Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
mfpmp.exe

Overview

General Information

Sample Name:mfpmp.exe
Analysis ID:880358
MD5:475b4814a0b6114c76ea55c7447b6108
SHA1:d9cb6110591e7fb53a29ee7c8efd2c7132b3a426
SHA256:10feb93ebdb8dd942d6b7a878d1ee3920584e89cdead6e34ae8292bfb1916116
Tags:exeNanoCore
Infos:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Detected Nanocore Rat
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Yara detected Nanocore RAT
Snort IDS alert for network traffic
Machine Learning detection for sample
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Installs a raw input device (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Detected TCP or UDP traffic on non-standard ports

Classification

Process Tree

  • System is w10x64
  • mfpmp.exe (PID: 6504 cmdline: C:\Users\user\Desktop\mfpmp.exe MD5: 475B4814A0B6114C76EA55C7447B6108)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Nanocore RAT, NanoCoreNanocore is a Remote Access Tool used to steal credentials and to spy on cameras. It as been used for a while by numerous criminal actors as well as by nation state threat actors.
  • APT33
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "6f656d69-7475-8507-1300-000c0a4c", "Group": "Default", "Domain1": "dinowar.anondns.net", "Domain2": "dinowar.dynv6.net", "Port": 21942, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 4997, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "1a000100", "MaxPacketSize": "0000a000", "GCThreshold": "f4ff9f00", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
mfpmp.exeNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth (Nextron Systems)
  • 0x1018d:$x1: NanoCore.ClientPluginHost
  • 0x101ca:$x2: IClientNetworkHost
  • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
mfpmp.exeNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth (Nextron Systems)
  • 0xff05:$x1: NanoCore Client.exe
  • 0x1018d:$x2: NanoCore.ClientPluginHost
  • 0x117c6:$s1: PluginCommand
  • 0x117ba:$s2: FileCommand
  • 0x1266b:$s3: PipeExists
  • 0x18422:$s4: PipeCreated
  • 0x101b7:$s5: IClientLoggingHost
mfpmp.exeJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    mfpmp.exeMALWARE_Win_NanoCoreDetects NanoCoreditekSHen
    • 0xfef5:$x1: NanoCore Client
    • 0xff05:$x1: NanoCore Client
    • 0x1014d:$x2: NanoCore.ClientPlugin
    • 0x1018d:$x3: NanoCore.ClientPluginHost
    • 0x10142:$i1: IClientApp
    • 0x10163:$i2: IClientData
    • 0x1016f:$i3: IClientNetwork
    • 0x1017e:$i4: IClientAppHost
    • 0x101a7:$i5: IClientDataHost
    • 0x101b7:$i6: IClientLoggingHost
    • 0x101ca:$i7: IClientNetworkHost
    • 0x101dd:$i8: IClientUIHost
    • 0x101eb:$i9: IClientNameObjectCollection
    • 0x10207:$i10: IClientReadOnlyNameObjectCollection
    • 0xff54:$s1: ClientPlugin
    • 0x10156:$s1: ClientPlugin
    • 0x1064a:$s2: EndPoint
    • 0x10653:$s3: IPAddress
    • 0x1065d:$s4: IPEndPoint
    • 0x12093:$s6: get_ClientSettings
    • 0x12637:$s7: get_Connected
    mfpmp.exeNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0xfef5:$a: NanoCore
    • 0xff05:$a: NanoCore
    • 0x10139:$a: NanoCore
    • 0x1014d:$a: NanoCore
    • 0x1018d:$a: NanoCore
    • 0xff54:$b: ClientPlugin
    • 0x10156:$b: ClientPlugin
    • 0x10196:$b: ClientPlugin
    • 0x1007b:$c: ProjectData
    • 0x10a82:$d: DESCrypto
    • 0x1844e:$e: KeepAlive
    • 0x1643c:$g: LogClientMessage
    • 0x12637:$i: get_Connected
    • 0x10db8:$j: #=q
    • 0x10de8:$j: #=q
    • 0x10e04:$j: #=q
    • 0x10e34:$j: #=q
    • 0x10e50:$j: #=q
    • 0x10e6c:$j: #=q
    • 0x10e9c:$j: #=q
    • 0x10eb8:$j: #=q
    Click to see the 1 entries

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth (Nextron Systems)
    • 0xff8d:$x1: NanoCore.ClientPluginHost
    • 0xffca:$x2: IClientNetworkHost
    • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0xfcf5:$a: NanoCore
      • 0xfd05:$a: NanoCore
      • 0xff39:$a: NanoCore
      • 0xff4d:$a: NanoCore
      • 0xff8d:$a: NanoCore
      • 0xfd54:$b: ClientPlugin
      • 0xff56:$b: ClientPlugin
      • 0xff96:$b: ClientPlugin
      • 0xfe7b:$c: ProjectData
      • 0x10882:$d: DESCrypto
      • 0x1824e:$e: KeepAlive
      • 0x1623c:$g: LogClientMessage
      • 0x12437:$i: get_Connected
      • 0x10bb8:$j: #=q
      • 0x10be8:$j: #=q
      • 0x10c04:$j: #=q
      • 0x10c34:$j: #=q
      • 0x10c50:$j: #=q
      • 0x10c6c:$j: #=q
      • 0x10c9c:$j: #=q
      • 0x10cb8:$j: #=q
      00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
      • 0xff8d:$a1: NanoCore.ClientPluginHost
      • 0xff4d:$a2: NanoCore.ClientPlugin
      • 0x11ea6:$b1: get_BuilderSettings
      • 0xfda9:$b2: ClientLoaderForm.resources
      • 0x115c6:$b3: PluginCommand
      • 0xff7e:$b4: IClientAppHost
      • 0x1a3fe:$b5: GetBlockHash
      • 0x124fe:$b6: AddHostEntry
      • 0x161f1:$b7: LogClientException
      • 0x1246b:$b8: PipeExists
      • 0xffb7:$b9: IClientLoggingHost
      00000000.00000002.657080001.0000000002991000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
      • 0x11591:$a1: NanoCore.ClientPluginHost
      • 0x16bde:$a1: NanoCore.ClientPluginHost
      • 0x11554:$a2: NanoCore.ClientPlugin
      • 0x16c28:$a2: NanoCore.ClientPlugin
      • 0x11928:$b1: get_BuilderSettings
      • 0x115df:$b4: IClientAppHost
      • 0x11999:$b6: AddHostEntry
      • 0x11a08:$b7: LogClientException
      • 0x1197d:$b8: PipeExists
      • 0x115cc:$b9: IClientLoggingHost
      • 0x16bf8:$b9: IClientLoggingHost
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.mfpmp.exe.29a171c.1.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth (Nextron Systems)
      • 0x40c2:$x1: NanoCore.ClientPluginHost
      0.2.mfpmp.exe.29a171c.1.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth (Nextron Systems)
      • 0x40c2:$x2: NanoCore.ClientPluginHost
      • 0x41a0:$s4: PipeCreated
      • 0x40dc:$s5: IClientLoggingHost
      0.2.mfpmp.exe.29a171c.1.unpackMALWARE_Win_NanoCoreDetects NanoCoreditekSHen
      • 0x410c:$x2: NanoCore.ClientPlugin
      • 0x40c2:$x3: NanoCore.ClientPluginHost
      • 0x4122:$i3: IClientNetwork
      • 0x40dc:$i6: IClientLoggingHost
      • 0x3e5b:$s1: ClientPlugin
      • 0x4115:$s1: ClientPlugin
      0.2.mfpmp.exe.29a171c.1.unpackWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
      • 0x40c2:$a1: NanoCore.ClientPluginHost
      • 0x410c:$a2: NanoCore.ClientPlugin
      • 0x40dc:$b9: IClientLoggingHost
      0.2.mfpmp.exe.3a019a0.3.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth (Nextron Systems)
      • 0xd9ad:$x1: NanoCore.ClientPluginHost
      • 0xd9da:$x2: IClientNetworkHost
      Click to see the 51 entries

      Sigma Signatures

      AV Detection

      barindex
      Sigma detected: NanoCore
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\mfpmp.exe, ProcessId: 6504, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

      E-Banking Fraud

      barindex
      Sigma detected: NanoCore
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\mfpmp.exe, ProcessId: 6504, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

      Stealing of Sensitive Information

      barindex
      Sigma detected: NanoCore
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\mfpmp.exe, ProcessId: 6504, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

      Remote Access Functionality

      barindex
      Sigma detected: NanoCore
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\mfpmp.exe, ProcessId: 6504, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

      Snort Signatures

      Timestamp:192.168.2.5213.152.161.4049726219422816766 06/02/23-03:15:58.229871
      SID:2816766
      Source Port:49726
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049725219422816766 06/02/23-03:15:46.918356
      SID:2816766
      Source Port:49725
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049727219422816766 06/02/23-03:16:05.832874
      SID:2816766
      Source Port:49727
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049714219422816766 06/02/23-03:14:23.945597
      SID:2816766
      Source Port:49714
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049716219422816766 06/02/23-03:14:38.958735
      SID:2816766
      Source Port:49716
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049724219422816766 06/02/23-03:15:41.133556
      SID:2816766
      Source Port:49724
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049728219422816766 06/02/23-03:16:14.874731
      SID:2816766
      Source Port:49728
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049713219422816766 06/02/23-03:14:17.578597
      SID:2816766
      Source Port:49713
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049717219422816766 06/02/23-03:14:46.659916
      SID:2816766
      Source Port:49717
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049715219422816766 06/02/23-03:14:32.676847
      SID:2816766
      Source Port:49715
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049723219422025019 06/02/23-03:15:30.905805
      SID:2025019
      Source Port:49723
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049722219422816766 06/02/23-03:15:18.909197
      SID:2816766
      Source Port:49722
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049713219422025019 06/02/23-03:14:16.340330
      SID:2025019
      Source Port:49713
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049714219422025019 06/02/23-03:14:22.701480
      SID:2025019
      Source Port:49714
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049724219422025019 06/02/23-03:15:38.625540
      SID:2025019
      Source Port:49724
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049725219422025019 06/02/23-03:15:46.516736
      SID:2025019
      Source Port:49725
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049721219422816766 06/02/23-03:15:11.972977
      SID:2816766
      Source Port:49721
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049723219422816766 06/02/23-03:15:32.602475
      SID:2816766
      Source Port:49723
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049715219422025019 06/02/23-03:14:29.058470
      SID:2025019
      Source Port:49715
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049726219422025019 06/02/23-03:15:56.130210
      SID:2025019
      Source Port:49726
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049728219422025019 06/02/23-03:16:12.322829
      SID:2025019
      Source Port:49728
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049717219422025019 06/02/23-03:14:45.071339
      SID:2025019
      Source Port:49717
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049718219422025019 06/02/23-03:14:54.530247
      SID:2025019
      Source Port:49718
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:213.152.161.40192.168.2.521942497252841753 06/02/23-03:15:53.656106
      SID:2841753
      Source Port:21942
      Destination Port:49725
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049716219422025019 06/02/23-03:14:38.559097
      SID:2025019
      Source Port:49716
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049727219422025019 06/02/23-03:16:05.006045
      SID:2025019
      Source Port:49727
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049719219422025019 06/02/23-03:15:01.548154
      SID:2025019
      Source Port:49719
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049722219422025019 06/02/23-03:15:17.333804
      SID:2025019
      Source Port:49722
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049721219422025019 06/02/23-03:15:10.736542
      SID:2025019
      Source Port:49721
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049718219422816766 06/02/23-03:14:55.770847
      SID:2816766
      Source Port:49718
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.5213.152.161.4049719219422816766 06/02/23-03:15:03.125668
      SID:2816766
      Source Port:49719
      Destination Port:21942
      Protocol:TCP
      Classtype:A Network Trojan was detected

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Found malware configuration
      Source: 00000000.00000002.665497536.00000000039F2000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "6f656d69-7475-8507-1300-000c0a4c", "Group": "Default", "Domain1": "dinowar.anondns.net", "Domain2": "dinowar.dynv6.net", "Port": 21942, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 4997, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "1a000100", "MaxPacketSize": "0000a000", "GCThreshold": "f4ff9f00", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}
      Multi AV Scanner detection for submitted file
      Source: mfpmp.exeReversingLabs: Detection: 97%
      Source: mfpmp.exeVirustotal: Detection: 87%Perma Link
      Antivirus / Scanner detection for submitted sample
      Source: mfpmp.exeAvira: detected
      Antivirus detection for URL or domain
      Source: dinowar.anondns.netAvira URL Cloud: Label: malware
      Source: dinowar.dynv6.netAvira URL Cloud: Label: malware
      Yara detected Nanocore RAT
      Source: Yara matchFile source: mfpmp.exe, type: SAMPLE
      Source: Yara matchFile source: 0.2.mfpmp.exe.3a019a0.3.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.51d0000.6.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.0.mfpmp.exe.2d0000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.51d4629.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.51d0000.6.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.3a019a0.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.3a05fc9.2.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.665497536.00000000039F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: mfpmp.exe PID: 6504, type: MEMORYSTR
      Machine Learning detection for sample
      Source: mfpmp.exeJoe Sandbox ML: detected
      Source: mfpmp.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: C:\Users\user\Desktop\mfpmp.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
      Source: Binary string: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb source: mfpmp.exe, 00000000.00000002.655440986.00000000008A5000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mscorlib.pdb source: mfpmp.exe, 00000000.00000002.655440986.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, mfpmp.exe, 00000000.00000002.655693521.00000000009FC000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb0 source: mfpmp.exe, 00000000.00000002.655964464.0000000000B92000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\NanoProtectPlugin\NanoProtectClient\obj\Debug\NanoProtectClient.pdb source: mfpmp.exe, 00000000.00000002.657080001.0000000002991000.00000004.00000800.00020000.00000000.sdmp, mfpmp.exe, 00000000.00000002.667774340.00000000051F0000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: C:\Windows\assembly\GA.pdbmscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll source: mfpmp.exe, 00000000.00000002.655693521.00000000009FC000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: mfpmp.exe, 00000000.00000002.655440986.00000000008A5000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdb2.0.0.0__b77a5c561934e089\mscorlib.pdb source: mfpmp.exe, 00000000.00000002.655693521.00000000009FC000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb(X source: mfpmp.exe, 00000000.00000003.616013627.0000000000B6D000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: C:\Windows\dll\mscorlib.pdb source: mfpmp.exe, 00000000.00000002.655440986.00000000008A5000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: C:\Windows\mscorlib.pdb# source: mfpmp.exe, 00000000.00000002.655440986.00000000008A5000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: .pdbmscorlibsymbols\dll\mscorlib.pdb source: mfpmp.exe, 00000000.00000002.655693521.00000000009FC000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: iC:\Windows\mscorlib.pdb source: mfpmp.exe, 00000000.00000002.655693521.00000000009FC000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: C:\Windows\symbols\dll\mscorlib.pdb source: mfpmp.exe, 00000000.00000002.655440986.00000000008A5000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mscorlib.pdbH source: mfpmp.exe, 00000000.00000002.655693521.00000000009FC000.00000004.00000010.00020000.00000000.sdmp
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 4x nop then mov esp, ebp0_2_04AA80F0

      Networking

      barindex
      Snort IDS alert for network traffic
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49713 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.5:49713 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49714 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.5:49714 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49715 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.5:49715 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49716 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.5:49716 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49717 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.5:49717 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49718 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.5:49718 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49719 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.5:49719 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49721 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.5:49721 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49722 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.5:49722 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49723 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.5:49723 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49724 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.5:49724 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49725 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.5:49725 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2841753 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) 213.152.161.40:21942 -> 192.168.2.5:49725
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49726 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.5:49726 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49727 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.5:49727 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49728 -> 213.152.161.40:21942
      Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.5:49728 -> 213.152.161.40:21942
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: dinowar.anondns.net
      Source: Malware configuration extractorURLs: dinowar.dynv6.net
      Source: Joe Sandbox ViewASN Name: GLOBALLAYERNL GLOBALLAYERNL
      Source: global trafficTCP traffic: 192.168.2.5:49713 -> 213.152.161.40:21942
      Source: unknownDNS traffic detected: queries for: dinowar.anondns.net
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_04B02D0A WSARecv,0_2_04B02D0A
      Source: mfpmp.exe, 00000000.00000002.655964464.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
      Source: mfpmp.exe, 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: RegisterRawInputDevices

      E-Banking Fraud

      barindex
      Yara detected Nanocore RAT
      Source: Yara matchFile source: mfpmp.exe, type: SAMPLE
      Source: Yara matchFile source: 0.2.mfpmp.exe.3a019a0.3.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.51d0000.6.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.0.mfpmp.exe.2d0000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.51d4629.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.51d0000.6.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.3a019a0.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.3a05fc9.2.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.665497536.00000000039F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: mfpmp.exe PID: 6504, type: MEMORYSTR

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: mfpmp.exe, type: SAMPLEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: mfpmp.exe, type: SAMPLEMatched rule: Detects NanoCore Author: ditekSHen
      Source: mfpmp.exe, type: SAMPLEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: mfpmp.exe, type: SAMPLEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 0.2.mfpmp.exe.29a171c.1.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: 0.2.mfpmp.exe.29a171c.1.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
      Source: 0.2.mfpmp.exe.29a171c.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 0.2.mfpmp.exe.3a019a0.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: 0.2.mfpmp.exe.3a019a0.3.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
      Source: 0.2.mfpmp.exe.3a019a0.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 0.2.mfpmp.exe.4cc0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: 0.2.mfpmp.exe.4cc0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
      Source: 0.2.mfpmp.exe.4cc0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 0.2.mfpmp.exe.51d0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: 0.2.mfpmp.exe.51d0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
      Source: 0.2.mfpmp.exe.51d0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 0.2.mfpmp.exe.51d4629.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: 0.2.mfpmp.exe.51d4629.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
      Source: 0.2.mfpmp.exe.51d4629.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 0.2.mfpmp.exe.51d0000.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: 0.2.mfpmp.exe.51d0000.6.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
      Source: 0.2.mfpmp.exe.51d0000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 0.2.mfpmp.exe.3a019a0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: 0.2.mfpmp.exe.51f0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: 0.2.mfpmp.exe.51f0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
      Source: 0.2.mfpmp.exe.51f0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 0.2.mfpmp.exe.3a019a0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
      Source: 0.2.mfpmp.exe.3a019a0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 0.2.mfpmp.exe.3a05fc9.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: 0.2.mfpmp.exe.3a05fc9.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
      Source: 0.2.mfpmp.exe.3a05fc9.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 0.2.mfpmp.exe.29a171c.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: 0.2.mfpmp.exe.29a171c.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
      Source: 0.2.mfpmp.exe.29a171c.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 0.2.mfpmp.exe.29a6598.0.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: 0.2.mfpmp.exe.29a6598.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
      Source: 0.2.mfpmp.exe.29a6598.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: 00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 00000000.00000002.657080001.0000000002991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 00000000.00000002.667317565.0000000004CC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: 00000000.00000002.667317565.0000000004CC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
      Source: 00000000.00000002.667317565.0000000004CC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 00000000.00000002.667774340.00000000051F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: 00000000.00000002.667774340.00000000051F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
      Source: 00000000.00000002.667774340.00000000051F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
      Source: 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: 00000000.00000002.665497536.00000000039F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: Process Memory Space: mfpmp.exe PID: 6504, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
      Source: Process Memory Space: mfpmp.exe PID: 6504, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: Process Memory Space: mfpmp.exe PID: 6504, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
      Source: mfpmp.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: mfpmp.exe, type: SAMPLEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: mfpmp.exe, type: SAMPLEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: mfpmp.exe, type: SAMPLEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
      Source: mfpmp.exe, type: SAMPLEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: mfpmp.exe, type: SAMPLEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 0.2.mfpmp.exe.29a171c.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.29a171c.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.29a171c.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
      Source: 0.2.mfpmp.exe.29a171c.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 0.2.mfpmp.exe.3a019a0.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.3a019a0.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.3a019a0.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
      Source: 0.2.mfpmp.exe.3a019a0.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 0.2.mfpmp.exe.4cc0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.4cc0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.4cc0000.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
      Source: 0.2.mfpmp.exe.4cc0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 0.2.mfpmp.exe.51d0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.51d0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.51d0000.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
      Source: 0.2.mfpmp.exe.51d0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 0.2.mfpmp.exe.51d4629.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.51d4629.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.51d4629.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
      Source: 0.2.mfpmp.exe.51d4629.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 0.2.mfpmp.exe.51d0000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.51d0000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.51d0000.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
      Source: 0.2.mfpmp.exe.51d0000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 0.2.mfpmp.exe.3a019a0.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.3a019a0.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.51f0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.51f0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.51f0000.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
      Source: 0.2.mfpmp.exe.51f0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 0.2.mfpmp.exe.3a019a0.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
      Source: 0.2.mfpmp.exe.3a019a0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 0.2.mfpmp.exe.3a05fc9.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.3a05fc9.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.3a05fc9.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
      Source: 0.2.mfpmp.exe.3a05fc9.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 0.2.mfpmp.exe.29a171c.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.29a171c.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.29a171c.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
      Source: 0.2.mfpmp.exe.29a171c.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 0.2.mfpmp.exe.29a6598.0.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.29a6598.0.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0.2.mfpmp.exe.29a6598.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
      Source: 0.2.mfpmp.exe.29a6598.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 00000000.00000002.657080001.0000000002991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 00000000.00000002.667317565.0000000004CC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000000.00000002.667317565.0000000004CC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000000.00000002.667317565.0000000004CC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
      Source: 00000000.00000002.667317565.0000000004CC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 00000000.00000002.667774340.00000000051F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000000.00000002.667774340.00000000051F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000000.00000002.667774340.00000000051F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
      Source: 00000000.00000002.667774340.00000000051F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
      Source: 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: 00000000.00000002.665497536.00000000039F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: Process Memory Space: mfpmp.exe PID: 6504, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: Process Memory Space: mfpmp.exe PID: 6504, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: Process Memory Space: mfpmp.exe PID: 6504, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_04AA92480_2_04AA9248
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_04AA86480_2_04AA8648
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_04AA2FA80_2_04AA2FA8
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_04AA23A00_2_04AA23A0
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_04AAAF180_2_04AAAF18
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_04AA306F0_2_04AA306F
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_04AA930F0_2_04AA930F
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_04B01642 NtQuerySystemInformation,0_2_04B01642
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_04B01607 NtQuerySystemInformation,0_2_04B01607
      Source: mfpmp.exe, 00000000.00000002.657080001.0000000002991000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs mfpmp.exe
      Source: mfpmp.exe, 00000000.00000002.657080001.0000000002991000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNanoProtectClient.dllT vs mfpmp.exe
      Source: mfpmp.exe, 00000000.00000002.667317565.0000000004CC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs mfpmp.exe
      Source: mfpmp.exe, 00000000.00000002.655964464.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs mfpmp.exe
      Source: mfpmp.exe, 00000000.00000002.667774340.00000000051F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNanoProtectClient.dllT vs mfpmp.exe
      Source: mfpmp.exe, 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs mfpmp.exe
      Source: mfpmp.exe, 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs mfpmp.exe
      Source: mfpmp.exe, 00000000.00000002.665497536.00000000039F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs mfpmp.exe
      Source: mfpmp.exe, 00000000.00000002.665497536.00000000039F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs mfpmp.exe
      Source: mfpmp.exe, 00000000.00000002.667851771.0000000005210000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs mfpmp.exe
      Source: mfpmp.exeStatic PE information: Section: .rsrc ZLIB complexity 0.9965897817460317
      Source: mfpmp.exeReversingLabs: Detection: 97%
      Source: mfpmp.exeVirustotal: Detection: 87%
      Source: C:\Users\user\Desktop\mfpmp.exeFile read: C:\Users\user\Desktop\mfpmp.exeJump to behavior
      Source: mfpmp.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\mfpmp.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_04B01402 AdjustTokenPrivileges,0_2_04B01402
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_04B013CB AdjustTokenPrivileges,0_2_04B013CB
      Source: C:\Users\user\Desktop\mfpmp.exeFile created: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9AJump to behavior
      Source: classification engineClassification label: mal100.troj.evad.winEXE@1/2@18/1
      Source: mfpmp.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
      Source: mfpmp.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
      Source: mfpmp.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
      Source: C:\Users\user\Desktop\mfpmp.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{281c27a0-1581-470a-8274-eb0265aada3d}
      Source: C:\Users\user\Desktop\mfpmp.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
      Source: mfpmp.exe, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
      Source: mfpmp.exe, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
      Source: mfpmp.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
      Source: C:\Users\user\Desktop\mfpmp.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
      Source: mfpmp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: Binary string: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb source: mfpmp.exe, 00000000.00000002.655440986.00000000008A5000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mscorlib.pdb source: mfpmp.exe, 00000000.00000002.655440986.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, mfpmp.exe, 00000000.00000002.655693521.00000000009FC000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb0 source: mfpmp.exe, 00000000.00000002.655964464.0000000000B92000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\NanoProtectPlugin\NanoProtectClient\obj\Debug\NanoProtectClient.pdb source: mfpmp.exe, 00000000.00000002.657080001.0000000002991000.00000004.00000800.00020000.00000000.sdmp, mfpmp.exe, 00000000.00000002.667774340.00000000051F0000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: C:\Windows\assembly\GA.pdbmscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll source: mfpmp.exe, 00000000.00000002.655693521.00000000009FC000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: mfpmp.exe, 00000000.00000002.655440986.00000000008A5000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdb2.0.0.0__b77a5c561934e089\mscorlib.pdb source: mfpmp.exe, 00000000.00000002.655693521.00000000009FC000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb(X source: mfpmp.exe, 00000000.00000003.616013627.0000000000B6D000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: C:\Windows\dll\mscorlib.pdb source: mfpmp.exe, 00000000.00000002.655440986.00000000008A5000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: C:\Windows\mscorlib.pdb# source: mfpmp.exe, 00000000.00000002.655440986.00000000008A5000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: .pdbmscorlibsymbols\dll\mscorlib.pdb source: mfpmp.exe, 00000000.00000002.655693521.00000000009FC000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: iC:\Windows\mscorlib.pdb source: mfpmp.exe, 00000000.00000002.655693521.00000000009FC000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: C:\Windows\symbols\dll\mscorlib.pdb source: mfpmp.exe, 00000000.00000002.655440986.00000000008A5000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mscorlib.pdbH source: mfpmp.exe, 00000000.00000002.655693521.00000000009FC000.00000004.00000010.00020000.00000000.sdmp

