Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SdwkQEBnc3.exe

Overview

General Information

Sample Name:SdwkQEBnc3.exe
Analysis ID:709347
MD5:33851c19216f0e65db0aecc27dc71ffc
SHA1:0ad881c7d507bea247bfe454e29bc645f3d1b4ac
SHA256:d3c3718f2106aca6ed10bb92ec37e99bcadd8536f499af4de3849625a0a1c109
Tags:exeNanoCoreRAT
Infos:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Detected Nanocore Rat
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Yara detected Nanocore RAT
Snort IDS alert for network traffic
Machine Learning detection for sample
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to call native functions
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Installs a raw input device (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Detected TCP or UDP traffic on non-standard ports

Classification

Process Tree

  • System is w10x64
  • SdwkQEBnc3.exe (PID: 5128 cmdline: "C:\Users\user\Desktop\SdwkQEBnc3.exe" MD5: 33851C19216F0E65DB0AECC27DC71FFC)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "7fd0fb12-397b-455a-940b-bef9261b", "Group": "kurban", "Domain1": "eu-central-7075.packetriot.net", "Domain2": "127.0.0.1", "Port": 22378, "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
SdwkQEBnc3.exeNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x1018d:$x1: NanoCore.ClientPluginHost
  • 0x101ca:$x2: IClientNetworkHost
  • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
SdwkQEBnc3.exeNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
  • 0xff05:$x1: NanoCore Client.exe
  • 0x1018d:$x2: NanoCore.ClientPluginHost
  • 0x117c6:$s1: PluginCommand
  • 0x117ba:$s2: FileCommand
  • 0x1266b:$s3: PipeExists
  • 0x18422:$s4: PipeCreated
  • 0x101b7:$s5: IClientLoggingHost
SdwkQEBnc3.exeJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    SdwkQEBnc3.exeMALWARE_Win_NanoCoreDetects NanoCoreditekSHen
    • 0xfef5:$x1: NanoCore Client
    • 0xff05:$x1: NanoCore Client
    • 0x1014d:$x2: NanoCore.ClientPlugin
    • 0x1018d:$x3: NanoCore.ClientPluginHost
    • 0x10142:$i1: IClientApp
    • 0x10163:$i2: IClientData
    • 0x1016f:$i3: IClientNetwork
    • 0x1017e:$i4: IClientAppHost
    • 0x101a7:$i5: IClientDataHost
    • 0x101b7:$i6: IClientLoggingHost
    • 0x101ca:$i7: IClientNetworkHost
    • 0x101dd:$i8: IClientUIHost
    • 0x101eb:$i9: IClientNameObjectCollection
    • 0x10207:$i10: IClientReadOnlyNameObjectCollection
    • 0xff54:$s1: ClientPlugin
    • 0x10156:$s1: ClientPlugin
    • 0x1064a:$s2: EndPoint
    • 0x10653:$s3: IPAddress
    • 0x1065d:$s4: IPEndPoint
    • 0x12093:$s6: get_ClientSettings
    • 0x12637:$s7: get_Connected
    SdwkQEBnc3.exeNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0xfef5:$a: NanoCore
    • 0xff05:$a: NanoCore
    • 0x10139:$a: NanoCore
    • 0x1014d:$a: NanoCore
    • 0x1018d:$a: NanoCore
    • 0xff54:$b: ClientPlugin
    • 0x10156:$b: ClientPlugin
    • 0x10196:$b: ClientPlugin
    • 0x1007b:$c: ProjectData
    • 0x10a82:$d: DESCrypto
    • 0x1844e:$e: KeepAlive
    • 0x1643c:$g: LogClientMessage
    • 0x12637:$i: get_Connected
    • 0x10db8:$j: #=q
    • 0x10de8:$j: #=q
    • 0x10e04:$j: #=q
    • 0x10e34:$j: #=q
    • 0x10e50:$j: #=q
    • 0x10e6c:$j: #=q
    • 0x10e9c:$j: #=q
    • 0x10eb8:$j: #=q
    Click to see the 1 entries

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xff8d:$x1: NanoCore.ClientPluginHost
    • 0xffca:$x2: IClientNetworkHost
    • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0xfcf5:$a: NanoCore
      • 0xfd05:$a: NanoCore
      • 0xff39:$a: NanoCore
      • 0xff4d:$a: NanoCore
      • 0xff8d:$a: NanoCore
      • 0xfd54:$b: ClientPlugin
      • 0xff56:$b: ClientPlugin
      • 0xff96:$b: ClientPlugin
      • 0xfe7b:$c: ProjectData
      • 0x10882:$d: DESCrypto
      • 0x1824e:$e: KeepAlive
      • 0x1623c:$g: LogClientMessage
      • 0x12437:$i: get_Connected
      • 0x10bb8:$j: #=q
      • 0x10be8:$j: #=q
      • 0x10c04:$j: #=q
      • 0x10c34:$j: #=q
      • 0x10c50:$j: #=q
      • 0x10c6c:$j: #=q
      • 0x10c9c:$j: #=q
      • 0x10cb8:$j: #=q
      00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
      • 0xff8d:$a1: NanoCore.ClientPluginHost
      • 0xff4d:$a2: NanoCore.ClientPlugin
      • 0x11ea6:$b1: get_BuilderSettings
      • 0xfda9:$b2: ClientLoaderForm.resources
      • 0x115c6:$b3: PluginCommand
      • 0xff7e:$b4: IClientAppHost
      • 0x1a3fe:$b5: GetBlockHash
      • 0x124fe:$b6: AddHostEntry
      • 0x161f1:$b7: LogClientException
      • 0x1246b:$b8: PipeExists
      • 0xffb7:$b9: IClientLoggingHost
      00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        Click to see the 16 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.SdwkQEBnc3.exe.463e424.3.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
        • 0xd9ad:$x1: NanoCore.ClientPluginHost
        • 0xd9da:$x2: IClientNetworkHost
        0.2.SdwkQEBnc3.exe.463e424.3.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
        • 0xd9ad:$x2: NanoCore.ClientPluginHost
        • 0xea88:$s4: PipeCreated
        • 0xd9c7:$s5: IClientLoggingHost
        0.2.SdwkQEBnc3.exe.463e424.3.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
          0.2.SdwkQEBnc3.exe.463e424.3.unpackMALWARE_Win_NanoCoreDetects NanoCoreditekSHen
          • 0xd978:$x2: NanoCore.ClientPlugin
          • 0xd9ad:$x3: NanoCore.ClientPluginHost
          • 0xd96c:$i2: IClientData
          • 0xd98e:$i3: IClientNetwork
          • 0xd99d:$i5: IClientDataHost
          • 0xd9c7:$i6: IClientLoggingHost
          • 0xd9da:$i7: IClientNetworkHost
          • 0xd9ed:$i8: IClientUIHost
          • 0xd9fb:$i9: IClientNameObjectCollection
          • 0xda17:$i10: IClientReadOnlyNameObjectCollection
          • 0xd76a:$s1: ClientPlugin
          • 0xd981:$s1: ClientPlugin
          • 0x129a2:$s6: get_ClientSettings
          0.2.SdwkQEBnc3.exe.463e424.3.unpackWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
          • 0xd9ad:$a1: NanoCore.ClientPluginHost
          • 0xd978:$a2: NanoCore.ClientPlugin
          • 0x128f3:$b1: get_BuilderSettings
          • 0x12862:$b7: LogClientException
          • 0xd9c7:$b9: IClientLoggingHost
          Click to see the 45 entries

          Sigma Signatures

          AV Detection

          barindex
          Sigma detected: NanoCore
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\SdwkQEBnc3.exe, ProcessId: 5128, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

          E-Banking Fraud

          barindex
          Sigma detected: NanoCore
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\SdwkQEBnc3.exe, ProcessId: 5128, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

          Stealing of Sensitive Information

          barindex
          Sigma detected: NanoCore
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\SdwkQEBnc3.exe, ProcessId: 5128, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

          Remote Access Functionality

          barindex
          Sigma detected: NanoCore
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\SdwkQEBnc3.exe, ProcessId: 5128, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

          Snort Signatures

          Timestamp:192.168.2.3167.71.56.11649729223782025019 09/25/22-10:39:19.021240
          SID:2025019
          Source Port:49729
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649708223782025019 09/25/22-10:37:58.335400
          SID:2025019
          Source Port:49708
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649719223782025019 09/25/22-10:38:45.572488
          SID:2025019
          Source Port:49719
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649728223782025019 09/25/22-10:39:13.005416
          SID:2025019
          Source Port:49728
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649723223782025019 09/25/22-10:39:06.622577
          SID:2025019
          Source Port:49723
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649709223782025019 09/25/22-10:38:04.391752
          SID:2025019
          Source Port:49709
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649712223782025019 09/25/22-10:38:11.114012
          SID:2025019
          Source Port:49712
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649723223782816766 09/25/22-10:39:08.421800
          SID:2816766
          Source Port:49723
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649733223782816766 09/25/22-10:39:42.564776
          SID:2816766
          Source Port:49733
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649712223782816766 09/25/22-10:38:14.198704
          SID:2816766
          Source Port:49712
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649737223782025019 09/25/22-10:39:46.930085
          SID:2025019
          Source Port:49737
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649716223782025019 09/25/22-10:38:33.571963
          SID:2025019
          Source Port:49716
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649717223782025019 09/25/22-10:38:39.534899
          SID:2025019
          Source Port:49717
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649708223782816718 09/25/22-10:37:59.384612
          SID:2816718
          Source Port:49708
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649716223782816766 09/25/22-10:38:35.293304
          SID:2816766
          Source Port:49716
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649737223782816766 09/25/22-10:39:48.190268
          SID:2816766
          Source Port:49737
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649729223782816766 09/25/22-10:39:20.875554
          SID:2816766
          Source Port:49729
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649719223782816766 09/25/22-10:38:47.309965
          SID:2816766
          Source Port:49719
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649708223782816766 09/25/22-10:38:00.056144
          SID:2816766
          Source Port:49708
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649717223782816766 09/25/22-10:38:41.356311
          SID:2816766
          Source Port:49717
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649728223782816766 09/25/22-10:39:14.776089
          SID:2816766
          Source Port:49728
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649741223782816766 09/25/22-10:39:54.862352
          SID:2816766
          Source Port:49741
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649723223782816718 09/25/22-10:39:07.608396
          SID:2816718
          Source Port:49723
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649733223782025019 09/25/22-10:39:40.736255
          SID:2025019
          Source Port:49733
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649709223782816766 09/25/22-10:38:06.120867
          SID:2816766
          Source Port:49709
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3167.71.56.11649741223782025019 09/25/22-10:39:53.012867
          SID:2025019
          Source Port:49741
          Destination Port:22378
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: SdwkQEBnc3.exeReversingLabs: Detection: 100%
          Source: SdwkQEBnc3.exeVirustotal: Detection: 83%Perma Link
          Source: SdwkQEBnc3.exeMetadefender: Detection: 94%Perma Link
          Antivirus / Scanner detection for submitted sample
          Source: SdwkQEBnc3.exeAvira: detected
          Antivirus detection for URL or domain
          Source: eu-central-7075.packetriot.netAvira URL Cloud: Label: malware
          Multi AV Scanner detection for domain / URL
          Source: eu-central-7075.packetriot.netVirustotal: Detection: 10%Perma Link
          Source: eu-central-7075.packetriot.netVirustotal: Detection: 10%Perma Link
          Yara detected Nanocore RAT
          Source: Yara matchFile source: SdwkQEBnc3.exe, type: SAMPLE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.463e424.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.5e34629.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.4642a4d.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.5e30000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.46395ee.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.5e30000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.463e424.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SdwkQEBnc3.exe PID: 5128, type: MEMORYSTR
          Machine Learning detection for sample
          Source: SdwkQEBnc3.exeJoe Sandbox ML: detected
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
          Source: 0.2.SdwkQEBnc3.exe.5e30000.6.unpackAvira: Label: TR/NanoCore.fadte
          Source: 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "7fd0fb12-397b-455a-940b-bef9261b", "Group": "kurban", "Domain1": "eu-central-7075.packetriot.net", "Domain2": "127.0.0.1", "Port": 22378, "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}
          Source: SdwkQEBnc3.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49708 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49708 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.2.3:49708 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49709 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49709 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49712 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49712 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49716 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49716 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49717 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49717 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49719 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49719 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49723 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49723 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.2.3:49723 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49728 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49728 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49729 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49729 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49733 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49733 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49737 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49737 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49741 -> 167.71.56.116:22378
          Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49741 -> 167.71.56.116:22378
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: eu-central-7075.packetriot.net
          Source: Malware configuration extractorURLs: 127.0.0.1
          Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
          Source: Joe Sandbox ViewIP Address: 167.71.56.116 167.71.56.116
          Source: global trafficTCP traffic: 192.168.2.3:49708 -> 167.71.56.116:22378
          Source: unknownDNS traffic detected: queries for: eu-central-7075.packetriot.net
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeCode function: 0_2_05832CD2 WSARecv,0_2_05832CD2
          Source: SdwkQEBnc3.exe, 00000000.00000002.506539476.00000000015AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
          Source: SdwkQEBnc3.exe, 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: RegisterRawInputDevices

          E-Banking Fraud

          barindex
          Yara detected Nanocore RAT
          Source: Yara matchFile source: SdwkQEBnc3.exe, type: SAMPLE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.463e424.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.5e34629.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.4642a4d.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.5e30000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.46395ee.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.5e30000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.463e424.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SdwkQEBnc3.exe PID: 5128, type: MEMORYSTR

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: SdwkQEBnc3.exe, type: SAMPLEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: SdwkQEBnc3.exe, type: SAMPLEMatched rule: Detects NanoCore Author: ditekSHen
          Source: SdwkQEBnc3.exe, type: SAMPLEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: SdwkQEBnc3.exe, type: SAMPLEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 0.2.SdwkQEBnc3.exe.463e424.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.SdwkQEBnc3.exe.463e424.3.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 0.2.SdwkQEBnc3.exe.463e424.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 0.2.SdwkQEBnc3.exe.5a80000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.SdwkQEBnc3.exe.5a80000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 0.2.SdwkQEBnc3.exe.5a80000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 0.2.SdwkQEBnc3.exe.5e34629.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.SdwkQEBnc3.exe.5e34629.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 0.2.SdwkQEBnc3.exe.5e34629.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 0.2.SdwkQEBnc3.exe.4642a4d.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.SdwkQEBnc3.exe.4642a4d.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 0.2.SdwkQEBnc3.exe.4642a4d.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 0.2.SdwkQEBnc3.exe.5e30000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.SdwkQEBnc3.exe.5e30000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 0.2.SdwkQEBnc3.exe.5e30000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 0.2.SdwkQEBnc3.exe.46395ee.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.SdwkQEBnc3.exe.46395ee.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 0.2.SdwkQEBnc3.exe.46395ee.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 0.2.SdwkQEBnc3.exe.46395ee.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 0.2.SdwkQEBnc3.exe.5e30000.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.SdwkQEBnc3.exe.5e30000.6.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 0.2.SdwkQEBnc3.exe.5e30000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 0.2.SdwkQEBnc3.exe.463e424.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.SdwkQEBnc3.exe.463e424.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 0.2.SdwkQEBnc3.exe.463e424.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 0.2.SdwkQEBnc3.exe.3601784.0.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.SdwkQEBnc3.exe.3601784.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
          Source: 0.2.SdwkQEBnc3.exe.3601784.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
          Source: 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 00000000.00000002.513184324.0000000005A80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 00000000.00000002.513184324.0000000005A80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
          Source: 00000000.00000002.513184324.0000000005A80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: 00000000.00000002.508672696.00000000035F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: Process Memory Space: SdwkQEBnc3.exe PID: 5128, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: Process Memory Space: SdwkQEBnc3.exe PID: 5128, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: Process Memory Space: SdwkQEBnc3.exe PID: 5128, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
          Source: SdwkQEBnc3.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: SdwkQEBnc3.exe, type: SAMPLEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: SdwkQEBnc3.exe, type: SAMPLEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: SdwkQEBnc3.exe, type: SAMPLEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: SdwkQEBnc3.exe, type: SAMPLEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: SdwkQEBnc3.exe, type: SAMPLEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 0.2.SdwkQEBnc3.exe.463e424.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.463e424.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.463e424.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 0.2.SdwkQEBnc3.exe.463e424.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 0.2.SdwkQEBnc3.exe.5a80000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.5a80000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.5a80000.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 0.2.SdwkQEBnc3.exe.5a80000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 0.2.SdwkQEBnc3.exe.5e34629.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.5e34629.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.5e34629.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 0.2.SdwkQEBnc3.exe.5e34629.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 0.2.SdwkQEBnc3.exe.4642a4d.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.4642a4d.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.4642a4d.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 0.2.SdwkQEBnc3.exe.4642a4d.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 0.2.SdwkQEBnc3.exe.5e30000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.5e30000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.5e30000.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 0.2.SdwkQEBnc3.exe.5e30000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 0.2.SdwkQEBnc3.exe.46395ee.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.46395ee.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.46395ee.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 0.2.SdwkQEBnc3.exe.46395ee.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 0.2.SdwkQEBnc3.exe.46395ee.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 0.2.SdwkQEBnc3.exe.5e30000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.5e30000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.5e30000.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 0.2.SdwkQEBnc3.exe.5e30000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 0.2.SdwkQEBnc3.exe.463e424.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.463e424.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.463e424.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 0.2.SdwkQEBnc3.exe.463e424.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 0.2.SdwkQEBnc3.exe.3601784.0.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.3601784.0.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 0.2.SdwkQEBnc3.exe.3601784.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 0.2.SdwkQEBnc3.exe.3601784.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 00000000.00000002.513184324.0000000005A80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 00000000.00000002.513184324.0000000005A80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: 00000000.00000002.513184324.0000000005A80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
          Source: 00000000.00000002.513184324.0000000005A80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: 00000000.00000002.508672696.00000000035F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: Process Memory Space: SdwkQEBnc3.exe PID: 5128, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
          Source: Process Memory Space: SdwkQEBnc3.exe PID: 5128, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: Process Memory Space: SdwkQEBnc3.exe PID: 5128, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeCode function: 0_2_0570AD380_2_0570AD38
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeCode function: 0_2_057084680_2_05708468
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeCode function: 0_2_057090680_2_05709068
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeCode function: 0_2_057023A00_2_057023A0
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeCode function: 0_2_05702FA80_2_05702FA8
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeCode function: 0_2_0570912F0_2_0570912F
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeCode function: 0_2_057099100_2_05709910
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeCode function: 0_2_0570306F0_2_0570306F
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeCode function: 0_2_0570937B0_2_0570937B
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeCode function: 0_2_05831642 NtQuerySystemInformation,0_2_05831642
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeCode function: 0_2_05831607 NtQuerySystemInformation,0_2_05831607
          Source: SdwkQEBnc3.exe, 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs SdwkQEBnc3.exe
          Source: SdwkQEBnc3.exe, 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs SdwkQEBnc3.exe
          Source: SdwkQEBnc3.exe, 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs SdwkQEBnc3.exe
          Source: SdwkQEBnc3.exe, 00000000.00000002.513932324.00000000061D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs SdwkQEBnc3.exe
          Source: SdwkQEBnc3.exe, 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs SdwkQEBnc3.exe
          Source: SdwkQEBnc3.exe, 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs SdwkQEBnc3.exe
          Source: SdwkQEBnc3.exe, 00000000.00000002.508672696.00000000035F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs SdwkQEBnc3.exe
          Source: SdwkQEBnc3.exe, 00000000.00000002.513184324.0000000005A80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs SdwkQEBnc3.exe
          Source: SdwkQEBnc3.exe, 00000000.00000002.506539476.00000000015AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs SdwkQEBnc3.exe
          Source: SdwkQEBnc3.exeStatic PE information: Section: .rsrc ZLIB complexity 0.9997098214285715
          Source: SdwkQEBnc3.exeReversingLabs: Detection: 100%
          Source: SdwkQEBnc3.exeVirustotal: Detection: 83%
          Source: SdwkQEBnc3.exeMetadefender: Detection: 94%
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeFile read: C:\Users\user\Desktop\SdwkQEBnc3.exeJump to behavior
          Source: SdwkQEBnc3.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeCode function: 0_2_05831402 AdjustTokenPrivileges,0_2_05831402
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeCode function: 0_2_058313CB AdjustTokenPrivileges,0_2_058313CB
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeFile created: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9AJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@1/1@12/3
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
          Source: SdwkQEBnc3.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
          Source: SdwkQEBnc3.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
          Source: SdwkQEBnc3.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{7fd0fb12-397b-455a-940b-bef9261bdda7}
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
          Source: SdwkQEBnc3.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
          Source: SdwkQEBnc3.exe, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
          Source: SdwkQEBnc3.exe, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
          Source: SdwkQEBnc3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: SdwkQEBnc3.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: SdwkQEBnc3.exe, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: SdwkQEBnc3.exe, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
          Source: SdwkQEBnc3.exe, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
          Source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'

          Hooking and other Techniques for Hiding and Protection

          barindex
          Hides that the sample has been downloaded from the Internet (zone.identifier)
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeFile opened: C:\Users\user\Desktop\SdwkQEBnc3.exe:Zone.Identifier read attributes | deleteJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exe TID: 5140Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exe TID: 5156Thread sleep time: -280000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeWindow / User API: threadDelayed 397Jump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeWindow / User API: foregroundWindowGot 1237Jump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeCode function: 0_2_0583112A GetSystemInfo,0_2_0583112A
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: SdwkQEBnc3.exe, 00000000.00000003.252232280.0000000001671000.00000004.00000020.00020000.00000000.sdmp, SdwkQEBnc3.exe, 00000000.00000003.404164699.0000000001671000.00000004.00000020.00020000.00000000.sdmp, SdwkQEBnc3.exe, 00000000.00000003.251082376.0000000001671000.00000004.00000020.00020000.00000000.sdmp, SdwkQEBnc3.exe, 00000000.00000003.463806944.0000000001671000.00000004.00000020.00020000.00000000.sdmp, SdwkQEBnc3.exe, 00000000.00000003.479435315.0000000001671000.00000004.00000020.00020000.00000000.sdmp, SdwkQEBnc3.exe, 00000000.00000003.245467170.0000000001671000.00000004.00000020.00020000.00000000.sdmp, SdwkQEBnc3.exe, 00000000.00000003.251568865.0000000001671000.00000004.00000020.00020000.00000000.sdmp, SdwkQEBnc3.exe, 00000000.00000003.256553111.0000000001671000.00000004.00000020.00020000.00000000.sdmp, SdwkQEBnc3.exe, 00000000.00000003.254004502.0000000001671000.00000004.00000020.00020000.00000000.sdmp, SdwkQEBnc3.exe, 00000000.00000003.245695919.0000000001671000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<
          Source: SdwkQEBnc3.exe, 00000000.00000003.243210520.000000000166A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeMemory allocated: page read and write | page guardJump to behavior
          Source: SdwkQEBnc3.exe, 00000000.00000003.463798700.000000000166B000.00000004.00000020.00020000.00000000.sdmp, SdwkQEBnc3.exe, 00000000.00000003.419327218.0000000001667000.00000004.00000020.00020000.00000000.sdmp, SdwkQEBnc3.exe, 00000000.00000003.475818393.000000000166A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerh
          Source: SdwkQEBnc3.exe, 00000000.00000002.511063942.0000000003818000.00000004.00000800.00020000.00000000.sdmp, SdwkQEBnc3.exe, 00000000.00000002.511340676.0000000003868000.00000004.00000800.00020000.00000000.sdmp, SdwkQEBnc3.exe, 00000000.00000002.510520358.0000000003762000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
          Source: SdwkQEBnc3.exe, 00000000.00000002.509324331.000000000367C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerp
          Source: SdwkQEBnc3.exe, 00000000.00000002.510520358.0000000003762000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager`
          Source: SdwkQEBnc3.exe, 00000000.00000002.507614889.0000000001615000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected Nanocore RAT
          Source: Yara matchFile source: SdwkQEBnc3.exe, type: SAMPLE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.463e424.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.5e34629.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.4642a4d.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.5e30000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.46395ee.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.5e30000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.463e424.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SdwkQEBnc3.exe PID: 5128, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Detected Nanocore Rat
          Source: SdwkQEBnc3.exe, 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
          Source: SdwkQEBnc3.exe, 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
          Source: SdwkQEBnc3.exe, 00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: NanoCore.ClientPluginHost
          Source: SdwkQEBnc3.exe, 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
          Source: SdwkQEBnc3.exe, 00000000.00000002.508672696.00000000035F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
          Source: SdwkQEBnc3.exe, 00000000.00000002.508672696.00000000035F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
          Source: SdwkQEBnc3.exe, 00000000.00000002.513184324.0000000005A80000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
          Source: SdwkQEBnc3.exe, 00000000.00000002.513184324.0000000005A80000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
          Source: SdwkQEBnc3.exeString found in binary or memory: NanoCore.ClientPluginHost
          Yara detected Nanocore RAT
          Source: Yara matchFile source: SdwkQEBnc3.exe, type: SAMPLE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.463e424.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.5e34629.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.0.SdwkQEBnc3.exe.f10000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.4642a4d.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.5e30000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.46395ee.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.5e30000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SdwkQEBnc3.exe.463e424.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SdwkQEBnc3.exe PID: 5128, type: MEMORYSTR
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeCode function: 0_2_05832816 bind,0_2_05832816
          Source: C:\Users\user\Desktop\SdwkQEBnc3.exeCode function: 0_2_058327C4 bind,0_2_058327C4

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management InstrumentationPath Interception1
          Access Token Manipulation          		1
          Masquerading          		21
          Input Capture          		1
          Security Software Discovery          		Remote Services21
          Input Capture          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          Process Injection          		1
          Disable or Modify Tools          		LSASS Memory2
          Process Discovery          		Remote Desktop Protocol11
          Archive Collected Data          		Exfiltration Over Bluetooth1
          Non-Standard Port          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)21
          Virtualization/Sandbox Evasion          		Security Account Manager21
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
          Remote Access Software          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Access Token Manipulation          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer1
          Ingress Tool Transfer          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Process Injection          		LSA Secrets3
          System Information Discovery          		SSHKeyloggingData Transfer Size Limits1
          Non-Application Layer Protocol          		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Deobfuscate/Decode Files or Information          		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 Channel11
          Application Layer Protocol          		Jamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items1
          Hidden Files and Directories          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job12
          Software Packing          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SdwkQEBnc3.exe100%ReversingLabsByteCode-MSIL.Backdoor.NanoCore
          SdwkQEBnc3.exe83%VirustotalBrowse
          SdwkQEBnc3.exe94%MetadefenderBrowse
          SdwkQEBnc3.exe100%AviraTR/Dropper.MSIL.Gen7
          SdwkQEBnc3.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.0.SdwkQEBnc3.exe.f10000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
          0.2.SdwkQEBnc3.exe.5e30000.6.unpack100%AviraTR/NanoCore.fadteDownload File

          Domains

          SourceDetectionScannerLabelLink
          eu-central-7075.packetriot.net10%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          eu-central-7075.packetriot.net10%VirustotalBrowse
          127.0.0.11%VirustotalBrowse
          127.0.0.10%Avira URL Cloudsafe
          eu-central-7075.packetriot.net100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          eu-central-7075.packetriot.net
          		167.71.56.116
          		truetrueunknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          eu-central-7075.packetriot.nettrue
          • 10%, Virustotal, Browse
          • Avira URL Cloud: malware
          		unknown
          127.0.0.1true
          • 1%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          167.71.56.116
          		eu-central-7075.packetriot.netUnited States
          		14061DIGITALOCEAN-ASNUStrue

          Private

          IP
          192.168.2.1
          127.0.0.1

          General Information

          Joe Sandbox Version:36.0.0 Rainbow Opal
          Analysis ID:709347
          Start date and time:2022-09-25 10:37:05 +02:00
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 5m 37s
          Hypervisor based Inspection enabled:false
          Report type:full
          Sample file name:SdwkQEBnc3.exe
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
          Number of analysed new started processes analysed:20
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal100.troj.evad.winEXE@1/1@12/3
          EGA Information:
          • Successful, ratio: 100%
          HDC Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 242
          • Number of non-executed functions: 5
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
          • Excluded domains from analysis (whitelisted): fs.microsoft.com, login.live.com, ctldl.windowsupdate.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtAllocateVirtualMemory calls found.

