a7274bd451e73706f1698
              • Opcode Fuzzy Hash: 41e9c39f80a65f3d351fbd6032ad13392ed6c9a7db6f909d2c0c50323469d5e6
              • Instruction Fuzzy Hash: 6E416A60609A8A8EEF95DF29C094BB53BD0EF15345F6844F9DC4DCE28ACB78D849C321
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C7A15 Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 909811bf671702163dade54ebeae2249d57016dc8446756d8b00972231521708
              • Instruction ID: 0d58df3474758af070627920055fa6c29397338407a23524c9579906acb04073
              • Opcode Fuzzy Hash: 909811bf671702163dade54ebeae2249d57016dc8446756d8b00972231521708
              • Instruction Fuzzy Hash: 1631A22090D7C98FEB46DB3888556797FA1EF4B390F5900FAD04ACB1E3DE28A945C721
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D08CC Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0455439fc8643a6865e18e837e966754fe5b31fd68164c834ac768c6436da05f
              • Instruction ID: 96fc000e4393fd49c630c60dfd74b12823c304419b9248b38145a20ff4b9f274
              • Opcode Fuzzy Hash: 0455439fc8643a6865e18e837e966754fe5b31fd68164c834ac768c6436da05f
              • Instruction Fuzzy Hash: 07312921B09F490FEB49EA2C5898279B7D1EB99761B4D00FAD40DC7293DF18AC494381
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D1338 Relevance: .1, Instructions: 121COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: df067334c8793cdef8cc90ba06a6072a9a74d7ae863717309433e3302dce6442
              • Instruction ID: f763bb8c41f1fb0bc634ff6ca6efc86998184c0b55537cbca1052a1e449fbd1a
              • Opcode Fuzzy Hash: df067334c8793cdef8cc90ba06a6072a9a74d7ae863717309433e3302dce6442
              • Instruction Fuzzy Hash: 7D41B421A0D78A4FFB89AB3854267787B91EF47394F5804FAD04ECB1D3DE18A8458352
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D0AA0 Relevance: .1, Instructions: 120COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9862183455553d9ee5651224edd7c26aff4ccf90db9465c9666b5516ff830895
              • Instruction ID: b241f991a4aa1c4a38b0def2421f19302bdbeb8e0ad435b3ef5290ed6612a2a0
              • Opcode Fuzzy Hash: 9862183455553d9ee5651224edd7c26aff4ccf90db9465c9666b5516ff830895
              • Instruction Fuzzy Hash: A131D021B0EAC90FEF99AA3C58562797AD1EF4A364F8804BAD48DC31C7DF58A8094345
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C7DC7 Relevance: .1, Instructions: 120COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c651cc380635b9ab2f84190bc0e2a2b1c87727bebd4ce0b886e8eecd07027adc
              • Instruction ID: ed6d5aa0665ad340e5c453df4bcf9b7912ddf1944ceec3f20a6707849de447ca
              • Opcode Fuzzy Hash: c651cc380635b9ab2f84190bc0e2a2b1c87727bebd4ce0b886e8eecd07027adc
              • Instruction Fuzzy Hash: 0B41CA6150D7C98FEB579B3884A07797FA0AF4B350F5D44EAD089CB093DA28DD098352
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C7FF0 Relevance: .1, Instructions: 119COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1abd8f68a29c2c0d50f348bd9704366efea91ede088a32f7cb21ffcbc8672ea7
              • Instruction ID: 12da692704c765ddf0fa6a20fc5d9d823589fa68d57ebd96185c7da24c8af51d
              • Opcode Fuzzy Hash: 1abd8f68a29c2c0d50f348bd9704366efea91ede088a32f7cb21ffcbc8672ea7
              • Instruction Fuzzy Hash: B321C32171CA090FEB4CBA2C585AAB9B6C1EB99761F55047EF00EC32D3ED18EC064285
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C0908 Relevance: .1, Instructions: 112COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5fb7f91ea756aa8df0de9c37143c5ab39996171fb022115a3a94d113efdde7ed
              • Instruction ID: f14a546ceb86685ce83f3930b40654ffd23cf233fa2029d43422f5a81100c69a
              • Opcode Fuzzy Hash: 5fb7f91ea756aa8df0de9c37143c5ab39996171fb022115a3a94d113efdde7ed
              • Instruction Fuzzy Hash: 54317011E0DA8A0FFB86A62C54553796BE2DF9A790B0940F7D04DCB2E7CE18AC498751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C0AC0 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8c9cb9082c965ab0268f14df8cbab631a7b2ce69ecdd32c16875cbe5749c6fe8
              • Instruction ID: bb7b1ed61d50b590fcf730818770b53ef995ecd3bb4e04e4f96c7c5cc70cfc61
              • Opcode Fuzzy Hash: 8c9cb9082c965ab0268f14df8cbab631a7b2ce69ecdd32c16875cbe5749c6fe8
              • Instruction Fuzzy Hash: 8A319911F1DB890FEBC9EA3C58A517867E2EF9A791B5804FAD00DC72A7DE149C094701
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CAA90 Relevance: .1, Instructions: 107COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aab69adb2173a1b05fda66dfc4c303c57c28c377d164cae48f5a595340720920
              • Instruction ID: 1bf8605798ab1c106b026dfd0c5ed8cb55298dcf233c386e394ed0b57b21f81f
              • Opcode Fuzzy Hash: aab69adb2173a1b05fda66dfc4c303c57c28c377d164cae48f5a595340720920
              • Instruction Fuzzy Hash: 42317030B28A594FEF58EF2884456B9BBD2FF49351F4405BAE40EC7192CF28EC458781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CA3ED Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c89f547dc4f01815a081a71847b01dddda0ad9f47ade5a6861b52fb4ca4f27f4
              • Instruction ID: 46b8fe3927218666050f39dd936315c4c5faca5081e207902b68cf9c70c0d61f
              • Opcode Fuzzy Hash: c89f547dc4f01815a081a71847b01dddda0ad9f47ade5a6861b52fb4ca4f27f4
              • Instruction Fuzzy Hash: D531B12091C7DA5FEB56DB384864679BFA0AF86350F1904FAD48ACB193DA28D8088351
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C5DDE Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 457837802eb1983b07b33d3fc3b20420eac9ba1b3969d465e6dba87e12825e56
              • Instruction ID: 8c04719c9ba08765e7366bd9b0d7d08cf0535314c12e870280fefefc3e5f8c5d