      Data Obfuscation

      barindex
      .NET source code contains potential unpacker
      Source: mfpmp.exe, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: mfpmp.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_008D9D2C push eax; retf 0_2_008D9D2D
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_008D9D30 pushad ; retf 0_2_008D9D31
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_04B0248C push B8C2C3FFh; ret 0_2_04B024F5
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_04B001F4 push B8C2C3FFh; ret 0_2_04B0024E
      Source: mfpmp.exe, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
      Source: mfpmp.exe, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
      Source: 0.0.mfpmp.exe.2d0000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='

      Hooking and other Techniques for Hiding and Protection

      barindex
      Hides that the sample has been downloaded from the Internet (zone.identifier)
      Source: C:\Users\user\Desktop\mfpmp.exeFile opened: C:\Users\user\Desktop\mfpmp.exe:Zone.Identifier read attributes | deleteJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exe TID: 6468Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exe TID: 5692Thread sleep time: -40000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exe TID: 6480Thread sleep time: -640000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\mfpmp.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeWindow / User API: foregroundWindowGot 1034Jump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_04B0112A GetSystemInfo,0_2_04B0112A
      Source: C:\Users\user\Desktop\mfpmp.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: mfpmp.exe, 00000000.00000003.616013627.0000000000B6A000.00000004.00000020.00020000.00000000.sdmp, mfpmp.exe, 00000000.00000002.655964464.0000000000B66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: mfpmp.exe, 00000000.00000003.605019535.0000000000B61000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: C:\Users\user\Desktop\mfpmp.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeMemory allocated: page read and write | page guardJump to behavior
      Source: mfpmp.exe, 00000000.00000002.655964464.0000000000B76000.00000004.00000020.00020000.00000000.sdmp, mfpmp.exe, 00000000.00000003.616013627.0000000000B7B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managern has been aborted because of either a thread exit or an application request.
      Source: mfpmp.exe, 00000000.00000003.616013627.0000000000B6A000.00000004.00000020.00020000.00000000.sdmp, mfpmp.exe, 00000000.00000003.604811258.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, mfpmp.exe, 00000000.00000003.605019535.0000000000B5D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
      Source: mfpmp.exe, 00000000.00000002.657080001.0000000002C3F000.00000004.00000800.00020000.00000000.sdmp, mfpmp.exe, 00000000.00000002.657080001.0000000002A5D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerp
      Source: mfpmp.exe, 00000000.00000002.657080001.0000000002C33000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerL
      Source: mfpmp.exe, 00000000.00000003.605019535.0000000000B61000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerl
      Source: mfpmp.exe, 00000000.00000003.408515369.0000000000BB5000.00000004.00000020.00020000.00000000.sdmp, mfpmp.exe, 00000000.00000003.604811258.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, mfpmp.exe, 00000000.00000003.394615412.0000000000BB5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managert$
      Source: C:\Users\user\Desktop\mfpmp.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_008CAF9A GetUserNameW,0_2_008CAF9A

      Stealing of Sensitive Information

      barindex
      Yara detected Nanocore RAT
      Source: Yara matchFile source: mfpmp.exe, type: SAMPLE
      Source: Yara matchFile source: 0.2.mfpmp.exe.3a019a0.3.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.51d0000.6.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.0.mfpmp.exe.2d0000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.51d4629.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.51d0000.6.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.3a019a0.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.3a05fc9.2.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.665497536.00000000039F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: mfpmp.exe PID: 6504, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Detected Nanocore Rat
      Source: mfpmp.exe, 00000000.00000002.657080001.0000000002991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Source: mfpmp.exe, 00000000.00000002.657080001.0000000002991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
      Source: mfpmp.exe, 00000000.00000002.657080001.0000000002991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoProtectClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoProtectClientClientPluginResourcesNanoProtectClient.My.ResourcesMySettingsMySettingsPropertyFunctionsNanoProtectClient.NanoProtectMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsGetProtectDirectoryGetProtectFileCreateProtectFileKillNanoCoreSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeLogClientMessageSystem.IOFileExistsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedEnvironmentSpecialFolderGetFolderPathPathCombineExceptionDirectoryDirectoryInfoCreateDirectoryFileStreamCreateProjectDataSetProjectErrorClearProjectErrorProcessGetCurrentProcessKillNanoProtectClient.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoProtectClient.dlla[NanoProtect]: Checking for NanoProtect module..
      Source: mfpmp.exe, 00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Source: mfpmp.exe, 00000000.00000002.667317565.0000000004CC0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Source: mfpmp.exe, 00000000.00000002.667317565.0000000004CC0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
      Source: mfpmp.exe, 00000000.00000002.667774340.00000000051F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Source: mfpmp.exe, 00000000.00000002.667774340.00000000051F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoProtectClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoProtectClientClientPluginResourcesNanoProtectClient.My.ResourcesMySettingsMySettingsPropertyFunctionsNanoProtectClient.NanoProtectMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsGetProtectDirectoryGetProtectFileCreateProtectFileKillNanoCoreSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeLogClientMessageSystem.IOFileExistsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedEnvironmentSpecialFolderGetFolderPathPathCombineExceptionDirectoryDirectoryInfoCreateDirectoryFileStreamCreateProjectDataSetProjectErrorClearProjectErrorProcessGetCurrentProcessKillNanoProtectClient.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoProtectClient.dlla[NanoProtect]: Checking for NanoProtect module..
      Source: mfpmp.exe, 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Source: mfpmp.exe, 00000000.00000002.665497536.00000000039F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Source: mfpmp.exeString found in binary or memory: NanoCore.ClientPluginHost
      Yara detected Nanocore RAT
      Source: Yara matchFile source: mfpmp.exe, type: SAMPLE
      Source: Yara matchFile source: 0.2.mfpmp.exe.3a019a0.3.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.51d0000.6.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.0.mfpmp.exe.2d0000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.51d4629.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.51d0000.6.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.3a019a0.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.mfpmp.exe.3a05fc9.2.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.665497536.00000000039F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: mfpmp.exe PID: 6504, type: MEMORYSTR
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_04B0284E bind,0_2_04B0284E
      Source: C:\Users\user\Desktop\mfpmp.exeCode function: 0_2_04B027FC bind,0_2_04B027FC

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management InstrumentationPath Interception1
      Access Token Manipulation      		1
      Masquerading      		21
      Input Capture      		1
      Security Software Discovery      		Remote Services21
      Input Capture      		Exfiltration Over Other Network Medium1
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      Process Injection      		1
      Disable or Modify Tools      		LSASS Memory2
      Process Discovery      		Remote Desktop Protocol11
      Archive Collected Data      		Exfiltration Over Bluetooth1
      Non-Standard Port      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)21
      Virtualization/Sandbox Evasion      		Security Account Manager21
      Virtualization/Sandbox Evasion      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
      Remote Access Software      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
      Access Token Manipulation      		NTDS1
      Application Window Discovery      		Distributed Component Object ModelInput CaptureScheduled Transfer1
      Ingress Tool Transfer      		SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
      Process Injection      		LSA Secrets1
      Account Discovery      		SSHKeyloggingData Transfer Size Limits1
      Non-Application Layer Protocol      		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.common1
      Deobfuscate/Decode Files or Information      		Cached Domain Credentials1
      System Owner/User Discovery      		VNCGUI Input CaptureExfiltration Over C2 Channel11
      Application Layer Protocol      		Jamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
      Hidden Files and Directories      		DCSync3
      System Information Discovery      		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job2
      Obfuscated Files or Information      		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)11
      Software Packing      		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      mfpmp.exe97%ReversingLabsByteCode-MSIL.Backdoor.NanoCore
      mfpmp.exe88%VirustotalBrowse
      mfpmp.exe100%AviraTR/Dropper.MSIL.Gen7
      mfpmp.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      dinowar.anondns.net3%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      dinowar.dynv6.net2%VirustotalBrowse
      dinowar.anondns.net3%VirustotalBrowse
      dinowar.anondns.net100%Avira URL Cloudmalware
      dinowar.dynv6.net100%Avira URL Cloudmalware

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      dinowar.anondns.net
      		213.152.161.40
      		truetrueunknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      dinowar.anondns.nettrue
      • 3%, Virustotal, Browse
      • Avira URL Cloud: malware
      		unknown
      dinowar.dynv6.nettrue
      • 2%, Virustotal, Browse
      • Avira URL Cloud: malware
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      213.152.161.40
      		dinowar.anondns.netNetherlands
      		49453GLOBALLAYERNLtrue

      General Information

      Joe Sandbox Version:37.1.0 Beryl
      Analysis ID:880358
      Start date and time:2023-06-02 03:13:14 +02:00
      Joe Sandbox Product:CloudBasic
      Overall analysis duration:0h 7m 50s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
      Number of analysed new started processes analysed:4
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • HDC enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample file name:mfpmp.exe
      Detection:MAL
      Classification:mal100.troj.evad.winEXE@1/2@18/1
      EGA Information:
      • Successful, ratio: 100%
      HDC Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 283
      • Number of non-executed functions: 5
      Cookbook Comments:
      • Found application associated with file extension: .exe

      Warnings

      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
      • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
      • Report size getting too big, too many NtDeviceIoControlFile calls found.

      Simulations

      Behavior and APIs

      TimeTypeDescription
      03:14:14API Interceptor914x Sleep call for process: mfpmp.exe modified

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      213.152.161.40shipping.docGet hashmaliciousAgentTesla, AsyncRAT, RemcosBrowse
        vbc.exeGet hashmaliciousAgentTesla, AsyncRAT, RemcosBrowse

          Domains

          No context

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          GLOBALLAYERNLCgpIx13Spu.exeGet hashmaliciousNanocoreBrowse
          • 213.152.162.181
          GjzoAhk1LN.exeGet hashmaliciousRemcosBrowse
          • 134.19.179.211
          https://2send.pics/www.google-analytics.com/cosmetics.lk.jsGet hashmaliciousUnknownBrowse
          • 5.188.86.195
          DIEN_CHUYEN_TIEN_SacomBank-TT_20230421-1191736-80192949.exeGet hashmaliciousNanoCore, GuLoaderBrowse
          • 213.152.161.138
          DLAWT.scr.exeGet hashmaliciousNanoCore, GuLoaderBrowse
          • 213.152.161.138
          xh0YFcjKpEZq.exeGet hashmaliciousQuasarBrowse
          • 213.152.162.79
          http://5.188.86.237Get hashmaliciousUnknownBrowse
          • 5.188.86.237
          NEW_ORDER_LIST_.xls.exeGet hashmaliciousNanocoreBrowse
          • 213.152.161.229
          List_of_PN_2612412-1A.exeGet hashmaliciousAveMaria, UACMeBrowse
          • 213.152.187.195
          DHL_AWB-5024310182061023.exeGet hashmaliciousAveMaria, DBatLoader, UACMeBrowse
          • 134.19.179.171
          vaqGXlZjqJ.exeGet hashmaliciousAsyncRATBrowse
          • 5.188.86.237
          unpacked.exeGet hashmaliciousNetWireBrowse
          • 213.152.162.109
          vEDQHAfrvH.exeGet hashmaliciousRemcosBrowse
          • 134.19.179.243
          #U8be2#U4ef7#U5230#U8ba2#U5355_Inquiry-to-Order-001030723_xlsx.exeGet hashmaliciousNanocore, zgRATBrowse
          • 213.152.161.118
          attached sample.exeGet hashmaliciousNanocore, AgentTeslaBrowse
          • 134.19.179.147
          Invoice.exeGet hashmaliciousNanocore, AgentTeslaBrowse
          • 134.19.179.147
          PO.230029.jsGet hashmaliciousWSHRat, VjW0rmBrowse
          • 134.19.179.195
          1W0OQF9pbD.exeGet hashmaliciousDBatLoader, NetWireBrowse
          • 134.19.176.119
          ConstructionDocuments.oneGet hashmaliciousRemcos, DBatLoaderBrowse
          • 213.152.162.181
          sN46dZ5V3F.elfGet hashmaliciousMiraiBrowse
          • 185.229.58.104

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat

          Download File
          Process:C:\Users\user\Desktop\mfpmp.exe
          File Type:data
          Category:dropped
          Size (bytes):248
          Entropy (8bit):6.997351629001838
          Encrypted:false
          SSDEEP:6:X4LDAnybgCFcps0Oa706d+6zsThvr9ohWCsT9ZIWyq4B:X4LEnybgCF07hNgtr9oE/3oB
          MD5:EDB5F15385E111D1F43093F56149A3FB
          SHA1:D865A47A0997848D5D4005B857A3FD0027BCD3C6
          SHA-256:1995E579108E8EB3B6C00893E855E8204D1C36F150088736556B66BE445E7957
          SHA-512:C3C0ADA45BECD863F41369F766E719A6FDC7807096F17FAEFBA6466EBEE4830524046DAFB186E1DFB50B15B07F0877ECD3B4E5993B83E8D67FF5A68D4F2ACCFE
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*.............S.Ty.K.&....q$.7....."....F... .N.k.C.X.D.^.....u.\...X........s^.;...m/.,7X..v"B..#.T.F L...h.....t 5.|Z

          C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

          Download File
          Process:C:\Users\user\Desktop\mfpmp.exe
          File Type:data
          Category:dropped
          Size (bytes):8
          Entropy (8bit):3.0
          Encrypted:false
          SSDEEP:3:V66pt:1
          MD5:C8A6A661D6743E259E659C36B4C72D17
          SHA1:1526F977C40AB1700E731F506D7FFB2BC440ED9E
          SHA-256:AD606B5A81C70DDA9F84813BAAAF04DE4605FCA79877D9B9F2C69316605A5C29
          SHA-512:15598B836EF25A356884598B374A5CDF286812B4DFB13A5D266F16AC60B8F36FC9114823A390B72AF44ACA63AC1CD9CE29EDC40F8E827B749708AD0620A68043
          Malicious:true
          Reputation:low
          Preview:.a..Rc.H

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Entropy (8bit):7.476662499761944
          TrID:
          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          • Win32 Executable (generic) a (10002005/4) 49.78%
          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
          • Generic Win/DOS Executable (2004/3) 0.01%
          • DOS Executable Generic (2002/1) 0.01%
          File name:mfpmp.exe
          File size:214528
          MD5:475b4814a0b6114c76ea55c7447b6108
          SHA1:d9cb6110591e7fb53a29ee7c8efd2c7132b3a426
          SHA256:10feb93ebdb8dd942d6b7a878d1ee3920584e89cdead6e34ae8292bfb1916116
          SHA512:cb822c8b67d1733a9d4779d1e35c737db6f4ad47d2ded10aacdcd7d85acf72e58eb71d2b8bbb90e9c271041efe87f5654ea661bd786d8376d6fc4b4717c82c9b
          SSDEEP:6144:ELV6Bta6dtJmakIM5zmMVrunW9jnHzmycg81x:ELV6Btpmk8msrunW9P+
          TLSH:B724CF167BA84A3FE2DE8AB9711211028379C2E398C3F3DE5CD495B74B267E50A071D7
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.T.....................|........... ........@.. .....................................................................

          File Icon

          Icon Hash:90cececece8e8eb0

          Static PE Info

          General

          Entrypoint:0x41e792
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          DLL Characteristics:
          Time Stamp:0x54E927A1 [Sun Feb 22 00:49:37 2015 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

          Entrypoint Preview

          Instruction
          jmp dword ptr [00402000h]
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x1e7380x57.text
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x220000x17860.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x200000xc.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x20000x1c7980x1c800False0.5945124040570176data6.59808650483268IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .reloc0x200000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          .rsrc0x220000x178600x17a00False0.9965897817460317data7.997328427019175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountry
          RT_RCDATA0x220580x17808data

          Imports

          DLLImport
          mscoree.dll_CorExeMain

          Network Behavior

          Snort IDS Alerts

          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
          192.168.2.5213.152.161.4049726219422816766 06/02/23-03:15:58.229871TCP2816766ETPRO TROJAN NanoCore RAT CnC 74972621942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049725219422816766 06/02/23-03:15:46.918356TCP2816766ETPRO TROJAN NanoCore RAT CnC 74972521942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049727219422816766 06/02/23-03:16:05.832874TCP2816766ETPRO TROJAN NanoCore RAT CnC 74972721942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049714219422816766 06/02/23-03:14:23.945597TCP2816766ETPRO TROJAN NanoCore RAT CnC 74971421942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049716219422816766 06/02/23-03:14:38.958735TCP2816766ETPRO TROJAN NanoCore RAT CnC 74971621942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049724219422816766 06/02/23-03:15:41.133556TCP2816766ETPRO TROJAN NanoCore RAT CnC 74972421942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049728219422816766 06/02/23-03:16:14.874731TCP2816766ETPRO TROJAN NanoCore RAT CnC 74972821942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049713219422816766 06/02/23-03:14:17.578597TCP2816766ETPRO TROJAN NanoCore RAT CnC 74971321942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049717219422816766 06/02/23-03:14:46.659916TCP2816766ETPRO TROJAN NanoCore RAT CnC 74971721942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049715219422816766 06/02/23-03:14:32.676847TCP2816766ETPRO TROJAN NanoCore RAT CnC 74971521942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049723219422025019 06/02/23-03:15:30.905805TCP2025019ET TROJAN Possible NanoCore C2 60B4972321942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049722219422816766 06/02/23-03:15:18.909197TCP2816766ETPRO TROJAN NanoCore RAT CnC 74972221942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049713219422025019 06/02/23-03:14:16.340330TCP2025019ET TROJAN Possible NanoCore C2 60B4971321942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049714219422025019 06/02/23-03:14:22.701480TCP2025019ET TROJAN Possible NanoCore C2 60B4971421942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049724219422025019 06/02/23-03:15:38.625540TCP2025019ET TROJAN Possible NanoCore C2 60B4972421942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049725219422025019 06/02/23-03:15:46.516736TCP2025019ET TROJAN Possible NanoCore C2 60B4972521942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049721219422816766 06/02/23-03:15:11.972977TCP2816766ETPRO TROJAN NanoCore RAT CnC 74972121942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049723219422816766 06/02/23-03:15:32.602475TCP2816766ETPRO TROJAN NanoCore RAT CnC 74972321942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049715219422025019 06/02/23-03:14:29.058470TCP2025019ET TROJAN Possible NanoCore C2 60B4971521942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049726219422025019 06/02/23-03:15:56.130210TCP2025019ET TROJAN Possible NanoCore C2 60B4972621942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049728219422025019 06/02/23-03:16:12.322829TCP2025019ET TROJAN Possible NanoCore C2 60B4972821942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049717219422025019 06/02/23-03:14:45.071339TCP2025019ET TROJAN Possible NanoCore C2 60B4971721942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049718219422025019 06/02/23-03:14:54.530247TCP2025019ET TROJAN Possible NanoCore C2 60B4971821942192.168.2.5213.152.161.40
          213.152.161.40192.168.2.521942497252841753 06/02/23-03:15:53.656106TCP2841753ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound)2194249725213.152.161.40192.168.2.5
          192.168.2.5213.152.161.4049716219422025019 06/02/23-03:14:38.559097TCP2025019ET TROJAN Possible NanoCore C2 60B4971621942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049727219422025019 06/02/23-03:16:05.006045TCP2025019ET TROJAN Possible NanoCore C2 60B4972721942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049719219422025019 06/02/23-03:15:01.548154TCP2025019ET TROJAN Possible NanoCore C2 60B4971921942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049722219422025019 06/02/23-03:15:17.333804TCP2025019ET TROJAN Possible NanoCore C2 60B4972221942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049721219422025019 06/02/23-03:15:10.736542TCP2025019ET TROJAN Possible NanoCore C2 60B4972121942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049718219422816766 06/02/23-03:14:55.770847TCP2816766ETPRO TROJAN NanoCore RAT CnC 74971821942192.168.2.5213.152.161.40
          192.168.2.5213.152.161.4049719219422816766 06/02/23-03:15:03.125668TCP2816766ETPRO TROJAN NanoCore RAT CnC 74971921942192.168.2.5213.152.161.40