          Simulations

          Behavior and APIs

          TimeTypeDescription
          10:37:58API Interceptor1016x Sleep call for process: SdwkQEBnc3.exe modified

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          167.71.56.116riV1K85Awe.exeGet hashmaliciousBrowse
            Malwarebytes Gears.exeGet hashmaliciousBrowse
              H8RZSly6dG.exeGet hashmaliciousBrowse
                8E8732B9BEBC8382E938B48697E79FEB4B06528DF41FD.exeGet hashmaliciousBrowse
                  qCotr6jZt2.exeGet hashmaliciousBrowse

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    eu-central-7075.packetriot.netriV1K85Awe.exeGet hashmaliciousBrowse
                    • 167.71.56.116
                    Malwarebytes Gears.exeGet hashmaliciousBrowse
                    • 167.71.56.116

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    DIGITALOCEAN-ASNUSUDeAF2I4uY.elfGet hashmaliciousBrowse
                    • 104.131.91.127
                    DOC20220913-567890987655608.exeGet hashmaliciousBrowse
                    • 64.225.91.73
                    mips-20220923-2008.elfGet hashmaliciousBrowse
                    • 157.245.157.88
                    x86_64-20220923-2007.elfGet hashmaliciousBrowse
                    • 157.230.180.184
                    arm7-20220923-2007.elfGet hashmaliciousBrowse
                    • 157.245.145.91
                    http://Szchikcup4pdf.comGet hashmaliciousBrowse
                    • 159.203.22.175
                    gootloader-payload.jsGet hashmaliciousBrowse
                    • 161.35.110.54
                    https://stpete.mobirisesite.com/Get hashmaliciousBrowse
                    • 198.211.115.188
                    https://iui.modeflooring.com.au/&m=dG9sb3BnYXZlbkByb3lhbGZsb3JhaG9sbGFuZC5jb20=Get hashmaliciousBrowse
                    • 138.68.71.222
                    invoice_slim.exeGet hashmaliciousBrowse
                    • 167.172.152.136
                    arm7-20220922-1224.elfGet hashmaliciousBrowse
                    • 157.245.169.83
                    https://drive.google.com/file/d/1SMbks-yp-98w_FfCF4YmaEQzI__QyK08/view?usp=sharingGet hashmaliciousBrowse
                    • 167.172.152.136
                    PCB_PS_HBPP_(-)_R_5P.vbsGet hashmaliciousBrowse
                    • 64.225.91.73
                    9j5CUZk7WH.elfGet hashmaliciousBrowse
                    • 167.172.168.125
                    https://m.vk.com/away.php?cheer=front&elite=lever&to=https://mobile-manage-details-amazon-bunny201412.codeanyapp.com/Get hashmaliciousBrowse
                    • 138.68.200.42
                    yE1A4YwoeH.dllGet hashmaliciousBrowse
                    • 161.35.110.54
                    Bii6zXzMVS.dllGet hashmaliciousBrowse
                    • 161.35.110.54
                    yE1A4YwoeH.dllGet hashmaliciousBrowse
                    • 161.35.110.54
                    Bii6zXzMVS.dllGet hashmaliciousBrowse
                    • 161.35.110.54
                    trailers.db.dllGet hashmaliciousBrowse
                    • 161.35.110.54

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

                    Download File
                    Process:C:\Users\user\Desktop\SdwkQEBnc3.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):8
                    Entropy (8bit):3.0
                    Encrypted:false
                    SSDEEP:3:Uk/tn:Ukl
                    MD5:2AC74D46D23C202B8D77F932CE807595
                    SHA1:E9FAFC5726FBF9B21A51370F5CB9ED07481F6C39
                    SHA-256:982CB56995CCC98B0B3117C4123E053DC19903F3D41F9F3E5C036629B809E046
                    SHA-512:A25513343E660EB82278A36E1B96DEA9A334F16D62D79E165EE1A9AEB49CE3AD594460161A0EEE6FD33AE5D2A94C63D758C342F421231D1669A2B5534C035627
                    Malicious:true
                    Reputation:low
                    Preview:..j....H

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Entropy (8bit):7.448162265044309
                    TrID:
                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    • Win32 Executable (generic) a (10002005/4) 49.78%
                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                    • Generic Win/DOS Executable (2004/3) 0.01%
                    • DOS Executable Generic (2002/1) 0.01%
                    File name:SdwkQEBnc3.exe
                    File size:207360
                    MD5:33851c19216f0e65db0aecc27dc71ffc
                    SHA1:0ad881c7d507bea247bfe454e29bc645f3d1b4ac
                    SHA256:d3c3718f2106aca6ed10bb92ec37e99bcadd8536f499af4de3849625a0a1c109
                    SHA512:beb70bc68603bc8722656297c7bab35fd15ba7a2d91520f22ea00b2d021ee171c38917d0ddd0bb50e752294c20bd2a257da7623c464252cde4f490c5b66af708
                    SSDEEP:6144:gLV6Bta6dtJmakIM5XQa2WCE085Qe6nGH:gLV6Btpmk22Wd085GnC
                    TLSH:6C14CF5677A94A2FE1DE89B9711241038378C2E7A8D3F3EF28D425B69F267E006471D3
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.T.....................`........... ........@.. .....................................................................

                    File Icon

                    Icon Hash:00828e8e8686b000

                    Static PE Info

                    General

                    Entrypoint:0x41e792
                    Entrypoint Section:.text
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    DLL Characteristics:
                    Time Stamp:0x54E927A1 [Sun Feb 22 00:49:37 2015 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                    Entrypoint Preview

                    Instruction
                    jmp dword ptr [00402000h]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1e7380x57.text
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x220000x15d90.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x200000xc.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x20000x1c7980x1c800False0.594495271381579data6.598046369910041IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .reloc0x200000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                    .rsrc0x220000x15d900x15e00False0.9997098214285715data7.997673261620719IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountry
                    RT_RCDATA0x220580x15d38TIM image, (2595,61413)

                    Imports

                    DLLImport
                    mscoree.dll_CorExeMain

                    Network Behavior

                    Snort IDS Alerts

                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                    192.168.2.3167.71.56.11649729223782025019 09/25/22-10:39:19.021240TCP2025019ET TROJAN Possible NanoCore C2 60B4972922378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649708223782025019 09/25/22-10:37:58.335400TCP2025019ET TROJAN Possible NanoCore C2 60B4970822378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649719223782025019 09/25/22-10:38:45.572488TCP2025019ET TROJAN Possible NanoCore C2 60B4971922378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649728223782025019 09/25/22-10:39:13.005416TCP2025019ET TROJAN Possible NanoCore C2 60B4972822378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649723223782025019 09/25/22-10:39:06.622577TCP2025019ET TROJAN Possible NanoCore C2 60B4972322378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649709223782025019 09/25/22-10:38:04.391752TCP2025019ET TROJAN Possible NanoCore C2 60B4970922378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649712223782025019 09/25/22-10:38:11.114012TCP2025019ET TROJAN Possible NanoCore C2 60B4971222378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649723223782816766 09/25/22-10:39:08.421800TCP2816766ETPRO TROJAN NanoCore RAT CnC 74972322378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649733223782816766 09/25/22-10:39:42.564776TCP2816766ETPRO TROJAN NanoCore RAT CnC 74973322378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649712223782816766 09/25/22-10:38:14.198704TCP2816766ETPRO TROJAN NanoCore RAT CnC 74971222378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649737223782025019 09/25/22-10:39:46.930085TCP2025019ET TROJAN Possible NanoCore C2 60B4973722378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649716223782025019 09/25/22-10:38:33.571963TCP2025019ET TROJAN Possible NanoCore C2 60B4971622378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649717223782025019 09/25/22-10:38:39.534899TCP2025019ET TROJAN Possible NanoCore C2 60B4971722378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649708223782816718 09/25/22-10:37:59.384612TCP2816718ETPRO TROJAN NanoCore RAT Keep-Alive Beacon4970822378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649716223782816766 09/25/22-10:38:35.293304TCP2816766ETPRO TROJAN NanoCore RAT CnC 74971622378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649737223782816766 09/25/22-10:39:48.190268TCP2816766ETPRO TROJAN NanoCore RAT CnC 74973722378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649729223782816766 09/25/22-10:39:20.875554TCP2816766ETPRO TROJAN NanoCore RAT CnC 74972922378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649719223782816766 09/25/22-10:38:47.309965TCP2816766ETPRO TROJAN NanoCore RAT CnC 74971922378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649708223782816766 09/25/22-10:38:00.056144TCP2816766ETPRO TROJAN NanoCore RAT CnC 74970822378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649717223782816766 09/25/22-10:38:41.356311TCP2816766ETPRO TROJAN NanoCore RAT CnC 74971722378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649728223782816766 09/25/22-10:39:14.776089TCP2816766ETPRO TROJAN NanoCore RAT CnC 74972822378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649741223782816766 09/25/22-10:39:54.862352TCP2816766ETPRO TROJAN NanoCore RAT CnC 74974122378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649723223782816718 09/25/22-10:39:07.608396TCP2816718ETPRO TROJAN NanoCore RAT Keep-Alive Beacon4972322378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649733223782025019 09/25/22-10:39:40.736255TCP2025019ET TROJAN Possible NanoCore C2 60B4973322378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649709223782816766 09/25/22-10:38:06.120867TCP2816766ETPRO TROJAN NanoCore RAT CnC 74970922378192.168.2.3167.71.56.116
                    192.168.2.3167.71.56.11649741223782025019 09/25/22-10:39:53.012867TCP2025019ET TROJAN Possible NanoCore C2 60B4974122378192.168.2.3167.71.56.116

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 25, 2022 10:37:58.264648914 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:58.296509027 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:37:58.296634912 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:58.335400105 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:58.366008043 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:37:58.415612936 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:58.446237087 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:37:58.477843046 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:58.508677006 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:37:58.603470087 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:58.635688066 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:37:58.673021078 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:58.703991890 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:37:58.822587967 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:58.855446100 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:37:58.883898973 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:58.914707899 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:37:59.009452105 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:59.040250063 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:37:59.103066921 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:59.133682966 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:37:59.320054054 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:59.350832939 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:37:59.384612083 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:59.415494919 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:37:59.468890905 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:59.499579906 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:37:59.649624109 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:59.680293083 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:37:59.712111950 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:59.742652893 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:37:59.864775896 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:59.895387888 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:37:59.931041002 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:37:59.961791039 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:00.056143999 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:00.127749920 CEST2237849708167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:00.182921886 CEST4970822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:04.354166031 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:04.384440899 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:04.384546041 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:04.391752005 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:04.421927929 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:04.447284937 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:04.477539062 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:04.541570902 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:04.572074890 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:04.681499958 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:04.711612940 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:04.806596994 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:04.837306976 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:04.887413025 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:04.922811031 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:05.010030031 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:05.040236950 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:05.088083982 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:05.118360996 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:05.213840961 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:05.244219065 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:05.353310108 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:05.385812998 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:05.432198048 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:05.464849949 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:05.562103987 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:05.594657898 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:05.689172983 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:05.722748995 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:05.744601965 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:05.777255058 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:05.853795052 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:05.884052038 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:06.009485006 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:06.039866924 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:06.120867014 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:06.190546989 CEST2237849709167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:06.259795904 CEST4970922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:10.947829008 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:10.978771925 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:10.978933096 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:11.114012003 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:11.146862030 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:11.723541021 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:11.754926920 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:11.792958021 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:11.823889971 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:11.902371883 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:11.934346914 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:11.994277000 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:12.025028944 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:12.209912062 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:12.243458033 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:12.278104067 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:12.310245037 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:13.070338964 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:13.101237059 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:13.263070107 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:13.293661118 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:13.369754076 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:13.400302887 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:13.526094913 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:13.556870937 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:13.588429928 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:13.620610952 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:13.745034933 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:13.777774096 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:13.807357073 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:13.838150978 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:13.917634010 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:13.948364973 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:14.080925941 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:14.111721039 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:14.198704004 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:14.229343891 CEST2237849712167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:14.261565924 CEST4971222378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:33.540184021 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:33.570532084 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:33.570635080 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:33.571963072 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:33.601969957 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:33.602055073 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:33.632117987 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:33.700086117 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:33.730263948 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:33.761878014 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:33.792076111 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:33.861722946 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:33.891942024 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:34.016598940 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:34.047259092 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:34.081403017 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:34.112797976 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:34.246295929 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:34.276577950 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:34.309181929 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:34.339718103 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:34.403170109 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:34.433310986 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:34.560204983 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:34.591372013 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:34.621445894 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:34.651770115 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:34.777673960 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:34.808082104 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:34.855691910 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:34.886313915 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:35.012109995 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:35.042447090 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:35.105751038 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:35.136123896 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:35.215379000 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:35.285557985 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:35.293303967 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:35.363605022 CEST2237849716167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:35.418235064 CEST4971622378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:39.502432108 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:39.532665968 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:39.532865047 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:39.534898996 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:39.564930916 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:39.606437922 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:39.636554956 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:39.762279987 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:39.792275906 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:39.845876932 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:39.876012087 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:39.970565081 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:40.000689030 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:40.106199980 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:40.136266947 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:40.169091940 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:40.199421883 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:40.309550047 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:40.339864016 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:40.441035032 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:40.471213102 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:40.530937910 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:40.561089993 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:40.700172901 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:40.730293989 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:40.764072895 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:40.794080973 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:40.856523037 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:40.886815071 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:41.013045073 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:41.043498993 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:41.090825081 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:41.120925903 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:41.215687990 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:41.245975018 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:41.356311083 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:41.426832914 CEST2237849717167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:41.465882063 CEST4971722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:45.534130096 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:45.564323902 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:45.564635038 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:45.572488070 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:45.602653027 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:45.604054928 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:45.634238958 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:45.720558882 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:45.750782013 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:45.816565990 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:45.846863985 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:45.954190969 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:45.985027075 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:46.062097073 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:46.092155933 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:46.154479980 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:46.184376955 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:46.310159922 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:46.340600967 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:46.372658968 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:46.402913094 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:46.544214010 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:46.574596882 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:46.607450962 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:46.637835026 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:46.763396025 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:46.793700933 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:46.841123104 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:46.871371984 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:46.969867945 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:47.000271082 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:47.106703997 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:47.137236118 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:47.169361115 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:47.199879885 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:47.309964895 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:47.374208927 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:38:47.379899025 CEST2237849719167.71.56.116192.168.2.3
                    Sep 25, 2022 10:38:47.380708933 CEST4971922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:06.526299953 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:06.556915998 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:06.557013988 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:06.622576952 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:06.653212070 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:06.690581083 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:06.721249104 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:06.750931025 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:06.781614065 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:06.842734098 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:06.875190020 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:06.968065023 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:06.998869896 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:07.108259916 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:07.138994932 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:07.189034939 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:07.219963074 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:07.312163115 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:07.342787027 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:07.374186039 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:07.404824972 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:07.534209967 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:07.564850092 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:07.608396053 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:07.638974905 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:07.764657021 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:07.795512915 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:07.827966928 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:07.858493090 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:07.968396902 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:07.998939991 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:08.031341076 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:08.061913967 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:08.202330112 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:08.232970953 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:08.265235901 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:08.335436106 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:08.421799898 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:08.483733892 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:08.491398096 CEST2237849723167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:08.491518974 CEST4972322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:12.973993063 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:13.004606962 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:13.004733086 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:13.005415916 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:13.035731077 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:13.111459017 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:13.142047882 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:13.171700954 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:13.202177048 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:13.287904978 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:13.318567991 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:13.457048893 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:13.487549067 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:13.515552044 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:13.546571970 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:13.610753059 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:13.641319036 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:13.773386955 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:13.803787947 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:13.851452112 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:13.882236004 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:13.976834059 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:14.007381916 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:14.113359928 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:14.143806934 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:14.171809912 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:14.202367067 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:14.312356949 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:14.343050957 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:14.422131062 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:14.452857018 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:14.546569109 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:14.577162981 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:14.609445095 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:14.640069008 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:14.776088953 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:14.828402996 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:14.846364021 CEST2237849728167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:14.846566916 CEST4972822378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:18.989852905 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:19.020451069 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:19.020648003 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:19.021239996 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:19.051577091 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:19.051722050 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:19.082350016 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:19.111886024 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:19.142554998 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:19.265892982 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:19.296348095 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:19.328212976 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:19.358688116 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:19.469253063 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:19.499763012 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:19.532581091 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:19.563261986 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:19.703785896 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:19.734370947 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:19.765969038 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:19.796472073 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:19.860275984 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:19.890885115 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:20.015834093 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:20.046756983 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:20.093998909 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:20.125854015 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:20.219235897 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:20.249922991 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:20.388865948 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:20.420043945 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:20.563481092 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:20.594100952 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:20.625562906 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:20.657777071 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:20.768863916 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:20.843776941 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:20.875554085 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:20.945527077 CEST2237849729167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:21.084372997 CEST4972922378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:40.704464912 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:40.734858990 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:40.735033035 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:40.736254930 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:40.766315937 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:40.768166065 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:40.798363924 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:40.923926115 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:40.954818964 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:40.986862898 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:41.017019033 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:41.138932943 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:41.169442892 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:41.299304962 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:41.331058979 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:41.373673916 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:41.403942108 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:41.528587103 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:41.559115887 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:41.690354109 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:41.720967054 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:41.753417015 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:41.783597946 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:41.861826897 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:41.893022060 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:42.017612934 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:42.048367977 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:42.095797062 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:42.126075983 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:42.222878933 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:42.253159046 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:42.367712021 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:42.398024082 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:42.424077988 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:42.454236984 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:42.564775944 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:42.627233982 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:42.634291887 CEST2237849733167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:42.638767004 CEST4973322378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:46.898662090 CEST4973722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:46.929327965 CEST2237849737167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:46.929487944 CEST4973722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:46.930084944 CEST4973722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:46.960352898 CEST2237849737167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:46.960553885 CEST4973722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:46.990978003 CEST2237849737167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:47.112459898 CEST4973722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:47.143605947 CEST2237849737167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:47.174602985 CEST4973722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:47.205184937 CEST2237849737167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:47.331815004 CEST4973722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:47.362482071 CEST2237849737167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:47.471534967 CEST4973722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:47.502063990 CEST2237849737167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:47.549544096 CEST4973722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:47.580147028 CEST2237849737167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:47.675892115 CEST4973722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:47.706629038 CEST2237849737167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:47.752444983 CEST4973722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:47.783170938 CEST2237849737167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:47.929739952 CEST4973722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:47.960525990 CEST2237849737167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:47.987555981 CEST4973722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:48.018409967 CEST2237849737167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:48.113632917 CEST4973722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:48.144484043 CEST2237849737167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:48.190268040 CEST4973722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:48.221055984 CEST2237849737167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:48.315284014 CEST4973722378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:52.981436968 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:53.012257099 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:53.012337923 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:53.012866974 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:53.043405056 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:53.112689018 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:53.143065929 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:53.268913984 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:53.299441099 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:53.331075907 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:53.361722946 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:53.472238064 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:53.502908945 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:53.534584999 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:53.583339930 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:53.706474066 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:53.736776114 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:53.768594980 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:53.799386978 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:53.989039898 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:54.019882917 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:54.051021099 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:54.081756115 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:54.182401896 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:54.213740110 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:54.254235983 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:54.285188913 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:54.365262032 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:54.396153927 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:54.519260883 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:54.550195932 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:54.598490000 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:54.629338980 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:54.721719027 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:54.752449989 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:54.862351894 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:54.931921959 CEST4974122378192.168.2.3167.71.56.116
                    Sep 25, 2022 10:39:54.934509993 CEST2237849741167.71.56.116192.168.2.3
                    Sep 25, 2022 10:39:54.936573029 CEST4974122378192.168.2.3167.71.56.116

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 25, 2022 10:37:58.214035988 CEST5799053192.168.2.38.8.8.8
                    Sep 25, 2022 10:37:58.251596928 CEST53579908.8.8.8192.168.2.3
                    Sep 25, 2022 10:38:04.242063046 CEST5238753192.168.2.38.8.8.8
                    Sep 25, 2022 10:38:04.352637053 CEST53523878.8.8.8192.168.2.3
                    Sep 25, 2022 10:38:10.737216949 CEST6062553192.168.2.38.8.8.8
                    Sep 25, 2022 10:38:10.921155930 CEST53606258.8.8.8192.168.2.3
                    Sep 25, 2022 10:38:33.491652012 CEST4930253192.168.2.38.8.8.8
                    Sep 25, 2022 10:38:33.538759947 CEST53493028.8.8.8192.168.2.3
                    Sep 25, 2022 10:38:39.458796024 CEST5397553192.168.2.38.8.8.8
                    Sep 25, 2022 10:38:39.499471903 CEST53539758.8.8.8192.168.2.3
                    Sep 25, 2022 10:38:45.512289047 CEST5295553192.168.2.38.8.8.8
                    Sep 25, 2022 10:38:45.532057047 CEST53529558.8.8.8192.168.2.3
                    Sep 25, 2022 10:39:06.505239964 CEST6058253192.168.2.38.8.8.8
                    Sep 25, 2022 10:39:06.525190115 CEST53605828.8.8.8192.168.2.3
                    Sep 25, 2022 10:39:12.865638971 CEST5604253192.168.2.38.8.8.8
                    Sep 25, 2022 10:39:12.972980976 CEST53560428.8.8.8192.168.2.3
                    Sep 25, 2022 10:39:18.866290092 CEST5963653192.168.2.38.8.8.8
                    Sep 25, 2022 10:39:18.976288080 CEST53596368.8.8.8192.168.2.3
                    Sep 25, 2022 10:39:40.596112967 CEST5563853192.168.2.38.8.8.8
                    Sep 25, 2022 10:39:40.703140020 CEST53556388.8.8.8192.168.2.3
                    Sep 25, 2022 10:39:46.845093966 CEST6532053192.168.2.38.8.8.8
                    Sep 25, 2022 10:39:46.883793116 CEST53653208.8.8.8192.168.2.3
                    Sep 25, 2022 10:39:52.788522005 CEST6076753192.168.2.38.8.8.8
                    Sep 25, 2022 10:39:52.979732990 CEST53607678.8.8.8192.168.2.3

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Sep 25, 2022 10:37:58.214035988 CEST192.168.2.38.8.8.80x3869Standard query (0)eu-central-7075.packetriot.netA (IP address)IN (0x0001)false
                    Sep 25, 2022 10:38:04.242063046 CEST192.168.2.38.8.8.80xd439Standard query (0)eu-central-7075.packetriot.netA (IP address)IN (0x0001)false
                    Sep 25, 2022 10:38:10.737216949 CEST192.168.2.38.8.8.80xce18Standard query (0)eu-central-7075.packetriot.netA (IP address)IN (0x0001)false
                    Sep 25, 2022 10:38:33.491652012 CEST192.168.2.38.8.8.80xafc3Standard query (0)eu-central-7075.packetriot.netA (IP address)IN (0x0001)false
                    Sep 25, 2022 10:38:39.458796024 CEST192.168.2.38.8.8.80xd21dStandard query (0)eu-central-7075.packetriot.netA (IP address)IN (0x0001)false
                    Sep 25, 2022 10:38:45.512289047 CEST192.168.2.38.8.8.80xce32Standard query (0)eu-central-7075.packetriot.netA (IP address)IN (0x0001)false
                    Sep 25, 2022 10:39:06.505239964 CEST192.168.2.38.8.8.80xe731Standard query (0)eu-central-7075.packetriot.netA (IP address)IN (0x0001)false
                    Sep 25, 2022 10:39:12.865638971 CEST192.168.2.38.8.8.80x17beStandard query (0)eu-central-7075.packetriot.netA (IP address)IN (0x0001)false
                    Sep 25, 2022 10:39:18.866290092 CEST192.168.2.38.8.8.80x8e54Standard query (0)eu-central-7075.packetriot.netA (IP address)IN (0x0001)false
                    Sep 25, 2022 10:39:40.596112967 CEST192.168.2.38.8.8.80xffc4Standard query (0)eu-central-7075.packetriot.netA (IP address)IN (0x0001)false
                    Sep 25, 2022 10:39:46.845093966 CEST192.168.2.38.8.8.80x1802Standard query (0)eu-central-7075.packetriot.netA (IP address)IN (0x0001)false
                    Sep 25, 2022 10:39:52.788522005 CEST192.168.2.38.8.8.80xb812Standard query (0)eu-central-7075.packetriot.netA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Sep 25, 2022 10:37:58.251596928 CEST8.8.8.8192.168.2.30x3869No error (0)eu-central-7075.packetriot.net167.71.56.116A (IP address)IN (0x0001)false
                    Sep 25, 2022 10:38:04.352637053 CEST8.8.8.8192.168.2.30xd439No error (0)eu-central-7075.packetriot.net167.71.56.116A (IP address)IN (0x0001)false
                    Sep 25, 2022 10:38:10.921155930 CEST8.8.8.8192.168.2.30xce18No error (0)eu-central-7075.packetriot.net167.71.56.116A (IP address)IN (0x0001)false
                    Sep 25, 2022 10:38:33.538759947 CEST8.8.8.8192.168.2.30xafc3No error (0)eu-central-7075.packetriot.net167.71.56.116A (IP address)IN (0x0001)false
                    Sep 25, 2022 10:38:39.499471903 CEST8.8.8.8192.168.2.30xd21dNo error (0)eu-central-7075.packetriot.net167.71.56.116A (IP address)IN (0x0001)false
                    Sep 25, 2022 10:38:45.532057047 CEST8.8.8.8192.168.2.30xce32No error (0)eu-central-7075.packetriot.net167.71.56.116A (IP address)IN (0x0001)false
                    Sep 25, 2022 10:39:06.525190115 CEST8.8.8.8192.168.2.30xe731No error (0)eu-central-7075.packetriot.net167.71.56.116A (IP address)IN (0x0001)false
                    Sep 25, 2022 10:39:12.972980976 CEST8.8.8.8192.168.2.30x17beNo error (0)eu-central-7075.packetriot.net167.71.56.116A (IP address)IN (0x0001)false
                    Sep 25, 2022 10:39:18.976288080 CEST8.8.8.8192.168.2.30x8e54No error (0)eu-central-7075.packetriot.net167.71.56.116A (IP address)IN (0x0001)false
                    Sep 25, 2022 10:39:40.703140020 CEST8.8.8.8192.168.2.30xffc4No error (0)eu-central-7075.packetriot.net167.71.56.116A (IP address)IN (0x0001)false
                    Sep 25, 2022 10:39:46.883793116 CEST8.8.8.8192.168.2.30x1802No error (0)eu-central-7075.packetriot.net167.71.56.116A (IP address)IN (0x0001)false
                    Sep 25, 2022 10:39:52.979732990 CEST8.8.8.8192.168.2.30xb812No error (0)eu-central-7075.packetriot.net167.71.56.116A (IP address)IN (0x0001)false

                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    System Behavior

                    General

                    Target ID:0
                    Start time:10:37:56
                    Start date:25/09/2022
                    Path:C:\Users\user\Desktop\SdwkQEBnc3.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\SdwkQEBnc3.exe"
                    Imagebase:0xf10000
                    File size:207360 bytes
                    MD5 hash:33851C19216F0E65DB0AECC27DC71FFC
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:.Net C# or VB.NET
                    Yara matches:
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                    • Rule: NanoCore, Description: unknown, Source: 00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                    • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000000.239926624.0000000000F12000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                    • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                    • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.511555903.0000000004637000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                    • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                    • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.513466163.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                    • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.513184324.0000000005A80000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                    • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.513184324.0000000005A80000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                    • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.513184324.0000000005A80000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                    • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.513184324.0000000005A80000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                    • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.508672696.00000000035F1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                    Reputation:low