              • Opcode Fuzzy Hash: 457837802eb1983b07b33d3fc3b20420eac9ba1b3969d465e6dba87e12825e56
              • Instruction Fuzzy Hash: 3331C83060CA898FEB85EF2CC058665BBE1FF69355F6845BEE44DC7292DF25D8448701
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C8EC5 Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1761c5c691a1939a0fa27b5d7c7ea34c5698dbb088d19ae9fcbbfcf0a952faa2
              • Instruction ID: a64234841c7de4e8496f0df256724a9cb356034fadd92ca770128e3a6a7233ed
              • Opcode Fuzzy Hash: 1761c5c691a1939a0fa27b5d7c7ea34c5698dbb088d19ae9fcbbfcf0a952faa2
              • Instruction Fuzzy Hash: 5721083150DB880FD7459B6C984A671BFE0EF5A321F0905FEE588C7163E759980A8746
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C3040 Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5838647fd73ae3b261ca377b85a1fd5e3d228cf8c459d4f621eb9ea40a82d692
              • Instruction ID: ba02b1ed2fcaa70561b76a393bdd72476e783d086471bce86bcce75b59afad0d
              • Opcode Fuzzy Hash: 5838647fd73ae3b261ca377b85a1fd5e3d228cf8c459d4f621eb9ea40a82d692
              • Instruction Fuzzy Hash: 0A31A27191C68C4FEB68DF5898527F97FA0EF0A360F20016AE94AC6181DB35A84687D1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D5541 Relevance: .1, Instructions: 98COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 25fd76b3c3fe6973bf5d4782ec93a861b3e9587620ede5ff8f8bb9dcdc0efd6b
              • Instruction ID: c5adac110e9eb2fa036e19daed8a4e6ece1553a7b1b4f92d49233015ab0bfd10
              • Opcode Fuzzy Hash: 25fd76b3c3fe6973bf5d4782ec93a861b3e9587620ede5ff8f8bb9dcdc0efd6b
              • Instruction Fuzzy Hash: 25318D30708A469FEB48DF28C494BA8B3D1FF58354F5446A8E45EC7296CF38F8568B80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D5543 Relevance: .1, Instructions: 98COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 832ed91b3d4bf1596544a67c8fff9a758c7703d741a46e91c63aed2e570e7b2b
              • Instruction ID: c5adac110e9eb2fa036e19daed8a4e6ece1553a7b1b4f92d49233015ab0bfd10
              • Opcode Fuzzy Hash: 832ed91b3d4bf1596544a67c8fff9a758c7703d741a46e91c63aed2e570e7b2b
              • Instruction Fuzzy Hash: 25318D30708A469FEB48DF28C494BA8B3D1FF58354F5446A8E45EC7296CF38F8568B80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D0D69 Relevance: .1, Instructions: 91COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 02b5d4e4b1aa4b63615dd5ff918d2fa862d9a21f8a4bbe7f8f9521c14446cec4
              • Instruction ID: 41da095e2969b736961eec4f65851e1a338c61c3e25ae4a83fa67ba59c2a01dd
              • Opcode Fuzzy Hash: 02b5d4e4b1aa4b63615dd5ff918d2fa862d9a21f8a4bbe7f8f9521c14446cec4
              • Instruction Fuzzy Hash: 91219A30608A868FDF88DF28C490A6537F5FF58360B9945BAD40DCB596CB28FC88C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CCE05 Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a86c032da16c589e5ac09433ebde73a592c3dbee8d1c701ebed25a99567d4f4a
              • Instruction ID: f389a589957756e43d53c96af14e367fa737c3c580080a681354ffc3d07750c7
              • Opcode Fuzzy Hash: a86c032da16c589e5ac09433ebde73a592c3dbee8d1c701ebed25a99567d4f4a
              • Instruction Fuzzy Hash: F921262190DAD94FDB969B3C94552607FA1DF47370B0D49FAC088CB197DA149C0E8781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C1A31 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5d8d2ca7a3d9e8dc6c7f7cfb072529216bb49fe5effe70a8643673f6ac694476
              • Instruction ID: 62592961199e7b19d0233eba21e01cc52659e1dbbf1695207914ea41233a9907
              • Opcode Fuzzy Hash: 5d8d2ca7a3d9e8dc6c7f7cfb072529216bb49fe5effe70a8643673f6ac694476
              • Instruction Fuzzy Hash: 5C216D21B09A894FDFC5EB3C44A9B643BE1EF9A351F1904FAD00DCF297DA68D8498311
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CB1D1 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 17f7ec1c9b3a42db8371ac6b4465f231613ec331fd3908366852cebf3484b859
              • Instruction ID: 3d9985377ee0ffbb2603d178d9edff5fc413fe1e995e40ff91ae2c93e3ed53f1
              • Opcode Fuzzy Hash: 17f7ec1c9b3a42db8371ac6b4465f231613ec331fd3908366852cebf3484b859
              • Instruction Fuzzy Hash: 1321F621E0DA850FDB95AB3C68591B9BBD1EF9A37071906FED45DC31D7DE18980A4340
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C1AE5 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 183f70ddf5ab720d7c83f848a5aa10c254cec62f8f9c19c014f956be1ee361cd
              • Instruction ID: 93196b04c728c4cbdaabc9cd758d1b49ead75a088e3dbf4e78dd9e38571c3ef0
              • Opcode Fuzzy Hash: 183f70ddf5ab720d7c83f848a5aa10c254cec62f8f9c19c014f956be1ee361cd
              • Instruction Fuzzy Hash: 3121417190D7C88FCB85DB2CC458A55BFE0FFAA311B1909AEE089CB262D765D945CB02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D4365 Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fc09abbf9b8413e6f5a0703f28e224098f290bc1d0ab26952b4f16bedcc76dae
              • Instruction ID: 5d77310daa6a19ddf4b9a0eae19347e7724058eb19413ef4284d8cd9ad147ead
              • Opcode Fuzzy Hash: fc09abbf9b8413e6f5a0703f28e224098f290bc1d0ab26952b4f16bedcc76dae
              • Instruction Fuzzy Hash: 0411E33190CB984FD785EB2C8885B757BE0EFA5222F4805BFF089C7293CB2894098712
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D05AE Relevance: .1, Instructions: 84COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8a60fd68f4ff9c0a0cc9ce6e4d16be4b64f694270fa534e90ece86011fd2ef11
              • Instruction ID: e787787d10f3abf9b2bc5c93a06247147dac63d7f19b515cca8c9a700417ca05
              • Opcode Fuzzy Hash: 8a60fd68f4ff9c0a0cc9ce6e4d16be4b64f694270fa534e90ece86011fd2ef11