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Jun 2, 2023 03:14:15.897165060 CEST4971321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:16.291115046 CEST2194249713213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:16.292726994 CEST4971321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:16.340329885 CEST4971321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:16.740214109 CEST2194249713213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:16.741002083 CEST4971321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:17.182162046 CEST2194249713213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:17.182327032 CEST4971321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:17.577496052 CEST2194249713213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:17.578597069 CEST4971321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:18.023407936 CEST2194249713213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:18.023624897 CEST4971321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:18.153752089 CEST4971321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:18.452577114 CEST2194249713213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:18.452625036 CEST2194249713213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:18.452646971 CEST2194249713213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:18.452670097 CEST2194249713213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:18.452670097 CEST4971321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:18.452722073 CEST2194249713213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:18.452725887 CEST4971321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:18.452780008 CEST4971321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:18.452780008 CEST2194249713213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:18.452825069 CEST4971321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:18.453490019 CEST2194249713213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:18.453512907 CEST2194249713213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:18.453535080 CEST2194249713213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:18.453617096 CEST4971321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:18.453643084 CEST4971321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:22.293716908 CEST4971421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:22.689059019 CEST2194249714213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:22.689198971 CEST4971421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:22.701479912 CEST4971421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:23.106259108 CEST2194249714213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:23.107754946 CEST4971421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:23.549438000 CEST2194249714213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:23.550512075 CEST4971421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:23.945451975 CEST2194249714213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:23.945596933 CEST4971421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:24.559926987 CEST4971421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:28.666457891 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:29.057277918 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:29.057544947 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:29.058470011 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:29.456240892 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:29.456424952 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:30.233597994 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:30.636657953 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:30.636878014 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:31.069416046 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:31.073952913 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:31.500612974 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:31.500646114 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:31.500659943 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:31.500674009 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:31.500886917 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:31.501477003 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:31.501518965 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:31.501518965 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:31.501554012 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:31.501625061 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:31.501672983 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:31.501741886 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:31.501791000 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:31.892621040 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:31.892793894 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:31.892899036 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:31.892967939 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:31.893393040 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:31.893415928 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:31.893439054 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:31.893467903 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:31.893497944 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:31.893512964 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:31.894252062 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:31.894345045 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:32.200197935 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:32.284379959 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:32.284544945 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:32.284564972 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:32.284594059 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:32.284624100 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:32.284672976 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:32.284677982 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:32.284704924 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:32.284723997 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:32.284744978 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:32.285245895 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:32.285310030 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:32.645306110 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:32.645418882 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:32.675637007 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:32.675745964 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:32.676757097 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:32.676791906 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:32.676811934 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:32.676831961 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:32.676846981 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:32.676846981 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:32.676883936 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:32.676893950 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:32.676908016 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:32.677613020 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:32.677681923 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:32.953983068 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:33.066248894 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:33.066385984 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:33.067240953 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:33.068039894 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:33.068084955 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:33.068156004 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:33.068296909 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:33.068320990 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:33.068342924 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:33.068372965 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:33.068375111 CEST2194249715213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:33.068420887 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:33.068439960 CEST4971521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:37.150897026 CEST4971621942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:38.545264959 CEST2194249716213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:38.545397997 CEST4971621942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:38.559097052 CEST4971621942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:38.958486080 CEST2194249716213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:38.958734989 CEST4971621942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:40.374360085 CEST4971621942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:44.675848961 CEST4971721942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:45.070559978 CEST2194249717213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:45.070782900 CEST4971721942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:45.071338892 CEST4971721942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:45.474411011 CEST2194249717213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:45.474617004 CEST4971721942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:46.264834881 CEST4971721942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:46.659800053 CEST2194249717213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:46.659915924 CEST4971721942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:46.936434031 CEST4971721942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:47.098751068 CEST2194249717213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:47.098812103 CEST4971721942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:51.119766951 CEST4971821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:54.124378920 CEST4971821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:54.529342890 CEST2194249718213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:54.529550076 CEST4971821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:54.530246973 CEST4971821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:54.929333925 CEST2194249718213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:54.929506063 CEST4971821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:55.374589920 CEST2194249718213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:55.375812054 CEST4971821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:55.770617962 CEST2194249718213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:55.770847082 CEST4971821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:56.207606077 CEST2194249718213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:56.207824945 CEST4971821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:56.380212069 CEST4971821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:14:56.635468006 CEST2194249718213.152.161.40192.168.2.5
          Jun 2, 2023 03:14:56.635581970 CEST4971821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:01.153912067 CEST4971921942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:01.545392990 CEST2194249719213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:01.547590971 CEST4971921942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:01.548154116 CEST4971921942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:01.944477081 CEST2194249719213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:01.944729090 CEST4971921942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:02.734532118 CEST4971921942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:03.125530005 CEST2194249719213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:03.125668049 CEST4971921942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:03.559473991 CEST2194249719213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:03.559578896 CEST4971921942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:03.581885099 CEST4971921942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:09.328232050 CEST4972121942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:10.735711098 CEST2194249721213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:10.736541033 CEST4972121942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:10.736541986 CEST4972121942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:11.134346962 CEST2194249721213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:11.134442091 CEST4972121942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:11.581554890 CEST2194249721213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:11.581671000 CEST4972121942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:11.972759008 CEST2194249721213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:11.972976923 CEST4972121942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:12.839653015 CEST4972121942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:16.941601038 CEST4972221942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:17.333043098 CEST2194249722213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:17.333205938 CEST4972221942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:17.333803892 CEST4972221942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:17.732155085 CEST2194249722213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:17.732244968 CEST4972221942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:18.517128944 CEST4972221942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:18.909038067 CEST2194249722213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:18.909197092 CEST4972221942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:19.283087015 CEST4972221942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:19.354201078 CEST2194249722213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:19.358406067 CEST4972221942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:27.483542919 CEST4972321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:30.499696970 CEST4972321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:30.899202108 CEST2194249723213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:30.899311066 CEST4972321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:30.905805111 CEST4972321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:31.309633017 CEST2194249723213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:31.309741974 CEST4972321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:31.761486053 CEST2194249723213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:31.762454033 CEST4972321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:32.160135984 CEST2194249723213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:32.160440922 CEST4972321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:32.602252007 CEST2194249723213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:32.602474928 CEST4972321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:32.964682102 CEST4972321942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:38.147254944 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:38.541147947 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:38.541346073 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:38.625540018 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:39.025304079 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:39.025495052 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:39.471231937 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:39.471360922 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:39.866338015 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:39.866532087 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:40.311485052 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:40.311570883 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:40.739501953 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:40.739564896 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:40.739614964 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:40.739713907 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:40.739713907 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:40.740221977 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:40.740389109 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:40.740422010 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:40.740470886 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:40.740503073 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:40.740519047 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:40.740556955 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:40.740588903 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:41.133372068 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:41.133434057 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:41.133555889 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:41.133555889 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:41.133599997 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:41.134361982 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:41.134413958 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:41.134464025 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:41.134490967 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:41.134512901 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:41.134512901 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:41.134552956 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:41.134562016 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:41.134578943 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:41.134618998 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:41.141042948 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:41.527304888 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:41.527373075 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:41.528222084 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:41.528306961 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:41.529244900 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:41.529321909 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:41.530316114 CEST2194249724213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:41.530400991 CEST4972421942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:46.122292995 CEST4972521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:46.515968084 CEST2194249725213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:46.516163111 CEST4972521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:46.516736031 CEST4972521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:46.918243885 CEST2194249725213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:46.918355942 CEST4972521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:47.695818901 CEST4972521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:48.493319988 CEST4972521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:52.669994116 CEST4972621942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:53.656105995 CEST2194249725213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:53.656308889 CEST4972521942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:55.680932999 CEST4972621942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:56.061510086 CEST2194249726213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:56.062000036 CEST4972621942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:56.130209923 CEST4972621942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:56.525500059 CEST2194249726213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:56.527612925 CEST4972621942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:56.968434095 CEST2194249726213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:56.968872070 CEST4972621942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:57.363236904 CEST2194249726213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:57.367017031 CEST4972621942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:57.804511070 CEST2194249726213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:57.804687977 CEST4972621942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:58.229794025 CEST2194249726213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:58.229871035 CEST4972621942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:58.494402885 CEST4972621942192.168.2.5213.152.161.40
          Jun 2, 2023 03:15:58.622870922 CEST2194249726213.152.161.40192.168.2.5
          Jun 2, 2023 03:15:58.623034954 CEST4972621942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:03.601006031 CEST4972721942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:05.005116940 CEST2194249727213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:05.005448103 CEST4972721942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:05.006045103 CEST4972721942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:05.832778931 CEST2194249727213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:05.832874060 CEST4972721942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:07.310394049 CEST4972721942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:11.928423882 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:12.322072983 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:12.322307110 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:12.322829008 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:12.721041918 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:12.776120901 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:12.796452045 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:13.229034901 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:13.229186058 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:13.621973991 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:13.622132063 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:14.055991888 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:14.056086063 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:14.481004000 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:14.481220007 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:14.481698990 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:14.481749058 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:14.481779099 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:14.481846094 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:14.482532024 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:14.482608080 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:14.874461889 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:14.874504089 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:14.874526024 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:14.874547005 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:14.874571085 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:14.874593019 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:14.874658108 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:14.874731064 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:14.874731064 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:14.969625950 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:15.270143986 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:15.270296097 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:15.270318985 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:15.270339966 CEST2194249728213.152.161.40192.168.2.5
          Jun 2, 2023 03:16:15.270442009 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:15.270442009 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:15.270503044 CEST4972821942192.168.2.5213.152.161.40
          Jun 2, 2023 03:16:15.270503044 CEST4972821942192.168.2.5213.152.161.40

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Jun 2, 2023 03:14:15.853120089 CEST4917753192.168.2.58.8.8.8
          Jun 2, 2023 03:14:15.885448933 CEST53491778.8.8.8192.168.2.5
          Jun 2, 2023 03:14:22.231913090 CEST4972453192.168.2.58.8.8.8
          Jun 2, 2023 03:14:22.253011942 CEST53497248.8.8.8192.168.2.5
          Jun 2, 2023 03:14:28.631515026 CEST6145253192.168.2.58.8.8.8
          Jun 2, 2023 03:14:28.664314032 CEST53614528.8.8.8192.168.2.5
          Jun 2, 2023 03:14:37.110941887 CEST6532353192.168.2.58.8.8.8
          Jun 2, 2023 03:14:37.149499893 CEST53653238.8.8.8192.168.2.5
          Jun 2, 2023 03:14:44.644526005 CEST5148453192.168.2.58.8.8.8
          Jun 2, 2023 03:14:44.672653913 CEST53514848.8.8.8192.168.2.5
          Jun 2, 2023 03:14:51.091420889 CEST6344653192.168.2.58.8.8.8
          Jun 2, 2023 03:14:51.118262053 CEST53634468.8.8.8192.168.2.5
          Jun 2, 2023 03:15:01.121577978 CEST5675153192.168.2.58.8.8.8
          Jun 2, 2023 03:15:01.150638103 CEST53567518.8.8.8192.168.2.5
          Jun 2, 2023 03:15:09.295682907 CEST6097553192.168.2.58.8.8.8
          Jun 2, 2023 03:15:09.324079990 CEST53609758.8.8.8192.168.2.5
          Jun 2, 2023 03:15:16.925514936 CEST5922053192.168.2.58.8.8.8
          Jun 2, 2023 03:15:16.940361977 CEST53592208.8.8.8192.168.2.5
          Jun 2, 2023 03:15:23.323892117 CEST5506853192.168.2.58.8.8.8
          Jun 2, 2023 03:15:24.376849890 CEST5506853192.168.2.58.8.8.8
          Jun 2, 2023 03:15:25.449541092 CEST5506853192.168.2.58.8.8.8
          Jun 2, 2023 03:15:27.482081890 CEST53550688.8.8.8192.168.2.5
          Jun 2, 2023 03:15:37.110519886 CEST5668253192.168.2.58.8.8.8
          Jun 2, 2023 03:15:38.121855974 CEST5668253192.168.2.58.8.8.8
          Jun 2, 2023 03:15:38.144364119 CEST53566828.8.8.8192.168.2.5
          Jun 2, 2023 03:15:39.134860039 CEST53566828.8.8.8192.168.2.5
          Jun 2, 2023 03:15:46.034936905 CEST5853253192.168.2.58.8.8.8
          Jun 2, 2023 03:15:46.071866035 CEST53585328.8.8.8192.168.2.5
          Jun 2, 2023 03:15:52.640743017 CEST6265953192.168.2.58.8.8.8
          Jun 2, 2023 03:15:52.668926954 CEST53626598.8.8.8192.168.2.5
          Jun 2, 2023 03:16:03.578902960 CEST5858153192.168.2.58.8.8.8
          Jun 2, 2023 03:16:03.599817038 CEST53585818.8.8.8192.168.2.5
          Jun 2, 2023 03:16:11.905319929 CEST5626353192.168.2.58.8.8.8
          Jun 2, 2023 03:16:11.926800966 CEST53562638.8.8.8192.168.2.5

          ICMP Packets

          TimestampSource IPDest IPChecksumCodeType
          Jun 2, 2023 03:15:39.135045052 CEST192.168.2.58.8.8.8d008(Port unreachable)Destination Unreachable

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Jun 2, 2023 03:14:15.853120089 CEST192.168.2.58.8.8.80x96b3Standard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false
          Jun 2, 2023 03:14:22.231913090 CEST192.168.2.58.8.8.80x367aStandard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false
          Jun 2, 2023 03:14:28.631515026 CEST192.168.2.58.8.8.80x1016Standard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false
          Jun 2, 2023 03:14:37.110941887 CEST192.168.2.58.8.8.80x1c00Standard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false
          Jun 2, 2023 03:14:44.644526005 CEST192.168.2.58.8.8.80xc195Standard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false
          Jun 2, 2023 03:14:51.091420889 CEST192.168.2.58.8.8.80x997cStandard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:01.121577978 CEST192.168.2.58.8.8.80xb8bfStandard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:09.295682907 CEST192.168.2.58.8.8.80x9cdfStandard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:16.925514936 CEST192.168.2.58.8.8.80x8754Standard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:23.323892117 CEST192.168.2.58.8.8.80xd62cStandard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:24.376849890 CEST192.168.2.58.8.8.80xd62cStandard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:25.449541092 CEST192.168.2.58.8.8.80xd62cStandard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:37.110519886 CEST192.168.2.58.8.8.80x89d3Standard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:38.121855974 CEST192.168.2.58.8.8.80x89d3Standard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:46.034936905 CEST192.168.2.58.8.8.80xf3b5Standard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:52.640743017 CEST192.168.2.58.8.8.80xaee7Standard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false
          Jun 2, 2023 03:16:03.578902960 CEST192.168.2.58.8.8.80x1577Standard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false
          Jun 2, 2023 03:16:11.905319929 CEST192.168.2.58.8.8.80xf81aStandard query (0)dinowar.anondns.netA (IP address)IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Jun 2, 2023 03:14:15.885448933 CEST8.8.8.8192.168.2.50x96b3No error (0)dinowar.anondns.net213.152.161.40A (IP address)IN (0x0001)false
          Jun 2, 2023 03:14:22.253011942 CEST8.8.8.8192.168.2.50x367aNo error (0)dinowar.anondns.net213.152.161.40A (IP address)IN (0x0001)false
          Jun 2, 2023 03:14:28.664314032 CEST8.8.8.8192.168.2.50x1016No error (0)dinowar.anondns.net213.152.161.40A (IP address)IN (0x0001)false
          Jun 2, 2023 03:14:37.149499893 CEST8.8.8.8192.168.2.50x1c00No error (0)dinowar.anondns.net213.152.161.40A (IP address)IN (0x0001)false
          Jun 2, 2023 03:14:44.672653913 CEST8.8.8.8192.168.2.50xc195No error (0)dinowar.anondns.net213.152.161.40A (IP address)IN (0x0001)false
          Jun 2, 2023 03:14:51.118262053 CEST8.8.8.8192.168.2.50x997cNo error (0)dinowar.anondns.net213.152.161.40A (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:01.150638103 CEST8.8.8.8192.168.2.50xb8bfNo error (0)dinowar.anondns.net213.152.161.40A (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:09.324079990 CEST8.8.8.8192.168.2.50x9cdfNo error (0)dinowar.anondns.net213.152.161.40A (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:16.940361977 CEST8.8.8.8192.168.2.50x8754No error (0)dinowar.anondns.net213.152.161.40A (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:27.482081890 CEST8.8.8.8192.168.2.50xd62cNo error (0)dinowar.anondns.net213.152.161.40A (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:38.144364119 CEST8.8.8.8192.168.2.50x89d3No error (0)dinowar.anondns.net213.152.161.40A (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:39.134860039 CEST8.8.8.8192.168.2.50x89d3No error (0)dinowar.anondns.net213.152.161.40A (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:46.071866035 CEST8.8.8.8192.168.2.50xf3b5No error (0)dinowar.anondns.net213.152.161.40A (IP address)IN (0x0001)false
          Jun 2, 2023 03:15:52.668926954 CEST8.8.8.8192.168.2.50xaee7No error (0)dinowar.anondns.net213.152.161.40A (IP address)IN (0x0001)false
          Jun 2, 2023 03:16:03.599817038 CEST8.8.8.8192.168.2.50x1577No error (0)dinowar.anondns.net213.152.161.40A (IP address)IN (0x0001)false
          Jun 2, 2023 03:16:11.926800966 CEST8.8.8.8192.168.2.50xf81aNo error (0)dinowar.anondns.net213.152.161.40A (IP address)IN (0x0001)false

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          System Behavior

          General

          Target ID:0
          Start time:03:14:13
          Start date:02/06/2023
          Path:C:\Users\user\Desktop\mfpmp.exe
          Wow64 process (32bit):true
          Commandline:C:\Users\user\Desktop\mfpmp.exe
          Imagebase:0x2d0000
          File size:214528 bytes
          MD5 hash:475B4814A0B6114C76EA55C7447B6108
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:.Net C# or VB.NET
          Yara matches:
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmp, Author: Florian Roth (Nextron Systems)
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
          • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000000.390950299.00000000002D2000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
          • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.657080001.0000000002991000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.667317565.0000000004CC0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
          • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.667317565.0000000004CC0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
          • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.667317565.0000000004CC0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
          • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.667317565.0000000004CC0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.667774340.00000000051F0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
          • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.667774340.00000000051F0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
          • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.667774340.00000000051F0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
          • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.667774340.00000000051F0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
          • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
          • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
          • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.667674827.00000000051D0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.665497536.00000000039F2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
          • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.665497536.00000000039F2000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
          Reputation:low