                    Disassembly

                    Reset < >

                      Execution Graph

                      Execution Coverage:23.9%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:10.7%
                      Total number of Nodes:214
                      Total number of Limit Nodes:5
                      execution_graph 14184 5831402 14185 5831431 AdjustTokenPrivileges 14184->14185 14187 5831453 14185->14187 14499 5831607 14500 5831619 NtQuerySystemInformation 14499->14500 14502 583168c 14500->14502 14200 5830d8e 14202 5830dc6 CreateFileW 14200->14202 14203 5830e15 14202->14203 14208 5700660 14209 5700665 14208->14209 14210 5700674 14209->14210 14213 5700690 14209->14213 14221 5700682 14209->14221 14214 570069f 14213->14214 14229 57043d0 14214->14229 14233 57043c0 14214->14233 14215 57007e2 14238 5705710 14215->14238 14243 570570c 14215->14243 14216 5700806 14216->14210 14222 570069f 14221->14222 14225 57043d0 4 API calls 14222->14225 14226 57043c0 4 API calls 14222->14226 14223 57007e2 14227 5705710 2 API calls 14223->14227 14228 570570c 2 API calls 14223->14228 14224 5700806 14224->14210 14225->14223 14226->14223 14227->14224 14228->14224 14248 5704520 14229->14248 14253 5704510 14229->14253 14230 57043ed 14230->14215 14234 57043cf 14233->14234 14235 57043ed 14233->14235 14234->14235 14236 5704520 4 API calls 14234->14236 14237 5704510 4 API calls 14234->14237 14235->14215 14236->14235 14237->14235 14239 5705719 14238->14239 14240 570571d 14239->14240 14290 5705798 14239->14290 14295 5705788 14239->14295 14240->14216 14244 5705711 14243->14244 14245 570571d 14244->14245 14246 5705798 2 API calls 14244->14246 14247 5705788 2 API calls 14244->14247 14245->14216 14246->14245 14247->14245 14249 5704544 14248->14249 14258 57045c8 14249->14258 14266 57045b8 14249->14266 14250 5704560 14250->14230 14254 5704544 14253->14254 14256 57045c8 4 API calls 14254->14256 14257 57045b8 4 API calls 14254->14257 14255 5704560 14255->14230 14256->14255 14257->14255 14274 58302ab 14258->14274 14278 58302de 14258->14278 14259 57045f9 14259->14250 14260 57045f5 14260->14259 14282 5830390 14260->14282 14286 58303ca 14260->14286 14261 5704620 14261->14250 14268 57045f5 14266->14268 14272 58302ab RegOpenKeyExA 14266->14272 14273 58302de RegOpenKeyExA 14266->14273 14267 57045f9 14267->14250 14268->14267 14270 5830390 RegQueryValueExA 14268->14270 14271 58303ca RegQueryValueExA 14268->14271 14269 5704620 14269->14250 14270->14269 14271->14269 14272->14268 14273->14268 14275 58302de RegOpenKeyExA 14274->14275 14277 5830362 14275->14277 14277->14260 14281 5830319 RegOpenKeyExA 14278->14281 14280 5830362 14280->14260 14281->14280 14283 58303ca RegQueryValueExA 14282->14283 14285 583046d 14283->14285 14285->14261 14287 5830405 RegQueryValueExA 14286->14287 14289 583046d 14287->14289 14289->14261 14291 57057a0 14290->14291 14300 583104a 14291->14300 14304 583100f 14291->14304 14292 57057ba 14292->14240 14296 57057a0 14295->14296 14298 583104a DeleteFileA 14296->14298 14299 583100f DeleteFileA 14296->14299 14297 57057ba 14297->14240 14298->14297 14299->14297 14301 5831085 DeleteFileA 14300->14301 14303 58310c2 14301->14303 14303->14292 14305 583104a DeleteFileA 14304->14305 14307 58310c2 14305->14307 14307->14292 14433 5830c97 14435 5830cce CreateDirectoryW 14433->14435 14436 5830d1b 14435->14436 14320 5832816 14321 583284b bind 14320->14321 14323 583287f 14321->14323 14363 583201e 14365 5832056 OpenFileMappingW 14363->14365 14366 5832091 14365->14366 14494 5700650 14495 5700665 14494->14495 14496 5700674 14495->14496 14497 5700690 6 API calls 14495->14497 14498 5700682 6 API calls 14495->14498 14497->14496 14498->14496 14409 5832da4 14410 5832dc4 FormatMessageW 14409->14410 14412 5832e48 14410->14412 14441 58304ab 14443 58304ea RegQueryValueExW 14441->14443 14444 583056b 14443->14444 14379 583012a 14381 5830162 CreateMutexW 14379->14381 14382 58301a5 14381->14382 14383 583112a 14384 5831156 GetSystemInfo 14383->14384 14385 583118c 14383->14385 14386 5831164 14384->14386 14385->14384 14413 58329af 14415 58329ee setsockopt 14413->14415 14416 5832a5d 14415->14416 14395 5830232 14396 583025e FindCloseChangeNotification 14395->14396 14397 583029d 14395->14397 14398 583026c 14396->14398 14397->14396 14445 5832cb2 14448 5832cd2 WSARecv 14445->14448 14447 5832d4a 14448->14447 14486 5830736 14487 5830747 GetTokenInformation 14486->14487 14489 58307e8 14487->14489 14490 5830f34 14491 5830f66 ReadFile 14490->14491 14493 5830fcd 14491->14493 14470 5832bb9 14471 5832bde WSASend 14470->14471 14473 5832c56 14471->14473 14192 5831642 14193 5831677 NtQuerySystemInformation 14192->14193 14195 58316a2 14192->14195 14194 583168c 14193->14194 14195->14193 14474 58327c4 14475 5832816 bind 14474->14475 14477 583287f 14475->14477 14478 58313cb 14479 58313d5 AdjustTokenPrivileges 14478->14479 14481 5831453 14479->14481 14204 5830cce 14206 5830cf4 CreateDirectoryW 14204->14206 14207 5830d1b 14206->14207 14421 583154d 14423 583157e K32EnumProcesses 14421->14423 14424 58315c6 14423->14424 14425 583254c 14426 583256a GetProcessTimes 14425->14426 14428 58325f1 14426->14428 14324 570d8a8 14325 570d8b1 14324->14325 14329 570d8f8 14325->14329 14333 570d8e8 14325->14333 14326 570d8e2 14330 570d900 14329->14330 14337 570d929 14330->14337 14331 570d919 14331->14326 14334 570d900 14333->14334 14336 570d929 2 API calls 14334->14336 14335 570d919 14335->14326 14336->14335 14338 570d92e 14337->14338 14339 570d983 14338->14339 14342 570da50 14338->14342 14347 570da41 14338->14347 14339->14331 14343 570da79 14342->14343 14344 570dab4 14343->14344 14352 58317f6 14343->14352 14355 5831788 14343->14355 14344->14338 14348 570da4a 14347->14348 14349 570dab4 14348->14349 14350 58317f6 DnsQuery_A 14348->14350 14351 5831788 DnsQuery_A 14348->14351 14349->14338 14350->14349 14351->14349 14353 5831846 DnsQuery_A 14352->14353 14354 5831854 14353->14354 14354->14344 14356 583179e DnsQuery_A 14355->14356 14358 5831854 14356->14358 14358->14344 14449 58320e0 14450 583211e MapViewOfFile 14449->14450 14452 58321a5 14450->14452 14503 5831260 14504 5831282 LookupPrivilegeValueW 14503->14504 14506 58312d2 14504->14506 14371 5830f66 14373 5830f9b ReadFile 14371->14373 14374 5830fcd 14373->14374 14461 570d897 14462 570d8b1 14461->14462 14464 570d8f8 2 API calls 14462->14464 14465 570d8e8 2 API calls 14462->14465 14463 570d8e2 14464->14463 14465->14463 14507 5830e64 14508 5830ea6 GetFileType 14507->14508 14510 5830f08 14508->14510 14429 5830d68 14432 5830d8e CreateFileW 14429->14432 14431 5830e15 14432->14431 14466 5831872 14467 5831892 WSASocketW 14466->14467 14469 5831906 14467->14469 14453 58310f7 14454 583112a GetSystemInfo 14453->14454 14456 5831164 14454->14456 14399 5832df6 FormatMessageW 14400 5832e48 14399->14400 14457 58300f6 14458 583012a CreateMutexW 14457->14458 14460 58301a5 14458->14460 14417 58301f4 14419 5830200 FindCloseChangeNotification 14417->14419 14420 583026c 14419->14420 14482 5831ffe 14485 583201e OpenFileMappingW 14482->14485 14484 5832091 14485->14484