              • Instruction Fuzzy Hash: CC21275190EBC80FEB86AB3858292657FA1EF57621B4C04EBD4CCCB1E3DA085C098392
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C009A Relevance: .1, Instructions: 84COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4cb2cb34736cdf8b2dec29ac38f5f85962959ad3702151fe6aa24335b9abc81f
              • Instruction ID: 0b3ba30051f1b05720ccbfddfd5e1a4fa97da55e645a10cd96247e61cc2bea00
              • Opcode Fuzzy Hash: 4cb2cb34736cdf8b2dec29ac38f5f85962959ad3702151fe6aa24335b9abc81f
              • Instruction Fuzzy Hash: EA01C0A3C0E7D55FEA670A345C25075BFA05E63960B2E08EBC0C88A1F39A1A590EC712
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C6605 Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f314441241dbf01598797a2e3c5980a701f7b0403587c71b4e937164d38afa7b
              • Instruction ID: 97b279acba8ca414e53cd7664e0cd25e7a0256177394e562ee4054c11fcdf1bc
              • Opcode Fuzzy Hash: f314441241dbf01598797a2e3c5980a701f7b0403587c71b4e937164d38afa7b
              • Instruction Fuzzy Hash: F0113311A1D6C60FEB51AB3848A93BCAFC0EF89650F1804B9E148C72A3EE1CD8498312
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D0E39 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fb1575f56c17a4c5da3c7269949575da7dec247090867c1e0f2bb6d9af38c6b3
              • Instruction ID: 714a13b0a925315b51f63175a1e05f7f8d0bb31445a702a84cbb5075244d2ece
              • Opcode Fuzzy Hash: fb1575f56c17a4c5da3c7269949575da7dec247090867c1e0f2bb6d9af38c6b3
              • Instruction Fuzzy Hash: 732181209087848FEB45DF2884996667BE1FF6D714F0805BED48DCB293EB69D8458781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CDC35 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ba9df399606ea899c56c0e434029a76ee8ff622c63b3817990cd2446d40dbe0b
              • Instruction ID: efcc394a8a9158aa971ec9ac006d6e4a15a070b76e2f8d5fcf06e378f1951e89
              • Opcode Fuzzy Hash: ba9df399606ea899c56c0e434029a76ee8ff622c63b3817990cd2446d40dbe0b
              • Instruction Fuzzy Hash: DF21F26090D7CA5FEF429B288891B69BFE0EF06350F5904E6D08DCB193DB28E8498711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C6736 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6954093d753e40e42b1db41650e8370508c968f61904e0586df9e07f0f11da5b
              • Instruction ID: 9b5730a64f628c3c95ccd3cd3f5e022a354d6dabe098ca219f2bf6a758275416
              • Opcode Fuzzy Hash: 6954093d753e40e42b1db41650e8370508c968f61904e0586df9e07f0f11da5b
              • Instruction Fuzzy Hash: 16119320A08A9D4FEF55AF2C84553BE3BD1FF49391F0446BAE50DC2292CF3899458381
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D13DE Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4d8965f994a7fba4e85798206d87373632dffc67513a70f48e2982727c35d1be
              • Instruction ID: 80a4b06aaf035db8327ab6247b1b2bc214e8d53588e191cdf9f9ca4896f66ba9
              • Opcode Fuzzy Hash: 4d8965f994a7fba4e85798206d87373632dffc67513a70f48e2982727c35d1be
              • Instruction Fuzzy Hash: 7221D320A0D78A4FEB9AAB7855156B87B91EF473D4F5804F6D04ECB4D3DE18E8448352
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C90D5 Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a2d1c1cfd9242572f5ec3413b28a48d1dae8bae7a69abe25dcfc7dac745b96d1
              • Instruction ID: d2be2b0d3af4f74bdbccdb51a519001b76f1c3e1677ed767d019a83b8c805244
              • Opcode Fuzzy Hash: a2d1c1cfd9242572f5ec3413b28a48d1dae8bae7a69abe25dcfc7dac745b96d1
              • Instruction Fuzzy Hash: D6014911E0E7C21FEF569B782C9A134BFA0AF57661B0C04FBD088CB0D3D948A8094351
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C64E2 Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 000b112c4f4f7a0293a6a7dc4087437d2a83dd5344f8d5c06fb0ec2ab26414e9
              • Instruction ID: 256ac7e1264f622d566811b0c9a1ed4cef08f2179de227348db18159064db242
              • Opcode Fuzzy Hash: 000b112c4f4f7a0293a6a7dc4087437d2a83dd5344f8d5c06fb0ec2ab26414e9
              • Instruction Fuzzy Hash: D711342160D7C50FD742EBBCD459AA0BFE0EF5B311F4D01EAD088CB163DA68984AC791
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CB637 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7a9e0580b78fdb2cf5cc43dee4a345ea9eda75a7431ebbcaecee7d4400d7b163
              • Instruction ID: 16e5cff4e9c17024051c25c7d2767f3830d52c73f861039b4b63af9c28d46d75
              • Opcode Fuzzy Hash: 7a9e0580b78fdb2cf5cc43dee4a345ea9eda75a7431ebbcaecee7d4400d7b163
              • Instruction Fuzzy Hash: 12211C349185498FDB95EF18C4D0AE97BA0FF59350F5441BAE80ECB287DB34E985CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D0694 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 12db4714a7b26523e1ea83175e419e783ab47307bc75c3b422fb776720db8d83
              • Instruction ID: 369ef58afbfbbf68822bb730b5d0d2c9d145dd3d76f5111e4b376fe462351de6
              • Opcode Fuzzy Hash: 12db4714a7b26523e1ea83175e419e783ab47307bc75c3b422fb776720db8d83
              • Instruction Fuzzy Hash: 5D110A91E0EBC84FEB86A73C14552647FA0EF9A950F4C05EAD589CB1E3DA185C098356
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CD8DD Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6add6dc86b0dc87a8a815d4be8d65a7170dd32681f9b8583a5833ef718a12dee
              • Instruction ID: 9c31f605acf938f2fd8e9551f5b96765b65a404d71807e379e393ff80d8bb330
              • Opcode Fuzzy Hash: 6add6dc86b0dc87a8a815d4be8d65a7170dd32681f9b8583a5833ef718a12dee
              • Instruction Fuzzy Hash: C5119E2550CACA5FDB51DF289856A65BFE0FF49350B0809BAE04DCB093CF28E90AC790
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C0BC6 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f3bb265e6850685d4ab375a924641d325a10950c8df0dfcdf2b3268f6ae2fa80