          Disassembly

          Reset < >

            Execution Graph

            Execution Coverage:24.8%
            Dynamic/Decrypted Code Coverage:100%
            Signature Coverage:6.7%
            Total number of Nodes:195
            Total number of Limit Nodes:15
            execution_graph 15261 4aade28 15262 4aade31 15261->15262 15266 4aade68 15262->15266 15270 4aade78 15262->15270 15263 4aade62 15267 4aade78 15266->15267 15274 4aadea8 15267->15274 15268 4aade99 15268->15263 15271 4aade80 15270->15271 15273 4aadea8 2 API calls 15271->15273 15272 4aade99 15272->15263 15273->15272 15275 4aadedb 15274->15275 15276 4aadf03 15275->15276 15279 4aadfd0 15275->15279 15284 4aadfc1 15275->15284 15276->15268 15280 4aadff9 15279->15280 15281 4aae034 15280->15281 15289 4b01788 15280->15289 15293 4b0182e 15280->15293 15281->15275 15285 4aadfd0 15284->15285 15286 4aae034 15285->15286 15287 4b01788 DnsQuery_A 15285->15287 15288 4b0182e DnsQuery_A 15285->15288 15286->15275 15287->15286 15288->15286 15290 4b017d9 DnsQuery_A 15289->15290 15292 4b0188c 15290->15292 15292->15281 15294 4b0187e DnsQuery_A 15293->15294 15295 4b0188c 15294->15295 15295->15281 15296 4b00232 15299 4b0024b FindCloseChangeNotification 15296->15299 15298 4b0026c 15299->15298 15300 8ca78a 15301 8ca7ec 15300->15301 15302 8ca7b6 closesocket 15300->15302 15301->15302 15303 8ca7c4 15302->15303 15362 4b00776 15364 4b007ab GetTokenInformation 15362->15364 15365 4b007e8 15364->15365 15304 8cb806 15305 8cb83b SendMessageW 15304->15305 15306 8cb866 15304->15306 15307 8cb850 15305->15307 15306->15305 15366 4aa0660 15367 4aa0665 15366->15367 15368 4aa0674 15367->15368 15370 4aa0681 15367->15370 15371 4aa069f 15370->15371 15378 4aa43c0 15371->15378 15383 4aa43d0 15371->15383 15372 4aa07e2 15386 4aa5700 15372->15386 15391 4aa5710 15372->15391 15375 4aa0806 15375->15368 15379 4aa43cf 15378->15379 15380 4aa435c 15378->15380 15395 4aa4510 15379->15395 15380->15372 15381 4aa43ed 15381->15372 15384 4aa43ed 15383->15384 15385 4aa4510 5 API calls 15383->15385 15384->15372 15385->15384 15387 4aa570f 15386->15387 15388 4aa569c 15386->15388 15389 4aa571d 15387->15389 15441 4aa5788 15387->15441 15388->15375 15389->15375 15392 4aa5719 15391->15392 15393 4aa571d 15392->15393 15394 4aa5788 2 API calls 15392->15394 15393->15375 15394->15393 15396 4aa4544 15395->15396 15400 4aa45b8 15396->15400 15411 4aa45c8 15396->15411 15397 4aa4560 15397->15381 15401 4aa45c8 15400->15401 15421 4b002de 15401->15421 15425 4b002ab 15401->15425 15402 4aa45f9 15402->15397 15403 4aa45f5 15403->15402 15429 4b00390 15403->15429 15433 4b003ca 15403->15433 15405 4aa4620 15437 8ca372 15405->15437 15416 4b002ab RegOpenKeyExA 15411->15416 15417 4b002de RegOpenKeyExA 15411->15417 15412 4aa45f9 15412->15397 15413 4aa45f5 15413->15412 15418 4b00390 RegQueryValueExA 15413->15418 15419 4b003ca RegQueryValueExA 15413->15419 15414 4aa4685 15414->15397 15415 4aa4620 15420 8ca372 SetErrorMode 15415->15420 15416->15413 15417->15413 15418->15415 15419->15415 15420->15414 15424 4b00319 RegOpenKeyExA 15421->15424 15423 4b00362 15423->15403 15424->15423 15426 4b002de RegOpenKeyExA 15425->15426 15428 4b00362 15426->15428 15428->15403 15431 4b003ca RegQueryValueExA 15429->15431 15432 4b0046d 15431->15432 15432->15405 15435 4b00405 RegQueryValueExA 15433->15435 15436 4b0046d 15435->15436 15436->15405 15438 8ca39e SetErrorMode 15437->15438 15439 8ca3c7 15437->15439 15440 8ca3b3 15438->15440 15439->15438 15440->15397 15442 4aa57a0 15441->15442 15446 4b0104a 15442->15446 15450 4b0100f 15442->15450 15443 4aa57ba 15443->15389 15448 4b01085 DeleteFileA 15446->15448 15449 4b010c2 15448->15449 15449->15443 15451 4b0104a DeleteFileA 15450->15451 15453 4b010c2 15451->15453 15453->15443 15454 8ca546 15455 8ca5bc 15454->15455 15456 8ca584 DuplicateHandle 15454->15456 15455->15456 15457 8ca592 15456->15457 15458 8cb746 15459 8cb7bc 15458->15459 15460 8cb784 CreateIconFromResourceEx 15458->15460 15459->15460 15461 8cb792 15460->15461 15462 4b0157e 15463 4b015aa K32EnumProcesses 15462->15463 15465 4b015c6 15463->15465 15308 4b00ea6 15311 4b00edb GetFileType 15308->15311 15310 4b00f08 15311->15310 15312 4b02a26 15314 4b02a5b setsockopt 15312->15314 15315 4b02a95 15314->15315 15316 8caf9a 15317 8cafea GetUserNameW 15316->15317 15318 8caff8 15317->15318 15466 4b00f66 15469 4b00f9b WriteFile 15466->15469 15468 4b00fcd 15469->15468 15319 4b0012a 15321 4b00162 CreateMutexW 15319->15321 15322 4b001a5 15321->15322 15323 4b0112a 15324 4b01156 GetSystemInfo 15323->15324 15325 4b0118c 15323->15325 15326 4b01164 15324->15326 15325->15324 15327 4b02e2e 15328 4b02e7e FormatMessageW 15327->15328 15329 4b02e86 15328->15329 15474 8ca8ee 15475 8ca94b 15474->15475 15476 8ca920 SetWindowLongW 15474->15476 15475->15476 15477 8ca935 15476->15477 15478 4b014d2 15479 4b014fe FindCloseChangeNotification 15478->15479 15480 4b0153f 15478->15480 15481 4b0150c 15479->15481 15480->15479 15330 4b02c16 15332 4b02c4b WSASend 15330->15332 15333 4b02c8e 15332->15333 15482 4b02056 15484 4b0208e MapViewOfFile 15482->15484 15485 4b020dd 15484->15485 15334 4b01282 15335 4b012ab LookupPrivilegeValueW 15334->15335 15337 4b012d2 15335->15337 15338 4b01402 15341 4b01431 AdjustTokenPrivileges 15338->15341 15340 4b01453 15341->15340 15342 8cbe3e 15343 8cbe6a DispatchMessageW 15342->15343 15344 8cbe93 15342->15344 15345 8cbe7f 15343->15345 15344->15343 15486 4b01642 15487 4b016a2 15486->15487 15488 4b01677 NtQuerySystemInformation 15486->15488 15487->15488 15489 4b0168c 15488->15489 15490 4b025c2 15492 4b025f7 GetProcessTimes 15490->15492 15493 4b02629 15492->15493 15494 8cbb7e 15495 8cbbb3 PostMessageW 15494->15495 15497 8cbbe7 15494->15497 15496 8cbbc8 15495->15496 15497->15495 15346 8cab3a 15349 8cab6f RegQueryValueExW 15346->15349 15348 8cabc3 15349->15348 15350 4b02d0a 15351 4b02d3f WSARecv 15350->15351 15353 4b02d82 15351->15353 15498 4b018ca 15500 4b01902 WSASocketW 15498->15500 15501 4b0193e 15500->15501 15354 8caa32 15355 8caa6a RegOpenKeyExW 15354->15355 15357 8caac0 15355->15357 15358 4b00d8e 15359 4b00dc6 CreateFileW 15358->15359 15361 4b00e15 15359->15361 15502 4b00cce 15503 4b00cf4 CreateDirectoryW 15502->15503 15505 4b00d1b 15503->15505 15506 4b0284e 15508 4b02883 bind 15506->15508 15509 4b028b7 15508->15509