                      Executed Functions

                      Function 0570AD38 Relevance: 2.2, Strings: 1, Instructions: 910COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: r
                      • API String ID: 0-1812594589
                      • Opcode ID: c43f8fc8f04c5969b3a7127685ab50136acd5bba73e2e78d9ef364b69a620f6e
                      • Instruction ID: d396794e70b159f07278813ae20d1e00858724a4ca35367b7d9e907e31f5dcb0
                      • Opcode Fuzzy Hash: c43f8fc8f04c5969b3a7127685ab50136acd5bba73e2e78d9ef364b69a620f6e
                      • Instruction Fuzzy Hash: D4823570A00616DFDB14CF68C584AAEFBF2FF88310F158569D55AAB691D730E981CF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 058327C4 Relevance: 1.6, APIs: 1, Instructions: 90networkCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 499 58327c4-5832853 502 5832855 499->502 503 5832858-583286f 499->503 502->503 505 58328b3-58328b8 503->505 506 5832871-5832891 bind 503->506 505->506 509 5832893-58328b0 506->509 510 58328ba-58328bf 506->510 510->509
                      APIs
                      • bind.WS2_32(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 05832877
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: bind
                      • String ID:
                      • API String ID: 1187836755-0
                      • Opcode ID: 4229cef8a86554cf2588e28542e95e505f911bf4a32a57bd90ec062e96b6c8e4
                      • Instruction ID: f7e19f24e1efcd2724b59ada4aafbdede1d3dc037859926515b4872397ebac99
                      • Opcode Fuzzy Hash: 4229cef8a86554cf2588e28542e95e505f911bf4a32a57bd90ec062e96b6c8e4
                      • Instruction Fuzzy Hash: 7A31AB7150D3C06FD7138B248C55BA6BFB8AF47224F1984DBE984CF1A3D224A908C7B2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 058313CB Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                      Download Yara Rule
                      APIs
                      • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0583144B
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: AdjustPrivilegesToken
                      • String ID:
                      • API String ID: 2874748243-0
                      • Opcode ID: f06232015d8ac33e467cb811c7c85a237d4c4fba3447256979cb707541da4878
                      • Instruction ID: bdf38432051926adab78814d01c898bb95ba52dd985ad485d27d5b8e2af81230
                      • Opcode Fuzzy Hash: f06232015d8ac33e467cb811c7c85a237d4c4fba3447256979cb707541da4878
                      • Instruction Fuzzy Hash: 3E21BF76509384AFDB128F25DC45B52BFF4AF06210F08849AED858F163D2759908CBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05832CD2 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                      Download Yara Rule
                      APIs
                      • WSARecv.WS2_32(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 05832D42
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: Recv
                      • String ID:
                      • API String ID: 4192927123-0
                      • Opcode ID: 379c537c205f5ab45be90f729ee185ad07c508e40f6922d148d32879b3920244
                      • Instruction ID: 4c808fe1e19860d38c3ec6a40a3d931f186e465788aacf9057e4a6ebadaec3a7
                      • Opcode Fuzzy Hash: 379c537c205f5ab45be90f729ee185ad07c508e40f6922d148d32879b3920244
                      • Instruction Fuzzy Hash: FD11A271400208AFEB21CF55DC45FA7FBECEF48314F18896AEE469B211D675A508CBB2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05831607 Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                      Download Yara Rule
                      APIs
                      • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0583167D
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: InformationQuerySystem
                      • String ID:
                      • API String ID: 3562636166-0
                      • Opcode ID: dff4f7dbcaf460033a95a44a6032c4b21ffdc55bddba52978404aca74cfa05e4
                      • Instruction ID: daf7d58f5b627ead017738ebefd4d13e2f89315051d4ed245ba0098599ca7484
                      • Opcode Fuzzy Hash: dff4f7dbcaf460033a95a44a6032c4b21ffdc55bddba52978404aca74cfa05e4
                      • Instruction Fuzzy Hash: 4021A1754097C06FDB138B21DC45A52FFB4EF16214F0D80DBED848B163E265991DCB62
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05832816 Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
                      Download Yara Rule
                      APIs
                      • bind.WS2_32(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 05832877
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: bind
                      • String ID:
                      • API String ID: 1187836755-0
                      • Opcode ID: ac9466135efd8792af53072994d364e35cb9b1d10a92f246453dbcdf5ddabe47
                      • Instruction ID: c66577513a7a1de1a14aaa1c6d394eae34af1e310b9ef8357cc71268dd058098
                      • Opcode Fuzzy Hash: ac9466135efd8792af53072994d364e35cb9b1d10a92f246453dbcdf5ddabe47
                      • Instruction Fuzzy Hash: F911E275500204AFE710CF54DC82FA7FBE8EF04314F18846BED46DB241D674A904CAB2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05831402 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                      Download Yara Rule
                      APIs
                      • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0583144B
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: AdjustPrivilegesToken
                      • String ID:
                      • API String ID: 2874748243-0
                      • Opcode ID: c53018c6c41dd1f2ceda922e493c3794fb9d688d24a116b78ec2b827483f4977
                      • Instruction ID: cff31662148f2a943c74c0b663d19ad2a736f7f0d0e66ac2fb1c7eef1ca98091
                      • Opcode Fuzzy Hash: c53018c6c41dd1f2ceda922e493c3794fb9d688d24a116b78ec2b827483f4977
                      • Instruction Fuzzy Hash: 1811A0315002049FDB20CF55D885B66FBE5FF04620F08C46AED46CB612D675E818CBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0583112A Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                      Download Yara Rule
                      APIs
                      • GetSystemInfo.KERNELBASE(?), ref: 0583115C
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: InfoSystem
                      • String ID:
                      • API String ID: 31276548-0
                      • Opcode ID: 1d08fb4ec51e7a54b599b9be1ea3e133d779cd76c982de8a2cd7b40972094b60
                      • Instruction ID: 3fe6bd680976d0c2019459eb4784bfd4d162401c3d2424a77610877cb2bcf4eb
                      • Opcode Fuzzy Hash: 1d08fb4ec51e7a54b599b9be1ea3e133d779cd76c982de8a2cd7b40972094b60
                      • Instruction Fuzzy Hash: 2A01AD348042449FDB10DF15D8897AAFBE4EF44624F18D4ABDD498F202D2B9A908CBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05831642 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                      Download Yara Rule
                      APIs
                      • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0583167D
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: InformationQuerySystem
                      • String ID:
                      • API String ID: 3562636166-0
                      • Opcode ID: 4108bb73f1f14da5a4830dcfe44031163e3c777d2d5a391e059c86323db038ed
                      • Instruction ID: c46e3e26cf1ac993e1446543b9abebc186796dd7348e6277541baa79d5afca34
                      • Opcode Fuzzy Hash: 4108bb73f1f14da5a4830dcfe44031163e3c777d2d5a391e059c86323db038ed
                      • Instruction Fuzzy Hash: 2E017C758002049FDB208F45D889B66FBE4FF48724F18C4AADD854B611E675A818CBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05708468 Relevance: .5, Instructions: 505COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8c7a59974805c437eae34123c16a2f9fe588a6b59c28ebe29fd2fc05d3fe4cc2
                      • Instruction ID: de269ce8838f81bca0ae002d271ea207efb6395b88e9e7782d1198b8c6662b7a
                      • Opcode Fuzzy Hash: 8c7a59974805c437eae34123c16a2f9fe588a6b59c28ebe29fd2fc05d3fe4cc2
                      • Instruction Fuzzy Hash: EC12B970A14215CFEB24CF69C58466EBBF2FF88304F54956AE016EB384DB749846EF42
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057023A0 Relevance: .5, Instructions: 505COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3536ad04b2c159bba29fe772522fbcd487883fcc71ce72c4c92819f6fb68c95e
                      • Instruction ID: 079ab2fd16c1f074c4f06760c3319c453abaf29adfbe48625d6b51df4b6adcaf
                      • Opcode Fuzzy Hash: 3536ad04b2c159bba29fe772522fbcd487883fcc71ce72c4c92819f6fb68c95e
                      • Instruction Fuzzy Hash: 6712EE36A00225CFCB25CF69C48866EBBF3FF84314F159169D416DB296DB748C89EB50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05709068 Relevance: .2, Instructions: 239COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 74397c72fa20a39ec3b8d2a49c056b962847f2fa2fddd06d1bd8bc40a0921ce1
                      • Instruction ID: a3fb53f85d4c4fb71ee2ef000a92b7b71aeb78cb50be2d297c85b77d254ea83f
                      • Opcode Fuzzy Hash: 74397c72fa20a39ec3b8d2a49c056b962847f2fa2fddd06d1bd8bc40a0921ce1
                      • Instruction Fuzzy Hash: BA818F71F05115DBD714DB69C884AAEBBF3AFC8710F2A8069E406EB396DE31DC019B90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05702FA8 Relevance: .2, Instructions: 239COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b876342913de06873f528b132d7f5fe30e978e3963fd5ec895c0203544ff874f
                      • Instruction ID: c92a4f226aef016576c522087539a2834b12ed517d91a3f28ecd845f0f760445
                      • Opcode Fuzzy Hash: b876342913de06873f528b132d7f5fe30e978e3963fd5ec895c0203544ff874f
                      • Instruction Fuzzy Hash: BF818D71F01115DBDB14DB69C884A6EBBF3AFC8710F2A8469D41AEB395DE31DC019BA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057002E8 Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 0 57002e8-5700316 1 5700318-5700324 0->1 2 570032a-5700337 0->2 1->2 5 5700506-5700510 1->5 6 57003a5-57003d0 2->6 7 5700339-5700353 2->7 18 5700373-570038a 6->18 10 5700355 7->10 11 5700357 7->11 13 570035a-570036d 10->13 11->13 13->18 19 570051c-5700575 13->19 22 570038c 18->22 23 570038e 18->23 36 57005c7-570061e 19->36 37 5700577-57005b5 19->37 24 5700391-57003dc 22->24 23->24 32 57003de-57003e5 24->32 33 57003ef 24->33 32->33 35 57003f6-5700413 33->35 41 57004c2-57004df 35->41 42 57003f8-570040b 35->42 57 5700623-570064b 36->57 46 57004e1 41->46 47 57004e3 41->47 42->41 48 57004e6-57004fb 46->48 47->48 48->5
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: 8Eq$:@q
                      • API String ID: 0-3676086722
                      • Opcode ID: f88d1454b936c7c6f53ec632b0a117d8b7f5627bb613b9cc9bcb3db4e46db8e8
                      • Instruction ID: 561778257a8a1340833734a9905d069b74c43c584ee0d7ee7b31038c69a721b8
                      • Opcode Fuzzy Hash: f88d1454b936c7c6f53ec632b0a117d8b7f5627bb613b9cc9bcb3db4e46db8e8
                      • Instruction Fuzzy Hash: C2716C30B05205CFCB09DB69C464B6EBBE3BF89710F54846DD506AB3A0DA759C019B92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05702D58 Relevance: 2.6, Strings: 2, Instructions: 134COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 63 5702d58-5702d8a 67 5702d91-5702d99 63->67 68 5702d8c 63->68 71 5702da0-5702e13 67->71 72 5702d9b 67->72 69 5702e9d-5702ea4 68->69 76 5702ea7 71->76 77 5702dbf-5702dc9 71->77 72->69 80 5702eac-5702ec2 76->80 77->76 78 5702dcf-5702dd9 77->78 78->76 79 5702ddf-5702de9 78->79 79->76 81 5702def-5702e22 79->81 82 5702ec9-5702ecb 80->82 93 5702e76-5702e7a 81->93 85 5702ed1-5702ed7 82->85 86 5702ecd-5702ed0 82->86 94 5702e24-5702e39 93->94 95 5702e7c 93->95 94->76 96 5702e3b-5702e67 94->96 97 5702e7e-5702e80 95->97 96->76 98 5702e69-5702e73 96->98 97->76 99 5702e82-5702e8c 97->99 98->93 99->97 100 5702e8e-5702e9a 99->100 100->69
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: $>_q
                      • API String ID: 0-367191915
                      • Opcode ID: 5c515b34cde69f6e11cad5a59413ade973eee02e07f99d1afb2d7348c85ef527
                      • Instruction ID: f85ce0ed50a0170b1e69a812bf9f2558b2cd8f499ed493174335e1e0758e287a
                      • Opcode Fuzzy Hash: 5c515b34cde69f6e11cad5a59413ade973eee02e07f99d1afb2d7348c85ef527
                      • Instruction Fuzzy Hash: 7641C13AF44215CBCB50CF65C88C5BEB7E3BBC0314B24947AC416DB686C231E8429B82
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05708E18 Relevance: 2.6, Strings: 2, Instructions: 131COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 101 5708e18-5708e4a 105 5708e51 101->105 106 5708e4c 101->106 138 5708e51 call 5708f80 105->138 139 5708e51 call 5708e07 105->139 140 5708e51 call 5708e18 105->140 107 5708f5d-5708f64 106->107 108 5708e57-5708e59 109 5708e60-5708ed3 108->109 110 5708e5b 108->110 114 5708f67-5708f8b 109->114 115 5708e7f-5708e89 109->115 110->107 120 5708f91-5708f97 114->120 121 5708f8d-5708f90 114->121 115->114 116 5708e8f-5708e99 115->116 116->114 117 5708e9f-5708ea9 116->117 117->114 119 5708eaf-5708ee2 117->119 130 5708f36-5708f3a 119->130 131 5708ee4-5708ef9 130->131 132 5708f3c 130->132 131->114 133 5708efb-5708f27 131->133 134 5708f3e-5708f40 132->134 133->114 135 5708f29-5708f33 133->135 134->114 136 5708f42-5708f4c 134->136 135->130 136->134 137 5708f4e-5708f5a 136->137 137->107 138->108 139->108 140->108
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: $>_q
                      • API String ID: 0-367191915
                      • Opcode ID: 6c0eebd87e6c6b2875be44a652498f0ebddf14c1e077bb225f91674793a8f95c
                      • Instruction ID: eccc45d85a1f34c59bf3a6476aa1eeb0e3a3c20ccd0e07948d518321b34701a1
                      • Opcode Fuzzy Hash: 6c0eebd87e6c6b2875be44a652498f0ebddf14c1e077bb225f91674793a8f95c
                      • Instruction Fuzzy Hash: B641BF71F04215CBDB10DF65C8806BEB7E3BB84318F28DA2AD515DB786D631E8429B92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05703B6B Relevance: 1.7, Strings: 1, Instructions: 422COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 338 5703b6b-5703bd2 344 5703b97-5703bdf 338->344 349 5703d16-5703d1c 344->349 350 5703be1-5703bf1 349->350 351 5703d22-5703d29 349->351 352 5703bf7-5703c01 350->352 353 5703d2a-5703d30 350->353 354 5703c03-5703c05 352->354 355 5703c0f-5703c20 352->355 358 5703d32-5703d3d 353->358 359 5703d84-5703d8c 353->359 354->355 355->353 357 5703c26-5703c30 355->357 360 5703c32-5703c34 357->360 361 5703c3e-5703c4e 357->361 363 5703d8f 358->363 364 5703d3f-5703d51 358->364 359->363 360->361 361->353 362 5703c54-5703c5a 361->362 367 5703c74-5703c80 362->367 368 5703c5c-5703c62 362->368 365 5703d95-5703d9e 363->365 366 5703f6d-5703f85 363->366 369 5703d53-5703d55 364->369 370 5703d5d-5703d83 364->370 371 5703e71-5703e75 365->371 372 5703da4-5703dad 365->372 388 5703fd7-5703ff0 366->388 389 5703f87-5703fb9 366->389 367->353 375 5703c86-5703d12 367->375 373 5703c64 368->373 374 5703c66-5703c72 368->374 369->370 370->359 377 5703e77-5703e83 371->377 378 5703e9b-5703ea4 371->378 372->366 376 5703db3-5703dbc 372->376 373->367 374->367 375->349 381 5703dc2-5703dce 376->381 382 5703e4d-5703e56 376->382 377->366 384 5703e89-5703e99 377->384 385 5703ea6-5703eb9 378->385 386 5703ebc-5703ec2 378->386 381->366 391 5703dd4-5703dff 381->391 382->366 390 5703e5c-5703e6b 382->390 392 5703ec5-5703ece 384->392 385->386 386->392 412 5703fbb 389->412 413 5703fcf-5703fd2 389->413 390->371 390->372 391->382 400 5703e01-5703e08 391->400 392->366 397 5703ed4-5703ee6 392->397 397->366 399 5703eec-5703efc 397->399 399->366 404 5703efe-5703f0e 399->404 406 5703e14-5703e1d 400->406 407 5703e0a 400->407 404->366 405 5703f10-5703f2a 404->405 405->366 409 5703f2c-5703f57 405->409 406->366 410 5703e23-5703e48 406->410 407->406 409->366 427 5703f59-5703f60 409->427 426 5703f63-5703f6a 410->426 415 5703fbe-5703fc0 412->415 413->388 418 5703ff1-570402c 415->418 419 5703fc2-5703fcd 415->419 429 5704033-570403a 418->429 430 570402e 418->430 419->413 419->415 427->426 433 5704043-570408f call 57023a0 429->433 434 570403c 429->434 431 57040c1-57040c8 430->431 433->431 434->433
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: >_q
                      • API String ID: 0-59172472
                      • Opcode ID: 898fa2fdc62e5ce7da22718f395cddbfb9bd5c8fcf1f4546f308f646d17cd441
                      • Instruction ID: c4b41702725c30085051124b141d0a9a6734acc809209e6ff5315b52fe9d4af9
                      • Opcode Fuzzy Hash: 898fa2fdc62e5ce7da22718f395cddbfb9bd5c8fcf1f4546f308f646d17cd441
                      • Instruction Fuzzy Hash: E8F18071A00205DFCB15CF58C8848AAFBF2FF84314B2999A5E919DF266D731EC42DB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05831788 Relevance: 1.6, APIs: 1, Instructions: 98networkCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 444 5831788-583179f 446 58317c1-583184e DnsQuery_A 444->446 447 58317a1-58317c0 444->447 453 5831854-583186a 446->453 447->446
                      APIs
                      • DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 05831846
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: Query_
                      • String ID:
                      • API String ID: 428220571-0
                      • Opcode ID: a2c509d72546c168933301da0e0d608a0943880ea73e4d8bfe9b4d8eb9c90afe
                      • Instruction ID: 8f34b12deb193b0b479e8f96d61ea063d2473b52b837e72050582dfcbabac59a
                      • Opcode Fuzzy Hash: a2c509d72546c168933301da0e0d608a0943880ea73e4d8bfe9b4d8eb9c90afe
                      • Instruction Fuzzy Hash: DC316F3550E3C0AFD3138B258C55A22BFB5EF47610F1E81CBE884CB5A3D529A919D7B2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05830736 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 454 5830736-5830745 455 5830777-58307d8 454->455 456 5830747-5830776 454->456 462 5830825-583082a 455->462 463 58307da-58307e2 GetTokenInformation 455->463 456->455 462->463 465 58307e8-58307fa 463->465 466 583082c-5830831 465->466 467 58307fc-5830822 465->467 466->467
                      APIs
                      • GetTokenInformation.KERNELBASE(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 058307E0
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: InformationToken
                      • String ID:
                      • API String ID: 4114910276-0
                      • Opcode ID: e01f61a820e1c86075f60fda48f2acb89fb4e3bc4565ed3da72fc64abfa82ad5
                      • Instruction ID: 38829221212c31cfe2cd572e87c7be0a83577477ec853e244b1930192358b750
                      • Opcode Fuzzy Hash: e01f61a820e1c86075f60fda48f2acb89fb4e3bc4565ed3da72fc64abfa82ad5
                      • Instruction Fuzzy Hash: F331A771509380AFE7228F65DC55FA7BFBCEF06314F08449AE985DB152D2259908CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05830390 Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 470 5830390-5830456 475 583049b-58304a0 470->475 476 5830458-583046b RegQueryValueExA 470->476 475->476 477 58304a2-58304a7 476->477 478 583046d-5830498 476->478 477->478
                      APIs
                      • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0583045E
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: de463b09f4b39f6ec77b6755da9b17415856c2e99fd0936504ed8d31462b9fec
                      • Instruction ID: e66d17c25588baa92f73da1be1b2a7cf7499c2941af27478ac0a4e483afa90d3
                      • Opcode Fuzzy Hash: de463b09f4b39f6ec77b6755da9b17415856c2e99fd0936504ed8d31462b9fec
                      • Instruction Fuzzy Hash: E131C671004344AFE7228F15CC41FA6FFB8EF05314F04859EE9859B192D265A949CB61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05830D68 Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 483 5830d68-5830de6 487 5830deb-5830df7 483->487 488 5830de8 483->488 489 5830df9 487->489 490 5830dfc-5830e05 487->490 488->487 489->490 491 5830e07-5830e2b CreateFileW 490->491 492 5830e56-5830e5b 490->492 495 5830e5d-5830e62 491->495 496 5830e2d-5830e53 491->496 492->491 495->496
                      APIs
                      • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05830E0D
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: CreateFile
                      • String ID:
                      • API String ID: 823142352-0
                      • Opcode ID: 703454e26423915673472f2ce45532edb91d53c8f8e5533dfbecbc5f0ae098c7
                      • Instruction ID: 46a4411df535b3e531f3277dcc2ca41cb81521d10876c856a936e8a916db0e6c
                      • Opcode Fuzzy Hash: 703454e26423915673472f2ce45532edb91d53c8f8e5533dfbecbc5f0ae098c7
                      • Instruction Fuzzy Hash: 1B318CB1504380AFE722CB65CD45F67BFE8EF05610F0888AAED858B252D275E808CB61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 058300F6 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 513 58300f6-5830179 517 583017b 513->517 518 583017e-5830187 513->518 517->518 519 5830189 518->519 520 583018c-5830195 518->520 519->520 521 5830197-58301bb CreateMutexW 520->521 522 58301e6-58301eb 520->522 525 58301ed-58301f2 521->525 526 58301bd-58301e3 521->526 522->521 525->526
                      APIs
                      • CreateMutexW.KERNELBASE(?,?), ref: 0583019D
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: CreateMutex
                      • String ID:
                      • API String ID: 1964310414-0
                      • Opcode ID: c13d4fd6b5b3a992923dd7ef20c487744c057a253cdd28546b4a5a16db8dd3f1
                      • Instruction ID: 1c1f44a0f334b24c9cb04beffa5be4e540ec9aa7f77aa3d043cb705e0a006bff
                      • Opcode Fuzzy Hash: c13d4fd6b5b3a992923dd7ef20c487744c057a253cdd28546b4a5a16db8dd3f1
                      • Instruction Fuzzy Hash: 1C31B171509380AFE712CB25CC85F5AFFF8EF06310F08849AE984CB292D374A908C761
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0583254C Relevance: 1.6, APIs: 1, Instructions: 89timeCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 529 583254c-58325e1 534 58325e3-58325eb GetProcessTimes 529->534 535 583262e-5832633 529->535 537 58325f1-5832603 534->537 535->534 538 5832635-583263a 537->538 539 5832605-583262b 537->539 538->539
                      APIs
                      • GetProcessTimes.KERNELBASE(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 058325E9
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: ProcessTimes
                      • String ID:
                      • API String ID: 1995159646-0
                      • Opcode ID: 5cc9bb016fd8223f7bb50b687c7046fea61ca7d90cb2e36d3c05d168bb8e26a8
                      • Instruction ID: 688143539339b634df3b108af885037c0c0367bb863a7d507372f58b9635df3c
                      • Opcode Fuzzy Hash: 5cc9bb016fd8223f7bb50b687c7046fea61ca7d90cb2e36d3c05d168bb8e26a8
                      • Instruction Fuzzy Hash: B731F7724093806FEB128F24DC51F97BFB8EF46314F0884AAE985DF153D225A909CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 058329AF Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 554 58329af-5832a2b 557 5832a30-5832a4d 554->557 558 5832a2d 554->558 560 5832a91-5832a96 557->560 561 5832a4f-5832a57 setsockopt 557->561 558->557 560->561 563 5832a5d-5832a6f 561->563 564 5832a71-5832a8e 563->564 565 5832a98-5832a9d 563->565 565->564
                      APIs
                      • setsockopt.WS2_32(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 05832A55
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: setsockopt
                      • String ID:
                      • API String ID: 3981526788-0
                      • Opcode ID: 27d3760c499b7f02318c268c66e6a3759a32df452ab38a56611f2122e91f3da8
                      • Instruction ID: 9a3c319999e76113bfc198c7281e2c44a67011749abf3069e78eb4fac3d513f7
                      • Opcode Fuzzy Hash: 27d3760c499b7f02318c268c66e6a3759a32df452ab38a56611f2122e91f3da8
                      • Instruction Fuzzy Hash: 3731BF71509380AFDB22CB25DC55B96BFB8EF46314F0884DAE9858B153D224A908C7B2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 058320E0 Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 542 58320e0-583218a 547 58321ce-58321d3 542->547 548 583218c-58321a3 MapViewOfFile 542->548 547->548 549 58321d5-58321da 548->549 550 58321a5-58321cb 548->550 549->550
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: FileView
                      • String ID:
                      • API String ID: 3314676101-0
                      • Opcode ID: e2cfb53c571b138eacb38ba0867f0cf1fa890994acdaf1ab5beb15bbe934ee10
                      • Instruction ID: 75f1fba85db36153c2297f7f6dde069bcc898a37925442fc8dc4b7136ab2d8f1
                      • Opcode Fuzzy Hash: e2cfb53c571b138eacb38ba0867f0cf1fa890994acdaf1ab5beb15bbe934ee10
                      • Instruction Fuzzy Hash: C431F672404380AFE722CB15DD45F56FFF8EF06324F08859EE9848B262D374A908CBA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 058304AB Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 568 58304ab-583052d 571 5830532-5830538 568->571 572 583052f 568->572 573 583053a 571->573 574 583053d-5830554 571->574 572->571 573->574 576 5830556-5830569 RegQueryValueExW 574->576 577 583058b-5830590 574->577 578 5830592-5830597 576->578 579 583056b-5830588 576->579 577->576 578->579
                      APIs
                      • RegQueryValueExW.KERNELBASE(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 0583055C
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: 6fabdfe1f5a74e6ec9b051f448bcb3bb9eb2465f1b133be6b95b63bbfbb74ed3
                      • Instruction ID: 28c3d17603d42bc1a8ecf4084b6bd9d4fdb7d13fae8316f09ad4352bd969441f
                      • Opcode Fuzzy Hash: 6fabdfe1f5a74e6ec9b051f448bcb3bb9eb2465f1b133be6b95b63bbfbb74ed3
                      • Instruction Fuzzy Hash: 5331B471109380AFD722CB65DC44F92BFF8EF06310F0C85DAE9859B1A2D264E908CB71
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05832DA4 Relevance: 1.6, APIs: 1, Instructions: 80windowCOMMON
                      Download Yara Rule
                      APIs
                      • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 05832E41
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: FormatMessage
                      • String ID:
                      • API String ID: 1306739567-0
                      • Opcode ID: 14479b058daefce065396173fd2a49213c67098c737806bb97c0539e12109cac
                      • Instruction ID: 24de4cccb2baf720fa14b5305ec741084983b001415227df970f2baf855690ca
                      • Opcode Fuzzy Hash: 14479b058daefce065396173fd2a49213c67098c737806bb97c0539e12109cac
                      • Instruction Fuzzy Hash: CE21A17154D3C46FD7138B65CC51B66BFB4EF87610F0980DBE8848F2A3E624A919C7A2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05832BB9 Relevance: 1.6, APIs: 1, Instructions: 80networkCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 583 5832bb9-5832c46 588 5832c8a-5832c8f 583->588 589 5832c48-5832c50 WSASend 583->589 588->589 590 5832c56-5832c68 589->590 592 5832c91-5832c96 590->592 593 5832c6a-5832c87 590->593 592->593
                      APIs
                      • WSASend.WS2_32(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 05832C4E
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: Send
                      • String ID:
                      • API String ID: 121738739-0
                      • Opcode ID: f6275d8617547903f97bec2ea2e04b5eb526c153eeb6a08ea9cea3da21f67e1b
                      • Instruction ID: 501447b3f2dd100a0395c68d9b32790f00ea4ed3b86c39132fa43bc79b771e69
                      • Opcode Fuzzy Hash: f6275d8617547903f97bec2ea2e04b5eb526c153eeb6a08ea9cea3da21f67e1b
                      • Instruction Fuzzy Hash: B121A172404344AFEB228F55DC40FA7BFECEF45314F0889AAE9859B252D274A509CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 058302AB Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON
                      Download Yara Rule
                      APIs
                      • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 05830353
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: Open
                      • String ID:
                      • API String ID: 71445658-0
                      • Opcode ID: 9864afda38b0d3b69685bbc54ca9b639bca890619f657ac07f1b85d89963c6ef
                      • Instruction ID: a328357cf1be25c473891f0950fabc31a718a7cb70f8c5a713489560fb84c759
                      • Opcode Fuzzy Hash: 9864afda38b0d3b69685bbc54ca9b639bca890619f657ac07f1b85d89963c6ef
                      • Instruction Fuzzy Hash: 6D21B775009380AFE7228F21DC45FA6FFB8EF46314F1884DAED849B192D275A949C772
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05831FFE Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                      Download Yara Rule
                      APIs
                      • OpenFileMappingW.KERNELBASE(?,?), ref: 05832089
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: FileMappingOpen
                      • String ID:
                      • API String ID: 1680863896-0
                      • Opcode ID: 0dc22c5e12cc7083e064e3a4e008d119101dc0e839c15d72dedac952cc95c20a
                      • Instruction ID: f199ee2f7db9877ebd896fbe2fad6b9fe85adb805aa8661acca8b88bf0897a7c
                      • Opcode Fuzzy Hash: 0dc22c5e12cc7083e064e3a4e008d119101dc0e839c15d72dedac952cc95c20a
                      • Instruction Fuzzy Hash: 972191755093806FE721CB25CC45F66FFE8EF45210F08849EED858B252D375E948C761
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0583100F Relevance: 1.6, APIs: 1, Instructions: 78fileCOMMON
                      Download Yara Rule
                      APIs
                      • DeleteFileA.KERNELBASE(?,00000E2C), ref: 058310B3
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: DeleteFile
                      • String ID:
                      • API String ID: 4033686569-0
                      • Opcode ID: 6315b4832e4d6fde7535b38b6a0c4945959876d036c34ab9b27322c363077674
                      • Instruction ID: 38f697cfc138ac1c4976224be38d6d67fe30ac2fabafa8b0a58efe2122617c4a
                      • Opcode Fuzzy Hash: 6315b4832e4d6fde7535b38b6a0c4945959876d036c34ab9b27322c363077674
                      • Instruction Fuzzy Hash: 4021D8715083806FE722CB25DC56FA6BFA8EF46314F1880DAED849B193D664A948C762
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05832CB2 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                      Download Yara Rule
                      APIs
                      • WSARecv.WS2_32(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 05832D42
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: Recv
                      • String ID:
                      • API String ID: 4192927123-0
                      • Opcode ID: cf6e88882183cf216004921d470360442adfd3202a707507a04b6ccbd2604a4b
                      • Instruction ID: 6d8026270023169a6ab3698ef5211b27449dbcf996f6603826276a1d82a2f800
                      • Opcode Fuzzy Hash: cf6e88882183cf216004921d470360442adfd3202a707507a04b6ccbd2604a4b
                      • Instruction Fuzzy Hash: E0218172404344AFDB228F65DC44FA7FFB8EF45314F08859AE9859B152D234A508CBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05830E64 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                      Download Yara Rule
                      APIs
                      • GetFileType.KERNELBASE(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 05830EF9
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: FileType
                      • String ID:
                      • API String ID: 3081899298-0
                      • Opcode ID: 2654ad74cb3d0105b1f5f67f081e8ae9a7dc285b620748a197dcb0dc0df54b71
                      • Instruction ID: 9b6ec87fd0235a74eec24d9f48734292b1129245edc59cb0d286d62e6f16d675
                      • Opcode Fuzzy Hash: 2654ad74cb3d0105b1f5f67f081e8ae9a7dc285b620748a197dcb0dc0df54b71
                      • Instruction Fuzzy Hash: 8721F8B54087806FE7128B25DC51FA3BFBCEF46724F1880DAED849B193D224A909C7B1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05831872 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                      Download Yara Rule
                      APIs
                      • WSASocketW.WS2_32(?,?,?,?,?), ref: 058318FE
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: Socket
                      • String ID:
                      • API String ID: 38366605-0
                      • Opcode ID: 9a15d02796d259c15a4a9cdfe036468bfdc9ac7043fb31e37df174f768625ba2
                      • Instruction ID: f19b724be02a8e292fc9c8b50b5d10603a7d9948e39bb454768d8058cb01be58
                      • Opcode Fuzzy Hash: 9a15d02796d259c15a4a9cdfe036468bfdc9ac7043fb31e37df174f768625ba2
                      • Instruction Fuzzy Hash: DA218D71504380AFE722CF65DD45F66FFB8EF05210F08849EE9848B252D275A408CB61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05830D8E Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                      Download Yara Rule
                      APIs
                      • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05830E0D
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: CreateFile
                      • String ID:
                      • API String ID: 823142352-0
                      • Opcode ID: 6ab790c9fe2630237305a939ba9007596cb79271eb975c4e842b432c7e97035a
                      • Instruction ID: 1f23ee2fb21e391a086b452e18bdc43394744f5a77fa442c04fec2fb91f4db92
                      • Opcode Fuzzy Hash: 6ab790c9fe2630237305a939ba9007596cb79271eb975c4e842b432c7e97035a
                      • Instruction Fuzzy Hash: 32216971604244AFE721DF65C989B66FBE8EF08714F18896AED858B251D371E808CBA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 058303CA Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                      Download Yara Rule
                      APIs
                      • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0583045E
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: 346590a20adecd94b7a8b23aed67e901c9f04a84270a691118882c4c7d69b05c
                      • Instruction ID: 6698de5c58d5b083906bb04f52f97739b31ca7bbde9c0ab9cf34d8599171c658
                      • Opcode Fuzzy Hash: 346590a20adecd94b7a8b23aed67e901c9f04a84270a691118882c4c7d69b05c
                      • Instruction Fuzzy Hash: D221F272100204AFEB21CF15DC85FB7FBACEF04314F14895AFE459A281D6B5A948CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05830F34 Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                      Download Yara Rule
                      APIs
                      • ReadFile.KERNELBASE(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 05830FC5
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: FileRead
                      • String ID:
                      • API String ID: 2738559852-0
                      • Opcode ID: 9ee251a1e2b7e2fbc40e08abae40d1eecebc0d9ca03c90353364684740c5dc2a
                      • Instruction ID: 92ad38a41213ecb0a0f6d7842c6c96c4f6bfc57b2a8bac881b4d97a98de69be7
                      • Opcode Fuzzy Hash: 9ee251a1e2b7e2fbc40e08abae40d1eecebc0d9ca03c90353364684740c5dc2a
                      • Instruction Fuzzy Hash: BA219071409380AFE7228B65DC54F66BFB8EF46714F0884DBE9849B153C265A909CB62
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0583012A Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                      Download Yara Rule
                      APIs
                      • CreateMutexW.KERNELBASE(?,?), ref: 0583019D
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: CreateMutex
                      • String ID:
                      • API String ID: 1964310414-0
                      • Opcode ID: 8d8d23427dd9597e20c2631628f234ad973b5326b36fd858595c271e7134a266
                      • Instruction ID: 737c8d2db39e6520464d0bafdc503ba82c1fc2edb84a070ec78fb3b224bb3690
                      • Opcode Fuzzy Hash: 8d8d23427dd9597e20c2631628f234ad973b5326b36fd858595c271e7134a266
                      • Instruction Fuzzy Hash: 3021BE71604240AFE720DF29CD89B6AFBE8EF04314F18846AED45CB241D370E904CAB5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05830C97 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                      Download Yara Rule
                      APIs
                      • CreateDirectoryW.KERNELBASE(?,?), ref: 05830D13
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: CreateDirectory
                      • String ID:
                      • API String ID: 4241100979-0
                      • Opcode ID: 82aa02038d7833918037a15a317b0182f752c15a05bf54f847b35a810f9b7b16
                      • Instruction ID: 36c76ba969de52864a81464ada218f83a67a6bf6c718e8f092cd605bc879a857
                      • Opcode Fuzzy Hash: 82aa02038d7833918037a15a317b0182f752c15a05bf54f847b35a810f9b7b16
                      • Instruction Fuzzy Hash: 712171755093809FD712CB25DC45B52BFE8EF46210F0984EAEC85CF162D274E909CB61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05830776 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                      Download Yara Rule
                      APIs
                      • GetTokenInformation.KERNELBASE(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 058307E0
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: InformationToken
                      • String ID:
                      • API String ID: 4114910276-0
                      • Opcode ID: c4efb8214fb0e892b7f93547f3b21613005bad6dbc7b587d28393e24bc7611a8
                      • Instruction ID: f2115861455af5d0b98b03442a711f4672ba8c04ee4fb8c2541ae4f2a85f8779
                      • Opcode Fuzzy Hash: c4efb8214fb0e892b7f93547f3b21613005bad6dbc7b587d28393e24bc7611a8
                      • Instruction Fuzzy Hash: 28119071500204EFEB21CF65DC85FABBBACEF04324F18846AED45DB241D675A9088BB2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05831498 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                      Download Yara Rule
                      APIs
                      • FindCloseChangeNotification.KERNELBASE(?), ref: 05831504
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: ChangeCloseFindNotification
                      • String ID:
                      • API String ID: 2591292051-0
                      • Opcode ID: f9802d947dcd64da79ee233de9505a8247fdb6a305926d9420e55cbf1632b771
                      • Instruction ID: 08838fb1d4316515ebc7242f75fe356be721b92d152eeeed8f53ce12caea8317
                      • Opcode Fuzzy Hash: f9802d947dcd64da79ee233de9505a8247fdb6a305926d9420e55cbf1632b771