              • Instruction ID: 2cdc94c2741b78be6856fa90698191890201d9a816f8c9727374eb41991d0d40
              • Opcode Fuzzy Hash: f3bb265e6850685d4ab375a924641d325a10950c8df0dfcdf2b3268f6ae2fa80
              • Instruction Fuzzy Hash: 24110320D0D65B9BFB8573B924938BC25909F4A3E9F480477E14DC64D3CF0CE4466A2B
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C47D5 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5393f41368d09774347f0a1f68234e78c13877d4692c663bcf425fbf1aefb2b7
              • Instruction ID: bbba5c75572699bc76802dfaeae271e6d559785e8eba66ba53f35ad635f08835
              • Opcode Fuzzy Hash: 5393f41368d09774347f0a1f68234e78c13877d4692c663bcf425fbf1aefb2b7
              • Instruction Fuzzy Hash: 3811A711F0D6D20FEF8A663814A51787F92FF9B6A0B1D15B6D049CB2D3DE19AC4A4341
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CF65D Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d6a1f6436302816b14214b68e0331e293bf2a6d00f3a731d25cfab352d316ead
              • Instruction ID: 4ab5f1e119a889f4f87c8ad1ec035d7bb0197ab4949bb6402f3775e84f439111
              • Opcode Fuzzy Hash: d6a1f6436302816b14214b68e0331e293bf2a6d00f3a731d25cfab352d316ead
              • Instruction Fuzzy Hash: D7019E74A083818FDF49DF28D4D5AA17BA0EF19721B0900E9E989CF29BD724EC45C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CDEE7 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: db3768b06724255bb95f3f6966f44be563bb78508b758b462d976e8e54117bbe
              • Instruction ID: 88dcb2e52112047f3b84313f244f5ce197027163e5e9480b36bf4ca453cdfaf4
              • Opcode Fuzzy Hash: db3768b06724255bb95f3f6966f44be563bb78508b758b462d976e8e54117bbe
              • Instruction Fuzzy Hash: 6901B521B08A4A4FFB95EA6C98597B477D1EB99351F5400B6E44DC3283DF24DD468381
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D56C5 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6829145c030d9586d73d5abe57bcf5409fe2787791ec3328cbb47cb1d8ebd5e4
              • Instruction ID: 34dc2908051ffc204e307afc753fceec21e2687b4b38b5a3f2b6d80381855b58
              • Opcode Fuzzy Hash: 6829145c030d9586d73d5abe57bcf5409fe2787791ec3328cbb47cb1d8ebd5e4
              • Instruction Fuzzy Hash: F6019A2090D7C50FEB4B9B3884AA6207FE1EF17220B0E44EAD489CF0A7D609D84AC741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D0CFE Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0fa5315f489ce56b53c8995c828fe926933b700e08851074a95722754e77c7d3
              • Instruction ID: 02c90b77a91e599c098c7aabf0d3a02bdc599a09163ef5ac68a0926a0ceb35cd
              • Opcode Fuzzy Hash: 0fa5315f489ce56b53c8995c828fe926933b700e08851074a95722754e77c7d3
              • Instruction Fuzzy Hash: 2001F911F0DB8A0FDB8A5A2C24992B43791FB99671F4D08FAD50CD7297DF5868064301
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C793E Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09dd4ca0af04c9cdea5350d820114a091fbcd95b1e2e8103bc9468a06ba3ea7c
              • Instruction ID: 4455d59408de2c4b60256eed5b992c133c7dc26efe32e2a18aac92fa52f66c19
              • Opcode Fuzzy Hash: 09dd4ca0af04c9cdea5350d820114a091fbcd95b1e2e8103bc9468a06ba3ea7c
              • Instruction Fuzzy Hash: 8401D66180E6D78FEB464A6448556B0BF91EF166B1F0D05BAD14CC7193DB09940DC751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D3860 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c4619b3da4d1a1f861ec48a9921c0ffcb887b4d94a156e2c947c0da1494fbb4
              • Instruction ID: f9400a511705ce9b08846bf4329c0373814113a68a3c4da90e50387378958ffa
              • Opcode Fuzzy Hash: 6c4619b3da4d1a1f861ec48a9921c0ffcb887b4d94a156e2c947c0da1494fbb4
              • Instruction Fuzzy Hash: 20F0F453E0C7D60BEB244EA968803B42784CB563BAF1C08F3C948D91D2DA08CA4983B0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C84D5 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 888551a7cf0a2a12e9f40409c0eb0c3e387eee04d7a4d67538c46303e5154e00
              • Instruction ID: de83c35153327f1a7ed276e249ab17a3a0b879a635313d72df4acceacbcd802e
              • Opcode Fuzzy Hash: 888551a7cf0a2a12e9f40409c0eb0c3e387eee04d7a4d67538c46303e5154e00
              • Instruction Fuzzy Hash: C1F0E221A0E7C90FEB05E7B498E9B74FF909F56220F1C04FAD508CB1D3DA4CA8448315
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D4390 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b92f82bb66965bdc086b8719adc9f9e00da690bdf6d95e7c93d73bac633ebd79
              • Instruction ID: 208653bbda026a3c2be53bcc088c9aba6459703a9733a5316309f9105a6350d4
              • Opcode Fuzzy Hash: b92f82bb66965bdc086b8719adc9f9e00da690bdf6d95e7c93d73bac633ebd79
              • Instruction Fuzzy Hash: 83018170508A5C4FD798EB2D8488B79B7E0EBA9612F50063FF4CEC2291CA3994458B12
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C09D9 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bbbd012955e5048700b8da1e6b99d7915ed30adbb66b6855413e00960e858dd0
              • Instruction ID: 78025375713065600c072a4cb695751646d61f304549a99f37cbacfae66851c5
              • Opcode Fuzzy Hash: bbbd012955e5048700b8da1e6b99d7915ed30adbb66b6855413e00960e858dd0
              • Instruction Fuzzy Hash: 18F0826180F7D51FEB075B7598963917FA0DF03660F1985FAE044CE1D3D658450AC711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CDE9A Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c990ddc94620a611b806b98a959fce9d90ee51c9a6b0630e02601f68848fd7e
              • Instruction ID: b2079e18cecc4497a122a95459251fa3d28e009c46f35c1fb017ff40b366c319
              • Opcode Fuzzy Hash: 9c990ddc94620a611b806b98a959fce9d90ee51c9a6b0630e02601f68848fd7e