            Executed Functions

            Function 04AAAF18 Relevance: 2.2, Strings: 1, Instructions: 911COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: r
            • API String ID: 0-1812594589
            • Opcode ID: 4d326d03e39b8f708381f4920ac938b44de9f130f506daef95ac4a71a2be02d6
            • Instruction ID: b49a8f50cf3d2dfbb603f9b50884382b82dc011fbeb7716a2d10a309b1746312
            • Opcode Fuzzy Hash: 4d326d03e39b8f708381f4920ac938b44de9f130f506daef95ac4a71a2be02d6
            • Instruction Fuzzy Hash: 9A824774A00609CFCB14CF69C584AADFBB2FF88310F248669D51AAB651D734F991CFA4
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B027FC Relevance: 1.6, APIs: 1, Instructions: 93networkCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 784 4b027fc-4b0288b 789 4b02890-4b028a7 784->789 790 4b0288d 784->790 792 4b028a9-4b028c9 bind 789->792 793 4b028eb-4b028f0 789->793 790->789 796 4b028f2-4b028f7 792->796 797 4b028cb-4b028e8 792->797 793->792 796->797
            APIs
            • bind.WS2_32(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B028AF
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: bind
            • String ID:
            • API String ID: 1187836755-0
            • Opcode ID: 71ced3553fa6643381f6dcc7335e15b0ae91e29426698590f9d34eb7bac748df
            • Instruction ID: 76ee11dc5a3bb3fdeab5d45256a227ecf74a3b7ed7688f6faad94a1db0d32bee
            • Opcode Fuzzy Hash: 71ced3553fa6643381f6dcc7335e15b0ae91e29426698590f9d34eb7bac748df
            • Instruction Fuzzy Hash: 5431497540A7C05FD7238B218C55B56BFB8EF07214F1984DBE985DF1A3D229A808CB72
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B013CB Relevance: 1.6, APIs: 1, Instructions: 75COMMON
            Download Yara Rule
            APIs
            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 04B0144B
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: AdjustPrivilegesToken
            • String ID:
            • API String ID: 2874748243-0
            • Opcode ID: 3856321a4067243b380cfe05aa596440429af6818ecfdb58accd2568a47eae0b
            • Instruction ID: d4c646f5b89f0779ed20f70cd2511d6413bc91501ca7dc4e8431122358489408
            • Opcode Fuzzy Hash: 3856321a4067243b380cfe05aa596440429af6818ecfdb58accd2568a47eae0b
            • Instruction Fuzzy Hash: 9B21E2755093849FDB228F29DC40B96BFF4EF06310F0984DAE9848F1A3D275A818CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B02D0A Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
            Download Yara Rule
            APIs
            • WSARecv.WS2_32(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B02D7A
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: Recv
            • String ID:
            • API String ID: 4192927123-0
            • Opcode ID: 3bb1bde9bd54ac15ae23b1d33546fd4dc9c1cc79e47ef4ebb37584b2e7f5c71e
            • Instruction ID: acd0806e38658a3959684ef9d43ea253c852c5540d729f420524daa8a9679c42
            • Opcode Fuzzy Hash: 3bb1bde9bd54ac15ae23b1d33546fd4dc9c1cc79e47ef4ebb37584b2e7f5c71e
            • Instruction Fuzzy Hash: 4F11A271500604AFEB21CF61DC45FA6FBACEF08324F1489AAE9459B191D775E808DBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B01607 Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
            Download Yara Rule
            APIs
            • NtQuerySystemInformation.NTDLL ref: 04B0167D
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: InformationQuerySystem
            • String ID:
            • API String ID: 3562636166-0
            • Opcode ID: bc094f07c95a8f6cd867b26c975411725cd15504feee776650f34d508b9863f3
            • Instruction ID: b527c201081d2dfa64fd69e1f81b2c2e6e3d556d4c59725397dfb5453690b66b
            • Opcode Fuzzy Hash: bc094f07c95a8f6cd867b26c975411725cd15504feee776650f34d508b9863f3
            • Instruction Fuzzy Hash: 3E219F714097C09FDB228F21DC45A51FFB4EF16314F0984DBE9848B1A3D265A919DB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B0284E Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
            Download Yara Rule
            APIs
            • bind.WS2_32(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B028AF
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: bind
            • String ID:
            • API String ID: 1187836755-0
            • Opcode ID: 617527151a8b780c4e6d219d6428dc984a5bd4c5c5a22f4dc0606c2a0d295ff9
            • Instruction ID: 0e229b1dc0caa881bc133d0d77589407446c804b6ebfd50b6e261cd5b3d76bd8
            • Opcode Fuzzy Hash: 617527151a8b780c4e6d219d6428dc984a5bd4c5c5a22f4dc0606c2a0d295ff9
            • Instruction Fuzzy Hash: 19116075500704AFEB20CF65DC85BA6BBACEF04625F14C4AAED459B281D774A808CA71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B01402 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
            Download Yara Rule
            APIs
            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 04B0144B
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: AdjustPrivilegesToken
            • String ID:
            • API String ID: 2874748243-0
            • Opcode ID: 62968d7705c8663e0144a2622ec9b73b8d090fec7c3fb115c536a89791b3e5d4
            • Instruction ID: c29a11a8bf4f583ca7945016d02edb1854d15ec212d0d18777bac16cc9d75b01
            • Opcode Fuzzy Hash: 62968d7705c8663e0144a2622ec9b73b8d090fec7c3fb115c536a89791b3e5d4
            • Instruction Fuzzy Hash: 6611A0315002049FDB24CF69D885B6AFFE4EF04321F08C4AAED458B6A2D736E418DF62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CAF9A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
            Download Yara Rule
            APIs
            • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 008CAFEA
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: NameUser
            • String ID:
            • API String ID: 2645101109-0
            • Opcode ID: 2aac7443f1e5227cbd39ddada26ba956e0fa0ed0b90387f4d1586b66ea187688
            • Instruction ID: 5745c96b49386d19b235c14cf493a597d765799c19ad7a639f78797ee3e5caea
            • Opcode Fuzzy Hash: 2aac7443f1e5227cbd39ddada26ba956e0fa0ed0b90387f4d1586b66ea187688
            • Instruction Fuzzy Hash: 9E01A275540200ABD310DF1ADC82B26FBF8FB88A20F14855AED085B741D335F515CBE5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B0112A Relevance: 1.5, APIs: 1, Instructions: 39COMMON
            Download Yara Rule
            APIs
            • GetSystemInfo.KERNELBASE(?), ref: 04B0115C
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: InfoSystem
            • String ID:
            • API String ID: 31276548-0
            • Opcode ID: ebc2754561f9d6f4761bc327dd24c60bc43680ad64e0da43dfcd6e7037f90aaa
            • Instruction ID: 3a685309a9ebdadb643f2367a5bb8ab7bb33c198592f479c36d53c6ad16b4a9d
            • Opcode Fuzzy Hash: ebc2754561f9d6f4761bc327dd24c60bc43680ad64e0da43dfcd6e7037f90aaa
            • Instruction Fuzzy Hash: 6101AD709002409FDB14CF69D889765FFA4EF04325F18C4EADD088F286D77AA418DAA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B01642 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
            Download Yara Rule
            APIs
            • NtQuerySystemInformation.NTDLL ref: 04B0167D
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: InformationQuerySystem
            • String ID:
            • API String ID: 3562636166-0
            • Opcode ID: 32e1bf80d498f362a3e51f322e5df3db5d2ad6f1ebaa2bdb5d357f2d6ceba255
            • Instruction ID: c7c07960aa8a4b0433fb091de147bda29caef99e02780ff6081aec4ed74baa45
            • Opcode Fuzzy Hash: 32e1bf80d498f362a3e51f322e5df3db5d2ad6f1ebaa2bdb5d357f2d6ceba255
            • Instruction Fuzzy Hash: 31018B359002009FDB208F59DC85B65FFA4EF08325F18C4DAED894B656D776A818DF72
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA8648 Relevance: .5, Instructions: 505COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d4460d1d01b932cd8f929333eb0fee738852f717c081590bd48bdae10b06a16a
            • Instruction ID: deb08f04a4a2cab33cfaaa7527ac39e22de6b212803cc51a3e3eda724e4d2f30
            • Opcode Fuzzy Hash: d4460d1d01b932cd8f929333eb0fee738852f717c081590bd48bdae10b06a16a
            • Instruction Fuzzy Hash: 8C12A671A04215CFDB28EF39C58466DBBF2FF88304F54892ED416AB294EB3DA855CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA23A0 Relevance: .5, Instructions: 505COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cc20f584b47c3f1ae5998b2059d976e18e714961f9c86d041d01865c382788e5
            • Instruction ID: 151d1c99b6e0053485934aa38cdd3a03b2beb0ebc54afdec47da83ccf0988179
            • Opcode Fuzzy Hash: cc20f584b47c3f1ae5998b2059d976e18e714961f9c86d041d01865c382788e5
            • Instruction Fuzzy Hash: BA12BC32A05215CFDB24DF29C9807ADB7F2FB88305F1481AAD416EB355EB34A965CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA9248 Relevance: .2, Instructions: 239COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5f949c29ddbcde6532169dafe84eb920d2506aa3b53f9f021ef7a60846089538
            • Instruction ID: fc15df79083087483af5a6fee7a3d6a8eed33f601d76c1468a341d234329e782
            • Opcode Fuzzy Hash: 5f949c29ddbcde6532169dafe84eb920d2506aa3b53f9f021ef7a60846089538
            • Instruction Fuzzy Hash: B5819D72F011158BD714DB69C881AAEB7F7AFC8314F2A8479E409EB365DF35AC118B90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA2FA8 Relevance: .2, Instructions: 239COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0369facc6b4a3b724bffe34a58324d836332857c668b7603fd2c201e5dd6ca58
            • Instruction ID: 3866c3b7f60baab012db5e540ad75b5a35c4e3809723f8429fe11125f40b05bb
            • Opcode Fuzzy Hash: 0369facc6b4a3b724bffe34a58324d836332857c668b7603fd2c201e5dd6ca58
            • Instruction Fuzzy Hash: 7B817D32F011159BDB14DB69C845A6EB7F3AFC8314F2A80B9E816EB355DF35AC118B90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA930F Relevance: .2, Instructions: 179COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: abf407a8a9ee76559d0809a0865dc1e6b61fde49d92ba998fe79bfa89b61c695
            • Instruction ID: 80b90b353d935115a0b34355ad69a8d4da39ee13345c635539227dec89eb5aa6
            • Opcode Fuzzy Hash: abf407a8a9ee76559d0809a0865dc1e6b61fde49d92ba998fe79bfa89b61c695
            • Instruction Fuzzy Hash: A6514D72F015158BD714DB69C891B9EB7F3AFC8214F2A84A8E419EB365DF34ED018B90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA80F0 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 10bc47c7f6472f758686b836ffddf3341bab3742e83cc4339c04dadf0b0598d7
            • Instruction ID: 277f6030ac0fbf17f2a430377532aa626c0c0008c2a3231eb55375d740e4b899
            • Opcode Fuzzy Hash: 10bc47c7f6472f758686b836ffddf3341bab3742e83cc4339c04dadf0b0598d7
            • Instruction Fuzzy Hash: 29019E3090A244DFC714EF74E58C669BBB0FB4B301F0099DBC446AB696CB345944DF50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA09A9 Relevance: 5.2, Strings: 4, Instructions: 174COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 0 4aa09a9-4aa09dc 50 4aa09de call 4aa0c68 0->50 51 4aa09de call 4aa0baf 0->51 52 4aa09de call 4aa0bc0 0->52 5 4aa09e4-4aa09ef 53 4aa09f5 call 4aa1218 5->53 54 4aa09f5 call 26405f6 5->54 55 4aa09f5 call 4aa1209 5->55 56 4aa09f5 call 4aa11df 5->56 57 4aa09f5 call 26405cf 5->57 7 4aa09fb-4aa0a2c 58 4aa0a2e call 4aa1b4b 7->58 59 4aa0a2e call 4aa1a89 7->59 60 4aa0a2e call 4aa1e4e 7->60 61 4aa0a2e call 4aa1c6f 7->61 62 4aa0a2e call 4aa1d8c 7->62 63 4aa0a2e call 4aa1f4c 7->63 64 4aa0a2e call 4aa1a22 7->64 65 4aa0a2e call 4aa12a0 7->65 66 4aa0a2e call 26405cf 7->66 67 4aa0a2e call 4aa1ae4 7->67 68 4aa0a2e call 4aa1ce5 7->68 69 4aa0a2e call 4aa1458 7->69 70 4aa0a2e call 26405f6 7->70 71 4aa0a2e call 4aa1291 7->71 72 4aa0a2e call 4aa1c14 7->72 73 4aa0a2e call 4aa1bb5 7->73 11 4aa0a34-4aa0a46 12 4aa0a4c-4aa0a56 11->12 13 4aa0b00-4aa0b28 11->13 14 4aa0a58-4aa0a5a 12->14 15 4aa0a64-4aa0a92 12->15 80 4aa0b2a call 26405f6 13->80 81 4aa0b2a call 26405cf 13->81 14->15 15->13 21 4aa0a94-4aa0a9e 15->21 18 4aa0b2f-4aa0b39 25 4aa0b3f-4aa0b55 18->25 26 4aa0b37-4aa0b3d 18->26 23 4aa0aac-4aa0ace 21->23 24 4aa0aa0-4aa0aa2 21->24 74 4aa0ad0 call 26405f6 23->74 75 4aa0ad0 call 26405cf 23->75 24->23 34 4aa0b5b-4aa0b6e 25->34 35 4aa0b53-4aa0b59 25->35 28 4aa0ba7-4aa0bac 26->28 42 4aa0b6c-4aa0b72 34->42 43 4aa0b74-4aa0b81 34->43 35->28 36 4aa0ad6 76 4aa0ad9 call 4aa3b6b 36->76 77 4aa0ad9 call 26405f6 36->77 78 4aa0ad9 call 26405cf 36->78 79 4aa0ad9 call 4aa3bc4 36->79 39 4aa0adf-4aa0aeb 42->28 46 4aa0b83-4aa0b85 43->46 47 4aa0b87-4aa0b89 43->47 46->28 48 4aa0b93-4aa0ba5 47->48 48->28 50->5 51->5 52->5 53->7 54->7 55->7 56->7 57->7 58->11 59->11 60->11 61->11 62->11 63->11 64->11 65->11 66->11 67->11 68->11 69->11 70->11 71->11 72->11 73->11 74->36 75->36 76->39 77->39 78->39 79->39 80->18 81->18
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: X1Mk$X1Mk$X1Mk$X1Mk
            • API String ID: 0-760839410
            • Opcode ID: 1d4bf3280486003e1d8969a50d6d542ffaeb22b79c341fcf03a22e2f12dd2861
            • Instruction ID: f6f972d727eef37983153e94aadf5a944b74fb79a5f97f3baf574268156e5a7f
            • Opcode Fuzzy Hash: 1d4bf3280486003e1d8969a50d6d542ffaeb22b79c341fcf03a22e2f12dd2861
            • Instruction Fuzzy Hash: 4D51BF31B08145DFCB149F68C995A6EB7F2FB84348F10856AE502DB3A1DB30AC15CB81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0C41 Relevance: 2.7, Strings: 2, Instructions: 199COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 82 5ea0c41-5ea0c4d 83 5ea0c4f-5ea0c78 82->83 84 5ea0bdc-5ea0be0 82->84 85 5ea0c7e-5ea0cdc 83->85 86 5ea0db6-5ea0dbd 83->86 88 5ea0b1b-5ea0b22 84->88 89 5ea0b13 84->89 100 5ea0d3c-5ea0d45 85->100 90 5ea0b3c-5ea0b43 88->90 91 5ea0b24-5ea0b35 88->91 130 5ea0b15 call 5ea0d01 89->130 131 5ea0b15 call 5ea0c41 89->131 93 5ea0b49-5ea0b55 90->93 94 5ea0c10-5ea0c30 90->94 91->90 97 5ea0b8e-5ea0bcb 93->97 98 5ea0b57-5ea0b87 93->98 116 5ea0c37-5ea0c3e 94->116 99 5ea0bf2-5ea0c01 97->99 98->97 114 5ea0c03-5ea0c09 99->114 115 5ea0be5-5ea0beb 99->115 102 5ea0d6b-5ea0d74 100->102 103 5ea0d47-5ea0d4d 100->103 105 5ea0d80-5ea0d8f 102->105 106 5ea0d76 102->106 103->102 107 5ea0d4f-5ea0d58 103->107 113 5ea0d91-5ea0d93 105->113 106->105 111 5ea0d5a-5ea0d69 107->111 112 5ea0dae 107->112 111->113 120 5ea0db3-5ea0db4 112->120 118 5ea0d99-5ea0dac 113->118 119 5ea0cde-5ea0cee 113->119 114->94 115->99 117 5ea0bed call 5ea0908 115->117 117->99 118->120 125 5ea0ce9 119->125 126 5ea0cf0-5ea0cf7 119->126 120->86 125->100 128 5ea0cf9 call 5ea0dd8 126->128 129 5ea0cf9 call 5ea0dc7 126->129 127 5ea0cff 127->100 128->127 129->127 130->88 131->88
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: X1Mk$lKk
            • API String ID: 0-598582023
            • Opcode ID: 5fe630e69d4768d819431815ac0124afb6ed68fa15fea3f677905572c913491b
            • Instruction ID: 4500fe0c0f91cb97fec143b499e062678b00b16784f1411f5a2ceeb2889e9ba6
            • Opcode Fuzzy Hash: 5fe630e69d4768d819431815ac0124afb6ed68fa15fea3f677905572c913491b
            • Instruction Fuzzy Hash: 1B717D76A042089FDB14CFB8C084AADBBF2FF49308F14856AD456AF351DB31A846CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA02E8 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 132 4aa02e8-4aa0316 133 4aa032a-4aa0337 132->133 134 4aa0318-4aa0324 132->134 137 4aa0339-4aa0353 133->137 138 4aa03a5-4aa03d0 133->138 134->133 139 4aa0506-4aa0510 134->139 143 4aa0357 137->143 144 4aa0355 137->144 152 4aa0373-4aa038a 138->152 140 4aa0511-4aa051b 139->140 145 4aa035a-4aa036d 143->145 144->145 151 4aa051c-4aa0575 145->151 145->152 169 4aa0577-4aa05b5 151->169 170 4aa0504 151->170 155 4aa038e 152->155 156 4aa038c 152->156 157 4aa0391-4aa03dc 155->157 156->157 164 4aa03de-4aa03e5 157->164 165 4aa03ef 157->165 164->165 167 4aa03f6-4aa0413 165->167 172 4aa03f8-4aa040b 167->172 173 4aa04c2-4aa04df 167->173 170->140 172->173 177 4aa04e3 173->177 178 4aa04e1 173->178 179 4aa04e6-4aa04fb 177->179 178->179 179->170
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: :@&k$`5Mk
            • API String ID: 0-145080084
            • Opcode ID: d2c9693a678b91f9d02d353786b26951e46d649637d9e55dd08c02b0dc0ae700
            • Instruction ID: d18a57c557c173e280267165a37deb81d656dd5c0b2e73e89433d0e6659c533a
            • Opcode Fuzzy Hash: d2c9693a678b91f9d02d353786b26951e46d649637d9e55dd08c02b0dc0ae700
            • Instruction Fuzzy Hash: 35618134B092059FCB08DF68C4606AD77F2EF89344F2484AED506EB362EB35AC15DB52
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0A58 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 183 5ea0a58-5ea0a95 186 5ea0b0b-5ea0b11 183->186 187 5ea0a8e-5ea0ac9 183->187 188 5ea0b1b-5ea0b22 186->188 189 5ea0b13 186->189 212 5ea0acb-5ea0ae3 187->212 213 5ea0ae5-5ea0afe 187->213 191 5ea0b3c-5ea0b43 188->191 192 5ea0b24-5ea0b35 188->192 221 5ea0b15 call 5ea0d01 189->221 222 5ea0b15 call 5ea0c41 189->222 194 5ea0b49-5ea0b55 191->194 195 5ea0c10-5ea0c30 191->195 192->191 199 5ea0b8e-5ea0bcb 194->199 200 5ea0b57-5ea0b87 194->200 214 5ea0c37-5ea0c3e 195->214 201 5ea0bf2-5ea0c01 199->201 200->199 209 5ea0c03-5ea0c09 201->209 210 5ea0be5-5ea0beb 201->210 209->195 210->201 215 5ea0bed call 5ea0908 210->215 217 5ea0b00-5ea0b09 212->217 213->217 215->201 217->186 221->188 222->188
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: X1Mk$lKk
            • API String ID: 0-598582023
            • Opcode ID: 7aa9cfbe74de4d488d97b94e611427c48db0e3dc98173e66e5ab1ebb77163ff3
            • Instruction ID: 82ccfb6cad9cc6e49b32fa5171c09f0f60cca8a1c71057e3c4b1bd620c3d8874
            • Opcode Fuzzy Hash: 7aa9cfbe74de4d488d97b94e611427c48db0e3dc98173e66e5ab1ebb77163ff3
            • Instruction Fuzzy Hash: E2516E31E05209DFDB14DBB8D558AAEBBB3FB88308F10856EC4469F355EB34A945CB81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA8FF8 Relevance: 2.6, Strings: 2, Instructions: 126COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 223 4aa8ff8-4aa902a 227 4aa902c 223->227 228 4aa9031 call 4aa9160 223->228 229 4aa913d-4aa9144 227->229 230 4aa9037-4aa9039 228->230 231 4aa903b 230->231 232 4aa9040-4aa90b3 230->232 231->229 236 4aa905f-4aa9069 232->236 237 4aa9147-4aa915e 232->237 236->237 238 4aa906f-4aa9079 236->238 238->237 239 4aa907f-4aa9089 238->239 239->237 241 4aa908f-4aa90c2 239->241 250 4aa9116-4aa911a 241->250 251 4aa911c 250->251 252 4aa90c4-4aa90d9 250->252 254 4aa911e-4aa9120 251->254 252->237 253 4aa90db-4aa9107 252->253 253->237 255 4aa9109-4aa9113 253->255 254->237 256 4aa9122-4aa912c 254->256 255->250 256->254 257 4aa912e-4aa913a 256->257 257->229
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: $>_+k
            • API String ID: 0-1496026871
            • Opcode ID: b20c5b0608fb325c1c5d918ca8f985ae77d3c3740919af3e749aff368611afdc
            • Instruction ID: f6987a7a2c19478642dd5de787b0c9655f2a23fa5a45f04ecbadb5dd64d7faa6
            • Opcode Fuzzy Hash: b20c5b0608fb325c1c5d918ca8f985ae77d3c3740919af3e749aff368611afdc
            • Instruction Fuzzy Hash: 0541E2B0F09105CFDB10CF69C8885AFBBB6EBC5254B29CC6AC5119B645D736F812CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0BCD Relevance: 2.6, Strings: 2, Instructions: 86COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 259 5ea0bcd-5ea0bd4 260 5ea0b0b-5ea0b11 259->260 261 5ea0bf2-5ea0c01 259->261 262 5ea0b1b-5ea0b22 260->262 263 5ea0b13 260->263 267 5ea0c03-5ea0c09 261->267 268 5ea0be5-5ea0beb 261->268 264 5ea0b3c-5ea0b43 262->264 265 5ea0b24-5ea0b35 262->265 281 5ea0b15 call 5ea0d01 263->281 282 5ea0b15 call 5ea0c41 263->282 269 5ea0b49-5ea0b55 264->269 270 5ea0c10-5ea0c30 264->270 265->264 267->270 268->261 271 5ea0bed call 5ea0908 268->271 273 5ea0b8e-5ea0bcb 269->273 274 5ea0b57-5ea0b87 269->274 279 5ea0c37-5ea0c3e 270->279 271->261 273->261 274->273 281->262 282->262
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: X1Mk$lKk
            • API String ID: 0-598582023
            • Opcode ID: fd499e8c4ceb72683094faa87d1af69aebff4538f3aa55358298e11b4fe4c3b9
            • Instruction ID: fcc09825b11b0fa77174ec4d8e173b34e6e7c78b4138b623c1100768bfe99c57
            • Opcode Fuzzy Hash: fd499e8c4ceb72683094faa87d1af69aebff4538f3aa55358298e11b4fe4c3b9
            • Instruction Fuzzy Hash: E531A231A052059FEB14DBB9C1547ADB7E3FB89308F54856EC0569F385DF34A905CB81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0BD9 Relevance: 2.6, Strings: 2, Instructions: 86COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 283 5ea0bd9-5ea0be0 284 5ea0b0b-5ea0b11 283->284 285 5ea0bf2-5ea0c01 283->285 286 5ea0b1b-5ea0b22 284->286 287 5ea0b13 284->287 291 5ea0c03-5ea0c09 285->291 292 5ea0be5-5ea0beb 285->292 288 5ea0b3c-5ea0b43 286->288 289 5ea0b24-5ea0b35 286->289 305 5ea0b15 call 5ea0d01 287->305 306 5ea0b15 call 5ea0c41 287->306 293 5ea0b49-5ea0b55 288->293 294 5ea0c10-5ea0c30 288->294 289->288 291->294 292->285 295 5ea0bed call 5ea0908 292->295 297 5ea0b8e-5ea0bcb 293->297 298 5ea0b57-5ea0b87 293->298 303 5ea0c37-5ea0c3e 294->303 295->285 297->285 298->297 305->286 306->286
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: X1Mk$lKk
            • API String ID: 0-598582023
            • Opcode ID: fd499e8c4ceb72683094faa87d1af69aebff4538f3aa55358298e11b4fe4c3b9
            • Instruction ID: fcc09825b11b0fa77174ec4d8e173b34e6e7c78b4138b623c1100768bfe99c57
            • Opcode Fuzzy Hash: fd499e8c4ceb72683094faa87d1af69aebff4538f3aa55358298e11b4fe4c3b9
            • Instruction Fuzzy Hash: E531A231A052059FEB14DBB9C1547ADB7E3FB89308F54856EC0569F385DF34A905CB81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA5AA0 Relevance: 2.5, Strings: 2, Instructions: 26COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 307 4aa5aa0-4aa5abc 310 4aa5abe-4aa5ade 307->310 311 4aa5ae5-4aa5ae7 307->311 310->311
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: lKk$-SRk^
            • API String ID: 0-1340193742
            • Opcode ID: fae462b804ccbf7f554b1db487441e4a558384eb33ed3c57fe79af63648b1fe0
            • Instruction ID: c43a5e1f0c5fec2fcb7b3f5ffe781cea3ae22eb590b11628c2f6f11b512d3c3c
            • Opcode Fuzzy Hash: fae462b804ccbf7f554b1db487441e4a558384eb33ed3c57fe79af63648b1fe0
            • Instruction Fuzzy Hash: CCE0682074A3142FC30657754C14A2D3719AE8320934440EBD181CF242EF148804C3DB
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA5AB0 Relevance: 2.5, Strings: 2, Instructions: 20COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 314 4aa5ab0-4aa5abc 316 4aa5abe-4aa5ade 314->316 317 4aa5ae5-4aa5ae7 314->317 316->317
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: lKk$-SRk^
            • API String ID: 0-1340193742
            • Opcode ID: 4b35ff07483a22eb4a4632b46aae02948ed19248697ab0b7b06bbc5169fbb995
            • Instruction ID: 832a4396414e7f0fd1793686820ecfd0c48ec5e2e75aea82bdeee60398303466
            • Opcode Fuzzy Hash: 4b35ff07483a22eb4a4632b46aae02948ed19248697ab0b7b06bbc5169fbb995
            • Instruction Fuzzy Hash: 9ED05E20B82628275614667A5801E3E334EAB8169634045AEE506CA340DF19980183EA
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA12A0 Relevance: 1.7, Strings: 1, Instructions: 460COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 526 4aa12a0-4aa13f8 543 4aa139f-4aa140e 526->543 544 4aa1394-4aa139a 526->544 550 4aa1587-4aa15ba 543->550 551 4aa13d7-4aa154d 543->551 544->543 558 4aa1fac-4aa1fdc 550->558 559 4aa15c0-4aa15f4 550->559 551->550 564 4aa15f9-4aa160a 558->564 565 4aa1fe2-4aa1fe4 558->565 559->558 564->558 569 4aa1610 564->569 565->564 566 4aa1fea-4aa203b 565->566 640 4aa203c 566->640 570 4aa19ba-4aa19ea 569->570 571 4aa181b-4aa184a 569->571 572 4aa1669-4aa1698 569->572 573 4aa18e9-4aa191b 569->573 574 4aa1722-4aa174e 569->574 575 4aa1882-4aa18b1 569->575 576 4aa1953-4aa1982 569->576 577 4aa1617-4aa1642 569->577 578 4aa16c4-4aa16e8 569->578 579 4aa17c4-4aa17f4 569->579 580 4aa1775-4aa179d 569->580 606 4aa19ec-4aa19f0 570->606 607 4aa19f7-4aa1a1d 570->607 618 4aa184c-4aa1850 571->618 619 4aa1857-4aa187d 571->619 614 4aa169a-4aa169e 572->614 615 4aa16a5-4aa16bf 572->615 622 4aa1928-4aa194e 573->622 623 4aa191d-4aa1921 573->623 620 4aa175b-4aa1770 574->620 621 4aa1750-4aa1754 574->621 610 4aa18be-4aa18e4 575->610 611 4aa18b3-4aa18b7 575->611 616 4aa198f-4aa19b5 576->616 617 4aa1984-4aa1988 576->617 624 4aa164f-4aa1664 577->624 625 4aa1644-4aa1648 577->625 595 4aa16f0-4aa16fb 578->595 626 4aa1801-4aa1816 579->626 627 4aa17f6-4aa17fa 579->627 612 4aa17aa-4aa17bf 580->612 613 4aa179f-4aa17a3 580->613 608 4aa1708-4aa171d 595->608 609 4aa16fd-4aa1701 595->609 606->607 607->558 608->558 609->608 610->558 611->610 612->558 613->612 614->615 615->558 616->558 617->616 618->619 619->558 620->558 621->620 622->558 623->622 624->558 625->624 626->558 627->626 640->640
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: $gJk