                      • Instruction Fuzzy Hash: C821AE725093C05FDB028B25DC95B92BFB4AF47724F0984DAEC858F263D274A908CB62
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0583201E Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                      Download Yara Rule
                      APIs
                      • OpenFileMappingW.KERNELBASE(?,?), ref: 05832089
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: FileMappingOpen
                      • String ID:
                      • API String ID: 1680863896-0
                      • Opcode ID: a613dfc113f16f5cadacf78263cd47b0f3c78d90c7a7cce011940048b94fb236
                      • Instruction ID: 61ac98ee1b7be80362e3433fcb7d58c3341feb6ce34ee9f31fd131bec227f824
                      • Opcode Fuzzy Hash: a613dfc113f16f5cadacf78263cd47b0f3c78d90c7a7cce011940048b94fb236
                      • Instruction Fuzzy Hash: 6121C375504244AFE721DF25CD45B66FBE8EF14324F1884AEED868B241D375E908CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05831892 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                      Download Yara Rule
                      APIs
                      • WSASocketW.WS2_32(?,?,?,?,?), ref: 058318FE
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: Socket
                      • String ID:
                      • API String ID: 38366605-0
                      • Opcode ID: 0742e2a4f7b73fdd719e159056bd39bed08e4237176955cd1702b0e02b6e0f80
                      • Instruction ID: 89efd20623b634843f7cbc62159cbee0850717b94611ee16f97c7eef19527e98
                      • Opcode Fuzzy Hash: 0742e2a4f7b73fdd719e159056bd39bed08e4237176955cd1702b0e02b6e0f80
                      • Instruction Fuzzy Hash: 68210131500244AFEB21CF65DD85F66FBE9EF08324F08886EED848B251D371A408CBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05832BDE Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                      Download Yara Rule
                      APIs
                      • WSASend.WS2_32(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 05832C4E
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: Send
                      • String ID:
                      • API String ID: 121738739-0
                      • Opcode ID: 379c537c205f5ab45be90f729ee185ad07c508e40f6922d148d32879b3920244
                      • Instruction ID: d975ac0d99542cf546b748b752e8d54dbf3dc28097dc0845f79359caf9751e2e
                      • Opcode Fuzzy Hash: 379c537c205f5ab45be90f729ee185ad07c508e40f6922d148d32879b3920244
                      • Instruction Fuzzy Hash: 5911A271400204AFEB21CF55DC81FA7FBECEF44314F18896AED469B211D674A509CBB2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0583211E Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: FileView
                      • String ID:
                      • API String ID: 3314676101-0
                      • Opcode ID: e4a189fd60a678d21f0d491463ea67c3535aaf3049a5e8350d50ec854f34a55b
                      • Instruction ID: ecf8ff73df94c113c8e7a7700939352b61399a8901fc5bacbf308560d3b61172
                      • Opcode Fuzzy Hash: e4a189fd60a678d21f0d491463ea67c3535aaf3049a5e8350d50ec854f34a55b
                      • Instruction Fuzzy Hash: 7D21A171500204AFE721DF55DD85F6AFBE8EF08324F14855EEE859B251D371B508CBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0583154D Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                      Download Yara Rule
                      APIs
                      • K32EnumProcesses.KERNEL32(?,?,?,A7017E0A,00000000,?,?,?,?,?,?,?,?,72943C38), ref: 058315BE
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: EnumProcesses
                      • String ID:
                      • API String ID: 84517404-0
                      • Opcode ID: 0e2b4b9a1d36c87b02c264930ef404dc433ce78e0838c2b076609978d7d9716d
                      • Instruction ID: ce55741b207c6334bc72a213f0ffcb0593017c3212da2e2beb9b4b88177d1535
                      • Opcode Fuzzy Hash: 0e2b4b9a1d36c87b02c264930ef404dc433ce78e0838c2b076609978d7d9716d
                      • Instruction Fuzzy Hash: CF215E715093849FD712CF65DC85B96BFE8AF46210F0984EBED85CF162D274A908CB61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 058301F4 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                      Download Yara Rule
                      APIs
                      • FindCloseChangeNotification.KERNELBASE(?), ref: 05830264
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: ChangeCloseFindNotification
                      • String ID:
                      • API String ID: 2591292051-0
                      • Opcode ID: 18928fae8e4c95ae57eace966580fd710ddb1e4ede9049867f3aa466cb8929f4
                      • Instruction ID: bb517232126d89bc33bc0e12c427e1cca8ebf108ca3e76ec24d83ff8e5648547
                      • Opcode Fuzzy Hash: 18928fae8e4c95ae57eace966580fd710ddb1e4ede9049867f3aa466cb8929f4
                      • Instruction Fuzzy Hash: A92108714093849FD702CF24DC85B52BFA8FF42220F09809BEC449F563D334A904CB61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 058304EA Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                      Download Yara Rule
                      APIs
                      • RegQueryValueExW.KERNELBASE(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 0583055C
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: e9b958e8618128cfe2a927086650e34eeff864c65037e9a3a4115f6986e4b46b
                      • Instruction ID: 1c1557cca63a917395e99d67b7d0eba41b91fdf85b111372f2dd6b851b6775e9
                      • Opcode Fuzzy Hash: e9b958e8618128cfe2a927086650e34eeff864c65037e9a3a4115f6986e4b46b
                      • Instruction Fuzzy Hash: ED11AF71500604EFEB20CF15DC85F67FBE8EF04714F08845AED46DB251D660E908CAB2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0583258A Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                      Download Yara Rule
                      APIs
                      • GetProcessTimes.KERNELBASE(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 058325E9
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: ProcessTimes
                      • String ID:
                      • API String ID: 1995159646-0
                      • Opcode ID: 6c96a14d7a550dce68632b7bb9bcae233d833516b53463f97b11d3b1bb926561
                      • Instruction ID: d60a9a340bfeb2ff9aac3b2be4343acf3f9f3e544237fd849786c4a665f4cada
                      • Opcode Fuzzy Hash: 6c96a14d7a550dce68632b7bb9bcae233d833516b53463f97b11d3b1bb926561
                      • Instruction Fuzzy Hash: DB11E675500204AFEB21CF55DC41FABFBE8EF08324F18846AED45DB251D674A904CBB2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 058329EE Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                      Download Yara Rule
                      APIs
                      • setsockopt.WS2_32(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 05832A55
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: setsockopt
                      • String ID:
                      • API String ID: 3981526788-0
                      • Opcode ID: e62115fa0a7da9d8b1765a88c99e0d84fdb6b9dccef418276b3a28c9cc44bd97
                      • Instruction ID: eeb29fac8c5bcf6d3b9c678dd3bfc9308a2aa1b0b755b900c230777bf6c1c607
                      • Opcode Fuzzy Hash: e62115fa0a7da9d8b1765a88c99e0d84fdb6b9dccef418276b3a28c9cc44bd97
                      • Instruction Fuzzy Hash: 3411BE75600204AFEB21CF55DC81FA6FBE8EF04714F18846AED4ADB251D274A908CBB2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05831260 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                      Download Yara Rule
                      APIs
                      • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 058312CA
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: LookupPrivilegeValue
                      • String ID:
                      • API String ID: 3899507212-0
                      • Opcode ID: 5681d4f0e3fc30f4d7ae66cfd16052abba12e500361e079211a031c9b367827b
                      • Instruction ID: d3bdbb86bd4e1ea2688bc4017579567a370cf7c8d82eaa77c53d50d5072b2451
                      • Opcode Fuzzy Hash: 5681d4f0e3fc30f4d7ae66cfd16052abba12e500361e079211a031c9b367827b
                      • Instruction Fuzzy Hash: 9011B4716093805FD721CF25DC85B57FFE8EF45610F0884AAEC45CB252D274E808CB61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 058302DE Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                      Download Yara Rule
                      APIs
                      • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 05830353
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: Open
                      • String ID:
                      • API String ID: 71445658-0
                      • Opcode ID: 4c6a388ff91ffa1aa7b56cebee204c981ebcd74bfaffe7f70bb2ad7413711325
                      • Instruction ID: 66da1a06a48c1315731d629eb9579a8724440b3fd8622e748effbdb94df911a2
                      • Opcode Fuzzy Hash: 4c6a388ff91ffa1aa7b56cebee204c981ebcd74bfaffe7f70bb2ad7413711325
                      • Instruction Fuzzy Hash: 9011C431500204EFEB21CF15DC45F76FBA8EF04714F18855AED455A251D2B5A948CBB2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0583104A Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                      Download Yara Rule
                      APIs
                      • DeleteFileA.KERNELBASE(?,00000E2C), ref: 058310B3
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: DeleteFile
                      • String ID:
                      • API String ID: 4033686569-0
                      • Opcode ID: 7b463b48832fa62cd6ed6145e58645242a85b81e92ef1a8c20e34b74d2a6a809
                      • Instruction ID: 49c07c283740cdafc2f7479f278d7108888b99a653c45e6183ef45c6223bce4c
                      • Opcode Fuzzy Hash: 7b463b48832fa62cd6ed6145e58645242a85b81e92ef1a8c20e34b74d2a6a809
                      • Instruction Fuzzy Hash: 5E112C31500204AFF720CB19DD46FB6FB98DF04714F14C09AFD459B281D6B4A948CBB2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05830F66 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                      Download Yara Rule
                      APIs
                      • ReadFile.KERNELBASE(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 05830FC5
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: FileRead
                      • String ID:
                      • API String ID: 2738559852-0
                      • Opcode ID: a40390ed42a9d341db6afff6dd73eec428ba400df5fa8c2992be3d63cf784bad
                      • Instruction ID: 6314a3ff6b12e94c9ca0097541cbeb172f1477853b8ccd78dc96d69c9173e04a
                      • Opcode Fuzzy Hash: a40390ed42a9d341db6afff6dd73eec428ba400df5fa8c2992be3d63cf784bad
                      • Instruction Fuzzy Hash: A311BF71400204AFEB21CF55DC85FAAFBA8EF44724F1884AAED459B241D275A508CBB2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 058310F7 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                      Download Yara Rule
                      APIs
                      • GetSystemInfo.KERNELBASE(?), ref: 0583115C
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: InfoSystem
                      • String ID:
                      • API String ID: 31276548-0
                      • Opcode ID: 424d2f205708249d3445c32d348ecd366a907a4f91ae7d0622bf7c9a0b3eaa70
                      • Instruction ID: 9720a61d39f65c0092e243b644c8e04fdfa50549738374048fd59ddf57bbe5ad
                      • Opcode Fuzzy Hash: 424d2f205708249d3445c32d348ecd366a907a4f91ae7d0622bf7c9a0b3eaa70
                      • Instruction Fuzzy Hash: F91190714093C0AFD7128B24DC45B96BFF4EF46224F0984EBEC848F153C279A949CBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05831282 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                      Download Yara Rule
                      APIs
                      • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 058312CA
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: LookupPrivilegeValue
                      • String ID:
                      • API String ID: 3899507212-0
                      • Opcode ID: 49bbb6934c0ca262be075de7b13f9f765bc282e88311ed534771591d39946e27
                      • Instruction ID: 40a7b5c423cba97e05b167f384038ca9f413b5b46ec50c4456fb7e168a410841
                      • Opcode Fuzzy Hash: 49bbb6934c0ca262be075de7b13f9f765bc282e88311ed534771591d39946e27
                      • Instruction Fuzzy Hash: DF118875A042449FDB10DF69D889B67FBE8EF44624F08C46ADD4ACB641D674D804CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05830EA6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                      Download Yara Rule
                      APIs
                      • GetFileType.KERNELBASE(?,00000E2C,A7017E0A,00000000,00000000,00000000,00000000), ref: 05830EF9
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: FileType
                      • String ID:
                      • API String ID: 3081899298-0
                      • Opcode ID: edf7bcf85de56c0dacc8da3f560a7e45fc81ccad4bd40b9b0ac83075f6d58337
                      • Instruction ID: b4dedbe25802174c1c49b7d44f24763c6cd50c5e5d7b7015638dd6b0aa5900f7
                      • Opcode Fuzzy Hash: edf7bcf85de56c0dacc8da3f560a7e45fc81ccad4bd40b9b0ac83075f6d58337
                      • Instruction Fuzzy Hash: C001D275500204EFE710CB15DC85FABFB9CEF44728F18C09BED459B281D674A9488AB2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05830CCE Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                      Download Yara Rule
                      APIs
                      • CreateDirectoryW.KERNELBASE(?,?), ref: 05830D13
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: CreateDirectory
                      • String ID:
                      • API String ID: 4241100979-0
                      • Opcode ID: dfb3434aa0c2077bd7a610166677f65895e4d730365403c5c382b78d5375a186
                      • Instruction ID: 3bd07288b5f975506c393dffbd9ccb95ec0995196587c55bcb9fcccec23075a1
                      • Opcode Fuzzy Hash: dfb3434aa0c2077bd7a610166677f65895e4d730365403c5c382b78d5375a186
                      • Instruction Fuzzy Hash: 52118475604204DFDB50CF29D889B76FBE8EF44224F18C5AADD49CF256D674E804CBA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0583157E Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                      Download Yara Rule
                      APIs
                      • K32EnumProcesses.KERNEL32(?,?,?,A7017E0A,00000000,?,?,?,?,?,?,?,?,72943C38), ref: 058315BE
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: EnumProcesses
                      • String ID:
                      • API String ID: 84517404-0
                      • Opcode ID: 7151f56c2d61165aef070d21b67f80cd7989e942688da5801564ed6d8576d33d
                      • Instruction ID: eb31c8ffd08e75254b309e9d511fef1c573d48840119c6c2c4f268fd93358a6a
                      • Opcode Fuzzy Hash: 7151f56c2d61165aef070d21b67f80cd7989e942688da5801564ed6d8576d33d
                      • Instruction Fuzzy Hash: 3D11C471504204DFDB10CF69D889B66FBE8EF04720F08C4ABED4ACB211D674E808CBA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05832DF6 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                      Download Yara Rule
                      APIs
                      • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 05832E41
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: FormatMessage
                      • String ID:
                      • API String ID: 1306739567-0
                      • Opcode ID: 32e83b53366dc56614fff2c3c21abaac117a18343eb3d09babc82737efa4a2fe
                      • Instruction ID: 0127d21f0144329cfb967f1ffe267c092a3a375baa31b4f31a43eccd774b39a5
                      • Opcode Fuzzy Hash: 32e83b53366dc56614fff2c3c21abaac117a18343eb3d09babc82737efa4a2fe
                      • Instruction Fuzzy Hash: 1401B171940600ABD310DF16DD81B26FBE8EB88B20F14812AED088B741E235B915CBE5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 058314D2 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                      Download Yara Rule
                      APIs
                      • FindCloseChangeNotification.KERNELBASE(?), ref: 05831504
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: ChangeCloseFindNotification
                      • String ID:
                      • API String ID: 2591292051-0
                      • Opcode ID: 4e76952a5bb8bf5aee5287ac2947d3c5359922211c8efe64a63b09b95423fc7c
                      • Instruction ID: cd9cad9477e1870d1077bc0954d67e08274426fbbf906e9f7b9b5c6d60f0ffd7
                      • Opcode Fuzzy Hash: 4e76952a5bb8bf5aee5287ac2947d3c5359922211c8efe64a63b09b95423fc7c
                      • Instruction Fuzzy Hash: EC01BC325042049FDB10CF29E889766FBE4EF44724F08C4ABDC4ACB642D674A848CAA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 058317F6 Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
                      Download Yara Rule
                      APIs
                      • DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 05831846
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: Query_
                      • String ID:
                      • API String ID: 428220571-0
                      • Opcode ID: 7af69604b18ef72e20a570c33360045fb8f593e27990ab7bbbf04a5462e11a40
                      • Instruction ID: 6dd922429091b3837c9167f7abf47c38f91168c9654cfede654493c5e2a6bb43
                      • Opcode Fuzzy Hash: 7af69604b18ef72e20a570c33360045fb8f593e27990ab7bbbf04a5462e11a40
                      • Instruction Fuzzy Hash: 6801A271540600ABD210DF1ADD82B26FBE8FB88B20F14C11AED084B741E371F915CBE5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05830232 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                      Download Yara Rule
                      APIs
                      • FindCloseChangeNotification.KERNELBASE(?), ref: 05830264
                      Memory Dump Source
                      • Source File: 00000000.00000002.512891084.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5830000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID: ChangeCloseFindNotification
                      • String ID:
                      • API String ID: 2591292051-0
                      • Opcode ID: 7e99783f1a2b5e472131ab9d16db1fe69a926195a43e9c1011c7d1f0d3f949d5
                      • Instruction ID: 54b1803e83d3b2de213468a3f8f357ef6ce40cfc287ade01d09784230d2043b4
                      • Opcode Fuzzy Hash: 7e99783f1a2b5e472131ab9d16db1fe69a926195a43e9c1011c7d1f0d3f949d5
                      • Instruction Fuzzy Hash: 4101DB35904204DFEB11CF29D889766FBE4EF44224F08C4ABDC49CF602D679A848CBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570F6B8 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: lr
                      • API String ID: 0-2200872538
                      • Opcode ID: f2755e9d8a6d4682c439693e86a1418e256dd1f241668bc1d6b00d7f4e1df4a8
                      • Instruction ID: 07741d1a6f1afb6569c3d39fab1aed4f0ddf9252feac64916b1cd979e36aad38
                      • Opcode Fuzzy Hash: f2755e9d8a6d4682c439693e86a1418e256dd1f241668bc1d6b00d7f4e1df4a8
                      • Instruction Fuzzy Hash: 14519174A01205CFDB65DFB9C454AAEBBF2BB88300F54652DC012DB394DB349C49EB92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05700BC0 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: hXnr
                      • API String ID: 0-4161546689
                      • Opcode ID: 4eecb3039bc6b79cbf0ab98f46c05200a89b3a52b50ecda9224d53b935af4c18
                      • Instruction ID: 4ae1435cf508e1a4391d446e1ac7080ee5911a3609d4ed1f67e697c7635afee0
                      • Opcode Fuzzy Hash: 4eecb3039bc6b79cbf0ab98f46c05200a89b3a52b50ecda9224d53b935af4c18
                      • Instruction Fuzzy Hash: 7A419031B05114CFC7059B68C418BAF7BE7AF85720F55806AE906EF3A1CEB19C0697A1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057021F8 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: r*+
                      • API String ID: 0-3221063712
                      • Opcode ID: 86860e681e101c646f37feb37bae91a45a1e15866656039ccaeab5b331ba9847
                      • Instruction ID: d2d15ee2116da4f6e553ae2d7cf88006e990d8d07e2e62ed61453a2d448d6488
                      • Opcode Fuzzy Hash: 86860e681e101c646f37feb37bae91a45a1e15866656039ccaeab5b331ba9847
                      • Instruction Fuzzy Hash: 89412C35E08209DFCB84DFE5C549ABEBBF2FB44304F11906AC402AB2A5D7359A45EF52
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057082C0 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: r*+
                      • API String ID: 0-3221063712
                      • Opcode ID: 943c16296812159148973246bf3915e484886a16c6d9d4506d00bbaebdd9ca70
                      • Instruction ID: 47ec32b35fd3ddc218bf02150439f08595fdb226976b413b2440c167a90ac033
                      • Opcode Fuzzy Hash: 943c16296812159148973246bf3915e484886a16c6d9d4506d00bbaebdd9ca70
                      • Instruction Fuzzy Hash: 93412970E08209DFEB58DFA5C5556AEFBF2FF85304F10916AD402A72A0DB349A41DF52
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057050E0 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: d@mr
                      • API String ID: 0-2344761202
                      • Opcode ID: b6738d34ae4cc3d34304b7801cc87083476b1398b01e2a64ead63ba9f4b94ef4
                      • Instruction ID: dae92898288fbbc047b97324736084f24ee271273e1c281475c698d7e1c5360f
                      • Opcode Fuzzy Hash: b6738d34ae4cc3d34304b7801cc87083476b1398b01e2a64ead63ba9f4b94ef4
                      • Instruction Fuzzy Hash: 18214B31A10309DFDB04DFA9C4186AFFBF6AF88300F154529D50AAB395EB70A949DB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570F839 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: lr
                      • API String ID: 0-2200872538
                      • Opcode ID: fd10e7614043dfa421a3c65f8050fc35e01a47eacbf6b5ed911b10ade4a6e64c
                      • Instruction ID: eae12f069468b7aca91de46cecc22b20e901bf32021140959e08856bcfb5a3cc
                      • Opcode Fuzzy Hash: fd10e7614043dfa421a3c65f8050fc35e01a47eacbf6b5ed911b10ade4a6e64c
                      • Instruction Fuzzy Hash: 1F31BF35B01205CFDB29DBB9C0486AEBBE2BFC8300F549569C016DB395DB349C49EB92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570F82D Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: lr
                      • API String ID: 0-2200872538
                      • Opcode ID: fd10e7614043dfa421a3c65f8050fc35e01a47eacbf6b5ed911b10ade4a6e64c
                      • Instruction ID: eae12f069468b7aca91de46cecc22b20e901bf32021140959e08856bcfb5a3cc
                      • Opcode Fuzzy Hash: fd10e7614043dfa421a3c65f8050fc35e01a47eacbf6b5ed911b10ade4a6e64c
                      • Instruction Fuzzy Hash: 1F31BF35B01205CFDB29DBB9C0486AEBBE2BFC8300F549569C016DB395DB349C49EB92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570D5D8 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: lr
                      • API String ID: 0-2200872538
                      • Opcode ID: 6e46e6c4193ffd209569144d11a5f26b61b02e19016da845214fea71781aa75b
                      • Instruction ID: 6e054e357b7526dc788648fd3b6d147154a27cf8bbdf450e516189d29613ffe8
                      • Opcode Fuzzy Hash: 6e46e6c4193ffd209569144d11a5f26b61b02e19016da845214fea71781aa75b
                      • Instruction Fuzzy Hash: 0E21D171A08214DBCB25CFF490006BEBBE6AF88740F1451BAD44ADB3C0DA71DC42EB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057050D0 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: d@mr
                      • API String ID: 0-2344761202
                      • Opcode ID: b38e67b4caa674941628e456e710298b2ec45e24c56227338b936fc78300a137
                      • Instruction ID: 1520f1e46caedfaf68408d52c9cf2086d2737244914eaa4efb34906dab686095
                      • Opcode Fuzzy Hash: b38e67b4caa674941628e456e710298b2ec45e24c56227338b936fc78300a137
                      • Instruction Fuzzy Hash: 98113771910349DFDF05CFA4C8146AEBBF2AF89300F514429C509AF295E774694ADB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057005BA Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: 8Eq
                      • API String ID: 0-3522477320
                      • Opcode ID: e07aeaceb8eb16211ed5b27eac96d8953ed12beeeee648ebbd51ae4d68d920b0
                      • Instruction ID: c2e91750fe3ee9790ba572e538f8613ca0715b21106577c23355f206fa643ad4
                      • Opcode Fuzzy Hash: e07aeaceb8eb16211ed5b27eac96d8953ed12beeeee648ebbd51ae4d68d920b0
                      • Instruction Fuzzy Hash: FC01D1307503205FC6496ABD54216BE62DBABC6650B9840AEE206DB3E0CEF99C0743A7
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057005C8 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: 8Eq
                      • API String ID: 0-3522477320
                      • Opcode ID: e951df6b27d6f586a5a086441692b47cba299a3ded6ea4ba53fc5790c3e5d570
                      • Instruction ID: 48727432d0797cc3c7b70e4969811a7929a3e9c19133075c8d045f6b206b7976
                      • Opcode Fuzzy Hash: e951df6b27d6f586a5a086441692b47cba299a3ded6ea4ba53fc5790c3e5d570
                      • Instruction Fuzzy Hash: 77F0BB217106204FC509767E541167F61CFABC9950BD4546EF206DB3D4CDB5AC0713E7
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05709CEF Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: Hur
                      • API String ID: 0-1108848172
                      • Opcode ID: e688d76c874e8bfddb4df92dc4cf9944db568aac8d5b24aa981b705e181318c4
                      • Instruction ID: 15a6431e578a3e48358aaddec6f9c88fb0e9e851b577a1a2a71b27d5e775abac
                      • Opcode Fuzzy Hash: e688d76c874e8bfddb4df92dc4cf9944db568aac8d5b24aa981b705e181318c4
                      • Instruction Fuzzy Hash: 09F078727482109BC30096AD48409BC3BC76BC1630368032ED306DF3F5DD618C036322
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05706FE8 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: Hur
                      • API String ID: 0-1108848172
                      • Opcode ID: 3cb08e0ffe72a3f480595123690f2e6a783d875249fd39856348f2065e41efe5
                      • Instruction ID: e085cda184472fe8ed15a0fffddbc8095e4d6b91317ce4aaeda8e091066274f4
                      • Opcode Fuzzy Hash: 3cb08e0ffe72a3f480595123690f2e6a783d875249fd39856348f2065e41efe5
                      • Instruction Fuzzy Hash: FEF046B270C10097CB18AA7D6C50BBE2AC7ABC0774B68536E921A8F3E4DDA59C011263
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05706FF8 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: Hur
                      • API String ID: 0-1108848172
                      • Opcode ID: 7fbf2d075ddf24168b6e94a52091c9dace7413d3be5d163830870767192eccb7
                      • Instruction ID: 34c3656488e95dddeee1463aa68cba645880f85627f86bd161bb6b87710911db
                      • Opcode Fuzzy Hash: 7fbf2d075ddf24168b6e94a52091c9dace7413d3be5d163830870767192eccb7
                      • Instruction Fuzzy Hash: CAF0597130811093C548666E5C40E7F7ACBFBC1770378532EA21A8F3E4DD61AC0122B7
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570E0C9 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: W
                      • API String ID: 0-655174618
                      • Opcode ID: 6e3acd17bca50480b58941246ba0aced6d3e774a927b14f12d4dd23ed13f825b
                      • Instruction ID: 97f0049581b06cd56c8ac16c71cc6863cec233dfcb4c124b1c1d2ed17b0f1149
                      • Opcode Fuzzy Hash: 6e3acd17bca50480b58941246ba0aced6d3e774a927b14f12d4dd23ed13f825b
                      • Instruction Fuzzy Hash: 4AF0EC312042918FC716DB78C47056ABBF6DF82614315CC9FC5D98F382DE329C068791
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05705AA0 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: lr
                      • API String ID: 0-2200872538
                      • Opcode ID: 32319113336805eb6c2766289cf6dcf273543c1c6d6a5ff88a7a1de5e17cb14c
                      • Instruction ID: 710fd1f52169f0e7ace4d496bffda984a7430b2d5a92e7744eede234d19d1e1e
                      • Opcode Fuzzy Hash: 32319113336805eb6c2766289cf6dcf273543c1c6d6a5ff88a7a1de5e17cb14c
                      • Instruction Fuzzy Hash: 2CE06FB4F0A3200FCB124BBA580083E3BEDAFC2A02301008BD002CF392CB644C01D3A4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05705AB0 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: lr
                      • API String ID: 0-2200872538
                      • Opcode ID: 2d52836ec62dfc2478ff554ae9aec8227164be0770630827ce92ddf39f9df166
                      • Instruction ID: d912c61ae0f06127fd46d3bb13e06c6c907dc2cfd36be53f2792241f11e2e6b1
                      • Opcode Fuzzy Hash: 2d52836ec62dfc2478ff554ae9aec8227164be0770630827ce92ddf39f9df166
                      • Instruction Fuzzy Hash: 1CD0A765B456251B9915A6BB5800A3F37CE6FD5C56301445DE506CE3C0DF658C0163E9
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057012A0 Relevance: .5, Instructions: 460COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a9a2b00a52896edd68d33ed6d402be97541cfb28a9034bcbe457b6bbb284acc6
                      • Instruction ID: 3f0ca76a5f269f61200b6c9507cb8ffda1bb0a4fe7156839780997b089c95c43
                      • Opcode Fuzzy Hash: a9a2b00a52896edd68d33ed6d402be97541cfb28a9034bcbe457b6bbb284acc6
                      • Instruction Fuzzy Hash: 32223234A00A06CFCB24DF28C880A6ABBF2FF88300F5485A9D85A9B755DB35ED45DF51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 031A025D Relevance: .5, Instructions: 459COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.508627839.00000000031A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_31a0000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0588c1ae4ee82447150282000d2afba850a6188cfd3b06b7a97f993823e40b08
                      • Instruction ID: a8670645b097d35cc5a89a98d474a4c686700ea317747bb52c6cf2bbe7d66190
                      • Opcode Fuzzy Hash: 0588c1ae4ee82447150282000d2afba850a6188cfd3b06b7a97f993823e40b08
                      • Instruction Fuzzy Hash: 4A41DD7254E7C18FC7038B749C615A1BFB4AE4722170E85DBD8C4CF1A3D268694ACB72
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05705B98 Relevance: .2, Instructions: 241COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0d5c2b76720eb5c0d882b52fa1619fddc44d3e5bf68ab981759b5c3215ad943c
                      • Instruction ID: 4d1bf8fe3e0a0460fd8083e0dcfa9f117e9397b757f8199ffa48323ec949f08e
                      • Opcode Fuzzy Hash: 0d5c2b76720eb5c0d882b52fa1619fddc44d3e5bf68ab981759b5c3215ad943c
                      • Instruction Fuzzy Hash: 59819C31A00619CFCF15CF24C884AAAB7F3BF85314F158595D90AAF241DB71AE8ADF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570A78F Relevance: .2, Instructions: 229COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 10084c5afbb2c34378a2f7784f726ed17e0e814b8a5951b4df891e56a8c8c395
                      • Instruction ID: 36119b09fc2396f79a98a269521ab5b0d86153154aa2b8a6dd75e01a7440ed3e
                      • Opcode Fuzzy Hash: 10084c5afbb2c34378a2f7784f726ed17e0e814b8a5951b4df891e56a8c8c395
                      • Instruction Fuzzy Hash: 1081C231B006269BD704EB69C550AAE7BB3FFC4304F64866DD6069B7A4DF709C0687D2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05704DB8 Relevance: .2, Instructions: 187COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4188cc82a18557936c63587ee644320613cd1389c92c49002e9222a6b1d537a2
                      • Instruction ID: a8455adcd321386c6b170ada4e46cc9063d95a7e028da76a89c9568e2c7a6586
                      • Opcode Fuzzy Hash: 4188cc82a18557936c63587ee644320613cd1389c92c49002e9222a6b1d537a2
                      • Instruction Fuzzy Hash: A361B170604205CFCB05DB68D494CBE7BE3FBC4710758956AD606CB2A6DB34AC46EBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570E1B8 Relevance: .2, Instructions: 184COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 964772c58b97aa74de905e03d6da9ca9b79afba8fa2856caa12a963804ae9bfb
                      • Instruction ID: d422d32b907ca6f412e9eb29f32c83416649a3ddf1be3053ba40a64a5ecd4dfd
                      • Opcode Fuzzy Hash: 964772c58b97aa74de905e03d6da9ca9b79afba8fa2856caa12a963804ae9bfb
                      • Instruction Fuzzy Hash: DD713C34A04604CFDB18CB65C484FAEBBF6BF48314F18A859E852A77A1CB70E881DF51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05707160 Relevance: .2, Instructions: 161COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c982a1bd7aaa9667f0a46370cb16eb0a9ab489d560d07c7b1a120a7b6915e1e9
                      • Instruction ID: 985c081cadebe9659c91d7afed6bd55b9f015a8b3ce4df4be56c0c745c5126a7
                      • Opcode Fuzzy Hash: c982a1bd7aaa9667f0a46370cb16eb0a9ab489d560d07c7b1a120a7b6915e1e9
                      • Instruction Fuzzy Hash: 3C31083190061ACBDF15CF54C854ADAB7F2FF89304F5184A4D909BB245DB707A8ADF91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05706CC8 Relevance: .2, Instructions: 159COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1e61f5213443b6b809d253f19690577c9b2b076627316d4a75d7ccef02aa5648
                      • Instruction ID: de3f9de6ab3d6172b816d19254533b443b552e1582e7e2b197cf0deae8f94e1a
                      • Opcode Fuzzy Hash: 1e61f5213443b6b809d253f19690577c9b2b076627316d4a75d7ccef02aa5648
                      • Instruction Fuzzy Hash: 2B517E31B00219CBCF58DBB9C4649AEB7F3BF88710B248569C406AB395DF309D42EB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570DA50 Relevance: .2, Instructions: 159COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3f8deced448cc5ba73cb97d8bfa3e5ce5614a6ea8072860b728e98314ccdb3b0
                      • Instruction ID: 971874203919d0433cdbba9ce130121024d2fdd0bb6c27766f9a9eae2f99ba65
                      • Opcode Fuzzy Hash: 3f8deced448cc5ba73cb97d8bfa3e5ce5614a6ea8072860b728e98314ccdb3b0
                      • Instruction Fuzzy Hash: CB51B231A04618DFDF14EF94C9948ADB7F7FF88310B089059E906AB294DB70ED45DB51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05707EC8 Relevance: .1, Instructions: 147COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fbdb436e53ac589ebd0904d388f52622acbe0cca889481c6f75c631da2af59e9
                      • Instruction ID: feb976d39eed1282cc34b259bced32b41423a493b27c79e7a2c7bce3a8671432
                      • Opcode Fuzzy Hash: fbdb436e53ac589ebd0904d388f52622acbe0cca889481c6f75c631da2af59e9
                      • Instruction Fuzzy Hash: C35124B5D00608CFCB29CFA8C98499DBBF2FF48310F20856AD45AA7294E7316D4ADF51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057076A0 Relevance: .1, Instructions: 139COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4925a87147f7e2fd47fd710b2db3154778684b2a67ecb83a45689993ca5fdd9b
                      • Instruction ID: e41303b5cdb0468e194773b63cb770634df1b3093276aa528d3b7a23efc432f2
                      • Opcode Fuzzy Hash: 4925a87147f7e2fd47fd710b2db3154778684b2a67ecb83a45689993ca5fdd9b
                      • Instruction Fuzzy Hash: 93513C34A00215CFDB18EB78C598AAD7BF2FF84304F2451B9D40A9B395DB30AC41DB61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057009A5 Relevance: .1, Instructions: 134COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 056aeefe661a1ac28d6879ac3bbad8f469bcf4578fa16320c6a063e3d06fd327
                      • Instruction ID: b117c7da50b25434e920b234e5fb2584690bd271a3014e548d393c2bdfa2f15e
                      • Opcode Fuzzy Hash: 056aeefe661a1ac28d6879ac3bbad8f469bcf4578fa16320c6a063e3d06fd327
                      • Instruction Fuzzy Hash: F841E631B00215DFCB15EBA4D858AAEB7F2FF84310F258469E5469F3A4CB74AC06DB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570E1A9 Relevance: .1, Instructions: 131COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1b17260216fbde64ec89142956c8e2ae71c98520c99702d9e4864f6eaeca6b3a
                      • Instruction ID: 0e91d36be13cda27a5677644d8508182b783e3c3268e5066df9a83c40a57eec4
                      • Opcode Fuzzy Hash: 1b17260216fbde64ec89142956c8e2ae71c98520c99702d9e4864f6eaeca6b3a
                      • Instruction Fuzzy Hash: 73515530A04604CFDB14CF69C084BAAFBF6BF48314F14AC59E892A76A1CB70E885DF51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570F180 Relevance: .1, Instructions: 130COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b65254cf3edcc307ed2a93a1c00b1891c8554bba968e153210faa053c4da9553
                      • Instruction ID: 7ab7c57837b9421484d3f9b270c41e4cf26ca47d329a291ea04ed136257ae3b8
                      • Opcode Fuzzy Hash: b65254cf3edcc307ed2a93a1c00b1891c8554bba968e153210faa053c4da9553
                      • Instruction Fuzzy Hash: 8151E535A04204CFDB15DFA8C480EADBBF2BF88324F159599D911AB365DB31AC81DB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05707D58 Relevance: .1, Instructions: 128COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7c066733f8425aa5f5d08c8afed929b6e0560e1bbc1f2e225f2a09981d252d47
                      • Instruction ID: d36abfb818de0bb511d184fe16fe4c7576a4e6742a067aed7e769c2d42904d9c
                      • Opcode Fuzzy Hash: 7c066733f8425aa5f5d08c8afed929b6e0560e1bbc1f2e225f2a09981d252d47
                      • Instruction Fuzzy Hash: 2F41BE71A01126DFC718DBA8C488ABEF7F1FF84320F11816AD516DB291D730AC52DBA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05701458 Relevance: .1, Instructions: 128COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d26b72564181b250edaf6d6c97e07d98ba1e77b5c21a1eaec079711786e2fa69
                      • Instruction ID: ced6d1b4f4dc033459dc1c17a7bf4433151c8c3cc1496869a057f33249a4844d
                      • Opcode Fuzzy Hash: d26b72564181b250edaf6d6c97e07d98ba1e77b5c21a1eaec079711786e2fa69
                      • Instruction Fuzzy Hash: 9751D134A00219CFDB54DF64C894B99BBF2BF48304F5040E9D40AAB3A5CB35AD89DF62
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05700682 Relevance: .1, Instructions: 128COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9fbc70260bfeba709b29e8bc0d11182290ca69b4a2a5e000e172ce16124aaa33
                      • Instruction ID: bb9976b0dad3d8dc85a69b8d641089ccf7c47084362444452e92d415b68a5a98
                      • Opcode Fuzzy Hash: 9fbc70260bfeba709b29e8bc0d11182290ca69b4a2a5e000e172ce16124aaa33
                      • Instruction Fuzzy Hash: 0D41B130600202CFC726ABB4E80C66D3BE6FF987127565579E553CF2A4CF745C09ABA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05700690 Relevance: .1, Instructions: 123COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 76d30c502436fea9d6b4d57a8442d1605c75797825313be815c1dd9d50d979d4
                      • Instruction ID: 6838558b00447e9f4fc073b6ba1722dd4cbca974ee27ca79f67fe23e22fe7dac