              • Instruction Fuzzy Hash: 97F05411C0E6D65FEB466734182F6757FA1AF17674F0E04EAD4888A0D3EA09E80A8752
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C412A Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4f8fbfef9ae87b2b3554495463bc6d5c75273be66d6102b055ba4826c098f503
              • Instruction ID: a95400ad2f371dbe2fbbecac4300ff9d2be287270c8e1ab9ef76db1cea561bc6
              • Opcode Fuzzy Hash: 4f8fbfef9ae87b2b3554495463bc6d5c75273be66d6102b055ba4826c098f503
              • Instruction Fuzzy Hash: 96F0313061C90A8FEFC8DF28905977877E4FF68351F042478D40AC62A1DF24D8049700
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C7F45 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfc3012f6a28bccdf5f16e03dacdacfdca2aa829d1f14af56b8be2b8059c0af4
              • Instruction ID: cc2c8d1724bcfdd0a29456acf80efa0a2c428536294e747ab5e1878124c3f317
              • Opcode Fuzzy Hash: cfc3012f6a28bccdf5f16e03dacdacfdca2aa829d1f14af56b8be2b8059c0af4
              • Instruction Fuzzy Hash: E1F0F664A28A4E4FEB54AF2844901B9B790FF482B8F14467AD51DC2292DF28E9094300
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D5F49 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a6e149bedf56cedf8cdafd45c7590dbd0a09cd20bdfc6c77170cee8b4bc04b58
              • Instruction ID: 3a01a079dd90344220933114719d528242809ee4c883ac37017e01023029a72f
              • Opcode Fuzzy Hash: a6e149bedf56cedf8cdafd45c7590dbd0a09cd20bdfc6c77170cee8b4bc04b58
              • Instruction Fuzzy Hash: EDE0D875C0E3C71FEF174E38A4961D13F60EF02270F0E48EAD4484E4979604154B8341
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C1B10 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 52f7239ccc20dff2b79b14fea55f347cda3affa3142bae34213b0b03a782fcab
              • Instruction ID: d850e74544fcc483182e80603bf8097353afb72d4fb1be62aeca70925e8e3a76
              • Opcode Fuzzy Hash: 52f7239ccc20dff2b79b14fea55f347cda3affa3142bae34213b0b03a782fcab
              • Instruction Fuzzy Hash: 43F07970908B888F9B94EF1CC04866ABBF0FBA9315F504A2FE58CC3220D775D545CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C65AA Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0df4657f369f2a50469dc28331fa87656328770d621e22bca476ac18fb16526a
              • Instruction ID: 98c64dac864090abdbbaa29f4bc599a3b11e80e836b36c9f0428adb731fcc6b1
              • Opcode Fuzzy Hash: 0df4657f369f2a50469dc28331fa87656328770d621e22bca476ac18fb16526a
              • Instruction Fuzzy Hash: FDF02420F09A8B0FFE48AA6C40C813CB780EF9E2A2F580475E108CB2C7DF19F84A1311
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CDF3A Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f5a4d2bf353c0fe5e1aa503cb82b4ec733d509dbe97a3d0715efde4b8e9700a
              • Instruction ID: 8529fff222fb14e44a2e3e5fcb798b45419a1445cf94d6b67fd962a3a4b6cd4c
              • Opcode Fuzzy Hash: 2f5a4d2bf353c0fe5e1aa503cb82b4ec733d509dbe97a3d0715efde4b8e9700a
              • Instruction Fuzzy Hash: A8F06521708D094FDB84EB6C94597F877C2EB9D311F5410BAE54EC3396DE259941C341
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CF680 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c9a99b3adac6c86c867def1bb3ef9e32a4e18210fa774f19579847af1c8257fa
              • Instruction ID: fd7d9064ae992aac441b2179c99db0a3b867ae5a3e3766fd845a65d0c92612cb
              • Opcode Fuzzy Hash: c9a99b3adac6c86c867def1bb3ef9e32a4e18210fa774f19579847af1c8257fa
              • Instruction Fuzzy Hash: 3BF034746107048BDF0CDF68D0C9A2277E1EF2C311B1401A8EC8ACB29ACB34EC95CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CB3E1 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6ba39692d280c8b88277ec72e459d4fb37d7b385e49bf1f7b9a7adfce7befa83
              • Instruction ID: af91ec6335cad52cfbbfe2cd29bd81571308a34b06c783835855d00f67fdcf42
              • Opcode Fuzzy Hash: 6ba39692d280c8b88277ec72e459d4fb37d7b385e49bf1f7b9a7adfce7befa83
              • Instruction Fuzzy Hash: 37F082A190E3D10FE7168B398D90A207FA0AF56300F4E01EED0898B0E3E95A9415C305
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D4354 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 31f86f8b4b28ce05249a695be47e5495492c1e77278327f1240726f6c0c24fa9
              • Instruction ID: 6b93afd055a8f6b9f245d702faea12d001d0a215188460c6913ce6ca590756c2
              • Opcode Fuzzy Hash: 31f86f8b4b28ce05249a695be47e5495492c1e77278327f1240726f6c0c24fa9
              • Instruction Fuzzy Hash: 8EE07D51B4840C07EF54A25EA88077873C0CFE4233F48007BF489C52D2CE9D904B5611
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C9290 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4c2c187f061291074b3f770fc2c777f5e4948808284b575cb1bdfbf20a130f24
              • Instruction ID: 0c17bb8a43cc9af89aa571086c833a19e4318369863f3387c35f46758240f00d
              • Opcode Fuzzy Hash: 4c2c187f061291074b3f770fc2c777f5e4948808284b575cb1bdfbf20a130f24
              • Instruction Fuzzy Hash: 28E04651A0D28207FF1D296424A27B82E404F066A1F1801BADA8E0E1C3CE8DD8888356
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CAB62 Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 81bff2f07ba60ef22484748a145d9a98b0df460876a757c2b7a9d358d823e294
              • Instruction ID: eac7dafebdc44918f3ed7e7ea40ce9ad3ef7f930f7483e4008c77b0ac4f838d2
              • Opcode Fuzzy Hash: 81bff2f07ba60ef22484748a145d9a98b0df460876a757c2b7a9d358d823e294
              • Instruction Fuzzy Hash: 92E0ED316589498FDF28DF08E4459A8BBA2FF45391B450465E50EC7162CF35EC45CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C8C36 Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 378d45ca75b98465c0243719f96c0f63bd56075a7b9aa5c01e9d51da182bfa05