            • API String ID: 0-2474255759
            • Opcode ID: 29b93a18f7f99d3b8c46afdf98099d15c31630b33c6367a13c9eda54dc912639
            • Instruction ID: c9f1057931257d3e99261d6591a7b85f2bc133a514a90f882827844c9d494c78
            • Opcode Fuzzy Hash: 29b93a18f7f99d3b8c46afdf98099d15c31630b33c6367a13c9eda54dc912639
            • Instruction Fuzzy Hash: 4422F134A04605CFCB24DF28C490A6AB7F2FF48354F1485AAD85A9B756DB34BC85CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA3B6B Relevance: 1.7, Strings: 1, Instructions: 429COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 641 4aa3b6b-4aa3b7c 643 4aa3b7e-4aa3b90 641->643 644 4aa3bc7-4aa3bd2 641->644 647 4aa3b97-4aa3bdf 643->647 644->643 652 4aa3d16-4aa3d1c 647->652 653 4aa3d22-4aa3d29 652->653 654 4aa3be1-4aa3bf1 652->654 655 4aa3d2a-4aa3d30 654->655 656 4aa3bf7-4aa3c01 654->656 661 4aa3d32-4aa3d3d 655->661 662 4aa3d84-4aa3d8f 655->662 657 4aa3c0f-4aa3c20 656->657 658 4aa3c03-4aa3c05 656->658 657->655 660 4aa3c26-4aa3c30 657->660 658->657 663 4aa3c3e-4aa3c4e 660->663 664 4aa3c32-4aa3c34 660->664 668 4aa3d3f-4aa3d51 661->668 669 4aa3ccc-4aa3d12 661->669 665 4aa3f6d-4aa3f85 662->665 666 4aa3d95-4aa3d9e 662->666 663->655 667 4aa3c54-4aa3c5a 663->667 664->663 684 4aa3f87-4aa3f9d 665->684 685 4aa3f14-4aa3f2a 665->685 670 4aa3e71-4aa3e75 666->670 671 4aa3da4-4aa3dad 666->671 672 4aa3c5c-4aa3c62 667->672 673 4aa3c74-4aa3c80 667->673 674 4aa3d5d-4aa3d83 668->674 675 4aa3d53-4aa3d55 668->675 669->652 680 4aa3e9b-4aa3ea4 670->680 681 4aa3e77-4aa3e83 670->681 671->665 676 4aa3db3-4aa3dbc 671->676 677 4aa3c66-4aa3c72 672->677 678 4aa3c64 672->678 673->655 682 4aa3c86-4aa3cc9 673->682 674->662 675->674 686 4aa3e4d-4aa3e56 676->686 687 4aa3dc2-4aa3dce 676->687 677->673 678->673 689 4aa3ebc-4aa3ec2 680->689 690 4aa3ea6-4aa3eb9 680->690 681->665 688 4aa3e89-4aa3e99 681->688 682->669 706 4aa3fa7-4aa3fb9 684->706 685->665 699 4aa3f2c-4aa3f57 685->699 686->665 693 4aa3e5c-4aa3e6b 686->693 687->665 694 4aa3dd4-4aa3dff 687->694 696 4aa3ec5-4aa3ece 688->696 689->696 690->689 693->670 693->671 694->686 708 4aa3e01-4aa3e08 694->708 696->665 701 4aa3ed4-4aa3ee6 696->701 699->665 724 4aa3f59-4aa3f60 699->724 701->665 704 4aa3eec-4aa3efc 701->704 704->665 705 4aa3efe-4aa3f0e 704->705 705->665 709 4aa3f10-4aa3f13 705->709 717 4aa3fbb 706->717 718 4aa3fcf-4aa3ff0 706->718 710 4aa3e0a 708->710 711 4aa3e14-4aa3e1d 708->711 709->685 710->711 711->665 715 4aa3e23-4aa3e48 711->715 727 4aa3f63-4aa3f6a 715->727 719 4aa3fbe-4aa3fc0 717->719 722 4aa3fc2-4aa3fcd 719->722 723 4aa3ff1-4aa4005 719->723 722->718 722->719 730 4aa4007-4aa402c 723->730 731 4aa3f94-4aa3f9d 723->731 724->727 734 4aa402e 730->734 735 4aa4033-4aa403a 730->735 731->706 736 4aa40c1-4aa40c8 734->736 738 4aa403c 735->738 739 4aa4043-4aa408f call 4aa23a0 735->739 738->739 739->736
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: >_+k
            • API String ID: 0-4198530234
            • Opcode ID: 1fb5607fc8f3eeed0d98beee0e65f06b542108ef25684dd841e7a9aaba17b988
            • Instruction ID: 7992c79431d50a4be1e6ee00674fc0f109cee7049908e6aaabb616dec9f95253
            • Opcode Fuzzy Hash: 1fb5607fc8f3eeed0d98beee0e65f06b542108ef25684dd841e7a9aaba17b988
            • Instruction Fuzzy Hash: 65F17D71A00205CFCF11CF68C8859A9FBF2FF89314719899AE9099F266D730ED65CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B01788 Relevance: 1.6, APIs: 1, Instructions: 122networkCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 749 4b01788-4b017d7 750 4b017f9-4b01886 DnsQuery_A 749->750 751 4b017d9-4b017f8 749->751 756 4b0188c-4b018a2 750->756 751->750
            APIs
            • DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 04B0187E
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: Query_
            • String ID:
            • API String ID: 428220571-0
            • Opcode ID: 936da86262cf3f957b6bd013a199b49543862177aae3919dd15fcf8b3b18cf2a
            • Instruction ID: f44261dcd02710468fdc7ab7cf8e0b66c17682777848a8cc0341b80c3c16142e
            • Opcode Fuzzy Hash: 936da86262cf3f957b6bd013a199b49543862177aae3919dd15fcf8b3b18cf2a
            • Instruction Fuzzy Hash: 3F41226500E3C06FD3138B358C61A61BF74EF47614B1E85CBE884CF5A3D229691AD7B2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B00736 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 757 4b00736-4b007d8 763 4b00825-4b0082a 757->763 764 4b007da-4b007e2 GetTokenInformation 757->764 763->764 766 4b007e8-4b007fa 764->766 767 4b0082c-4b00831 766->767 768 4b007fc-4b00822 766->768 767->768
            APIs
            • GetTokenInformation.KERNELBASE(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B007E0
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: InformationToken
            • String ID:
            • API String ID: 4114910276-0
            • Opcode ID: 9b6ee8c826fb39d824ab0f1a0980ffd881895f567c60cdaea133655c55accf14
            • Instruction ID: a02a27580ea6affa6f3f1964914efbaf9ab04573e48c9ce0c776cc7199475468
            • Opcode Fuzzy Hash: 9b6ee8c826fb39d824ab0f1a0980ffd881895f567c60cdaea133655c55accf14
            • Instruction Fuzzy Hash: A531B371509784AFEB228F30DC45FA6BFB8EF06310F1984DAE9859B193D624A508C7B1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B00390 Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 771 4b00390-4b00456 776 4b00458-4b0046b RegQueryValueExA 771->776 777 4b0049b-4b004a0 771->777 778 4b004a2-4b004a7 776->778 779 4b0046d-4b00498 776->779 777->776 778->779
            APIs
            • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 04B0045E
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: b1b2259aff52f9b2a0ac35b774274416d3ae7aa54628a9577104b16d0b24317a
            • Instruction ID: d7dbc7f3558d23bb82bf01087b400e3696a4ae7e1f4d252a55f493f24816d811
            • Opcode Fuzzy Hash: b1b2259aff52f9b2a0ac35b774274416d3ae7aa54628a9577104b16d0b24317a
            • Instruction Fuzzy Hash: BF31D571004744AFE7228F21DC41FA6FFB8EF06314F1489DEE9858B192D3A5A949CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B00D68 Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
            Download Yara Rule
            APIs
            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 04B00E0D
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: CreateFile
            • String ID:
            • API String ID: 823142352-0
            • Opcode ID: 3406c1b11bea0fb477f789761cda986d4458a84b6a04cdd78480cf07aea1fd3d
            • Instruction ID: 7147893a24e294c6c3bc7b578d199bad1f00b9aff0c6b40338294ee60bb52d26
            • Opcode Fuzzy Hash: 3406c1b11bea0fb477f789761cda986d4458a84b6a04cdd78480cf07aea1fd3d
            • Instruction Fuzzy Hash: 9A319E71504380AFE722CF25DC45F66BFE8EF09610F0888AEE9858B292D365F408CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CAA02 Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
            Download Yara Rule
            APIs
            • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 008CAAB1
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: Open
            • String ID:
            • API String ID: 71445658-0
            • Opcode ID: 7591ee05b467932fb43541926ee322da07c5fa82e220e163a3b326ccd3d5bae3
            • Instruction ID: eeea5db4d1785017961df007c564a8f9186f9e3f0009226191aee6e6f9bc0e64
            • Opcode Fuzzy Hash: 7591ee05b467932fb43541926ee322da07c5fa82e220e163a3b326ccd3d5bae3
            • Instruction Fuzzy Hash: EC31A4725047846FE7228B21CC45FA7BFBCEF05710F04889EED819B152D264E849C771
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B000F6 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
            Download Yara Rule
            APIs
            • CreateMutexW.KERNELBASE(?,?), ref: 04B0019D
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: CreateMutex
            • String ID:
            • API String ID: 1964310414-0
            • Opcode ID: eba2e6ce8ff80fda62cd57d063049bfabe268a5c5444ce46cff185d22cfd0df8
            • Instruction ID: e982736ae1f06ee29ada483203e0bf9cf55bcf8ab4d9cad9ac085fcbe97b2a8b
            • Opcode Fuzzy Hash: eba2e6ce8ff80fda62cd57d063049bfabe268a5c5444ce46cff185d22cfd0df8
            • Instruction Fuzzy Hash: 0631ADB1509780AFE722CF25DC85B56BFF8EF06210F0884DAE945CB292D375A908CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CAAF9 Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 008CABB4
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: 77f84fada7976228dd853d9745b6bc985093bb953dd471db1f15e352577a9291
            • Instruction ID: 1ba52785538131d7918a0fc988bf0dcbe0f0cd0b7db809fc2954eaa034c49d82
            • Opcode Fuzzy Hash: 77f84fada7976228dd853d9745b6bc985093bb953dd471db1f15e352577a9291
            • Instruction Fuzzy Hash: FC31B1715097846FD722CB21CC45FA2BFBCEF06324F18849EE985CB192D264E848CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B029E7 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
            Download Yara Rule
            APIs
            • setsockopt.WS2_32(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B02A8D
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: setsockopt
            • String ID:
            • API String ID: 3981526788-0
            • Opcode ID: 501a3d4f51f4fffd352785112c422735902e70f0203950a07cc25f093cecd725
            • Instruction ID: d0e160825894462dac47501e67a72c98705308cc4b0ff370e13806ec8a3d81ba
            • Opcode Fuzzy Hash: 501a3d4f51f4fffd352785112c422735902e70f0203950a07cc25f093cecd725
            • Instruction Fuzzy Hash: 9C31BF71409780AFDB22CF21DC55F96BFB8EF06310F1884DAE9859B1A3D325A909C772
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B004AB Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B0055C
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: 5c3359baede301335e2c457773220864581b54e208c10624c49710441a3cfc43
            • Instruction ID: 03d4c73482680f061d327290f7107875577dd63b5aeb97adcd2675e18b4a2afd
            • Opcode Fuzzy Hash: 5c3359baede301335e2c457773220864581b54e208c10624c49710441a3cfc43
            • Instruction Fuzzy Hash: 9A3180715097806FD722CB25DC85B92BFF8EF0B210F0984DAE9859B1A2D365E808CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B02BF1 Relevance: 1.6, APIs: 1, Instructions: 80networkCOMMON
            Download Yara Rule
            APIs
            • WSASend.WS2_32(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B02C86
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: Send
            • String ID:
            • API String ID: 121738739-0
            • Opcode ID: 6502743dc930c8b8fe7acff62593e42f0d061631f5cf272c2764bb8919f8e970
            • Instruction ID: 34e6605e02776f9b3f15d6a638c2308925939a8759bb27c707a8161abaad7657
            • Opcode Fuzzy Hash: 6502743dc930c8b8fe7acff62593e42f0d061631f5cf272c2764bb8919f8e970
            • Instruction Fuzzy Hash: 9321B271404744AFEB228F61DC45FA7BFACEF49320F1488AAE9859B152D235A408CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B02DDC Relevance: 1.6, APIs: 1, Instructions: 80windowCOMMON
            Download Yara Rule
            APIs
            • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 04B02E7E
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: FormatMessage
            • String ID:
            • API String ID: 1306739567-0
            • Opcode ID: 7b03434a328f6acf9c11322f104fd7c67fa0a2907e880c2c01f2c97dbfe20246
            • Instruction ID: a188ea56f2d732a88e0428446730d6c01a6e857c6e04e38ad94290affb819fcd
            • Opcode Fuzzy Hash: 7b03434a328f6acf9c11322f104fd7c67fa0a2907e880c2c01f2c97dbfe20246
            • Instruction Fuzzy Hash: AC21D37240D3C05FD3128B258C51B66BFB4EF47610F0984DBD8848F2A3D224A919C7B2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B00E64 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
            Download Yara Rule
            APIs
            • GetFileType.KERNELBASE(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B00EF9
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: FileType
            • String ID:
            • API String ID: 3081899298-0
            • Opcode ID: 5acaa63e1469e70e92e934fed9814f4b46869347d86e249288656c63532fe891
            • Instruction ID: aeabe6586f9bc44d13d0756225adb9245962754e10b19d0c41b0045f0ffb9e0e
            • Opcode Fuzzy Hash: 5acaa63e1469e70e92e934fed9814f4b46869347d86e249288656c63532fe891
            • Instruction Fuzzy Hash: 71210AB54097806FE7128F21DC41FA2BFACEF47720F1984DAED808B1A3D2646905D771
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B002AB Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON
            Download Yara Rule
            APIs
            • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 04B00353
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: Open
            • String ID:
            • API String ID: 71445658-0
            • Opcode ID: 6a3ba6451051ee92b72b86ff30febc52c1420330b683bbc2f491dc55679ed7ec
            • Instruction ID: 2392a1535d8715342231c856712358e57afab9e696610531c1c643c118ffd7b9
            • Opcode Fuzzy Hash: 6a3ba6451051ee92b72b86ff30febc52c1420330b683bbc2f491dc55679ed7ec
            • Instruction Fuzzy Hash: F921C9714097806FE7228F20DC45FA6FFB8EF06314F1884DAE9858B1A3D365A909C771
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B0100F Relevance: 1.6, APIs: 1, Instructions: 78fileCOMMON
            Download Yara Rule
            APIs
            • DeleteFileA.KERNELBASE(?,00000E2C), ref: 04B010B3
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: DeleteFile
            • String ID:
            • API String ID: 4033686569-0
            • Opcode ID: a829423e4cceac495bdcd130f5d7c99e441401dc50159e27daeb22d60a20f241
            • Instruction ID: 83b43b5b7efdec11806f5323b84498f6fa1fb5df26e16003acad37fd90e9be81
            • Opcode Fuzzy Hash: a829423e4cceac495bdcd130f5d7c99e441401dc50159e27daeb22d60a20f241
            • Instruction Fuzzy Hash: 1F2106715083806FE722CB25DC56FA6BFA8EF06314F1880DAE9858B193D765A908C761
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B018AA Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
            Download Yara Rule
            APIs
            • WSASocketW.WS2_32(?,?,?,?,?), ref: 04B01936
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: Socket
            • String ID:
            • API String ID: 38366605-0
            • Opcode ID: 35fc66fc91f4898c75365cbf50b6e10fc00cde928c90f2c692cac7d28fecc9ff
            • Instruction ID: aff28b4d0bd3251f5141e8f014b723aaf77c907b184a6a928c0f8f188a1e4ba4
            • Opcode Fuzzy Hash: 35fc66fc91f4898c75365cbf50b6e10fc00cde928c90f2c692cac7d28fecc9ff
            • Instruction Fuzzy Hash: 2A218D71409780AFE722CF65DC45F66FFF8EF09210F08889EE9859B692D375A418CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B02CEA Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
            Download Yara Rule
            APIs
            • WSARecv.WS2_32(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B02D7A
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: Recv
            • String ID:
            • API String ID: 4192927123-0
            • Opcode ID: f5cc5c4881c3bf2c9edbe983047e52670d4cd72fb8714b838ea899503f9b6c13
            • Instruction ID: 67cb2201ef1e1112842bcd16d86f7feea8a192de91b62d5b415794475ac002a9
            • Opcode Fuzzy Hash: f5cc5c4881c3bf2c9edbe983047e52670d4cd72fb8714b838ea899503f9b6c13
            • Instruction Fuzzy Hash: 28218E72404744AFDB22CF61DC45FA7BFBCEF09220F14899AE9859B192D325A508CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B02036 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: FileView
            • String ID:
            • API String ID: 3314676101-0
            • Opcode ID: e6c8e84f53b77c41924dd51ebc7d7748b6f036592aa90082293a0d77f36bc18c
            • Instruction ID: da3037ace00d96d36ec86fd2b5a29a6d871f1f4ed2bada055507eb2a526eee33
            • Opcode Fuzzy Hash: e6c8e84f53b77c41924dd51ebc7d7748b6f036592aa90082293a0d77f36bc18c
            • Instruction Fuzzy Hash: 5321D171408380AFE722CF61DC45F56FFF8EF09210F14889EEA859B292D365E518CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B00D8E Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
            Download Yara Rule
            APIs
            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 04B00E0D
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: CreateFile
            • String ID:
            • API String ID: 823142352-0
            • Opcode ID: cfde4235fc3609e8fd275d67b04d6cf145eb74e7e34940fafbc9edb65d672bcd
            • Instruction ID: 6535818e9a90c168107b0d196a0caabaf5e8f54dd39c1bb637f21dd0fd6de607
            • Opcode Fuzzy Hash: cfde4235fc3609e8fd275d67b04d6cf145eb74e7e34940fafbc9edb65d672bcd
            • Instruction Fuzzy Hash: C221DE71904200AFE721DF61DC85B66FBE8EF08214F0488AEE9458B691D335F404CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CAF50 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
            Download Yara Rule
            APIs
            • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 008CAFEA
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: NameUser
            • String ID:
            • API String ID: 2645101109-0
            • Opcode ID: fa980cd1d58e2f03996faeb8c414d577fbba6414c403710d2df259342e685378
            • Instruction ID: f5475088eee582a84b6a7b2897d7ee95d9cbc25b09405f735b47290901f8df32
            • Opcode Fuzzy Hash: fa980cd1d58e2f03996faeb8c414d577fbba6414c403710d2df259342e685378
            • Instruction Fuzzy Hash: 032183754493C06FD3138B259C51B62BFB8EF87614F0944DBE884CB5A3D229A919C7B2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B003CA Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 04B0045E
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: a739e2df4219550e4e073dc241d893e05b53efd554c230e071103f8c84646fe7
            • Instruction ID: ed8da1bd7e7af1506d2031fd019ac031a833fb54fd8cab0a0e82073302c71b5a
            • Opcode Fuzzy Hash: a739e2df4219550e4e073dc241d893e05b53efd554c230e071103f8c84646fe7
            • Instruction Fuzzy Hash: 3F21F571500204AEEB219F25DC81FAAFBACEF04314F10899AFE458B191D7B5B408DB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B025A2 Relevance: 1.6, APIs: 1, Instructions: 74timeCOMMON
            Download Yara Rule
            APIs
            • GetProcessTimes.KERNELBASE(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B02621
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: ProcessTimes
            • String ID:
            • API String ID: 1995159646-0
            • Opcode ID: 718d24bb5f8683c2b6c5361d2eecc88e1aa7a1a6373f0d9b3a9024252fd9db3a
            • Instruction ID: 5893647fccac563d82daee242683c78d82d2b0655dec59ac5ac88014b4dd63d0
            • Opcode Fuzzy Hash: 718d24bb5f8683c2b6c5361d2eecc88e1aa7a1a6373f0d9b3a9024252fd9db3a
            • Instruction Fuzzy Hash: BD21B071505740AFDB228F21DD45F97BFB8EF06210F1884AAE9459B192D265A808CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CAA32 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
            Download Yara Rule
            APIs
            • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 008CAAB1
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: Open
            • String ID:
            • API String ID: 71445658-0
            • Opcode ID: ccd62cac64603f92f78b81a1ff96925883fcc31e5706192aeb3a347cb9ac6168
            • Instruction ID: 780fbbfbe4e58b6eca770afaedc9bd95c8b6abd151b7c6ec82cd8ddc1aa2ea4a
            • Opcode Fuzzy Hash: ccd62cac64603f92f78b81a1ff96925883fcc31e5706192aeb3a347cb9ac6168
            • Instruction Fuzzy Hash: D0219272500618AEE7219B65CD45F6BF7ECEF08728F14885EED41DB541D774E808CAB2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B00F46 Relevance: 1.6, APIs: 1, Instructions: 73fileCOMMON
            Download Yara Rule
            APIs
            • WriteFile.KERNELBASE(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B00FC5
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: FileWrite
            • String ID:
            • API String ID: 3934441357-0
            • Opcode ID: 58b3b74709b5b996521f161a55640b9c73b8d788833eeeb9337e883a971375e7
            • Instruction ID: 8429888aaf4bffc19b6041c85d35227e24c31265b4716398494d6dda3b6b9b61
            • Opcode Fuzzy Hash: 58b3b74709b5b996521f161a55640b9c73b8d788833eeeb9337e883a971375e7
            • Instruction Fuzzy Hash: B621C372404744AFEB228F61DC45FA7BFACEF45720F1484AAFD459B152D275A408CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B0012A Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
            Download Yara Rule
            APIs
            • CreateMutexW.KERNELBASE(?,?), ref: 04B0019D
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: CreateMutex
            • String ID:
            • API String ID: 1964310414-0
            • Opcode ID: 9ca51a9e4a87ccdc34ea4855f5ce6b9a206927e793c90bd9ded9e4b6d32d1213
            • Instruction ID: f2d56a80301d04b580d40899879174e79372eed65c1e6b8bb2df9b1c4394cc33
            • Opcode Fuzzy Hash: 9ca51a9e4a87ccdc34ea4855f5ce6b9a206927e793c90bd9ded9e4b6d32d1213
            • Instruction Fuzzy Hash: 2121CD71604240AFE720DF65EC85B6AFBE8EF08224F14C4AAED498B281E775F514CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B00C97 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
            Download Yara Rule
            APIs
            • CreateDirectoryW.KERNELBASE(?,?), ref: 04B00D13
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: CreateDirectory
            • String ID:
            • API String ID: 4241100979-0
            • Opcode ID: 17a8336a58a8f469efef5edbf2be38ab409151411eda4cea03823bfe29cd9ea4
            • Instruction ID: 940c1f771fb53728fa5e332fb347fd3427887878a339163f5ee172d33c33bc43
            • Opcode Fuzzy Hash: 17a8336a58a8f469efef5edbf2be38ab409151411eda4cea03823bfe29cd9ea4
            • Instruction Fuzzy Hash: 5C217FB15093809FD712CF25DC85B56BFA8EF06210F0984EAEC48CF1A3E264E909CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B00776 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
            Download Yara Rule
            APIs
            • GetTokenInformation.KERNELBASE(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B007E0
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: InformationToken
            • String ID:
            • API String ID: 4114910276-0
            • Opcode ID: aeac75eaaefbb1b6782028ec30b60f80b176b2f6d6185ad7d747f0cc5502c221
            • Instruction ID: 12351e9ed5d2e732c7e91bde3665fea73a39b03939666ec07feb5eeefbbfd207
            • Opcode Fuzzy Hash: aeac75eaaefbb1b6782028ec30b60f80b176b2f6d6185ad7d747f0cc5502c221
            • Instruction Fuzzy Hash: 2811A271500604AFEB21DF71DC45FAAFBACEF04224F1484AAE945DB551D778A404CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CAB3A Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 008CABB4
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: d64fcb2514dbe243cba8db72b362805f8c9eda149dc455509aebc8c66f4f1d11
            • Instruction ID: fac7418d96185528215b94a108dc07f50335e61d03906acebbc3bb5f38ad6088
            • Opcode Fuzzy Hash: d64fcb2514dbe243cba8db72b362805f8c9eda149dc455509aebc8c66f4f1d11
            • Instruction Fuzzy Hash: 83213B75600608AFE720CE65DC85F66B7FCEF08728F14846EE945DB651D774E808CA72
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B01498 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?), ref: 04B01504
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: ChangeCloseFindNotification
            • String ID:
            • API String ID: 2591292051-0
            • Opcode ID: 7a9ef32009ab631a08e42c49fd530f01575d89e5c203ae37332dd61384b84041
            • Instruction ID: e703e5781aa53199cc5d5565bdac88f209a453db5abe324641ae862ff853c42d
            • Opcode Fuzzy Hash: 7a9ef32009ab631a08e42c49fd530f01575d89e5c203ae37332dd61384b84041
            • Instruction Fuzzy Hash: 842181725093C05FDB128F25DC95692BFB4EF07324F0984DAEC858F6A3D665A908CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B001F4 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?), ref: 04B00264
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: ChangeCloseFindNotification
            • String ID:
            • API String ID: 2591292051-0
            • Opcode ID: 94eb08daa2f4f7387d7f4f14809c06ae1bd7079d1f8c7c0a3763807fa4e2039d
            • Instruction ID: f3b27f3f4842d6790f134a891a9b5d3ab54312fc1ebda0ed4b6f9ddcfe1f2fe4
            • Opcode Fuzzy Hash: 94eb08daa2f4f7387d7f4f14809c06ae1bd7079d1f8c7c0a3763807fa4e2039d
            • Instruction Fuzzy Hash: 7421D5B54097849FDB12CF24EC89751BFA8FF42224F09C4EAEC448B193E375A905DB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B018CA Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