                      • Opcode Fuzzy Hash: 76d30c502436fea9d6b4d57a8442d1605c75797825313be815c1dd9d50d979d4
                      • Instruction Fuzzy Hash: 0441B030600202CFC7257BB9E80C66D3BA7FF987127565569E553CE2A4CF705C09BBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05706848 Relevance: .1, Instructions: 118COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c6ae82e61db0786a1c389d120cb191b0be0230d62cc36406f95e86256bebbb0d
                      • Instruction ID: 9efd6563a04678391b5e82d73433496583dd25167b1a246769f87b4c75681984
                      • Opcode Fuzzy Hash: c6ae82e61db0786a1c389d120cb191b0be0230d62cc36406f95e86256bebbb0d
                      • Instruction Fuzzy Hash: 4241C335B01600CFC749EF69D16816E7BF2FB9C641364006DE906EB792DB369C05EBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05708CB8 Relevance: .1, Instructions: 117COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e14220d52967a281843a65c649bee2d2dc5d446313fa9e3dfff215c6670fa631
                      • Instruction ID: 82c8cd5feb67d94ef9c57df8e9620384698a790a93c3f5b8f16c92af15723a9f
                      • Opcode Fuzzy Hash: e14220d52967a281843a65c649bee2d2dc5d446313fa9e3dfff215c6670fa631
                      • Instruction Fuzzy Hash: B241E03060E2A5DFD315C728C4989397FF6AF46310B0996EBD446CB2E2CB649C42D793
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05706858 Relevance: .1, Instructions: 115COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0da499531cdb4f4a230bac9312b236897232e606441e73c9e33906320da4a801
                      • Instruction ID: d5c95abf181ddbc4b8393d37c4d020dca3b2655ac365b4949a76e941510020b7
                      • Opcode Fuzzy Hash: 0da499531cdb4f4a230bac9312b236897232e606441e73c9e33906320da4a801
                      • Instruction Fuzzy Hash: C5418135B01600CF8749AF69D1A855E7BE2FB9C641354006CE906EB792DF359C05EBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570AB30 Relevance: .1, Instructions: 114COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 43533a8d2fdbec3ee3e231daca42a68cedc91b76f74fefda682d15479a539a1d
                      • Instruction ID: 0ad2d00e2315dadbc69cc9b5f2eefd701c7057bb8978dc1e5d926c5f2d81ba50
                      • Opcode Fuzzy Hash: 43533a8d2fdbec3ee3e231daca42a68cedc91b76f74fefda682d15479a539a1d
                      • Instruction Fuzzy Hash: D4310571B04665CFCB18DBA9C8845AEBBF2FF88310B14442EE04AE7790DA34ED81C791
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570E570 Relevance: .1, Instructions: 107COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 11c5f4e201d665c78a134f8080a5a7ddde12f9ab4b010c77ef83af41fe395748
                      • Instruction ID: c427c300c88e360e07f2abd590b1d649bc2ffaf157ccaaf009853dfdab15640a
                      • Opcode Fuzzy Hash: 11c5f4e201d665c78a134f8080a5a7ddde12f9ab4b010c77ef83af41fe395748
                      • Instruction Fuzzy Hash: E5313832904105DFDF06DF74D8588EE7BF7AF85310B050C65E942EB2A1DB719909EB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570D929 Relevance: .1, Instructions: 107COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0d538713f12f38169cf70af05d689b4b5d16df9918e7abd3e98a0f9bb04c9143
                      • Instruction ID: 856750fca278d028fde7b64afd92f7d0cb0bc306cf75f4bb7b5c1a7c56e239f2
                      • Opcode Fuzzy Hash: 0d538713f12f38169cf70af05d689b4b5d16df9918e7abd3e98a0f9bb04c9143
                      • Instruction Fuzzy Hash: FF418071A14204DFCF64CFA8C548AAEFBF2FB48311F14A169D40AA7285DB309C81DB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570F8B0 Relevance: .1, Instructions: 107COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: aceb7d221694d155af7e0eedd4f82ef16b7896986152067b5b965d7a4f6ca7c6
                      • Instruction ID: 8fe6d85e87d35aa96fe431e05e32a1727e777e3e6cd0239aaeb3397874fafa35
                      • Opcode Fuzzy Hash: aceb7d221694d155af7e0eedd4f82ef16b7896986152067b5b965d7a4f6ca7c6
                      • Instruction Fuzzy Hash: BA41E474E14209EFCB14CFA8C484AADBBF2FB48314F24956AD415EB351E731A946DF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057002DA Relevance: .1, Instructions: 105COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 38c889b5d0efb1db8d5424aa5329e3d087bf8ae91143bb926ffadb8d937e1e34
                      • Instruction ID: 7a28ea0f99b21e859e9de079a9816d7b8de2b43a12af939938352f4ada5b6d1a
                      • Opcode Fuzzy Hash: 38c889b5d0efb1db8d5424aa5329e3d087bf8ae91143bb926ffadb8d937e1e34
                      • Instruction Fuzzy Hash: EB414730A00605CFDB59CB68C1A8BAEBBF2BF89720F55546DE402AB3A1CB759C419B51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05700007 Relevance: .1, Instructions: 104COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1d84074505d96e1d4867dfe60e3b80429357478971becd81ab32bd9758f74df9
                      • Instruction ID: 729f8150e88bce7fd440e94a028cedb5866cd6c5a8213585aeb25195cf7312e6
                      • Opcode Fuzzy Hash: 1d84074505d96e1d4867dfe60e3b80429357478971becd81ab32bd9758f74df9
                      • Instruction Fuzzy Hash: AF31707150D381CFC706DB7498585993FE2BF42214B4A84AED185CB1A6EAB98C49AB13
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570E580 Relevance: .1, Instructions: 103COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5922780910cf5a081c0f22849d67d690db9b57126d1fcebf719a085126188202
                      • Instruction ID: ef479b2470561edf4f218c837af495a49d51500b43f35f5d630289e3cf6b6df4
                      • Opcode Fuzzy Hash: 5922780910cf5a081c0f22849d67d690db9b57126d1fcebf719a085126188202
                      • Instruction Fuzzy Hash: A0312932A00115DFDF15DFA8D8488AE7BF7FF88310B050825E906AB290DB71AC19DB92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570DA41 Relevance: .1, Instructions: 101COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d14b2a265a1ca7a2d98a715f9cb57a8e743cb0b4ea3e287c5e383d7cb7693f49
                      • Instruction ID: cb86763a828cedaedd802e3e46c8b334b684d14d69e8880c843ab5cf0713bba3
                      • Opcode Fuzzy Hash: d14b2a265a1ca7a2d98a715f9cb57a8e743cb0b4ea3e287c5e383d7cb7693f49
                      • Instruction Fuzzy Hash: 6931C031A08358EFDF25DFE4C8548AEBBF7BF89310B085069E506AB2A1DB719C04DB51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057020D0 Relevance: .1, Instructions: 100COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 991b5aa3b35e3c0b1383ebb9b26e62792936d4f9eda3e0b16e5093762bc1bf2f
                      • Instruction ID: 7555c926b9026be93edce4521defd96408ee0be684972df4a89acce1b9cee7ac
                      • Opcode Fuzzy Hash: 991b5aa3b35e3c0b1383ebb9b26e62792936d4f9eda3e0b16e5093762bc1bf2f
                      • Instruction Fuzzy Hash: 9531C435B18206DFCB05CF68C88897E7BF6FF84310B15906AC506DB296EB349C41DBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05701292 Relevance: .1, Instructions: 100COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4ee9a39a4777dcbb2b45a8133a0cf857353486c843177ef5595fb01a8cf38974
                      • Instruction ID: 14042835d153cc16769c8be9aa367491aa82f1e4d4f06a693fec3c82d0f6c264
                      • Opcode Fuzzy Hash: 4ee9a39a4777dcbb2b45a8133a0cf857353486c843177ef5595fb01a8cf38974
                      • Instruction Fuzzy Hash: 37410674E04219CFCB54DF65D880BAEBBF2BB49304F5040AAD40AAB790DB359D84DF62
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057043C0 Relevance: .1, Instructions: 96COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bfe9bd3b9f75bec6a7cd8cab936d76ac4e1638e56ab3686d840bafdc76ddf61d
                      • Instruction ID: 927ec3af51f71b04deba67b00791d184e7019dd1efd22aab2fa185ff286b44ee
                      • Opcode Fuzzy Hash: bfe9bd3b9f75bec6a7cd8cab936d76ac4e1638e56ab3686d840bafdc76ddf61d
                      • Instruction Fuzzy Hash: 0031D635510501CFCB52EFA4D8448EE7BF2FF4930431541A9E5029F2A9DB35AD1AFB62
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057045C8 Relevance: .1, Instructions: 95COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cfe287760a26269c715947bb93ca584b74b645c6c7fd9acdc232bae91ad4b5bf
                      • Instruction ID: 900d51c61aa49e6a7bd87691bf0969c87a9cd056fd696ed71eb99b18203c9872
                      • Opcode Fuzzy Hash: cfe287760a26269c715947bb93ca584b74b645c6c7fd9acdc232bae91ad4b5bf
                      • Instruction Fuzzy Hash: D0214C71B0011AEBDF04DEA9D941ABEB3EBFB88200F10512AD719D7280EA70990497A1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570F568 Relevance: .1, Instructions: 94COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2cc2ef9ce18d79bc4ece18ac5e51b2a423f7db6c9c656de04bd5da84dd46cc8b
                      • Instruction ID: 43a3ac3368c5aaecff2ca890176a18b201d8d68c8e551b729933d7f2187516b6
                      • Opcode Fuzzy Hash: 2cc2ef9ce18d79bc4ece18ac5e51b2a423f7db6c9c656de04bd5da84dd46cc8b
                      • Instruction Fuzzy Hash: 0841E670505B51CFD339CF2AC594766BBE2BF85305F14986EC19786AA0DB75E441EB00
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05706CBA Relevance: .1, Instructions: 93COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 68ef6af95b929642a4494783c88e67a7468916b0ed69027181d29cc253ca3bbd
                      • Instruction ID: b4e4058e03bd40b6a6570de6741d7373a18360d5066a9c7f3b49281abee7318e
                      • Opcode Fuzzy Hash: 68ef6af95b929642a4494783c88e67a7468916b0ed69027181d29cc253ca3bbd
                      • Instruction Fuzzy Hash: 92312B31E00219CFDB08DBA9C4549EEB7F2BF88310B14856AC805EB395DB34AD46DB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570DE99 Relevance: .1, Instructions: 93COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8dca7555c616a714353d3cd3f8a6484a67713e305d8dced2f9fa339a29fb9094
                      • Instruction ID: 0d1f9f5cb5ec427b5e70ca14cd3cad66899031c79c15125823ed66c3dffe313b
                      • Opcode Fuzzy Hash: 8dca7555c616a714353d3cd3f8a6484a67713e305d8dced2f9fa339a29fb9094
                      • Instruction Fuzzy Hash: 86316F71A00305CFDB14DFB5C5846AEBBF2BF88300B50542DE556E7794DA31E846CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05708290 Relevance: .1, Instructions: 91COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9b8873de9f1ca7178cd43894f555aa63e77ddbfd9485181562d4c7117853cdb5
                      • Instruction ID: 4dbc36e050f6c82a19f637b40ca77cf05bf127a6150b7f77586f31975b004136
                      • Opcode Fuzzy Hash: 9b8873de9f1ca7178cd43894f555aa63e77ddbfd9485181562d4c7117853cdb5
                      • Instruction Fuzzy Hash: 29318B30A09245DFDB15CBA8C5556AEFFF2FF82314F2494AAD402DB2E1D6348A42DB53
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05706634 Relevance: .1, Instructions: 90COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 87258539dea3dc7ce36cc59300d1fb035bfe4cfffdce59233a2a337064cbae31
                      • Instruction ID: c186a2189cc6de37df35794032eb8d6410f592abb80362f08af9e78f62a195a3
                      • Opcode Fuzzy Hash: 87258539dea3dc7ce36cc59300d1fb035bfe4cfffdce59233a2a337064cbae31
                      • Instruction Fuzzy Hash: 3D319E31614301CFD705EB78D1645AD3BE2FB853087649A6DE106CB394DFB69C0AEB92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570D741 Relevance: .1, Instructions: 87COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 72fb73e77384e6cbcb7c78efc155c883dc2b5a2376ffb20640855164a75dc6b1
                      • Instruction ID: a1af48e700f206e031d65a708468168338ab53cd74117245e086c30b3f176dc7
                      • Opcode Fuzzy Hash: 72fb73e77384e6cbcb7c78efc155c883dc2b5a2376ffb20640855164a75dc6b1
                      • Instruction Fuzzy Hash: 10316A31640202CFC755ABB8C09056AB7E3BFC12083B8896CD2469F794DEB6EC039B85
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057043D0 Relevance: .1, Instructions: 87COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 383f2f5d35abb81bfe88dba4d8ed8eff488307e2ccc14d3dd8e05dc74c0b5f2f
                      • Instruction ID: 18a787f11fbeb1307da130fa9d88f8f4a6bd91b91508bc0dbea82160145bc5dc
                      • Opcode Fuzzy Hash: 383f2f5d35abb81bfe88dba4d8ed8eff488307e2ccc14d3dd8e05dc74c0b5f2f
                      • Instruction Fuzzy Hash: CC31B135510505CFCF01EFA8D8488AE7BF3FF4830471581A8E5069B2A9DB35AD5AFB62
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570CC00 Relevance: .1, Instructions: 86COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1419f70ca338edef488815b6f29d609a9060411be06dac6237f0e36d36571913
                      • Instruction ID: a0284fa19409d550e161f5ecf6005737cd24e673bd88d3a64949692d9d8c88cc
                      • Opcode Fuzzy Hash: 1419f70ca338edef488815b6f29d609a9060411be06dac6237f0e36d36571913
                      • Instruction Fuzzy Hash: 6431C230A04605DFC756DBB4D41C96FBBEAFF80310715826AD453CB298EF348D02AB55
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570E731 Relevance: .1, Instructions: 86COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e3d7a3c327f232281701b97021550201c32df64a336661a95ff4092ca989a118
                      • Instruction ID: 688477a528f11ac6a5bb37306e8799250b07462571b7bd26263317d07b601840
                      • Opcode Fuzzy Hash: e3d7a3c327f232281701b97021550201c32df64a336661a95ff4092ca989a118
                      • Instruction Fuzzy Hash: E0317A75D00208EFDB05CFB9C440AEEBBF6EF8C300B14D46AD915AB2A1DB319911DB61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05706677 Relevance: .1, Instructions: 86COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e8f6dd933e5225a9e6818f0c5ce30f44cd277da70956007e78ad6e5c29169078
                      • Instruction ID: d0e33d935de6b34019056daaeb5a2b698c839288c792dce07cb232f1d70d2e50
                      • Opcode Fuzzy Hash: e8f6dd933e5225a9e6818f0c5ce30f44cd277da70956007e78ad6e5c29169078
                      • Instruction Fuzzy Hash: 6D31C071610302CFD704AB38D16449D3BE2FB852483648A6DE206CB394DFB69C0BEB92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05708100 Relevance: .1, Instructions: 85COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b31c32c8fced501143dc2df1446a3ef1edbbb532ab426ce4aa8a67f4084f4902
                      • Instruction ID: 7b1345d646dfb2247db82cd6fb1df6bcf8baa3a3edc59bec41bcb8025da6408e
                      • Opcode Fuzzy Hash: b31c32c8fced501143dc2df1446a3ef1edbbb532ab426ce4aa8a67f4084f4902
                      • Instruction Fuzzy Hash: 84316330A24201CFEB48EB78E41996D3BE3FF8431135089ADE106CB395DF798C02AB12
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570CAA0 Relevance: .1, Instructions: 84COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 586639d5736528135b7b0f42f21d8c77c618c6971c5068aa334e548c946c31c0
                      • Instruction ID: 7b90fea5565e15980031588853fd9afe5507754bfe0a2ae72cc439ec8d58b122
                      • Opcode Fuzzy Hash: 586639d5736528135b7b0f42f21d8c77c618c6971c5068aa334e548c946c31c0
                      • Instruction Fuzzy Hash: 2C31AB716083408FCB069F6891544997FF1FB8A2083288ABDE549DF392CB769C0BCB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570A4D8 Relevance: .1, Instructions: 81COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0f41ac3e2e889f5ed64343b9de667e0f48cfd588585c011ee2e39ad12afd843e
                      • Instruction ID: 419835002416086802d462ae3d1c7c3d888ef0634da33e67c83c835517b4bbdd
                      • Opcode Fuzzy Hash: 0f41ac3e2e889f5ed64343b9de667e0f48cfd588585c011ee2e39ad12afd843e
                      • Instruction Fuzzy Hash: EA213D31A14716DBCB15DFB5D8409AEB7F2BB88700F106969D502AF384EB70EC05DBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570CC10 Relevance: .1, Instructions: 79COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 005ede5add185fde33edda9c126cb0d040fb36cc46dce57675fd4f67844076e7
                      • Instruction ID: a78a77f89512947f76a4097d0aacdbf607756da441cd93b8c1fd22b0b883c7bd
                      • Opcode Fuzzy Hash: 005ede5add185fde33edda9c126cb0d040fb36cc46dce57675fd4f67844076e7
                      • Instruction Fuzzy Hash: B0219C30B04605DBCB12EBB5D50C96FBBEAFB843107048269E417CB298EF309D02AB56
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057021E8 Relevance: .1, Instructions: 77COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 55b1d452ec99295df78cb8d154c11f43bd569d35d39f4afe50cb9a364d2b98c6
                      • Instruction ID: 45daaec0466b559b435c4ae57b1f8873fb2d50a8e71beadae7ff560bd56e41ba
                      • Opcode Fuzzy Hash: 55b1d452ec99295df78cb8d154c11f43bd569d35d39f4afe50cb9a364d2b98c6
                      • Instruction Fuzzy Hash: 5D314D35D0820ADFCB94DFE4C448ABEBBF2FB44310F11506AC402EB2A2D7358A45EB52
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570E470 Relevance: .1, Instructions: 77COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2d91515675c95585ca9752307c95481e2a0e7c5c12d904db55b6c87f4b8efa8f
                      • Instruction ID: 29a5562966f2a549185becfabef3e596c622fc65990ce729a1e6c7c3e8708bbb
                      • Opcode Fuzzy Hash: 2d91515675c95585ca9752307c95481e2a0e7c5c12d904db55b6c87f4b8efa8f
                      • Instruction Fuzzy Hash: 60219571A04205CFCB95CB69C4407AABBE6BF84304F285879E849D7395EB319842D791
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057025DE Relevance: .1, Instructions: 75COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c0b35e69d7be1f3bc2cfe1242c867c3eeb9a80d95981afabf84bb198e9f00922
                      • Instruction ID: b1be1eeec24bda88d4ac56f465e2bbe5f03c289c6c36336b4e7bda7be7d8ebdb
                      • Opcode Fuzzy Hash: c0b35e69d7be1f3bc2cfe1242c867c3eeb9a80d95981afabf84bb198e9f00922
                      • Instruction Fuzzy Hash: D031BC75E00246CFDB61CFA6C44865ABBF2FF84318F25E169C0149F299DBB49889EF41
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057086A6 Relevance: .1, Instructions: 75COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fc0488689a43c1488ce105b23606fd454e4a7aa6efee4d7e694d5e0722026fc3
                      • Instruction ID: d4f4fa308126e427871654f2845db69361aae90b1b8da51238a3368156529e37
                      • Opcode Fuzzy Hash: fc0488689a43c1488ce105b23606fd454e4a7aa6efee4d7e694d5e0722026fc3
                      • Instruction Fuzzy Hash: 7831ACB4E10209CFEB20DF65C54476ABBF2FF85318F14A269D005AB294CBB49486DF86
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05706F08 Relevance: .1, Instructions: 74COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ffb054205ec3e747bc6d97ac44c173892b5187017ee4beba1f563774c9bc2320
                      • Instruction ID: 1ef68ca4a1846e9b8c8913db9c86679f9dea6de1d3f00700fafff9ac87df7896
                      • Opcode Fuzzy Hash: ffb054205ec3e747bc6d97ac44c173892b5187017ee4beba1f563774c9bc2320
                      • Instruction Fuzzy Hash: 8121F070700114DBCB08EBBA84289BFBBE7AFC9344B14513E9402DB392DD709C0497A1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570A4C7 Relevance: .1, Instructions: 71COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5043d9ac29d7982d126bcbb841cd346ebdc413323f7b1ceb779f55ea94c419b6
                      • Instruction ID: ae22d2fe674675c29da5db8c3e791bbb6b6474b58389bdb144dc192ad7fb7f36
                      • Opcode Fuzzy Hash: 5043d9ac29d7982d126bcbb841cd346ebdc413323f7b1ceb779f55ea94c419b6
                      • Instruction Fuzzy Hash: 52218E30B14319DFCB25DAA6D841AAEB7F2BB88710F10557AD502EB380EB749D01AB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570AB20 Relevance: .1, Instructions: 71COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 69f0a0f7e759c23a1c32232c4f6dfacf44a6b445eb966d75af10e983c078a43c
                      • Instruction ID: d80d31bcd459f1566c20db96b439e769ac8c3e2cdd5ded7816c8d42b965c97ff
                      • Opcode Fuzzy Hash: 69f0a0f7e759c23a1c32232c4f6dfacf44a6b445eb966d75af10e983c078a43c
                      • Instruction Fuzzy Hash: 8D21A1B6F042298FDB05DF98D8584AEFBF2FB8D210F15456AE455E3350D734A941CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570ACBA Relevance: .1, Instructions: 70COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5b3b9dc736fbf63b3da20db761c2ef914e9b2b7d7b138c74d8791fc1105527aa
                      • Instruction ID: 0a283710a93fd2e3b94440847b6f82b61f650c19121d0cf9efd48db97f890006
                      • Opcode Fuzzy Hash: 5b3b9dc736fbf63b3da20db761c2ef914e9b2b7d7b138c74d8791fc1105527aa
                      • Instruction Fuzzy Hash: 63115B3250A3A0AFCB168778991096DBFE6EE8362271980AFD140DB692C6245C46D3B2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05706F18 Relevance: .1, Instructions: 70COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4ed3a7f0b1ffb0e9c40f975c81cc069d17a83b3b048173b00431787a1a585032
                      • Instruction ID: 9f624c2e95f0ba5ccf45802a94e4d37baaa132cc590a45acb455a8d685f1b6ee
                      • Opcode Fuzzy Hash: 4ed3a7f0b1ffb0e9c40f975c81cc069d17a83b3b048173b00431787a1a585032
                      • Instruction Fuzzy Hash: 6711D075700014DBCB08E6BA986897FB6EBAFC8344754653EA403DB3D1DD70AC0497A1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570F2E6 Relevance: .1, Instructions: 70COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 05b679ebb87ef05a6d4ecfe7f0c39e68eec1ce2bca92f844de6969949cfa1229
                      • Instruction ID: ee08436fb6cb941ff6e03623979a3efbe77aece278e96ee6b41f89dad2a21128
                      • Opcode Fuzzy Hash: 05b679ebb87ef05a6d4ecfe7f0c39e68eec1ce2bca92f844de6969949cfa1229
                      • Instruction Fuzzy Hash: D9318339600204CFDB15DBA8C584EADBBF2BF88324F1A5194DA01AB366D735EC85DB50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570DD40 Relevance: .1, Instructions: 68COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b7f8efbcf4302b856e969f5ad2b67142c4c8170d0314c5270e3daf27e4cbac06
                      • Instruction ID: 5b19c124375da730c217229a84800ab533d918a717a2902c9ab6c0920f3db4e8
                      • Opcode Fuzzy Hash: b7f8efbcf4302b856e969f5ad2b67142c4c8170d0314c5270e3daf27e4cbac06
                      • Instruction Fuzzy Hash: 8D2162B5A00224DFCB68DFD8C5549BEB7F6EB88310B20915BD406E7280D731AD12DB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05705000 Relevance: .1, Instructions: 67COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e84ddd99b0548fb46b276189d48f48e5e07da250ff318a6fe6ae0acd23ba85bb
                      • Instruction ID: e141f06fe5cb6d28ec7a23aa922828aea4ef61166cddac21055ded086c81c2bc
                      • Opcode Fuzzy Hash: e84ddd99b0548fb46b276189d48f48e5e07da250ff318a6fe6ae0acd23ba85bb
                      • Instruction Fuzzy Hash: 2911AF31B10115CFCB44EBB9C85466E7BE2FB847007549579C906EB284EF309D02EBE6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057048C8 Relevance: .1, Instructions: 66COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 41d6ecb7e0ec95dafb8edb55c8f589066a49e58b61e8e972d8d4ccab06eea75f
                      • Instruction ID: acfbda353d41318deef39715d37d62b42c1e9ebad8e6afcc7469e618ce9c2a0d
                      • Opcode Fuzzy Hash: 41d6ecb7e0ec95dafb8edb55c8f589066a49e58b61e8e972d8d4ccab06eea75f
                      • Instruction Fuzzy Hash: E411A732F14119DBDF04DA68C8545FEBBF7ABC4710F04543DD606B7280DE205E0697A1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057048B8 Relevance: .1, Instructions: 66COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 047a9a35a5bbf9fde7ebbd08461bbd261152b09a7eecfef1ab8d48a50462791e
                      • Instruction ID: e90caa5b164cab7a32ce34e5191e7812529ac8e6c04e0747f58937f5e1d440f9
                      • Opcode Fuzzy Hash: 047a9a35a5bbf9fde7ebbd08461bbd261152b09a7eecfef1ab8d48a50462791e
                      • Instruction Fuzzy Hash: 5F11E332F10219DFDF09DE68D8549EEBBF7ABC5720B01503ED602A7291DE241E0697A0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570DD31 Relevance: .1, Instructions: 62COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6dfda35430b148d1eb7bdd115878b5e0e7d9dfbcd86c323decbb186bafbca76d
                      • Instruction ID: 5fbeb0480150e940ea253eeceac87ab26fb2484ba15d525361229802c58712d9
                      • Opcode Fuzzy Hash: 6dfda35430b148d1eb7bdd115878b5e0e7d9dfbcd86c323decbb186bafbca76d
                      • Instruction Fuzzy Hash: E21160B5A04214EFCB68DF98C541AFABBF6EF48314B20A09BD445E3280D331A903DB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057008B2 Relevance: .1, Instructions: 62COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d03521cda27a091c6b0031c71f5b009de4566f6c951f025da99428c34a6c01ca
                      • Instruction ID: cde080547c15a96871877c9cc2f8f0398cb18a109e1c950cfa6a82ed817f30c1
                      • Opcode Fuzzy Hash: d03521cda27a091c6b0031c71f5b009de4566f6c951f025da99428c34a6c01ca
                      • Instruction Fuzzy Hash: 28113631A55354DFDB208AB4945CB7F7BE6AFD5370B85513BD8069B2C1CAA44C02A3A1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05704520 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 95aa0cec936ff1c17966bea7a7d9d7484dc83f403336d5e9d66b6309757c3f0f
                      • Instruction ID: 64adc34b585cf4ab2272391eeb2b0e97ed5f8f4dd08439bf974379b918eeef4d
                      • Opcode Fuzzy Hash: 95aa0cec936ff1c17966bea7a7d9d7484dc83f403336d5e9d66b6309757c3f0f
                      • Instruction Fuzzy Hash: E201AD36F04514CBCF04DA5AE4142EFB7E7AFC5321F04403EAE06AB380DAA29E099791
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05700B18 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fba7d1130194bcd7d7b122643544c16fce16ba2b8a573bc66fc7197b9d1210ce
                      • Instruction ID: 9530fcc9698594e492e0401777281dfa2c96adb69c8976c4187bf7b0d489742a
                      • Opcode Fuzzy Hash: fba7d1130194bcd7d7b122643544c16fce16ba2b8a573bc66fc7197b9d1210ce
                      • Instruction Fuzzy Hash: 5E11A120B58116EACB25F9748C09B7E62E76B857B9F90656A9903EB6C0DE70CD00E391
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570BFD8 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2fdeafbfc0003f37aff4c01aef3ac7c5936ba7c3e52343c4ee09437837543d67
                      • Instruction ID: 6a3329a6a486d5547d37232c6c7b455b33045b97266516dad29f78dda40702c0
                      • Opcode Fuzzy Hash: 2fdeafbfc0003f37aff4c01aef3ac7c5936ba7c3e52343c4ee09437837543d67
                      • Instruction Fuzzy Hash: 3D114C74700600CFC715DB28C990C2AFBEAFF852243198A9AD46ACB7A1DB31EC01CB51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570C3A8 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 56c2eb8ccf028e0b99ff4521c9a3a6a21c32a88998b918448c284ef7c0b5b9f5
                      • Instruction ID: 95d125328ac4a17f6d210a3988ae73e14ab70b5f4e4b29de41a096fe1cc6d15c
                      • Opcode Fuzzy Hash: 56c2eb8ccf028e0b99ff4521c9a3a6a21c32a88998b918448c284ef7c0b5b9f5
                      • Instruction Fuzzy Hash: 86119131700010DBC748EB69C454A7EBBEBEFC87507288169E90ADB391CE31AC02E791
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 031A0846 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.508627839.00000000031A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_31a0000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ce64c81328a18255b1ee1643982775fba1beb369ce0191cf6e19eee3895d040b
                      • Instruction ID: c3b871f24ae07c9e8ef48c3bd7690bae789d5c1dc2a40105fe02d88ccef54cce
                      • Opcode Fuzzy Hash: ce64c81328a18255b1ee1643982775fba1beb369ce0191cf6e19eee3895d040b
                      • Instruction Fuzzy Hash: 0121683514D7C18FC713CB64C890B61BFB1AB4B314F1985EED8898B6A3C37A9806CB52
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570F078 Relevance: .1, Instructions: 60COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e6b32f9be8e57f8b62cb68022752592a4bd5b20aaca0b1e869618077352c100b
                      • Instruction ID: 7e21653f8584f098a0e3c813f20dfb0022154f5e44ea34ca765b07beff3823bc
                      • Opcode Fuzzy Hash: e6b32f9be8e57f8b62cb68022752592a4bd5b20aaca0b1e869618077352c100b
                      • Instruction Fuzzy Hash: 39119D31A08349CBDB24DF64C4957EFBBF2AB88318F14642EC506A7381CEB65844ABD1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05705F60 Relevance: .1, Instructions: 59COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9b43c7e0fd4661886d89dfcf73a349a5f8adc01d340f5423ec33eb6d1bea3aff
                      • Instruction ID: 999e246e69a4620cc9206916bb63968dad5d14aa21617e8ff13d63dace3917f6
                      • Opcode Fuzzy Hash: 9b43c7e0fd4661886d89dfcf73a349a5f8adc01d340f5423ec33eb6d1bea3aff
                      • Instruction Fuzzy Hash: E0112631B48615CFE71592B85814ABE7BE6AB81360F00007BD90ADB2C1DB785D41ABE2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 031A087C Relevance: .1, Instructions: 59COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.508627839.00000000031A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_31a0000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 689b6304d4c5ef89270e27edcd8233d53d9ce82265b4fcc3cd37317a12d0fe76
                      • Instruction ID: 19fb8a5e6398fc83664b4fa3e08c1a15f6bc32bc9bdb2ef1bbe8169b252bed8d
                      • Opcode Fuzzy Hash: 689b6304d4c5ef89270e27edcd8233d53d9ce82265b4fcc3cd37317a12d0fe76
                      • Instruction Fuzzy Hash: F7110638608640DFD315CB18D580B26FBA5EB4C719F28C9ADE9490B642C777D843CA91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05702390 Relevance: .1, Instructions: 57COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: de8a63cb6729c7b5cb63d02dca779585df61344de1cf3afc4f9d2ea956843f9a
                      • Instruction ID: ff643974c8f09fc1446782f07ced13bc7673606178d10f8cc9a5f787dee29ffa
                      • Opcode Fuzzy Hash: de8a63cb6729c7b5cb63d02dca779585df61344de1cf3afc4f9d2ea956843f9a
                      • Instruction Fuzzy Hash: EE115875D0421ACFCB59CF94C859AAEBBF2FB44314F10506ED502EB282DB754C42EB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05707EB8 Relevance: .1, Instructions: 57COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6947061a83529d841af8b2ad894a26e5c9b45a6e16a9529e30301a69c6bb35a4
                      • Instruction ID: c0f4f78d40cf921fc77a44d7c0b78c7e9599b12e69ff684fd0e93b94a768cdc0
                      • Opcode Fuzzy Hash: 6947061a83529d841af8b2ad894a26e5c9b45a6e16a9529e30301a69c6bb35a4
                      • Instruction Fuzzy Hash: DF11C171904205DFDB15CBA8D804AE9BBF2FF89310F1440AAD541E72A0D7757D4ADBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05704510 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 542f1324cff1fd096a65d1b84e29cf94ccd3a15a0d0c8252071bd978f66608dc
                      • Instruction ID: 04f7c8a1577abea675f93395a8cbd4713416fbcd0e8670a6d41e627c43bf8b35
                      • Opcode Fuzzy Hash: 542f1324cff1fd096a65d1b84e29cf94ccd3a15a0d0c8252071bd978f66608dc
                      • Instruction Fuzzy Hash: 2701D632F08211DFCF09CA69D4141BEB7E7AFC5320B05417EA946DB3C1DAA98D069791
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570D448 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4197c4240e99d1e278dae8893b74cfe05c39121b505f9dca4948889d6165a45c
                      • Instruction ID: 7459031a489d819176f0d42e03ea830a901466f8fdcd1dde02038eccd9a6c3ac
                      • Opcode Fuzzy Hash: 4197c4240e99d1e278dae8893b74cfe05c39121b505f9dca4948889d6165a45c
                      • Instruction Fuzzy Hash: 1701D271B003209FDB242BF9941897F7FEAAF8A224315543EE446DB382DE318C01A3A1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570C080 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 05a44d2810716e18837945387bc9334a17faf821626aafdb7af952028dee7918
                      • Instruction ID: 0b6c5c67c5b505f9719cd1e13fdf811ab38963fc0d5140c8acf65fd2848f98e9
                      • Opcode Fuzzy Hash: 05a44d2810716e18837945387bc9334a17faf821626aafdb7af952028dee7918
                      • Instruction Fuzzy Hash: 0611CAB53102109FE3469B789444B2E3BEBFBC9202F4605A8E506CB398CA748C46DB95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05704FF0 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e62e1a695dc6aac9754ef4e9ca44804d6d0c5c55d6ef976af132369daa3e8630
                      • Instruction ID: 626f7a2554cd63fe8ad56530915a3fcf6be1b71aa358edc3e64bf9ef25f1026e
                      • Opcode Fuzzy Hash: e62e1a695dc6aac9754ef4e9ca44804d6d0c5c55d6ef976af132369daa3e8630
                      • Instruction Fuzzy Hash: 1801A131F14215CFC784DAB898456FF7BE5FB84710B44853AC505E7281EB348902ABE6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057011DF Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1605d82889acf0aefb86330ce9374434b9092738e74c085540fd1c4910ec9f20
                      • Instruction ID: 5460f4d4c9c59fac8ce411c26d00d4a9e587b21a34447d8e0bbde14f6a917588
                      • Opcode Fuzzy Hash: 1605d82889acf0aefb86330ce9374434b9092738e74c085540fd1c4910ec9f20
                      • Instruction Fuzzy Hash: C7115E3530C280CFC305D728D858D697FE6BF9631075951EBD046CB2B6CE659C09EBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05704788 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 88edb3f2087f6226b93785f66c786bfcbef73eb3fce444408508781e82513cb7
                      • Instruction ID: ed3c30bb733d3e79d2320374b951e1d7d649b3228fb082c5643a182383b77b80
                      • Opcode Fuzzy Hash: 88edb3f2087f6226b93785f66c786bfcbef73eb3fce444408508781e82513cb7
                      • Instruction Fuzzy Hash: D9012171F002198FDB55DF7898516EE7BE2EB84710F20443EC509E7281EB35894797A1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05707CB1 Relevance: .1, Instructions: 52COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2cdc990b89b0128b0c08548b4c1cb1a667d8b9b26779fb8345302de9e0bf2f8b
                      • Instruction ID: ffd8a7c4e1c9d9c3c7945fe6235d61ba502f92b16a0554f79e938862a50fcd87
                      • Opcode Fuzzy Hash: 2cdc990b89b0128b0c08548b4c1cb1a667d8b9b26779fb8345302de9e0bf2f8b
                      • Instruction Fuzzy Hash: C9018B70A48125CFC71ECA24C961BBF77E2AB84310F14642EC006EB6C1CF64AD039BD1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570D458 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7213c4c51dfbd84b289c14f99f62ce717ec91dc4c62703b76ebd4c87da6435bf
                      • Instruction ID: 5e0d3c54baca5b9bf8c2c5e3a615810ac4964566542a0134fcfb991a48b1504c
                      • Opcode Fuzzy Hash: 7213c4c51dfbd84b289c14f99f62ce717ec91dc4c62703b76ebd4c87da6435bf
                      • Instruction Fuzzy Hash: B601A271B102249BDB242BFA981892F7ADBFFC9664715543EE506DB381DD718C01A3A1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05707CC0 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1b3d2e5fea723962957d5f081a7d2c85323f0b808093b06c6f871e84130e38de
                      • Instruction ID: a75997938a7fe4a708437e5d94fc170c44365cd103d43c3d6c65fbccd0b4cc75
                      • Opcode Fuzzy Hash: 1b3d2e5fea723962957d5f081a7d2c85323f0b808093b06c6f871e84130e38de
                      • Instruction Fuzzy Hash: 31018C71A08118DBCB1DCA64D850BBFBBF6EB84324F14646EC407A7680CB717D02ABD1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05709E90 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1a6672267997837cea3d92612c92b597884cb8ee7edd0827a4527c48b6af2181
                      • Instruction ID: 1d4653f8ab9d56109fefbcd86f9917a4d672bee626635b956b757211cc80ae31
                      • Opcode Fuzzy Hash: 1a6672267997837cea3d92612c92b597884cb8ee7edd0827a4527c48b6af2181
                      • Instruction Fuzzy Hash: A401B132A08108CBCB24DA54C850ABFBBF6ABC4314F28546EC207A76C2CF716D01DBD1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05701209 Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 53127d9434f8fb337deec215e2d5e939a518f7bc8b51d5edafc13427ca29e0fa
                      • Instruction ID: 12b4a5e8cb3270a9d605e2d1ac1a7ce42ee7156f58d2c70656fe17c6b3818209
                      • Opcode Fuzzy Hash: 53127d9434f8fb337deec215e2d5e939a518f7bc8b51d5edafc13427ca29e0fa
                      • Instruction Fuzzy Hash: 90015A34308150CFC704DB29D458CAABBE6BFD5710B6540FAE446CB2B1CEB59C09DB92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570C072 Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 73002e4d11234fb629dd298b92c9b70e49bd08537cfb78fb2b3a7dfbebf58755
                      • Instruction ID: 791867ad64f9017167b9dbbce553a1811cad24d06cb0fdb63a6a51319ad66e5c
                      • Opcode Fuzzy Hash: 73002e4d11234fb629dd298b92c9b70e49bd08537cfb78fb2b3a7dfbebf58755
                      • Instruction Fuzzy Hash: 0211D2753083909FD7038B38D4546297FE7FF8A201F0505E9E086CB696CA348C86DB51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570A418 Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 30b6ddff21882112c97199bc44ca7018084d670cef7201adda3eabed49ac9e09
                      • Instruction ID: 7fc03c0453eef7854a6fa0a83bc420380e90c707beb9e6f91d5c1672f79ab719
                      • Opcode Fuzzy Hash: 30b6ddff21882112c97199bc44ca7018084d670cef7201adda3eabed49ac9e09
                      • Instruction Fuzzy Hash: 0A017C75E002098FDB90DBB9E8057AEBBF4FB84210F10917AE618D3280EB3459058BE2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05709E81 Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c655c1a4c2d553bed5a4df40d16633004246542dc51049d00da253185748a008
                      • Instruction ID: 8f3cc7fe9aeb2e642b447fe16fd4645f7ada6c19d0848b9508f370db9ffc3840
                      • Opcode Fuzzy Hash: c655c1a4c2d553bed5a4df40d16633004246542dc51049d00da253185748a008
                      • Instruction Fuzzy Hash: 0301B172A09208DBC728CB24C9917BF77E26B84314F18595EC217E76C6CF75AD02AB81
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05706580 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 84380b35007fe9c8ea0ec09da2a54a4c369449c5ee018ecc0e585447d3670a77
                      • Instruction ID: 988c94ec141fc205c87e9d79fb252836b0022228edfdb1abc89e59a108f4029e
                      • Opcode Fuzzy Hash: 84380b35007fe9c8ea0ec09da2a54a4c369449c5ee018ecc0e585447d3670a77
                      • Instruction Fuzzy Hash: 78014BB1A00108DFDB50EBBAE8507AEBBF5FB84714F10417AD509D3280EB309D559BE2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05704798 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e8720cb730790716db632e6757c8341df97b74763db4795a984e02f6df7b35eb
                      • Instruction ID: b366802f38d3cea30b297a4c965f06d7201b2659c77c87c86fec153ef08d1130
                      • Opcode Fuzzy Hash: e8720cb730790716db632e6757c8341df97b74763db4795a984e02f6df7b35eb
                      • Instruction Fuzzy Hash: 34014F71F001098FCB54EFBD84506AF7BE6EB89740F10443AC109E7280EB358A42A7E1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570A409 Relevance: .0, Instructions: 43COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1b4d1f8ada78d3e950f1b9d07e47f21ceb88e001041d7bf559371b80020a8e60
                      • Instruction ID: 9800971afbe5239b4e0efc06ad86b88c01fd31c52e07ee4279410ddc499cca7c
                      • Opcode Fuzzy Hash: 1b4d1f8ada78d3e950f1b9d07e47f21ceb88e001041d7bf559371b80020a8e60