              • Instruction ID: b8d0e40f1fae6d29b59e4afeabd603ce5fad40fa27cb831bc92430169b3b6c2f
              • Opcode Fuzzy Hash: 378d45ca75b98465c0243719f96c0f63bd56075a7b9aa5c01e9d51da182bfa05
              • Instruction Fuzzy Hash: 01E0CD3230564E4BEF98DD69D850BB573C0E744373F044437E845C6190DF6DD2885351
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CCF32 Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f2482dc7da526cd258ad51ec9ee6ae0162bf4a450cda836f80b7ec928541b4a1
              • Instruction ID: eb9c8d1be82307335af431936fd689a713cf508283fbe74f884c60a79d56827b
              • Opcode Fuzzy Hash: f2482dc7da526cd258ad51ec9ee6ae0162bf4a450cda836f80b7ec928541b4a1
              • Instruction Fuzzy Hash: 8BE09231B08A054FC694DA3C94551656291FBA8330B540B3ED17BC32D6CF2498064344
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590CCC7D Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 70de283ec1e885b9d05cf764943ef76c8460d71c0d9cab104b20cfc2d7c16679
              • Instruction ID: 6ef0042a0b5bf85d311dd7119f09e3a4d7f02ea90823f47c77b64dd66a8f3506
              • Opcode Fuzzy Hash: 70de283ec1e885b9d05cf764943ef76c8460d71c0d9cab104b20cfc2d7c16679
              • Instruction Fuzzy Hash: 62E02621A4CA090FF384F7292C420B83381DF893A0B8408B7D04DC22C3CD1898858322
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590D3B70 Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f8f94f71eb8c3581b87bfcb16ebf11ce603ab19b264dbe36323159249abb9d2
              • Instruction ID: d18734629c30556b8d72ee4fb730d24f3db77592a0db139fe3a79c9aa8a36eda
              • Opcode Fuzzy Hash: 7f8f94f71eb8c3581b87bfcb16ebf11ce603ab19b264dbe36323159249abb9d2
              • Instruction Fuzzy Hash: E8D0A723B0C64A8BEF55961494817F9B385FF842BAF6401B3D04A814C1DF19A4159785
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C514E Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: edeb41400d982bc6f46050a19aba963d9126ccd95a1c7ca74e2383363d08a75c
              • Instruction ID: 0a4b088c0be8718621da8cb61273cccb5901c6fb861e715be039261f540e390f
              • Opcode Fuzzy Hash: edeb41400d982bc6f46050a19aba963d9126ccd95a1c7ca74e2383363d08a75c
              • Instruction Fuzzy Hash: 58B09B01F5560E179D84515D289115C5141C7CD1F1F5555B6D90DC1157DC5D59550141
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C40D0 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2e493ed019774dbd8327b839c0a9581dfc120d42c323f65923946e04d6be20f2
              • Instruction ID: 181351f77ea7e40835856ad7a773e2d2a42fdc388362e2aaac00291b869f2b33
              • Opcode Fuzzy Hash: 2e493ed019774dbd8327b839c0a9581dfc120d42c323f65923946e04d6be20f2
              • Instruction Fuzzy Hash: 25C02B14C5D00B03EE9C3536085107834803F081B1FD82C36F4CAC91C2FF0DD06D9221
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Function 00007FF8590C4DAA Relevance: .4, Instructions: 379COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.612920053.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff8590c0000_3C0512176CBCA3CE1B0ABC5F505A3ABBCD39909C20095.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ffaae60a605e3ff66ed3fb74c858551c281f0cc71c94194af957820846d89f85
              • Instruction ID: e1f34c59a0d2a86d5bc380aa3c1d7ef6c5123be6e5d1bf1e03008e728b25935b
              • Opcode Fuzzy Hash: ffaae60a605e3ff66ed3fb74c858551c281f0cc71c94194af957820846d89f85
              • Instruction Fuzzy Hash: 52B13B11A0D6C60FEB599A3C849A674BFD0FF56361F1804FED48ACB1C3E918D44A8341
              Uniqueness

              Uniqueness Score: -1.00%

              Executed Functions

              Function 00007FF8590C301D Relevance: 1.1, Instructions: 1061COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 67bd4b6eb5adaa1a71bef736704710b147dfa973d0de6f6b9f01e27ab371bff2
              • Instruction ID: dbdec2cb28a69c9248afcc28390f63241c7482b3d0fa9fb52fc50aec6fb13344
              • Opcode Fuzzy Hash: 67bd4b6eb5adaa1a71bef736704710b147dfa973d0de6f6b9f01e27ab371bff2
              • Instruction Fuzzy Hash: 8E721471A1CA8A4FEF59DF288454778BFD1EF5A390F5808BAD44AC72D2DF28E8058741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C1B71 Relevance: .4, Instructions: 430COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b25b226f47e3a5c29a35f444b8f5b23c4763e8ce87ac5e651718589272c7c116
              • Instruction ID: d9c5283dc6491838e608ebf5210e1783e543c184d6c7c287fde23edee9328b3c
              • Opcode Fuzzy Hash: b25b226f47e3a5c29a35f444b8f5b23c4763e8ce87ac5e651718589272c7c116
              • Instruction Fuzzy Hash: 4CD18571A0CA898FEB95DF2884987B87BE1FF1A351F1500BAD44ECB2A3DF3498458751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C41D1 Relevance: .3, Instructions: 311COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 55a37f9843b8aea8491cc22b075e1b154b2857f373d7bfe547fc7b6bccd2d44f
              • Instruction ID: 6c25a2ab28e5b60da5517b943ca5a90b1b04c0e499e19b7d4f20a20f75499088
              • Opcode Fuzzy Hash: 55a37f9843b8aea8491cc22b075e1b154b2857f373d7bfe547fc7b6bccd2d44f
              • Instruction Fuzzy Hash: D291E520A18A8A4FEF95DF2C84557BDBAD2FF99390F940579E44EC71D2DF28E8458380
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C2B2D Relevance: 1.5, Strings: 1, Instructions: 282COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID: 9
              • API String ID: 0-2366072709
              • Opcode ID: e094e901a38ca4413af40a7cb524d373c406f763703d83e0e24d3ec6607c7ed1
              • Instruction ID: e5063eba6f0331004c74522a03d592203093dd83002ebef78ad1a1f421c2687b