            Download Yara Rule
            APIs
            • WSASocketW.WS2_32(?,?,?,?,?), ref: 04B01936
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: Socket
            • String ID:
            • API String ID: 38366605-0
            • Opcode ID: 35c5cad2852ca8d2f6019a4f7386c2720530600542f430b8b9bca7d124f7ac1c
            • Instruction ID: 4fd58a81e1a42a9bac47691513a3feb27956d531e2763f247e86af9aaa77f55a
            • Opcode Fuzzy Hash: 35c5cad2852ca8d2f6019a4f7386c2720530600542f430b8b9bca7d124f7ac1c
            • Instruction Fuzzy Hash: 3221D171504200AFEB21CF64DC45B66FBE8EF08314F1488AEED858B691D776A414CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B02C16 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
            Download Yara Rule
            APIs
            • WSASend.WS2_32(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B02C86
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: Send
            • String ID:
            • API String ID: 121738739-0
            • Opcode ID: 3bb1bde9bd54ac15ae23b1d33546fd4dc9c1cc79e47ef4ebb37584b2e7f5c71e
            • Instruction ID: d5ef4339a490aca5a96f581a67778f3a4c9ca6ca5216a995ecd895df353ddc56
            • Opcode Fuzzy Hash: 3bb1bde9bd54ac15ae23b1d33546fd4dc9c1cc79e47ef4ebb37584b2e7f5c71e
            • Instruction Fuzzy Hash: 8B11B471500604AFEB21CF61DC45FA6FBECEF08324F1488AAED459B251D775A408CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B02056 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: FileView
            • String ID:
            • API String ID: 3314676101-0
            • Opcode ID: 05d4cc16f09a45c0c646964bd85532eaa89820e6a6e980a5bdfc6e6b6f41654e
            • Instruction ID: 10017636a02776fe72cfed0784829b61d13213f5d8942441bdca124e7c4fb850
            • Opcode Fuzzy Hash: 05d4cc16f09a45c0c646964bd85532eaa89820e6a6e980a5bdfc6e6b6f41654e
            • Instruction Fuzzy Hash: 1521F371500200AFE725CF61DC85F66FBE8EF08324F14849EEA458B691D775B418CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B0154D Relevance: 1.6, APIs: 1, Instructions: 67COMMON
            Download Yara Rule
            APIs
            • K32EnumProcesses.KERNEL32(?,?,?,B8C2C3FF,00000000,?,?,?,?,?,?,?,?,6BE03C38), ref: 04B015BE
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: EnumProcesses
            • String ID:
            • API String ID: 84517404-0
            • Opcode ID: 5b1b1fbc8a8278f349dae912d67b85ad7e1d4aece294b76be1706ebfbb964959
            • Instruction ID: 1a2abf921b22364fd3fb5ca7a72d301da0a33740a081a91eace70680ebc1da8f
            • Opcode Fuzzy Hash: 5b1b1fbc8a8278f349dae912d67b85ad7e1d4aece294b76be1706ebfbb964959
            • Instruction Fuzzy Hash: 9D214C715093849FD712CF65DC85A96BFE8EF06210F0984EBE985CB1A2D265A808CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B004EA Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B0055C
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: 95f220832a806d56e3e5bd5819eb469318043eeb49948ff36628db7ff14351ac
            • Instruction ID: 81aa3b246b953101b4b67628767e6d53609d37b1b79028f10b1f49828ef8ebdc
            • Opcode Fuzzy Hash: 95f220832a806d56e3e5bd5819eb469318043eeb49948ff36628db7ff14351ac
            • Instruction Fuzzy Hash: C6119D71600604AFEB20DE65EC81B66FBE8EF09621F14C49AE9469B291D764E404CA71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B025C2 Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
            Download Yara Rule
            APIs
            • GetProcessTimes.KERNELBASE(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B02621
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: ProcessTimes
            • String ID:
            • API String ID: 1995159646-0
            • Opcode ID: ad1a6791fc8b8a4de26f611c84be483cc5a6f797f5b1c2d87c9b56664009c505
            • Instruction ID: 7d4aeb4273371e349ad31bd80463f0bbca8ef92c247623670dd64d3aa75b0c5e
            • Opcode Fuzzy Hash: ad1a6791fc8b8a4de26f611c84be483cc5a6f797f5b1c2d87c9b56664009c505
            • Instruction Fuzzy Hash: AA11E671500600AFEB21CF61DD45F6AFBA8EF04724F14C4AEED458B191D774A418CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B02A26 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
            Download Yara Rule
            APIs
            • setsockopt.WS2_32(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B02A8D
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: setsockopt
            • String ID:
            • API String ID: 3981526788-0
            • Opcode ID: 74d1bfb36ff34b6d5189b78770db9ef14a11d0340935f689ae7e1e50fe76bc13
            • Instruction ID: 5bb4895c9329a9fae273481cea9b6100bbdf50cd7fd0c2e141db952c3ec20386
            • Opcode Fuzzy Hash: 74d1bfb36ff34b6d5189b78770db9ef14a11d0340935f689ae7e1e50fe76bc13
            • Instruction Fuzzy Hash: 13118171500604AFEB21CF61DC45FA6FBACEF04724F1484AAED459B291D774A809CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B01260 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
            Download Yara Rule
            APIs
            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 04B012CA
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: LookupPrivilegeValue
            • String ID:
            • API String ID: 3899507212-0
            • Opcode ID: ecdd96e78c38a3b4c79c68fa620e139ccf646be4c246cc598fa2faa2b130b56e
            • Instruction ID: 740f7b7d469cbc8750f02792cec8263196259273bbed1b63fa81e86d96824029
            • Opcode Fuzzy Hash: ecdd96e78c38a3b4c79c68fa620e139ccf646be4c246cc598fa2faa2b130b56e
            • Instruction Fuzzy Hash: 11116D715053809FDB25CF29DC85B56BFE8EF05221F0984EAED45CB692D265E808CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CB7CA Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
            Download Yara Rule
            APIs
            • SendMessageW.USER32(?,?,?,?), ref: 008CB841
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: MessageSend
            • String ID:
            • API String ID: 3850602802-0
            • Opcode ID: 60550402ad343bd82535dcbe76d073dab00df81df8119b62ab738cf0df14a421
            • Instruction ID: 91968c6fdeb1d325b30f82cb172e9def8ff4663decddc2afedcdfc7b86ce1bf4
            • Opcode Fuzzy Hash: 60550402ad343bd82535dcbe76d073dab00df81df8119b62ab738cf0df14a421
            • Instruction Fuzzy Hash: F2218E714097C09FDB128B21DC55AA2BFB4EF1B310F0D84DAED848F163D265A958DB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CA51F Relevance: 1.6, APIs: 1, Instructions: 61COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 008CA58A
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 54a596f5326e16044f4e5f2c5696c8a7329ba3c1240c6a25f470cff2d44c5da3
            • Instruction ID: 79eb273bb5160d50cdfcf8deb540602aedccc56bebc719ea8494012ef1562c76
            • Opcode Fuzzy Hash: 54a596f5326e16044f4e5f2c5696c8a7329ba3c1240c6a25f470cff2d44c5da3
            • Instruction Fuzzy Hash: AA117F71409384AFDB228F51DC44E62FFF8EF4A324F0884DEED858B562D275A418DB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B002DE Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
            Download Yara Rule
            APIs
            • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 04B00353
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: Open
            • String ID:
            • API String ID: 71445658-0
            • Opcode ID: 64159d174f5c546c4167958faeb16e4b8b6e2894067ed428bbafffee70c70261
            • Instruction ID: cfdf890aa66d5244550d7713114a635581cc49a6a210c02e3a9a70eb62aa24b5
            • Opcode Fuzzy Hash: 64159d174f5c546c4167958faeb16e4b8b6e2894067ed428bbafffee70c70261
            • Instruction Fuzzy Hash: AB110431500700AFEB219F20DC42F66FBA8EF08714F14C49AFD454A291D3B5B418DBB2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B00F66 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
            Download Yara Rule
            APIs
            • WriteFile.KERNELBASE(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B00FC5
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: FileWrite
            • String ID:
            • API String ID: 3934441357-0
            • Opcode ID: 22a5525b62a6b3d01a3d604957b77ffe8547a550ae0e97b32731b9ba5f0d2555
            • Instruction ID: 6fcc64935ef2c14460e731445cdb6091bc36313e94392ccda9e50a2e3c1842d1
            • Opcode Fuzzy Hash: 22a5525b62a6b3d01a3d604957b77ffe8547a550ae0e97b32731b9ba5f0d2555
            • Instruction Fuzzy Hash: 3B110171500600AFEB21CF61DC41FAAFBA8EF08325F14C4AAED459B281D775A008CB72
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B0104A Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
            Download Yara Rule
            APIs
            • DeleteFileA.KERNELBASE(?,00000E2C), ref: 04B010B3
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: DeleteFile
            • String ID:
            • API String ID: 4033686569-0
            • Opcode ID: 1ae3c0a9e69778c3c055c018967fd0f7144a435d5fca50cc7318ef5a910ffaae
            • Instruction ID: 54b9d29581ea5ba47a0c411bd073f3a9df73eb226c55c802671efd239670eb43
            • Opcode Fuzzy Hash: 1ae3c0a9e69778c3c055c018967fd0f7144a435d5fca50cc7318ef5a910ffaae
            • Instruction Fuzzy Hash: 35110A71600200AFE724CB35DC46B76FB98DF04724F14C09AFD458B681E7B9B404CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CBB4F Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,?,?,?), ref: 008CBBB9
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: 6b750c0083f11a5faf433f06763977271a7fd0e1c7a9d54b139282b0437042c9
            • Instruction ID: e5242ed69c9ab97857755b4737f5204534c4517a65ede1d6ac6118fcd34fac6e
            • Opcode Fuzzy Hash: 6b750c0083f11a5faf433f06763977271a7fd0e1c7a9d54b139282b0437042c9
            • Instruction Fuzzy Hash: 0911D0754097C0AFDB228F21CC45B52FFB4EF16220F0884DEED858B563D265A818DB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CBE05 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
            Download Yara Rule
            APIs
            • DispatchMessageW.USER32(?), ref: 008CBE70
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: DispatchMessage
            • String ID:
            • API String ID: 2061451462-0
            • Opcode ID: 6f4229ad7d1fc376109fd780967b002a98e49b11acc9e43a925d6ae4d2f6eb70
            • Instruction ID: 7ec83b7aad4280440f108967c9ad7cdae9e84ca268994af17995fe466ab5ca2c
            • Opcode Fuzzy Hash: 6f4229ad7d1fc376109fd780967b002a98e49b11acc9e43a925d6ae4d2f6eb70
            • Instruction Fuzzy Hash: 691181754093C09FD7128B25DC44B61BFB4EF47624F0984DEED848F263D2695808CB72
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CB71E Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
            Download Yara Rule
            APIs
            • CreateIconFromResourceEx.USER32 ref: 008CB78A
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: CreateFromIconResource
            • String ID:
            • API String ID: 3668623891-0
            • Opcode ID: 85f8951aad3d40a70b11f0aaa5b776b2adeb25f7b26dc59ac2bd0934f6fb3c20
            • Instruction ID: d3886a1463459a7088171d8ba3783a498e9e6787fbc00f7b366cf08f654cc4be
            • Opcode Fuzzy Hash: 85f8951aad3d40a70b11f0aaa5b776b2adeb25f7b26dc59ac2bd0934f6fb3c20
            • Instruction Fuzzy Hash: 0F118C31408780AFCB228F60DC84A52FFF4EF4A320F09889EED858B562C375A418CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B010F7 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
            Download Yara Rule
            APIs
            • GetSystemInfo.KERNELBASE(?), ref: 04B0115C
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: InfoSystem
            • String ID:
            • API String ID: 31276548-0
            • Opcode ID: cdf30e1011cd723ab02d84eaa5629d02d8793c921b159f9d1f68a857d0cb7f18
            • Instruction ID: 12b89611d4d3c62ff13680ceebcfef72ceb0bb47b2579e86cdd5a00f71fe9af1
            • Opcode Fuzzy Hash: cdf30e1011cd723ab02d84eaa5629d02d8793c921b159f9d1f68a857d0cb7f18
            • Instruction Fuzzy Hash: 2A115E714093C09FD7128F65DC45B92BFB4EF06224F0984EBED848F163D279A859CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CA75B Relevance: 1.6, APIs: 1, Instructions: 54COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: closesocket
            • String ID:
            • API String ID: 2781271927-0
            • Opcode ID: 618e84499d88714726922749a7ef1eecf525fa9bb6d1bb32a3c2339b22b3c04f
            • Instruction ID: 2a648af1f82f37c90af58c4c32873ff8f4d5299f4d5e17f692ce4d14a61e1e6b
            • Opcode Fuzzy Hash: 618e84499d88714726922749a7ef1eecf525fa9bb6d1bb32a3c2339b22b3c04f
            • Instruction Fuzzy Hash: 5E118F714093849FDB12CF15DC85B56BFB4EF06224F1884DBED858F293D279A858CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B01282 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
            Download Yara Rule
            APIs
            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 04B012CA
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: LookupPrivilegeValue
            • String ID:
            • API String ID: 3899507212-0
            • Opcode ID: 37ed7085fda58e73fd6844d6ef3e6a7c137fa24825e5618f344c7fe2d9ab9eca
            • Instruction ID: d0623145417684f8600bdcea44bca7b7884c777c7cca0b72c0a2315fe91d3855
            • Opcode Fuzzy Hash: 37ed7085fda58e73fd6844d6ef3e6a7c137fa24825e5618f344c7fe2d9ab9eca
            • Instruction Fuzzy Hash: 5811A171A002009FDB24DF69D885756FFE8EF04321F08C4AAED49CB682E775E404CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B00EA6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
            Download Yara Rule
            APIs
            • GetFileType.KERNELBASE(?,00000E2C,B8C2C3FF,00000000,00000000,00000000,00000000), ref: 04B00EF9
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: FileType
            • String ID:
            • API String ID: 3081899298-0
            • Opcode ID: 93229b341efde9950da02b582dd7b7cbae43347be1797f040eda32f90814f277
            • Instruction ID: bc035cae4bd1ec97af69c67fa3fb453ca88d7a50eb191dafaad7ea37e761be94
            • Opcode Fuzzy Hash: 93229b341efde9950da02b582dd7b7cbae43347be1797f040eda32f90814f277
            • Instruction Fuzzy Hash: BF01D271900604AFE710DF21EC86BAAFBACDF08625F24C49AED459B281D778A504DA72
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B00CCE Relevance: 1.6, APIs: 1, Instructions: 52COMMON
            Download Yara Rule
            APIs
            • CreateDirectoryW.KERNELBASE(?,?), ref: 04B00D13
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: CreateDirectory
            • String ID:
            • API String ID: 4241100979-0
            • Opcode ID: d92e3df25da8257dfe5ddd46ebe3be76852b3c686abd0f68c5da0e022000febe
            • Instruction ID: 0e291facac0b6c557813fc108ace8efe9f48e915666783cc037bcb04a73fb4a3
            • Opcode Fuzzy Hash: d92e3df25da8257dfe5ddd46ebe3be76852b3c686abd0f68c5da0e022000febe
            • Instruction Fuzzy Hash: 63115E716012449FDB10DF69E885766FBE8EF04221F08C5AADD09CB682E674F404DB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B0157E Relevance: 1.5, APIs: 1, Instructions: 49COMMON
            Download Yara Rule
            APIs
            • K32EnumProcesses.KERNEL32(?,?,?,B8C2C3FF,00000000,?,?,?,?,?,?,?,?,6BE03C38), ref: 04B015BE
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: EnumProcesses
            • String ID:
            • API String ID: 84517404-0
            • Opcode ID: bd4290be8b15506db73199a0a616bd7e291f0bee6337dfde352ad75f5e1f1588
            • Instruction ID: 2c29bac4583f04f576a3dc6c076f5ee6a1b6a27ffed3590d3e666d9ebba152e1
            • Opcode Fuzzy Hash: bd4290be8b15506db73199a0a616bd7e291f0bee6337dfde352ad75f5e1f1588
            • Instruction Fuzzy Hash: 471161716002448FDB24CF69D885796FBE8EF04325F08C4AAED49CF691D775E414DB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CA8CC Relevance: 1.5, APIs: 1, Instructions: 48COMMON
            Download Yara Rule
            APIs
            • SetWindowLongW.USER32(?,?,?), ref: 008CA926
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: LongWindow
            • String ID:
            • API String ID: 1378638983-0
            • Opcode ID: a2c94078755a72c16503568d7303a21ce52ede8088802422d2c6cc23a3458c18
            • Instruction ID: d5a20e2631a531dc30b7b2954acddf7a9e42c5d8dc82f4f36afdb60ff2e8c52e
            • Opcode Fuzzy Hash: a2c94078755a72c16503568d7303a21ce52ede8088802422d2c6cc23a3458c18
            • Instruction Fuzzy Hash: 52118E714097849FC7218F15DC85B52FFB4EF06320F09C4DAED858B262C275A818CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B02E2E Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
            Download Yara Rule
            APIs
            • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 04B02E7E
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: FormatMessage
            • String ID:
            • API String ID: 1306739567-0
            • Opcode ID: 06309d6dc77652f21533ff63c207cc190a7c8b06d5a9d9233ba9efdb26cff375
            • Instruction ID: 1137283144b0aa31dddac5cd670ca9a51fcee14b40440d9c1a50a8768df2810a
            • Opcode Fuzzy Hash: 06309d6dc77652f21533ff63c207cc190a7c8b06d5a9d9233ba9efdb26cff375
            • Instruction Fuzzy Hash: EB01B172500200AFD310DF26DC82B26FBA8EB88A20F14856AED089B641E335B515CBE5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CA546 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 008CA58A
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 5fb742752181c588ced48f2d14c0d904185cdbc4fccff540b3b2c01b0781d9e3
            • Instruction ID: cdce9eee2fdf315fbe8937e63cc8d829363070c1d09ee38f32dcaba40a6f9db5
            • Opcode Fuzzy Hash: 5fb742752181c588ced48f2d14c0d904185cdbc4fccff540b3b2c01b0781d9e3
            • Instruction Fuzzy Hash: 5D0139314006049FDB218F95D845B66FBF4EF08328F18C89EED498A656D776E428DB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CB746 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
            Download Yara Rule
            APIs
            • CreateIconFromResourceEx.USER32 ref: 008CB78A
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: CreateFromIconResource
            • String ID:
            • API String ID: 3668623891-0
            • Opcode ID: c2ff7a558f6f7a2d7e8015b83019dfea779f824e375c384c220a8cb44552e03a
            • Instruction ID: 85b9b77fb4008d65fd0ddefd919724f5ec06d7be28161d2392637a9da6f19f95
            • Opcode Fuzzy Hash: c2ff7a558f6f7a2d7e8015b83019dfea779f824e375c384c220a8cb44552e03a
            • Instruction Fuzzy Hash: 22015E314006049FDB218F95D845B66FBF4FF48324F18849EED458B612D376E418DB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B014D2 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?), ref: 04B01504
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: ChangeCloseFindNotification
            • String ID:
            • API String ID: 2591292051-0
            • Opcode ID: cab3ef104f2b69ca0a9d6a96017f005f8ae070988b67755c7b39de52831b89e7
            • Instruction ID: e982e9c6bfa481c999481d97e26b65d75bdaa66fad5c55f2307dc91ee1e7c141
            • Opcode Fuzzy Hash: cab3ef104f2b69ca0a9d6a96017f005f8ae070988b67755c7b39de52831b89e7
            • Instruction Fuzzy Hash: 3401DF716002008FDB14CF69E885756FFE4EF04325F08C0AAEC0A8F692D676E418CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B00232 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?), ref: 04B00264
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: ChangeCloseFindNotification
            • String ID:
            • API String ID: 2591292051-0
            • Opcode ID: 900633c32666b95e828abdb9fb5211442f030cd38f719de00da1c3546249f510
            • Instruction ID: 487dc18186d21927139a6fb744a38b763d159f98871c54eee3af421937c40c4a
            • Opcode Fuzzy Hash: 900633c32666b95e828abdb9fb5211442f030cd38f719de00da1c3546249f510
            • Instruction Fuzzy Hash: B101DF71A002008FDF109F65E885766FFA4EF44221F08C4EADC098F682D679E408DB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04B0182E Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
            Download Yara Rule
            APIs
            • DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 04B0187E
            Memory Dump Source
            • Source File: 00000000.00000002.667145279.0000000004B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4b00000_mfpmp.jbxd
            Similarity
            • API ID: Query_
            • String ID:
            • API String ID: 428220571-0
            • Opcode ID: d7abd18472f812ea8b9998d86207baf0800378b093036abcd93a0a6240875a83
            • Instruction ID: c9e57e0b2a07896d07df32ed77813b8993e11f4525351fa40676323ceebc07ef
            • Opcode Fuzzy Hash: d7abd18472f812ea8b9998d86207baf0800378b093036abcd93a0a6240875a83
            • Instruction Fuzzy Hash: 1301A276540200ABD310DF1ADC82B26FBF8FB88A20F14855AED085B741D375F515CBE5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CBB7E Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,?,?,?), ref: 008CBBB9
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: 8c6f5bfa248e2d3b5dfbfe9531ba0582f8f1eff0d932b8420bd264c32bd4d7c6
            • Instruction ID: 020e4058fb976a66d6f4deb36e74a20c8a186eae1a696ec623569b85c15cc5e0
            • Opcode Fuzzy Hash: 8c6f5bfa248e2d3b5dfbfe9531ba0582f8f1eff0d932b8420bd264c32bd4d7c6
            • Instruction Fuzzy Hash: 2E01FC355006408FDB208F56C886B66FBB0EF08324F18C4AEED468B626C375E818DB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CA78A Relevance: 1.5, APIs: 1, Instructions: 39COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: closesocket
            • String ID:
            • API String ID: 2781271927-0
            • Opcode ID: 37ed0925f5c51dc53cbd1e69a7dfcb226c97e2ceb60d7f25f3ca1418b9550efc
            • Instruction ID: e15b9ce65919f8ea32989cea0b433a6c2fe3a4e3a390c4987cbc891251b790aa
            • Opcode Fuzzy Hash: 37ed0925f5c51dc53cbd1e69a7dfcb226c97e2ceb60d7f25f3ca1418b9550efc
            • Instruction Fuzzy Hash: 7201AD748002488FDB10CF65D889B65FBF4FF04328F18C4AADD488F646D779E408DAA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CB806 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
            Download Yara Rule
            APIs
            • SendMessageW.USER32(?,?,?,?), ref: 008CB841
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: MessageSend
            • String ID:
            • API String ID: 3850602802-0
            • Opcode ID: c919b496690f29889d12bcb77f361f568ed4039c22bb196c689d5727175df9d8
            • Instruction ID: 73699bc9c945aa88246d030c7672d3ac0250afc62280744af08347d3578ad243
            • Opcode Fuzzy Hash: c919b496690f29889d12bcb77f361f568ed4039c22bb196c689d5727175df9d8
            • Instruction Fuzzy Hash: 81018F31400644DFDB208F55D886B65FBB4FF08724F18C4AEED454B626D375E418DB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CA8EE Relevance: 1.5, APIs: 1, Instructions: 37COMMON
            Download Yara Rule
            APIs
            • SetWindowLongW.USER32(?,?,?), ref: 008CA926
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: LongWindow
            • String ID:
            • API String ID: 1378638983-0
            • Opcode ID: 7eb4f749c86d59ebea9c3b1ee434e8131fc95c74b9809dc40016eaa61f071d44
            • Instruction ID: 1faee1a8d5d5abd59ad6542f783151df99fba5644f323b5bcd350fadf5fbbc41
            • Opcode Fuzzy Hash: 7eb4f749c86d59ebea9c3b1ee434e8131fc95c74b9809dc40016eaa61f071d44
            • Instruction Fuzzy Hash: 0601AD354006088FDB208F55D886B61FFB4EF09728F18C4AEED468B652C376E818DB63
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CBE3E Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
            Download Yara Rule
            APIs
            • DispatchMessageW.USER32(?), ref: 008CBE70
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: DispatchMessage
            • String ID:
            • API String ID: 2061451462-0
            • Opcode ID: 64f23e78fc5676cd9f7d8aa46595174a0573a333e7800f95b9e71397d4ca053b
            • Instruction ID: c6a69d6b4c904374628714fce135cf4e7b3469a79016686a573c3e7286f37964
            • Opcode Fuzzy Hash: 64f23e78fc5676cd9f7d8aa46595174a0573a333e7800f95b9e71397d4ca053b
            • Instruction Fuzzy Hash: 1EF0FF30800644CFDB208F55D886BA1FBB0EF04724F18C4AEDE088F212C3B9E408DAA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008CA372 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
            Download Yara Rule
            APIs
            • SetErrorMode.KERNELBASE(?), ref: 008CA3A4
            Memory Dump Source