                      • Instruction Fuzzy Hash: 26017C70A5030ACFDB94DFA8A8097AEBBF0FB84710F10517EE504D7680EB384906CB92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05704710 Relevance: .0, Instructions: 43COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8475b430d21daaa0de4c83faa3460119701d71934b30f79997e7e73d6f791265
                      • Instruction ID: 193add9da50dfad50940363fba046dd5967e66595fafd6db88caceeba1e7797f
                      • Opcode Fuzzy Hash: 8475b430d21daaa0de4c83faa3460119701d71934b30f79997e7e73d6f791265
                      • Instruction Fuzzy Hash: 51F0F036301210DFCA29A6B998047BE32CB9BC6A62F54103ED30AD77C0D966C84263A1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570A6B0 Relevance: .0, Instructions: 43COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ae27b8889b90ebae67d99cb26910de2b1bc83eadb97b45026d443c3e11f8b660
                      • Instruction ID: e0f5f48e8158a34ba371e6113f42fe56f5b14928eefd1ba0fce25435aa893ef8
                      • Opcode Fuzzy Hash: ae27b8889b90ebae67d99cb26910de2b1bc83eadb97b45026d443c3e11f8b660
                      • Instruction Fuzzy Hash: 1D01DF30604301CFCA04EB74E52886A7BF3EB8521072850BDD24ACB2A5DF718C06A782
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05706571 Relevance: .0, Instructions: 42COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1058e31a37b805a169240e5416ed37543bf1b78e3492678132ab5f39a7ef5763
                      • Instruction ID: 1bba987df99f2833b03f18885e26207148910dca6c709277fd430ebbc07b2707
                      • Opcode Fuzzy Hash: 1058e31a37b805a169240e5416ed37543bf1b78e3492678132ab5f39a7ef5763
                      • Instruction Fuzzy Hash: FF0116B1E10209CFDB90DF69D860BAABBF5FB84314F20517AC505D7280EB309D55DBA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05701218 Relevance: .0, Instructions: 42COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 12d5a71365eafaa4fb95ace9b17ea1ed97683544c8ab8d9fb49aba0f64cb9d91
                      • Instruction ID: bd562887bfeb7823da5b2501fb186d2d1113bdd5515c18ed6bb3c5a9ee4078a9
                      • Opcode Fuzzy Hash: 12d5a71365eafaa4fb95ace9b17ea1ed97683544c8ab8d9fb49aba0f64cb9d91
                      • Instruction Fuzzy Hash: E201FB30314010CBC604DB29D458D6A77EABFC570476551AAE506CB6A4CE759C09EB96
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05707D49 Relevance: .0, Instructions: 40COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3c04356f49c829dd3bec6d12563fd9dad4ac0e3cb0ce4be1601339f10a91a45d
                      • Instruction ID: d8e2d3c864ed94a5aeee8333b5b24d982112b3d699711bded237fefd8225c624
                      • Opcode Fuzzy Hash: 3c04356f49c829dd3bec6d12563fd9dad4ac0e3cb0ce4be1601339f10a91a45d
                      • Instruction Fuzzy Hash: 4EF06230A4C265DFC709CB64D8858BEBBF6EF863207049176D105CB2A2F374A806D7E6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570F4F7 Relevance: .0, Instructions: 40COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b4505199683a904cfcd4a4ec720efeb63b605d4a46cbfc96eb0206dc1d3ac88c
                      • Instruction ID: d42ef5e4868f16b42fe6a9f1e1b927ecb5fab79acacb4ade0566ea22944d076c
                      • Opcode Fuzzy Hash: b4505199683a904cfcd4a4ec720efeb63b605d4a46cbfc96eb0206dc1d3ac88c
                      • Instruction Fuzzy Hash: 4C01D131804294EFCB52DFB888449EEBFF5AF0A21071480ABE498D71A1D2348625EBA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05705FB0 Relevance: .0, Instructions: 40COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2defadccdee3f97d4da2899ec387a5b8f015388752f1b64ed97356763b49122f
                      • Instruction ID: 6e642aa60e7ecaf59c47040d49af9a52234f7be2306c3ef275346e61ec4185ad
                      • Opcode Fuzzy Hash: 2defadccdee3f97d4da2899ec387a5b8f015388752f1b64ed97356763b49122f
                      • Instruction Fuzzy Hash: 43F0F630B54215DFE764D62898209FFB7E5EB80360F00007AD906D72C1EB385E12EBE1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05702F97 Relevance: .0, Instructions: 40COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 80aa69ceb6dd88cd95f2d3dae3e8eba71e5e6aaac74e3116a38f104cc5554ec2
                      • Instruction ID: 8d2082f6dd951a0908de1c7c23b2330a0e2a62ff384d5245f880b73c6c6e3d30
                      • Opcode Fuzzy Hash: 80aa69ceb6dd88cd95f2d3dae3e8eba71e5e6aaac74e3116a38f104cc5554ec2
                      • Instruction Fuzzy Hash: 4AF0AF30F4020AEFDB549AB4D8089AEB7F5EF81354B118879D905DB261EB3488068B90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05705B88 Relevance: .0, Instructions: 40COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cc24e4052039e4999224605e9dd20a1b1182ad86850b6838d43977312ba73f59
                      • Instruction ID: 3eeee4cc9f4ee9c82676b55e6a5aed84b5750809f4b84a913b8a01fd16f5b1db
                      • Opcode Fuzzy Hash: cc24e4052039e4999224605e9dd20a1b1182ad86850b6838d43977312ba73f59
                      • Instruction Fuzzy Hash: C4F0F630B18215DFEB64E76898145FEB7E6EB85760F00007AC906D72C1E7381E06DAE1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05709C81 Relevance: .0, Instructions: 39COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7eb3db480f2c0ee3312269ebea283e9c10a8b4ad23df3763b700a304e5cadf8e
                      • Instruction ID: 245b922673281e19fccc2966b622e4e20d3a27abc8e8277725c2d55318a0ff9b
                      • Opcode Fuzzy Hash: 7eb3db480f2c0ee3312269ebea283e9c10a8b4ad23df3763b700a304e5cadf8e
                      • Instruction Fuzzy Hash: 62F0AF32604241DFE7459778A4104A93BF3ABC622835845AEE24ACB3A2EE769C079B51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570A6C0 Relevance: .0, Instructions: 39COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bd2fafeb1c684195a37669ea01bbedb7121b21130975199091ea72f09cd1ce29
                      • Instruction ID: 1efe4a789f422fa554424a217e8c2429c9090d1119b8b2eaeb7fc3143ea9430b
                      • Opcode Fuzzy Hash: bd2fafeb1c684195a37669ea01bbedb7121b21130975199091ea72f09cd1ce29
                      • Instruction Fuzzy Hash: 0BF0AF31604301CFDA04EB78E5148AA7BE7FBC835475891BDE60ACB354DF719C06A796
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570E147 Relevance: .0, Instructions: 38COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c448169cac099a39a9c74cf68d8cd92bac5573bfad1d8926d91312180078861d
                      • Instruction ID: e232789db898cfb21735c90b9eb8559e59f62fe7193dfc229828400b14cd293e
                      • Opcode Fuzzy Hash: c448169cac099a39a9c74cf68d8cd92bac5573bfad1d8926d91312180078861d
                      • Instruction Fuzzy Hash: 77F0593261C390DAEB26877858883E26FEE6B41350F092DB7ECC6CF1C3E4500C05A362
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05705FC0 Relevance: .0, Instructions: 38COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 24d4a6ae1c521b75c29266fadd2ab0aec9072394d4152039b109bdd3eb5b7059
                      • Instruction ID: ac51ac215adc80d84d0e4afbfaa0e941948ca708bb74b4ab766152dc7fd91d35
                      • Opcode Fuzzy Hash: 24d4a6ae1c521b75c29266fadd2ab0aec9072394d4152039b109bdd3eb5b7059
                      • Instruction Fuzzy Hash: 45F0B431B14115D79B14E22998309BF67E79785754F001066C906D73C1EE245A21B6E2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057045B8 Relevance: .0, Instructions: 35COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e8a440242e2de5cbff93a15e8e906a11fdab8369f005e739c8da905b32d7a0ef
                      • Instruction ID: f248d3cd10d12c40cd9555b21bdd5a7404de8dc328a65564d98d1bd9f6dd16ea
                      • Opcode Fuzzy Hash: e8a440242e2de5cbff93a15e8e906a11fdab8369f005e739c8da905b32d7a0ef
                      • Instruction Fuzzy Hash: 03F08230E4435AAFDB55CAA89C06AEFBBFCFB85220F11017AD508D7291E27859058761
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05709057 Relevance: .0, Instructions: 35COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a20bf05d13be4c97bff4797c7b49f78972465b425c8e10bcf9558a7830c0eb8e
                      • Instruction ID: 5d44fec949013658a463e6a07f1abc75d3cec203509613062d4275d2576d576f
                      • Opcode Fuzzy Hash: a20bf05d13be4c97bff4797c7b49f78972465b425c8e10bcf9558a7830c0eb8e
                      • Instruction Fuzzy Hash: 82F02474F00106EBEF049BB8D9086AEB7F6EF80344F148875EA00E7259EF319415CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570F2F9 Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6f05d84ace0a8d143fb507f362d58edeac0d96a43e0850b50068867e732b66db
                      • Instruction ID: 2d896ca2f6c9c26afae69947efad14b9be9fd0979f7653d8712fcd881e9f8e7e
                      • Opcode Fuzzy Hash: 6f05d84ace0a8d143fb507f362d58edeac0d96a43e0850b50068867e732b66db
                      • Instruction Fuzzy Hash: 91F0123010E791DEC7B6DA60A910576FBE7BE42721394795BC4C3CAAD1C621A842B753
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570FAA8 Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a0ffba5aa24b75111a2f7ae7d0ff443db8d8f76653fcbf9316ca591199a48c01
                      • Instruction ID: cb40bc67fdacb19dee5f2c549f5ed04ca8a6cc9ae055d14ecf15b20b62f8da19
                      • Opcode Fuzzy Hash: a0ffba5aa24b75111a2f7ae7d0ff443db8d8f76653fcbf9316ca591199a48c01
                      • Instruction Fuzzy Hash: 03F027717842545FC755E7B898508BBB7EEAF86111314889FE448CF382CA228C1683A0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05700918 Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d14af169e8d5330225d9b14cdef1e394f393290ed369f2262249ec1c0141a639
                      • Instruction ID: 01fbedd7ad9090d5209d896cfed34c02e46f97eb97cd6d766dceccb5dc2411bd
                      • Opcode Fuzzy Hash: d14af169e8d5330225d9b14cdef1e394f393290ed369f2262249ec1c0141a639
                      • Instruction Fuzzy Hash: BFE0E532B25218DB9F109AF5980C6AFB7EA97C5770F815427990797280D9B059056292
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05700908 Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 69c3c2e3fe5f5e69ac21229092661688ae591460bec69244f62a7d0ffa5d98c3
                      • Instruction ID: fe87980b0aaa0260e3477941eb21c426b0ba85771f91bb9f763370330796f609
                      • Opcode Fuzzy Hash: 69c3c2e3fe5f5e69ac21229092661688ae591460bec69244f62a7d0ffa5d98c3
                      • Instruction Fuzzy Hash: 9BF02730A69351CFDB61DAF4481CABF7FF69B86370B85146B9843DB2C1C6B84C06A761
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570D897 Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dadf3737686d09ea4b2f263b366b808f0a7b9a016eca82707177292e8f01adf9
                      • Instruction ID: 9179d6d8dba0d0f98677962c948c594e45fd3a6fdfb85c4adfcab3755c290c45
                      • Opcode Fuzzy Hash: dadf3737686d09ea4b2f263b366b808f0a7b9a016eca82707177292e8f01adf9
                      • Instruction Fuzzy Hash: D0F02E312053519FC722D7AC94208697FF7EFC6214309449FD44ADF3C2D9259C05C791
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05704701 Relevance: .0, Instructions: 32COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b58bd5e98ba20361b01dcfda438e31bc9a5dc56f830c28eaa9676179b3aea641
                      • Instruction ID: ec7bd32840043482a502e328cdfb1c329d059d4e928904de1cb2a6fc1ea39b75
                      • Opcode Fuzzy Hash: b58bd5e98ba20361b01dcfda438e31bc9a5dc56f830c28eaa9676179b3aea641
                      • Instruction Fuzzy Hash: 95F0A031284351DFC75B86A09814AB933E69BC3330F15107FD501CB292D6698C436350
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05703BC4 Relevance: .0, Instructions: 32COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 58e2f23dec6e65a70fe1ccef76c88368c256cdbc9f079be58753cbfb7977c1a3
                      • Instruction ID: b53086752ac2c9806b3be5f35fbc0da518a998d1fa8bbc93796271a3a6f5e227
                      • Opcode Fuzzy Hash: 58e2f23dec6e65a70fe1ccef76c88368c256cdbc9f079be58753cbfb7977c1a3
                      • Instruction Fuzzy Hash: 0FF08C32B04518CFCB00EF9DE4805ADBBF2FB80719B341AA6D515DB284DF349D46A7A2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570F508 Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8f36132c8478747553eeaffdefcb86d5b3be69927a89e27e20b6c711d025b271
                      • Instruction ID: fa89936f0a1306e2ae183115be45f14bbcd76c301e5806e4b76c67a1c6c2282c
                      • Opcode Fuzzy Hash: 8f36132c8478747553eeaffdefcb86d5b3be69927a89e27e20b6c711d025b271
                      • Instruction Fuzzy Hash: 23F03A31904218EF8B51EFA989049EEBFF5EF09210B1084A6E558D71A1E6318660EB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 031A0938 Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.508627839.00000000031A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_31a0000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4f31cdc15a0f649daff20f31872962bb780f798d0e56f3ea77abe80ef86f6d48
                      • Instruction ID: b753eebc834645e24863b1aaa75369babe9ffb63df0e301d6b1bbcc3d67cb9c7
                      • Opcode Fuzzy Hash: 4f31cdc15a0f649daff20f31872962bb780f798d0e56f3ea77abe80ef86f6d48
                      • Instruction Fuzzy Hash: 42F01D39108644DFC316CF04D540B15FBA6EB8D718F24C6ADE9490B752C337D813DA81
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05709C98 Relevance: .0, Instructions: 30COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b9825dbd6662815c02e054ba72141ada27dcaf7bfefa830279a101b3fca0c123
                      • Instruction ID: f140a25fa60980e1f4088bbc5877a057d6cfa92cdaecc65b286be521d19ca991
                      • Opcode Fuzzy Hash: b9825dbd6662815c02e054ba72141ada27dcaf7bfefa830279a101b3fca0c123
                      • Instruction Fuzzy Hash: 85F082316042009B9744A779A0008AA3BE7ABC5228358892DE20E8B391CF71A8029742
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05706E9F Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9a316dbc4e922055242bbd41b583f651090c670ccd26e6455121c01c9b3d0ecd
                      • Instruction ID: d3c9aa755b4215d2fb7554d8788ae9d43ca70fd9575917fd88d0ee8823eda0da
                      • Opcode Fuzzy Hash: 9a316dbc4e922055242bbd41b583f651090c670ccd26e6455121c01c9b3d0ecd
                      • Instruction Fuzzy Hash: 4BF0A0397000108BCA5DB3F8D42C3ADB2D2AFC4608B851039C526DB7C1DF214C05A782
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570AC70 Relevance: .0, Instructions: 28COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 06ede660abfa982fec9bf50725a7e6811592e72ed653d49e749abe61a3618f6c
                      • Instruction ID: 60a49c9c4d1549cd0d5af06c4ac508c77d0aa7f65115bcb4b6a451e5a104c0a8
                      • Opcode Fuzzy Hash: 06ede660abfa982fec9bf50725a7e6811592e72ed653d49e749abe61a3618f6c
                      • Instruction Fuzzy Hash: DDF0A030509B904FC3259F2A9800453FFF5BEC262471D8AAFD0D583616D770980687A0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570822A Relevance: .0, Instructions: 28COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a80bc789364a70e5dc903e9abac734249294ec10a85dcec0369ae159ffcd44f0
                      • Instruction ID: efcb537564bda14bfc2ff2c0387a617a787685c5c03f65f7dee89b0326bcfeac
                      • Opcode Fuzzy Hash: a80bc789364a70e5dc903e9abac734249294ec10a85dcec0369ae159ffcd44f0
                      • Instruction Fuzzy Hash: 49F0E535E06651CFCBA24FE0A5084243BF2EB4966130601ABE842CB394DA348C45DB92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570A5F0 Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a691701793653ce71af53bf97f65cf91eeaf22e11000585fe733e0ae8f5a3971
                      • Instruction ID: 12dae966f081d94fd7389b5634d7818d064cd9141a75b799977ec796c06f994c
                      • Opcode Fuzzy Hash: a691701793653ce71af53bf97f65cf91eeaf22e11000585fe733e0ae8f5a3971
                      • Instruction Fuzzy Hash: 31E09236748352CFDB46ABB8922E1593FE29B5931170504BAE506CB7E5ED258C02A313
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 031A05F6 Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.508627839.00000000031A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_31a0000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2a0f22e26548394fb5654136b34ee4c025fcb7f868f8d06317d9c00ecd51013f
                      • Instruction ID: dfd8c30fa989bd1926f06663da13045d5479df787f91178d0988e368a78b3a2d
                      • Opcode Fuzzy Hash: 2a0f22e26548394fb5654136b34ee4c025fcb7f868f8d06317d9c00ecd51013f
                      • Instruction Fuzzy Hash: 38E09276A046044BD650CF0BEC81456FBD8EB88630718C07FDC0D8B700E175B505CEA6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570D8E8 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ea90f7a83db4fb64db7564bceaab6207642dd9db88583bab753c380f05ad7973
                      • Instruction ID: c9e65fe7c67e6244dfcf08f6437fb8a57b68988667365b3cdf43d05cb5e1f87e
                      • Opcode Fuzzy Hash: ea90f7a83db4fb64db7564bceaab6207642dd9db88583bab753c380f05ad7973
                      • Instruction Fuzzy Hash: 68E04F2512E354DECF7196E0A51D1B27FE2EB09712709699BE4CBC7281D5254842A361
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570E0D8 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 97e5bedc814b21f6eb44e4c87db5f8d2ab9f95cf4760b9ba8576b04a1be559a9
                      • Instruction ID: 0a13d50240c8f231ae0c850f3c2d11a7adb29196b3ef39c4f18b8eced2be7125
                      • Opcode Fuzzy Hash: 97e5bedc814b21f6eb44e4c87db5f8d2ab9f95cf4760b9ba8576b04a1be559a9
                      • Instruction Fuzzy Hash: A1E0D8312001109B4225D65DC42082B77DFEBC16643248C2ED90A8F380EE73DC014790
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570D8A8 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 43273e764f7e4c81baf2d68b8638beb966b6261c62f9de948bfb6998ab8e2cde
                      • Instruction ID: 7acbfc2c77564560471875827468d838be71411625fd7a5df38d7f266604ad6e
                      • Opcode Fuzzy Hash: 43273e764f7e4c81baf2d68b8638beb966b6261c62f9de948bfb6998ab8e2cde
                      • Instruction Fuzzy Hash: 53E086317147109B8635E6EDD420C2EB7EBEBC5668354982ED61E8F3C1EE72EC028791
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05708238 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3965d1f8076e8c834fdef0506dde2085cd11d424e34590199ed565bb8165f956
                      • Instruction ID: 69046e283d7356c8dcfce31bd3fd918970a9312e914b9d92c7fb999d93fec4db
                      • Opcode Fuzzy Hash: 3965d1f8076e8c834fdef0506dde2085cd11d424e34590199ed565bb8165f956
                      • Instruction Fuzzy Hash: 71E09235F01521DBCAA15BA9A41892577EBFB8CAA13150126E806D7384DE309C44ABE3
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057046B8 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4da3e49d69c62b9e6543df91623a92acbf8d34ed14ffc081dce4457f3e6cb42c
                      • Instruction ID: 41fe1591b90ff0ee8f4d6591f59c9c9171864564c16c3a9d2465c497f87ef70e
                      • Opcode Fuzzy Hash: 4da3e49d69c62b9e6543df91623a92acbf8d34ed14ffc081dce4457f3e6cb42c
                      • Instruction Fuzzy Hash: 74E08631300020DBCA106AF9B0186BE37CBAF84755B14106AE30ACB790EE17DC0163D6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057080A0 Relevance: .0, Instructions: 25COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 70c0234471a58cbffb5d0c6d7aee6d1f0b0820807f49179c865a66be371824f1
                      • Instruction ID: 78a1b3c8372180ee93d38465c3b509f43f51c3247801bddd45a0467d8eb04576
                      • Opcode Fuzzy Hash: 70c0234471a58cbffb5d0c6d7aee6d1f0b0820807f49179c865a66be371824f1
                      • Instruction Fuzzy Hash: 70F0123050824ACBC700DB14D484A973BF2FB54308B54D676E8018B25EDBB5590AEB83
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570F308 Relevance: .0, Instructions: 25COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9d89b68bcdf24b086bb22325190c63eb276bfe1d8fe73ad77c9cc471d662c4b6
                      • Instruction ID: 7d996569663bad375fb2dfceb391e5ef4e7e0dbf71e65cc35013e6eb47b83186
                      • Opcode Fuzzy Hash: 9d89b68bcdf24b086bb22325190c63eb276bfe1d8fe73ad77c9cc471d662c4b6
                      • Instruction Fuzzy Hash: C8E04F30209601CB86B4D611E900836F3EBBA407743C0751AC8838AAD0C761F842B693
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05705B40 Relevance: .0, Instructions: 24COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f5519710a27e9a3794fa7d9542871351f20041b2acbb23ee44b98dc764bb2abb
                      • Instruction ID: d90daeda3f929d6d298575dd89fe5d292ca90e3303b1651dc832e5bd0315d165
                      • Opcode Fuzzy Hash: f5519710a27e9a3794fa7d9542871351f20041b2acbb23ee44b98dc764bb2abb
                      • Instruction Fuzzy Hash: CEE09A303842105FE605D6AC88108B9B39AABC5224B0488AED00ADB282CAA78C038390
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057080B0 Relevance: .0, Instructions: 23COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 019cca91b8524bf579b7044f05c4ab0309b2b2edb79db8dfc52aad547d113722
                      • Instruction ID: 468f461db0fedf1da923fd038f702d3aade3645a977bb4f1a69c7e26a4eef159
                      • Opcode Fuzzy Hash: 019cca91b8524bf579b7044f05c4ab0309b2b2edb79db8dfc52aad547d113722
                      • Instruction Fuzzy Hash: 70E01B3151420DC7C700DB58E48099B3BE6F754308754E636E801C725DDB756D0AEBC3
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570F559 Relevance: .0, Instructions: 22COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 545389497804c6ba3bff8cbc0c3e011367ef45b49d40a3290be253ac03272795
                      • Instruction ID: d16c9c07c57ef239ff8f90901e70abb4064dd20cac2496217d657fe262233193
                      • Opcode Fuzzy Hash: 545389497804c6ba3bff8cbc0c3e011367ef45b49d40a3290be253ac03272795
                      • Instruction Fuzzy Hash: FAE02B3550A380DECF335B7525112E47FF09C47111B1418EBCDC0D7691D1218D169391
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570FA29 Relevance: .0, Instructions: 22COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ffd6004c191fc14ace57845c089443403e67eaa36657b3b1d0dec61827829803
                      • Instruction ID: 72f99308b4bc789a7f04c62b28126cd67daf765552b3bf896a12d2269951c64f
                      • Opcode Fuzzy Hash: ffd6004c191fc14ace57845c089443403e67eaa36657b3b1d0dec61827829803
                      • Instruction Fuzzy Hash: 58E01AF040D2A5CAC772D72044907322BE35B83310B08B0DBD09B494C696B6275AB712
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05705788 Relevance: .0, Instructions: 21COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 78bbadfd86577ca58883a8ebebf833cfdb3ee4af388691b4add0db138f624207
                      • Instruction ID: 2a346c1d9e83e30edfba30f8ed370b35066a32c1c2a29a56585c31f126c06e8e
                      • Opcode Fuzzy Hash: 78bbadfd86577ca58883a8ebebf833cfdb3ee4af388691b4add0db138f624207
                      • Instruction Fuzzy Hash: E4E0CD3135A352DFCB5696B814942FD27D61EC163038115BBD006CF2E7DA594C0297D0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570E118 Relevance: .0, Instructions: 20COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6a1371bad0f4e49a962be2899927c4340a066ab79459d7756e3331329ed0745d
                      • Instruction ID: 504949ec1f4696a3d4282d803e7fec108040d34833e29a31c464a8b4a52b404e
                      • Opcode Fuzzy Hash: 6a1371bad0f4e49a962be2899927c4340a066ab79459d7756e3331329ed0745d
                      • Instruction Fuzzy Hash: B4E0863012D781CFC726CB34D4104A1BFE7AD0271130558DFD49B8F692DA619D01D791
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05705F70 Relevance: .0, Instructions: 20COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 41272ba85841045e486943135f6496ce35a352c98b2429cd813401151c79ae98
                      • Instruction ID: 49551286e8aac57336937f45d952c78f07e5b93d4c38d452610e2244ac407bf1
                      • Opcode Fuzzy Hash: 41272ba85841045e486943135f6496ce35a352c98b2429cd813401151c79ae98
                      • Instruction Fuzzy Hash: 5FD02B7160C416CBD30021D8540477836CE5780310B440036E907CB2C0CEDDAC4027EE
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05707120 Relevance: .0, Instructions: 19COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 45109f850213f1251992dc834aa07f27a05f27f9e106445722d9db1fa13fa6e6
                      • Instruction ID: cdb93fd604cdf44f7b411db60d034e28d4c1a52fe88e3a7ea09767dd3f41b7e1
                      • Opcode Fuzzy Hash: 45109f850213f1251992dc834aa07f27a05f27f9e106445722d9db1fa13fa6e6
                      • Instruction Fuzzy Hash: 2AD0C231028350DBC33D8B24D8057A2B6EBEB85704F04245EC043059C096A2F088E392
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570D8F8 Relevance: .0, Instructions: 19COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e7b49f1f57a692c0d8cf4fd45c76f0a3e622004d5d913dc002c55baeec701f88
                      • Instruction ID: 72d5ea5d87876425c1b2850331b01099374a9cc563149bf43c8e594df02f6d38
                      • Opcode Fuzzy Hash: e7b49f1f57a692c0d8cf4fd45c76f0a3e622004d5d913dc002c55baeec701f88
                      • Instruction Fuzzy Hash: B2D05B3113C314DFCF34D6D4A00C573B6DBE708711B00742AF44FC3280D5219801A391
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570F4C0 Relevance: .0, Instructions: 19COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6f0c57cca7df2b446ad672098a6c76347a6170705858aaf23bf1f129f4554224
                      • Instruction ID: bf2cbc2b993bf954c4f37fd893d44ff98cbb316523ee1bcd37f8d4cb938afc5a
                      • Opcode Fuzzy Hash: 6f0c57cca7df2b446ad672098a6c76347a6170705858aaf23bf1f129f4554224
                      • Instruction Fuzzy Hash: FBE072202083D02BE7120B3A6C04BC33FE21F8B300F1900CAE1C0CB1DBC5A02C08C361
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05705B50 Relevance: .0, Instructions: 19COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 12781c98dd98a325a00a6ebcc3f4dcc8a17f4e3b81d6b765d574d42afc33ba42
                      • Instruction ID: 26fcae26417631c28898ca8a39c79aefc10f3bd05678a19a4a23919d7b9ac46b
                      • Opcode Fuzzy Hash: 12781c98dd98a325a00a6ebcc3f4dcc8a17f4e3b81d6b765d574d42afc33ba42
                      • Instruction Fuzzy Hash: 9AD05E253441241BA504E6A98810C39B38EEBCA515304889EE60EDB381CDA39C0283D0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05709E50 Relevance: .0, Instructions: 19COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 45109f850213f1251992dc834aa07f27a05f27f9e106445722d9db1fa13fa6e6
                      • Instruction ID: 1dd3d4cd95cb7eed9f42d8093b2b915bde9688389e3111488ea35b2a57c478e5
                      • Opcode Fuzzy Hash: 45109f850213f1251992dc834aa07f27a05f27f9e106445722d9db1fa13fa6e6
                      • Instruction Fuzzy Hash: C0D0C23300C350DBC335CA65D4006B2F6EB6B01B44F04155EC243079928663EC88E393
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570FAB8 Relevance: .0, Instructions: 19COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ca3cfed021cd6d00d65393dfe53e714deb5b236ce364574c6187909e86a2422a
                      • Instruction ID: f774ba046f0f142767b6e1b009d50026c92cbedbe73ab8cb6eddecf9171d6a42
                      • Opcode Fuzzy Hash: ca3cfed021cd6d00d65393dfe53e714deb5b236ce364574c6187909e86a2422a
                      • Instruction Fuzzy Hash: 77D0A7253441241FA508E6ED8811C39B3CFEBC9515304886EE60EDB381CDA3DC0283D0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057002A1 Relevance: .0, Instructions: 19COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 337f9bb6bf3a758c69eb995a7d1117de6992c745c4042e5402d2b1ce7a58f585
                      • Instruction ID: 1410752745deabe39876b7d31e2b1c73faf6bce076940be19f9db6afcf60bac7
                      • Opcode Fuzzy Hash: 337f9bb6bf3a758c69eb995a7d1117de6992c745c4042e5402d2b1ce7a58f585
                      • Instruction Fuzzy Hash: CAE01731285701CFC3A6CA94E856DDA7BF2FB81320345986ED496CF6D9CB28AC47CB11
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 057046A7 Relevance: .0, Instructions: 19COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 36c29d1f06352f4afc9be49656803eecb6723888829da172590dd01e8798c636
                      • Instruction ID: 98d6fef5983bc39fe0673ec4849d44ef91df7a2fa059d2f6b3af434e4d035608
                      • Opcode Fuzzy Hash: 36c29d1f06352f4afc9be49656803eecb6723888829da172590dd01e8798c636
                      • Instruction Fuzzy Hash: 8ED05E302C03115FD7670EA0AC06AFA37F8BF86330B0101BAF800DB552D71E88034790
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570016F Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a103b043948a36434b6166b559bb1f08bb640bb39fa3604ee07f289d157dc99b
                      • Instruction ID: cc3e0b721ea86fcb675f51eecb68716552dffa3a79e7380a0416f2b72c1cf8e6
                      • Opcode Fuzzy Hash: a103b043948a36434b6166b559bb1f08bb640bb39fa3604ee07f289d157dc99b
                      • Instruction Fuzzy Hash: C1E0C232600300DFDB151771D41509C3B64EF82331300067AD432CB6D0EA3B8896DB00
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05700650 Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b0bf9c7e8d132b1243c8a90ac402fef6ecad38ee4379101c6af210e9fa62f3ce
                      • Instruction ID: 44c49f5f9a7bcf6524aaf98dbdc84332874a4809d2ecfcf390cdcd7f6282e7ce
                      • Opcode Fuzzy Hash: b0bf9c7e8d132b1243c8a90ac402fef6ecad38ee4379101c6af210e9fa62f3ce
                      • Instruction Fuzzy Hash: EBD02B30489340CFC3418AB058190A97BF69A933317004477D44186451D13A5942EB62
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05705798 Relevance: .0, Instructions: 16COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d7e11c46a7bf9c080854e555c1419b397682228a92325e75270782493c2e351d
                      • Instruction ID: fde45a8c6323081b4fb4ddd890b44e0ac75b9bfca47e31b83de717ecb87bdf89
                      • Opcode Fuzzy Hash: d7e11c46a7bf9c080854e555c1419b397682228a92325e75270782493c2e351d
                      • Instruction Fuzzy Hash: A9C08C32716126DB8E28F1FA546837F71CF0BD59313812A7AE00B8B3C2ED828C0067E1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570E128 Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e173f91e65f211f735b91cdbca5a6ee2f3b0f43995fa1b22e959c6a68d24c6a2
                      • Instruction ID: 1e22e90189bd63ec3de12ea8069602d2dacfda9ef9e750464034e1d0b51c8cb1
                      • Opcode Fuzzy Hash: e173f91e65f211f735b91cdbca5a6ee2f3b0f43995fa1b22e959c6a68d24c6a2
                      • Instruction Fuzzy Hash: DAD0123113D214DB9324DB65D8044A277EFEA457627046D6ED85B4F780EBB2BC40D7D1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05708DE0 Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1414b0dcee4dda60514f47e07e5a249848c451acdb3daa61627f16d5f6e11464
                      • Instruction ID: 87a2d0478468c1227874ad203f5dce335689f54e8146bb75afb8a1ae80094850
                      • Opcode Fuzzy Hash: 1414b0dcee4dda60514f47e07e5a249848c451acdb3daa61627f16d5f6e11464
                      • Instruction Fuzzy Hash: 0CD0A93018C280EBE34356404E0ABE03BE08B00315F1204D2A008EB0C7E26A04229EA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570FA78 Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f7b0f1fa073ecfc5945d797b3d7d7cd7b07a4b2884d1d077bfa6438c8f3340fd
                      • Instruction ID: bc8eb56af2537becf328f092e52e82a6664b531da9276e1309fd7b99f1e96e61
                      • Opcode Fuzzy Hash: f7b0f1fa073ecfc5945d797b3d7d7cd7b07a4b2884d1d077bfa6438c8f3340fd
                      • Instruction Fuzzy Hash: B0D0C7D401C226D6FA31D2756A0D3357BD97B06305B046566E047444C0EE155858A563
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05706AE8 Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                      • Instruction ID: eb1211eff20162e04a13679ebb3d49ba2e9ac081545ae4a9fdcbef308e772293
                      • Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                      • Instruction Fuzzy Hash: 1FD0427AA00004CFD704DB88D5959D9F7F1FB88325F28C1A6D915A7251C732EE56CA50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05707616 Relevance: .0, Instructions: 13COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 83c9de029dbca74d38ea2701b60f81b2d42a3d61f3c2c6a9529e3022f39a07f7
                      • Instruction ID: 9cc2395048f9a4ff7ea51e2ccc6b8abc463f17ef28e38a6c0191bb1ef4d1fdd2
                      • Opcode Fuzzy Hash: 83c9de029dbca74d38ea2701b60f81b2d42a3d61f3c2c6a9529e3022f39a07f7
                      • Instruction Fuzzy Hash: A6D05234A10A0ACF8B16CFB6D9104AD37F1FB08320320172AD802AB3C0E334AC00AF20
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05700180 Relevance: .0, Instructions: 12COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0c3030877bd9feaa06571ffcf49c256012117b75ea9d4aa84d101c3a3062323b
                      • Instruction ID: ca01018cefb68e2e87b47d6cb571911e57ff687b1009ff34962a7b9f7bb2e202
                      • Opcode Fuzzy Hash: 0c3030877bd9feaa06571ffcf49c256012117b75ea9d4aa84d101c3a3062323b
                      • Instruction Fuzzy Hash: 10D01234200304CFCB192BB0E01941C3769BB44205351087CD8168B784DF37EC54EB01
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05705710 Relevance: .0, Instructions: 11COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b2b633009b5a69f77af68e51798f9fe8035e3a890c040cccb18abd1b4bd9ce6a
                      • Instruction ID: 7f14cb04686ad93314c190bdf1fba6ce268eaffb74e5a36d7bc91eb0f44cf328
                      • Opcode Fuzzy Hash: b2b633009b5a69f77af68e51798f9fe8035e3a890c040cccb18abd1b4bd9ce6a
                      • Instruction Fuzzy Hash: C2C02B30600704DF8E3127F4704E93D37CDEF002813012064F40BCD240EF24A4007B61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05700660 Relevance: .0, Instructions: 10COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3db3e9d7f304e0d71f42d57e2a931fce378fd0722d5474c42b9902cc7d70cc34
                      • Instruction ID: d0bc3d99e7e1d7a3816605d43951979c63696e9e76b65c484d98fa06ac909b3c
                      • Opcode Fuzzy Hash: 3db3e9d7f304e0d71f42d57e2a931fce378fd0722d5474c42b9902cc7d70cc34
                      • Instruction Fuzzy Hash: 55C02B30045E04CEC214DEB2280D53972DB56C1311380C4319402000508D32F851F961
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570FAF9 Relevance: .0, Instructions: 10COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8d569a5cd961fd266a00b4a199360fe4919eb9cf9dcefeba925d43fdeb244b6c
                      • Instruction ID: 2bfee24956e931a34308383c2de8b641e8ad1001b141d8b7fa0bc204f03caf75
                      • Opcode Fuzzy Hash: 8d569a5cd961fd266a00b4a199360fe4919eb9cf9dcefeba925d43fdeb244b6c
                      • Instruction Fuzzy Hash: DCC02B186453C8CBCF927BF0241C0287FEC0A4D100304D048DCDD0F307EC205001AAB2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570FB00 Relevance: .0, Instructions: 8COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 498203d92794f239df9cab0eed13d70203034fa979de0336b9b1c11ae2993ab4
                      • Instruction ID: 5217cb9a260b6738f5b38fe09e3e8e081ec038b5b3de9bb9024148ccaf11f131
                      • Opcode Fuzzy Hash: 498203d92794f239df9cab0eed13d70203034fa979de0336b9b1c11ae2993ab4
                      • Instruction Fuzzy Hash: 11B01220A8174CC7CDD033F4610C41CB7CC0A4011078040116C1D4B34ABD74B4045579
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570570C Relevance: .0, Instructions: 8COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: affcaade5843653eaa65e7143946be572695deecb045a1242ae622b1c5c18ef8
                      • Instruction ID: ac5350efb8f294c23ea91aa0e714694bc3789b1f2da70e4b79650aa08e705944
                      • Opcode Fuzzy Hash: affcaade5843653eaa65e7143946be572695deecb045a1242ae622b1c5c18ef8
                      • Instruction Fuzzy Hash: 8FB01230508A06CE063116F4B0C9B3D33EFA5001843003022E50E8D161EA5488447AD1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05706B0C Relevance: .0, Instructions: 8COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                      • Instruction ID: 3f6243e8fcb8b66df860f280787a77f5c62ec68955fc1865e56fdb52ae0eb7a9
                      • Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                      • Instruction Fuzzy Hash: 6FB092B7A04008C9EB00EA84B4467EDFBA0E790325F204023C31092040C2320278D691
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05708F80 Relevance: .0, Instructions: 8COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: caa501194ddd901589d7fccc2bf11820d3aa8271c2c56bf0660f94861b47f25b
                      • Instruction ID: 3a585cbfa18701fb4d17629fde11938644b8fdd708de894c8abc07e6042aa1db
                      • Opcode Fuzzy Hash: caa501194ddd901589d7fccc2bf11820d3aa8271c2c56bf0660f94861b47f25b
                      • Instruction Fuzzy Hash: 4EB012702282194E374096B22905E3237DD56004047400431A54CC0001F904F0402142
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05708E03 Relevance: .0, Instructions: 8COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9178a49c58f53b34f330c61c12a164be253857791460d1d1f55b590fc6d482ef
                      • Instruction ID: 07fba10800445cbdeae6949b57ebec7756830edc13d77fac7a28ad5a06e170f7
                      • Opcode Fuzzy Hash: 9178a49c58f53b34f330c61c12a164be253857791460d1d1f55b590fc6d482ef
                      • Instruction Fuzzy Hash: 5EB012301CC110E3F410C6403D0AB7035E2531C701F002902B10F640C9259200013C1B
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570CAD0 Relevance: .0, Instructions: 8COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c8874998ff25213e443ab171dcb0cb2ed7fcf0c16c6be8964490041041eff9f9
                      • Instruction ID: da13d3724a54bc89e2c943b76840c24e968f54df5294b0add5bb185353a9bc40
                      • Opcode Fuzzy Hash: c8874998ff25213e443ab171dcb0cb2ed7fcf0c16c6be8964490041041eff9f9
                      • Instruction Fuzzy Hash: A7B09270018718DBC207E796D88689BBBEEF9057047802274E903860CC9B646D0AA7AB
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05702EC0 Relevance: .0, Instructions: 8COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c270542ddda15dbc97edff9b6ab4ae6fa6ba56dd74019f8f890c834313c4d45e
                      • Instruction ID: 6bfdecb5b84d2f4db389fe56aca3509ff92257b4f53344015787b90f15c825b6
                      • Opcode Fuzzy Hash: c270542ddda15dbc97edff9b6ab4ae6fa6ba56dd74019f8f890c834313c4d45e
                      • Instruction Fuzzy Hash: 2BB012313442084B175056F1680CE6333CC56404093841064981CC4006F500D0903240
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05705F41 Relevance: .0, Instructions: 7COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 00eb094bacf62cb753c7c44bb39f75955840ca2b0532fd5392571124ee25bc43
                      • Instruction ID: e74110885862a2e48e5297f618e6b1fe285fae752447a411f6684de2b3fe704d
                      • Opcode Fuzzy Hash: 00eb094bacf62cb753c7c44bb39f75955840ca2b0532fd5392571124ee25bc43
                      • Instruction Fuzzy Hash: E4C09B745493D5CFD74747544C144847BB0BD022313C500EE8441CF292D21C5C01FB26
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Non-executed Functions