              • Opcode Fuzzy Hash: e094e901a38ca4413af40a7cb524d373c406f763703d83e0e24d3ec6607c7ed1
              • Instruction Fuzzy Hash: 89A14F7090CA898FDB95EF2CC084AA9BBE0FF69315F14496EE48DC7252EB31D446CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C139D Relevance: .6, Instructions: 615COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2eeac26991983515adb2f78ec249f50929e7a10b2ea2478766dd533659032567
              • Instruction ID: 25ba8448e78961d224e7baff7748a43f06d14798a584cf23356ef09aa5704bf9
              • Opcode Fuzzy Hash: 2eeac26991983515adb2f78ec249f50929e7a10b2ea2478766dd533659032567
              • Instruction Fuzzy Hash: 3602D961B09A895FEBC5EB3C8499678BBE1FF59350B4804BAD10DC7293DF28DC4A8711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C0D48 Relevance: .6, Instructions: 570COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 64c665a30da0e041467d96bb2238415a94a2698939fef4a234506c75d7fcf91a
              • Instruction ID: 0f468609648d0e695c4ffd96cc21f6b9f800e644ee7726256430fb3a6af6ec25
              • Opcode Fuzzy Hash: 64c665a30da0e041467d96bb2238415a94a2698939fef4a234506c75d7fcf91a
              • Instruction Fuzzy Hash: D8E10720B1CA8A4FEB85EB3884996B9BBD1EF59361F1804BED44DC31D3DF58E8468741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C27DD Relevance: .4, Instructions: 405COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 34be0fd2712831b4a24aa0050080508bf11e9dbbbf2af2dc63e40b1f79710e58
              • Instruction ID: a2aad128d004af6514ff8d611e1cef567f0b626446cd80a3838eca83998dfa3b
              • Opcode Fuzzy Hash: 34be0fd2712831b4a24aa0050080508bf11e9dbbbf2af2dc63e40b1f79710e58
              • Instruction Fuzzy Hash: 6AC1E46190D7C64FE796EB2C84497B9BFD0EF56360F1808BAC08DC7593DF24984A8752
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C5169 Relevance: .4, Instructions: 392COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 25b7e83ca8c8837bab417cb7df2880714f8e418c6e0e1e4323ac48ffe69c9407
              • Instruction ID: 587cb0e6dee2f34fb65c32e8976f587c1812a09e4772160ebb88b4d8898f050a
              • Opcode Fuzzy Hash: 25b7e83ca8c8837bab417cb7df2880714f8e418c6e0e1e4323ac48ffe69c9407
              • Instruction Fuzzy Hash: B8D17F3460CA4A9FDB44EF2CC088965B7E0FF68355B540A79E44EC7692EB35F8568B80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C0491 Relevance: .3, Instructions: 321COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dfc513813e04d5ef561a6a3f4658499adccbca545ed07a5f04689740bbaa9c83
              • Instruction ID: 953ba2bc063290fa12c2ea17a57d91cef0b3d1d3095e030842d3f91fba048bd8
              • Opcode Fuzzy Hash: dfc513813e04d5ef561a6a3f4658499adccbca545ed07a5f04689740bbaa9c83
              • Instruction Fuzzy Hash: 55917131A18A4A8FEF98EF28845577A7BE1FF59350F580479E00EC7192DF28E845CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C3EE4 Relevance: .2, Instructions: 230COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 673f0096aa953d3c9d155b3ad14e8a16125d76a3958120defa20f8f4ec558935
              • Instruction ID: 24eee067deefe342b23407ab0cf95be6c3bc26f84cbdf3899bd3411c3ac06bae
              • Opcode Fuzzy Hash: 673f0096aa953d3c9d155b3ad14e8a16125d76a3958120defa20f8f4ec558935
              • Instruction Fuzzy Hash: 365101B968918B0FEF68DF29A4892B07BD0EB15315F1875BDD44BCB2C3DE2994068341
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C2D99 Relevance: .2, Instructions: 222COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4c22bb31ecbeb0c2b3b78130a426c41948138bc7205713161f5ff7cebfddf7c8
              • Instruction ID: fe816ddd3d424963eb4cc273c22658d992514c359460a1877d6914f13e9d5289
              • Opcode Fuzzy Hash: 4c22bb31ecbeb0c2b3b78130a426c41948138bc7205713161f5ff7cebfddf7c8
              • Instruction Fuzzy Hash: 8E511879A49A8F8FFF95DF3DA4942346BD1EF68350B0835B9C00ACB6D6DE25C8094700
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C3CED Relevance: .2, Instructions: 205COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7d659b0018999fa67d1364179c829a467a1c7899db55db38d46737e7b8705d7f
              • Instruction ID: 771810d6c4b94320fc566d4687e60978658f650576089115dada6a70d18f3b19
              • Opcode Fuzzy Hash: 7d659b0018999fa67d1364179c829a467a1c7899db55db38d46737e7b8705d7f
              • Instruction Fuzzy Hash: 78510821A1DB850FDB59AA7C58D5A757BD1EF5A360F1908FAE04ACB1D3DE18DC0A8301
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C3F00 Relevance: .2, Instructions: 179COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d612479d95c810b1bfe4364e378c2fa193f64b9abd352382671e0bc8f6148ef
              • Instruction ID: 5b801d760a546b73cde73fb86ed1c797e893b58e13a8a1442412718fa039da42
              • Opcode Fuzzy Hash: 1d612479d95c810b1bfe4364e378c2fa193f64b9abd352382671e0bc8f6148ef
              • Instruction Fuzzy Hash: E6411FBD69410B0BFF6CDF2EE4852B576D0FB1831AB14327DD44BCB282DE29E8064640
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C2020 Relevance: .1, Instructions: 132COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8fe3ba5063d947c739afecc76da883d9d5cffa4fa247276bba391cadfcb46256
              • Instruction ID: 6eb9340dbabafa7d157606b52c562c3d92e7e19d6c1a5e3805018a1bd5a95596
              • Opcode Fuzzy Hash: 8fe3ba5063d947c739afecc76da883d9d5cffa4fa247276bba391cadfcb46256
              • Instruction Fuzzy Hash: 27411F31608A898FDF95EF2CC498BA47BE1FF69341F1500AAD40DCB2A2DB35E845CB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C582D Relevance: .1, Instructions: 131COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b08b590a8dacb31de5df68e8e385d1c073f456c3a61209d2e1f2b262e055e362