                      Function 0570937B Relevance: 2.7, Strings: 2, Instructions: 206COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: $>_q
                      • API String ID: 0-367191915
                      • Opcode ID: 154f20f64f3b9ab7c5719b571011cde9e9c347ad7a2285ef6b4d20f6345ff8d3
                      • Instruction ID: ca4d92f3b20980e72798b88270ed54013b3839fec37b56b3008baade4232f535
                      • Opcode Fuzzy Hash: 154f20f64f3b9ab7c5719b571011cde9e9c347ad7a2285ef6b4d20f6345ff8d3
                      • Instruction Fuzzy Hash: DB61D171F04205DFDB44CFA9C8945AFBBF2FBC9314B24847AE11ADB282DB3598028B51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 05709910 Relevance: .3, Instructions: 315COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bc1512c62eedb4a279f736362576ca74f7b8f71bb99965b529cbd36cbeb7797a
                      • Instruction ID: ca53ae2d9c60aa1a20486d26be788907ecf6e9004f6d7dc535147277796c11c3
                      • Opcode Fuzzy Hash: bc1512c62eedb4a279f736362576ca74f7b8f71bb99965b529cbd36cbeb7797a
                      • Instruction Fuzzy Hash: D3B10871E08226DFCB14CB69C8949BEBBF2FF81350F14D46AD6169B282D731D941DBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570912F Relevance: .2, Instructions: 179COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 692e83025d09c78a5124e725611c77fad8424052a0fe98f94f1be3eb4d03b22f
                      • Instruction ID: 301178612411fc7c720ce907588cf45b0731c9ba178d962ba02cd70fd8417e3a
                      • Opcode Fuzzy Hash: 692e83025d09c78a5124e725611c77fad8424052a0fe98f94f1be3eb4d03b22f
                      • Instruction Fuzzy Hash: F6515F72F055159BE714DB6DC980A6EBBF3AFC8710F2A8064D409EB3A6DE30DD019B90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570306F Relevance: .2, Instructions: 179COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 50cf7a141e934f88bd15255473413f4411668b574652568731be8f88d9e8a835
                      • Instruction ID: 0d5a1d9c3a2a5fd6eaca53f61aba51381a226cb6e9ba1f4a8f31f8c7364c4bee
                      • Opcode Fuzzy Hash: 50cf7a141e934f88bd15255473413f4411668b574652568731be8f88d9e8a835
                      • Instruction Fuzzy Hash: 17517F72F015159BE714DB6DC980A6EBBF3AFC8710F2A8464D409DB3A5DE30DC019790
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0570E838 Relevance: 5.5, Strings: 4, Instructions: 467COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.512736754.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5700000_SdwkQEBnc3.jbxd
                      Similarity
                      • API ID:
                      • String ID: 0r$0r$:@q$:@q
                      • API String ID: 0-56006852
                      • Opcode ID: 350e1d9016c6e619af0fbbcbc03be4da07a39e70f24b8b24bd54b23362bdf6fe
                      • Instruction ID: b110135a21a269fcaa2a297a9744eb26a9c65233b5e3dee1014963a15b71a39d
                      • Opcode Fuzzy Hash: 350e1d9016c6e619af0fbbcbc03be4da07a39e70f24b8b24bd54b23362bdf6fe
                      • Instruction Fuzzy Hash: 68127E34A04514DFC718CF69C098A297BF6FF88711F2584A9E8869F3A1CB35EC45EB52
                      Uniqueness

                      Uniqueness Score: -1.00%