              • Instruction ID: af25e78eb660c37460731b1e9b0794769eda24691089d62922d0ec7fce39272a
              • Opcode Fuzzy Hash: b08b590a8dacb31de5df68e8e385d1c073f456c3a61209d2e1f2b262e055e362
              • Instruction Fuzzy Hash: 58312C56E1D7860FF745A638149B2B9BBD0EF566B1F5800BAE54EC71D3EF08D80A4283
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C0AC0 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6097518b6915ece10c427d361be81aa5bacc94a0700919505a48c8cca0dad41f
              • Instruction ID: 15091700915fdaba74c542b3f281bce83f8ad1da0c7e1ae2ad7a5f76fbd977b3
              • Opcode Fuzzy Hash: 6097518b6915ece10c427d361be81aa5bacc94a0700919505a48c8cca0dad41f
              • Instruction Fuzzy Hash: EE31B811F0DB860FEF85EA2C58A91786BE2EF59795B5804BAC00DC72A7DF18AC098701
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C0908 Relevance: .1, Instructions: 112COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7a0e791c438da8329a16704d74d0d719aebe4b94772d654e82bffdb933f72c35
              • Instruction ID: 2a0655e7817f9dab249a88202ca17112f351448eb569fd793d94252a8567de07
              • Opcode Fuzzy Hash: 7a0e791c438da8329a16704d74d0d719aebe4b94772d654e82bffdb933f72c35
              • Instruction Fuzzy Hash: 55319012E0DACA0FEB86962C58553796FE2DF9A790B0840F7D14CCB2E7CF189C098752
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C3040 Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: befc295040a01c597f650e245b4f3a7ab66236be68aa5ebba0b5a7e4c68d063f
              • Instruction ID: 607d32de19415d24887f73f95386b8a5b585c59d4f9effe067a8832e40bb3720
              • Opcode Fuzzy Hash: befc295040a01c597f650e245b4f3a7ab66236be68aa5ebba0b5a7e4c68d063f
              • Instruction Fuzzy Hash: 4231B47191C68C4FEB68CF5898567F97FE0FF06360F20016AE94EC6181DB35A8068792
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C1A31 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9de5764fe0af3b9b23c549e056856ed7c0c2bc4b8ea6243c56293f10448dea40
              • Instruction ID: 32b758e1ce8553c45c44b41aeb7676ced6ae60a25487d602e88e7a042197d885
              • Opcode Fuzzy Hash: 9de5764fe0af3b9b23c549e056856ed7c0c2bc4b8ea6243c56293f10448dea40
              • Instruction Fuzzy Hash: 26215B21A09A894FDF85EB3C44A9B643BE1EF9A351F1904FAD109CB297DA68D8098311
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C1AE5 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f666c728733cab607298ba36bbdb92e3e7c34b5aaab688ee1ad546c6cf75c3a5
              • Instruction ID: b0f157205d47352f4db62d743b41ea94b0484d9900df0602e321a66c96a2cdad
              • Opcode Fuzzy Hash: f666c728733cab607298ba36bbdb92e3e7c34b5aaab688ee1ad546c6cf75c3a5
              • Instruction Fuzzy Hash: F021717090D7C88FCB85DB2CC458955BFE0FFAA311B1849AEE088CB262D725D945CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C009A Relevance: .1, Instructions: 84COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4cb2cb34736cdf8b2dec29ac38f5f85962959ad3702151fe6aa24335b9abc81f
              • Instruction ID: 0b3ba30051f1b05720ccbfddfd5e1a4fa97da55e645a10cd96247e61cc2bea00
              • Opcode Fuzzy Hash: 4cb2cb34736cdf8b2dec29ac38f5f85962959ad3702151fe6aa24335b9abc81f
              • Instruction Fuzzy Hash: EA01C0A3C0E7D55FEA670A345C25075BFA05E63960B2E08EBC0C88A1F39A1A590EC712
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C0BC6 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 85b02779dcfab558a51154da6c7730ebfcebb2d21914e7a4c7b7a6a71bf84e2b
              • Instruction ID: ec44b383a3ade23e41bf4f7db31d76811f189c40c77d0af39a11db34e9e1e835
              • Opcode Fuzzy Hash: 85b02779dcfab558a51154da6c7730ebfcebb2d21914e7a4c7b7a6a71bf84e2b
              • Instruction Fuzzy Hash: 4011D321D0D6979BFB8573B924938BC25909F5A3E9F480477E14DC64D3CF0CE4466A2B
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C09D9 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bbbd012955e5048700b8da1e6b99d7915ed30adbb66b6855413e00960e858dd0
              • Instruction ID: 78025375713065600c072a4cb695751646d61f304549a99f37cbacfae66851c5
              • Opcode Fuzzy Hash: bbbd012955e5048700b8da1e6b99d7915ed30adbb66b6855413e00960e858dd0
              • Instruction Fuzzy Hash: 18F0826180F7D51FEB075B7598963917FA0DF03660F1985FAE044CE1D3D658450AC711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C412A Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4f8fbfef9ae87b2b3554495463bc6d5c75273be66d6102b055ba4826c098f503
              • Instruction ID: a95400ad2f371dbe2fbbecac4300ff9d2be287270c8e1ab9ef76db1cea561bc6
              • Opcode Fuzzy Hash: 4f8fbfef9ae87b2b3554495463bc6d5c75273be66d6102b055ba4826c098f503
              • Instruction Fuzzy Hash: 96F0313061C90A8FEFC8DF28905977877E4FF68351F042478D40AC62A1DF24D8049700
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FF8590C514E Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.401464415.00007FF8590C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8590C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff8590c0000_dhcpmon.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: edeb41400d982bc6f46050a19aba963d9126ccd95a1c7ca74e2383363d08a75c
              • Instruction ID: 0a4b088c0be8718621da8cb61273cccb5901c6fb861e715be039261f540e390f
              • Opcode Fuzzy Hash: edeb41400d982bc6f46050a19aba963d9126ccd95a1c7ca74e2383363d08a75c
              • Instruction Fuzzy Hash: 58B09B01F5560E179D84515D289115C5141C7CD1F1F5555B6D90DC1157DC5D59550141
              Uniqueness

              Uniqueness Score: -1.00%