            • Source File: 00000000.00000002.655541266.00000000008CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CA000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8ca000_mfpmp.jbxd
            Similarity
            • API ID: ErrorMode
            • String ID:
            • API String ID: 2340568224-0
            • Opcode ID: 64f23e78fc5676cd9f7d8aa46595174a0573a333e7800f95b9e71397d4ca053b
            • Instruction ID: 60d7062befead6fea758f2bd993892eb1201fb8149fb613ef84d0a404ef5926b
            • Opcode Fuzzy Hash: 64f23e78fc5676cd9f7d8aa46595174a0573a333e7800f95b9e71397d4ca053b
            • Instruction Fuzzy Hash: 92F08C345002889FDB208F25D889B66FBB4EF04328F28C49ADD498F756D779E418DA62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAFA12 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: MOC
            • API String ID: 0-624257665
            • Opcode ID: 53d8a4b6407dd988b63344162b9ce589d593ddc994c891a41e6653ccb9cbd2ae
            • Instruction ID: 5b49189c4ac1379f44e55b2f83292f2c9bbefc86e98346eec0c33a23578ed569
            • Opcode Fuzzy Hash: 53d8a4b6407dd988b63344162b9ce589d593ddc994c891a41e6653ccb9cbd2ae
            • Instruction Fuzzy Hash: 5691C230B04A019FC719DF79C990A6AFBF2FF88204B14892EE54687651DB35F826CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAA530 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: xwKk
            • API String ID: 0-396101540
            • Opcode ID: 28585d0951b0631edd64a74a1e97be4cada5f577afcb9dd1a64daf974a6d0bd2
            • Instruction ID: 40e49f89e453d67308a026a65e82f5d64c668563e13657f10f1d450f7fb9730d
            • Opcode Fuzzy Hash: 28585d0951b0631edd64a74a1e97be4cada5f577afcb9dd1a64daf974a6d0bd2
            • Instruction Fuzzy Hash: 2B410230B043559BCB14DB78C812AAEB7F6EF88644F14852EE002EB281EF35AC41C7E1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA1458 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: $gJk
            • API String ID: 0-2474255759
            • Opcode ID: d8174dd4d629e811dc353c28c219a48d680ff94594ea1c7855b3d69d4bd8794a
            • Instruction ID: c2e36aa3092a90a499e5183ed5fd73c2b22c05cf51c94bd0054fc88445874034
            • Opcode Fuzzy Hash: d8174dd4d629e811dc353c28c219a48d680ff94594ea1c7855b3d69d4bd8794a
            • Instruction Fuzzy Hash: 5851BE34A04259CFDB14EB68C894B9DBBB2BF49344F1040AAD40AAB366DB35AD85CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA0681 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: ZRk^
            • API String ID: 0-1987692656
            • Opcode ID: 57a6a2932f1f9e6e3ba10ce261f4a999bcf89c949934f502733128a785059925
            • Instruction ID: ffa00712e10390cdbee5fdf6470685fd908467204972d40d2fa2924d4bd5b002
            • Opcode Fuzzy Hash: 57a6a2932f1f9e6e3ba10ce261f4a999bcf89c949934f502733128a785059925
            • Instruction Fuzzy Hash: 5B41383060A2548BD718BF38EC19A6D3BA6FF80745B15466FE503DB2A5EF344C059B92
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA1291 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: $gJk
            • API String ID: 0-2474255759
            • Opcode ID: 76fc52f10d6a4bd6d87db3cde36612828652cf271e05b3c8fe237bac64797ccb
            • Instruction ID: fe24906ef01b016a96e806913a7ec3fbfe95f4cdf1986fedef8db7c70eee5373
            • Opcode Fuzzy Hash: 76fc52f10d6a4bd6d87db3cde36612828652cf271e05b3c8fe237bac64797ccb
            • Instruction Fuzzy Hash: AA412874A04259DFCB50DF68C880B9DBBB1BB49344F0044EAD44EAB355EB34AD84DF61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA84A0 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: r*+
            • API String ID: 0-3221063712
            • Opcode ID: bf2eb925c6081f85c02542c32cd7434550eed276d8f006de13ceb8e94feb93d1
            • Instruction ID: 22c02d25a558652b02f959f3b0e606f9b1ba282a8da138c90b075148ada63923
            • Opcode Fuzzy Hash: bf2eb925c6081f85c02542c32cd7434550eed276d8f006de13ceb8e94feb93d1
            • Instruction Fuzzy Hash: B541EA70E0420ADFDB58EFB5C5556AEBBF1FB48304F10806ED806A7250EB39AA51DF52
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA21F8 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: r*+
            • API String ID: 0-3221063712
            • Opcode ID: 6c6a73e11d0397f33df65e710d73b19abbaf1388199f1837bb59343755103f05
            • Instruction ID: 0044176a84de9cd113fbfe4066108a1b130eb02bdadc886d637475afbddae356
            • Opcode Fuzzy Hash: 6c6a73e11d0397f33df65e710d73b19abbaf1388199f1837bb59343755103f05
            • Instruction Fuzzy Hash: D3412B31E08209DFCB44DFA4C4457AEBBB1FB45308F1085AAC402AB364E735AA29DF52
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AADB59 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: lKk
            • API String ID: 0-621421341
            • Opcode ID: 91e48de0e9b62c7b073f181df2bef948d2cc61870f65dce0065403e39e010ba2
            • Instruction ID: 32c12e4b62432270ca129a4b7858253b58512c6536aa8415f8370971b8c3019f
            • Opcode Fuzzy Hash: 91e48de0e9b62c7b073f181df2bef948d2cc61870f65dce0065403e39e010ba2
            • Instruction Fuzzy Hash: 86210531708204CBCB549B7484407B9BBF7EB88310F10407EE082DBB41EF79AC5997A1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA05B9 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: 8nj
            • API String ID: 0-769755533
            • Opcode ID: e4222e197bcadc738fcef439eabbf027f53120b2512c40cf7139e0603db7268a
            • Instruction ID: 43fb03207cfa5270a47039f562b9811684126fbf1a1b85c023c60c739f638f98
            • Opcode Fuzzy Hash: e4222e197bcadc738fcef439eabbf027f53120b2512c40cf7139e0603db7268a
            • Instruction Fuzzy Hash: D101D1307041244B8604AA7C8511BBF329BAFC6698B28802FE146DB384DF799C0653DB
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA05C8 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: 8nj
            • API String ID: 0-769755533
            • Opcode ID: f34aa59e9b11da6df3674885d577b0e94a9cf637ae2bbabcbe9d86e7b8de4021
            • Instruction ID: 30572cc6ecf0e2cea55e3ed12efccf8d9804964aa338e1a38c76e4fb25857e70
            • Opcode Fuzzy Hash: f34aa59e9b11da6df3674885d577b0e94a9cf637ae2bbabcbe9d86e7b8de4021
            • Instruction Fuzzy Hash: D2F02430704020474A08B67C5121A7F22DFAFC6698728902FE206EB384DFB98C0753DB
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA9ED3 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: HuKk
            • API String ID: 0-3828558699
            • Opcode ID: 530c43c493150ae0fb87c34e0af0342cfc2e06f140a09862a896e1d80b6b56a2
            • Instruction ID: a6569b8fbcf1648b97e56a2decb6b99f8bc3af8e485f78460cfcc6c73bc51f6f
            • Opcode Fuzzy Hash: 530c43c493150ae0fb87c34e0af0342cfc2e06f140a09862a896e1d80b6b56a2
            • Instruction Fuzzy Hash: 2CF0C27230C22016C614627C8C52F6E669FABC6274B64463FA11AEF3C4DE2C9C0543A3
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA6FE8 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: HuKk
            • API String ID: 0-3828558699
            • Opcode ID: 962344901e5f69ffe6a31d52c10ba9cb2cedfec434ec42a06a1ea67ddb87d7d3
            • Instruction ID: 53d65e675e13330e940a9f60554cf3dabb6901335f710de9a4c87e4a81b978a6
            • Opcode Fuzzy Hash: 962344901e5f69ffe6a31d52c10ba9cb2cedfec434ec42a06a1ea67ddb87d7d3
            • Instruction Fuzzy Hash: 48F0223030C22046DA146BBC5C91FAF36A7ABC6278F60422FA11ADF3C5DF299C1542A3
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA4710 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: X1Mk
            • API String ID: 0-2514746990
            • Opcode ID: 1f03ac05d0a81032f854f8ac7d0e79ea44d849f9b040b20c6d01763a6d626db4
            • Instruction ID: 8405598a62d24b73e17c18d8f80859f263ea7620345f26c222c6634f9cf7ca86
            • Opcode Fuzzy Hash: 1f03ac05d0a81032f854f8ac7d0e79ea44d849f9b040b20c6d01763a6d626db4
            • Instruction Fuzzy Hash: C0F0E0373012608BCA2566B955107BD32DA97CE655F84007FF10AD7780EF76F85253A1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA6FF8 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: HuKk
            • API String ID: 0-3828558699
            • Opcode ID: c5d7862f6d841b851bcf9c0802685f9c37a09dcd10c889866215e2f72e3f9110
            • Instruction ID: 83c4a1e4bde512d478f064a1fd137aae9da218c82c796219087d3438325516ed
            • Opcode Fuzzy Hash: c5d7862f6d841b851bcf9c0802685f9c37a09dcd10c889866215e2f72e3f9110
            • Instruction Fuzzy Hash: A7F0B43030812052451467BC5C51E6F62A7ABC52B4760432EA11ADF3C4DF699C1552A3
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA5B40 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: =RRk^
            • API String ID: 0-317478937
            • Opcode ID: 383146f6dee51a5c5eecf81a3f5107bafb975515b708033ea4f4f337b0a7dbec
            • Instruction ID: 4b6cdbca71575756e6acf901f7fda803c8db6f2b254d36620b5633995c5d16e5
            • Opcode Fuzzy Hash: 383146f6dee51a5c5eecf81a3f5107bafb975515b708033ea4f4f337b0a7dbec
            • Instruction Fuzzy Hash: 78E020207592541FE704D7B84C61EB97B59FFC1211F04855FD887C7342C9619C06C3D2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA5B50 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: =RRk^
            • API String ID: 0-317478937
            • Opcode ID: bc9918cbb66a990a4077c94b0391f6cd6d4fc4f6ee2f57dba18dbf65e95a6c9b
            • Instruction ID: 5cc3614a78ea63694fd78a9ee9bb07968381752759a05e2b81baa70c35f10cb9
            • Opcode Fuzzy Hash: bc9918cbb66a990a4077c94b0391f6cd6d4fc4f6ee2f57dba18dbf65e95a6c9b
            • Instruction Fuzzy Hash: FED05E2038422417A608E5AC8812D39738EEB85624304856FE64AD7341CD62DC0683D1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0110 Relevance: .4, Instructions: 382COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b657163c1b42890b0684ef49739560c33860f081afc3c85919dc944c83c1c9e7
            • Instruction ID: 2154c890105233b71569aaa92bde9e4d04b252e3e5146016f22f367ba1d161e5
            • Opcode Fuzzy Hash: b657163c1b42890b0684ef49739560c33860f081afc3c85919dc944c83c1c9e7
            • Instruction Fuzzy Hash: C2E14835A00218CFDB15CF64C484AAEB7B2BF85318F158599D84AAF302DB75ED86CF91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAA970 Relevance: .3, Instructions: 252COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0a45796f6cedb7a226519f2b6a6b718c6f74f50a1ea7b71510744b1cb240aa8a
            • Instruction ID: 39b74e29fe38d51a86948b13a3c0729a6926807ed04f8c06e2520e2da710c8e6
            • Opcode Fuzzy Hash: 0a45796f6cedb7a226519f2b6a6b718c6f74f50a1ea7b71510744b1cb240aa8a
            • Instruction Fuzzy Hash: 9591BC316006158BD704EBB8C456B6EB3F2FFC4344F60856EE205AB695DF79AC1287A2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA5B98 Relevance: .2, Instructions: 241COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7b4062a7601e7c7138d749f170c0b7afe220a0c26977434fbe2cd34480abfcc2
            • Instruction ID: a6a22c9a7cd0fac00e2791c65de4d6aa5d191785e872675707c9b2bb217e01e6
            • Opcode Fuzzy Hash: 7b4062a7601e7c7138d749f170c0b7afe220a0c26977434fbe2cd34480abfcc2
            • Instruction Fuzzy Hash: C2816031A00519DFCF15DF20C880ADAF7B2BF45304F158595D80AAF215DB71BA9ACF95
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA51F2 Relevance: .2, Instructions: 225COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 56e7c038ae6de350a50e99d69f4474d86f7ce920f789ae1057e0986bddef734d
            • Instruction ID: 8ab9f9d0e20ae499cdaee3d8231023fb90461ec597a7a495719bde10d462dc14
            • Opcode Fuzzy Hash: 56e7c038ae6de350a50e99d69f4474d86f7ce920f789ae1057e0986bddef734d
            • Instruction Fuzzy Hash: A5819F31E04105EFDB05DBB8C454AADB7F2BF89308F1440BAD106AB275DB75AD49CB92
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAE738 Relevance: .2, Instructions: 184COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3e1142115d390fe1e4276f7ced49e3d96efea2665cbefd4ed565b66973031c85
            • Instruction ID: 3535b9cbe534d65d89431f920872cb1bf13254842194320ba564317c0554c5a0
            • Opcode Fuzzy Hash: 3e1142115d390fe1e4276f7ced49e3d96efea2665cbefd4ed565b66973031c85
            • Instruction Fuzzy Hash: AA715534A40604CFDB65DF69C484BAABBF2FF88324F148429D412A7761DB35F8A1DB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0698 Relevance: .2, Instructions: 175COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e8e6c2a808e642ef8e10285b63c0bfdaa05f7bf5e086b8e25f7881d08a768d6b
            • Instruction ID: d9b59054b2d013416e354398827d4d0c8411a7d36bf3cf9c5be549f1bb94d9ad
            • Opcode Fuzzy Hash: e8e6c2a808e642ef8e10285b63c0bfdaa05f7bf5e086b8e25f7881d08a768d6b
            • Instruction Fuzzy Hash: 9E51B137A041149FCB06EF78D4849AABBB3FF8531470581A6E9469F252DB31FC15CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AADFD0 Relevance: .2, Instructions: 164COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dccae0e68c1f590f9d6b8c39a116e9c5563cbf30c02d0c1c6aad96972cf20fd9
            • Instruction ID: 2b19b899d608e95f850d4fa1ead65e8922f3c2eacebe4635dfbf8a300d71a645
            • Opcode Fuzzy Hash: dccae0e68c1f590f9d6b8c39a116e9c5563cbf30c02d0c1c6aad96972cf20fd9
            • Instruction Fuzzy Hash: FC51CF32A40118DBDB04EFA4C9549AEB3B7FF88314B048469E906AF211EB34BD56CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA7160 Relevance: .2, Instructions: 161COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d8aebedb7b040b489d32e2f162dc3f479cf7d7926f809037e72d7a715d00c53a
            • Instruction ID: 91b5e5644a4d30cc83bf0e37f74650ac4334039c2f4307f7e111e24f5d1143b1
            • Opcode Fuzzy Hash: d8aebedb7b040b489d32e2f162dc3f479cf7d7926f809037e72d7a715d00c53a
            • Instruction Fuzzy Hash: 3E31F83190061ACBDF11CF64C8546DAB7B2BF85309F5184A5E909BF215DB70BA9ACF90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA6CC8 Relevance: .2, Instructions: 159COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 00f48ed5b9aa50cabfb6fec55ac8cb42f3058312c125a1aac4fd78d9cf49b396
            • Instruction ID: 6f355cad24afd322d7c12900b52fd8687e1d9933a0b4df730b7664a31cbf4a57
            • Opcode Fuzzy Hash: 00f48ed5b9aa50cabfb6fec55ac8cb42f3058312c125a1aac4fd78d9cf49b396
            • Instruction Fuzzy Hash: A4515031B042188FCB18DBB9C451AAEB3F3BF84344B24856DC44AAB345DF75AC52CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA7D18 Relevance: .2, Instructions: 157COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c7af1b560c7d200293267c48b2b4a949b2c4d8101d4e3ceda0b358ee7343bcf0
            • Instruction ID: eefffb5609a61e48741befa725ec30d240a763f869d51a740a0536e746523f4a
            • Opcode Fuzzy Hash: c7af1b560c7d200293267c48b2b4a949b2c4d8101d4e3ceda0b358ee7343bcf0
            • Instruction Fuzzy Hash: 1B516B39B04109DBC724CB68C484ABFF7B1EB84314F20856AD4169B691EB31EC66CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA7EC8 Relevance: .1, Instructions: 147COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4ed48daa8ea2ae60e4fd923e28a1b9a7c1adf9aea3e59c4b4176e9d0e3326d50
            • Instruction ID: 9c2d2520f75a91b48e4ba732b5c0b05db7a18fe3ecd66ef48582e9ee5cdb5fb4
            • Opcode Fuzzy Hash: 4ed48daa8ea2ae60e4fd923e28a1b9a7c1adf9aea3e59c4b4176e9d0e3326d50
            • Instruction Fuzzy Hash: 97513575E00609CFCB15DFA8C984A9DBBF1FF48300F20866AD95AA7294E731AD55CF90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA7699 Relevance: .1, Instructions: 142COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d42dd0ad42b83095c57ed86dd84fd6565309057c6fb3dd4cfca910ab5b640a80
            • Instruction ID: 53d8c57cb00032330b8e3b6d967bfbb0c08e1d7c35e32ed10e8eef11be17024d
            • Opcode Fuzzy Hash: d42dd0ad42b83095c57ed86dd84fd6565309057c6fb3dd4cfca910ab5b640a80
            • Instruction Fuzzy Hash: 15513A78600219CFDB14EB74C588BAE77F2FF85204F2481A9D40A9B295EB34EC55CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AACA68 Relevance: .1, Instructions: 135COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 03fe8cbd4f6b95446586f8d56d421377caa70b2937753a60dd61c57d6ee419a9
            • Instruction ID: 06c01f57c6294cfba32dc43922eb90a672dc0622cd1467dd91aba9018f0dda29
            • Opcode Fuzzy Hash: 03fe8cbd4f6b95446586f8d56d421377caa70b2937753a60dd61c57d6ee419a9
            • Instruction Fuzzy Hash: FB41F230A043059FEB14DF7AC88466ABBF3FF88324B54C62EC45697790EB31B8158B54
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA0BC0 Relevance: .1, Instructions: 133COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 131e1ae2dfcc709d1b0ca67c342478d27e052e5a61854f39751170b6350ee206
            • Instruction ID: 187b457cbc051497480fceb1e05edeb933a381a750a339f12ebcf0d78d818916
            • Opcode Fuzzy Hash: 131e1ae2dfcc709d1b0ca67c342478d27e052e5a61854f39751170b6350ee206
            • Instruction Fuzzy Hash: FB41B631B091088FC7159F78C414AAE77F7AF86310F15806AE906DF3A1DF76AC169792
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAE728 Relevance: .1, Instructions: 130COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3460efe1ca8443f1e6b14bc459ab487063e0f4e044c736330c677467eedebabb
            • Instruction ID: 5de8b7491e3ad4822766dcd5497f1b7c5014a75a9056124b30c898e621942599
            • Opcode Fuzzy Hash: 3460efe1ca8443f1e6b14bc459ab487063e0f4e044c736330c677467eedebabb
            • Instruction Fuzzy Hash: 01516930A44604CFEB65DF69C484BAAFBF1FF88310F148829D452A7661DB30F8A5DB52
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAF850 Relevance: .1, Instructions: 126COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9776c76893437e9f6b990a1f879dfefdb814d6cb6bb97566ff421b9bf95752f8
            • Instruction ID: ccc6885d7f402e8a977bf8ef4ed2671d2de307bad984164b7ebb576ab5ffb506
            • Opcode Fuzzy Hash: 9776c76893437e9f6b990a1f879dfefdb814d6cb6bb97566ff421b9bf95752f8
            • Instruction Fuzzy Hash: 3F51E735A00204DFDB08DF68C480EADBBB2BF8C324F158599E511AB366DB35EC91CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA6848 Relevance: .1, Instructions: 118COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d7b305c9c0a1f286d07a689b3dbbd37e7ee631a8bbf49a2840ec7f944b083293
            • Instruction ID: eb449023ab772a58a2d74a917e5214e99acc72f684f2c8b4cc286700723417d2
            • Opcode Fuzzy Hash: d7b305c9c0a1f286d07a689b3dbbd37e7ee631a8bbf49a2840ec7f944b083293
            • Instruction Fuzzy Hash: 6E41A035605200DFC715EB78915066E77F6FB8D34135400AEE806ABB87DB36AC15CBA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA6858 Relevance: .1, Instructions: 115COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: aaf6df6fa36df2aa7b618b7878215400ec85819a95d3877829ac352ac3288766
            • Instruction ID: d7b2a9ba67aea013b56a9b3ea01defe7e34d6b97189dd2178a00d40fa0195c75
            • Opcode Fuzzy Hash: aaf6df6fa36df2aa7b618b7878215400ec85819a95d3877829ac352ac3288766
            • Instruction Fuzzy Hash: AD418E35705200CF8715EB6C915066E77F6FB8E341354407AE906AB786DB36AC11CBA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA8E98 Relevance: .1, Instructions: 113COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0833a3d48a711960c49e50b2cd2bdf0c8001f471f0ee1e489b9cb73b959cb317
            • Instruction ID: 3ded24d9ffae5e501564be24f19ae064edd9b9d5ed6d76dfb865088d01b5a241
            • Opcode Fuzzy Hash: 0833a3d48a711960c49e50b2cd2bdf0c8001f471f0ee1e489b9cb73b959cb317
            • Instruction Fuzzy Hash: 7431003070D196CFC724AB288458A7DBBF6AF42205F0481AFE44ACB6D2E739AC25D751
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAAD10 Relevance: .1, Instructions: 112COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9689cc929a0fc16ecad25c3f62220d6f3bad7fbcc5028cf0e965c8cb1888db9e
            • Instruction ID: 000a4f88ce0f15f2a25d95ef5c4363c271416bbd151f27ea755884b03f6c7e7a
            • Opcode Fuzzy Hash: 9689cc929a0fc16ecad25c3f62220d6f3bad7fbcc5028cf0e965c8cb1888db9e
            • Instruction Fuzzy Hash: BA31D371A006648FCB24DBA9D4906AEB7F2FB88311B24843EE446D7740DB75EC52C795
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA02D9 Relevance: .1, Instructions: 104COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d788f0b3eed10109c99e52bc7ab03263dc52f8af9cad946ef9da9e3648e61775
            • Instruction ID: c6c3c51b6127ab531afb9da62e8bb401dfd31d3d449662897326e512eef94c58
            • Opcode Fuzzy Hash: d788f0b3eed10109c99e52bc7ab03263dc52f8af9cad946ef9da9e3648e61775
            • Instruction Fuzzy Hash: 4D417034F082099FDB08CF64C054BAE77B2EF89310F24846DD502AB3A1EB75AC54DB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAEB00 Relevance: .1, Instructions: 103COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9105b65b191566272024dcf802f5fe46a0fdddab93706b603c5ea529200210b1
            • Instruction ID: 45e65b5371f7e0206789e71c3d578441248971cfb37e973550aaad25f35d4a53
            • Opcode Fuzzy Hash: 9105b65b191566272024dcf802f5fe46a0fdddab93706b603c5ea529200210b1
            • Instruction Fuzzy Hash: 0D31F632A04115DFCF05EF68D8049AE77B2BF88314B05446AE903AB250DB75BD29CBD2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AADEA8 Relevance: .1, Instructions: 102COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6b4cea5a6b94d4f961fa5ae95082d2ad8ccd3fa52b71084e0efcc96fd0992dc2
            • Instruction ID: 37ea7e8359acbe830e57d0e040c03792aa27a63af7e3c20b8365d463f1884f21
            • Opcode Fuzzy Hash: 6b4cea5a6b94d4f961fa5ae95082d2ad8ccd3fa52b71084e0efcc96fd0992dc2
            • Instruction Fuzzy Hash: 5F316F75B05204DFCB54DF68C5406AEFBF3FF88210F148169E549A7A81EB35AD91CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AADFC1 Relevance: .1, Instructions: 101COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bcce20e769fd6a708b54cfe01079d1d3f12a83693094acfcd394679548c5160f
            • Instruction ID: 8393b3c8695fe7c1fa36d88c9ac36d1529602711ed5b3a804e1faf2f5e2c8f1d
            • Opcode Fuzzy Hash: bcce20e769fd6a708b54cfe01079d1d3f12a83693094acfcd394679548c5160f
            • Instruction Fuzzy Hash: A731D731B44218DFDB14EFA4C9049AEB7B7FF44300F004569E606AB261EB35BD15D791
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA20D0 Relevance: .1, Instructions: 100COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c08f6141d28e0f3d2546450f9ada09b5a871f5a2695cf80d0eb2b620fc26836e
            • Instruction ID: b45c14280af9bf0e7badc3a44a79ba17bed6c10c5bad662629dfb495399e6734
            • Opcode Fuzzy Hash: c08f6141d28e0f3d2546450f9ada09b5a871f5a2695cf80d0eb2b620fc26836e
            • Instruction Fuzzy Hash: 3531A431B0A20ACFDB05DFA4D895B7E7BB1FF85340B2184AAD5059B345E770AC61CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AACE41 Relevance: .1, Instructions: 100COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 03274341ad52bba3602e1a782ead93313d0057f798d11c68c2b832c0fa1e5752
            • Instruction ID: 0c7d69a81fe3038760682ce9d05338d912d77c7b6a569ca719f74719904d81ad
            • Opcode Fuzzy Hash: 03274341ad52bba3602e1a782ead93313d0057f798d11c68c2b832c0fa1e5752
            • Instruction Fuzzy Hash: 0641C575A04209DFDB54CFA8C580A9DBBF1FF48314F248469E406EB355E735A952CF90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA43C0 Relevance: .1, Instructions: 99COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 93d09e9e5d8ef5f2abc3be40ea551c5a074cc1ccdae2b49b45b46f31ce1d5b95
            • Instruction ID: 547c9cde35ffc681c276bde53effda2e368c31a4ed8761be5611902c1b94cc6b
            • Opcode Fuzzy Hash: 93d09e9e5d8ef5f2abc3be40ea551c5a074cc1ccdae2b49b45b46f31ce1d5b95
            • Instruction Fuzzy Hash: A331E731609116CFCB01EF78D8448AD7BF1FF45308314819BE0069F276DB35A925EB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0100 Relevance: .1, Instructions: 98COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8e88a87d30f59bc6aeb61829a2ef4e9c334f4a51734bd1604ef3645fcf538b49
            • Instruction ID: a874f52cc81fffeba9b30a056ba04bf62e9ca62d3c83e01f205757373ea96c27
            • Opcode Fuzzy Hash: 8e88a87d30f59bc6aeb61829a2ef4e9c334f4a51734bd1604ef3645fcf538b49
            • Instruction Fuzzy Hash: 30314D71E04209DFDB24CF74C484AEDBBF2BF49304F10946AD496EF242EA31A9858F91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAEAF1 Relevance: .1, Instructions: 97COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: db94a71f931defd884bf8cad545ceedf2dca4f5297492ec07cf069b0f1d4b03d
            • Instruction ID: 4fa5d0c05d957e4a40e8216fa2b6bc9bc9720c2a2833aa8f178e547bb63a1170
            • Opcode Fuzzy Hash: db94a71f931defd884bf8cad545ceedf2dca4f5297492ec07cf069b0f1d4b03d
            • Instruction Fuzzy Hash: 7631E732A041159FCF01EBB4D804AEE77B2FF89315B05446AE502AB260EB75B919DBD2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA45C8 Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 195993aeaf2825ba2dcef276c069e8f132939de0a7b53d2101c5d74dd18d34b0
            • Instruction ID: 40b18886ce169bc79760135dbb386b07204b74f9fc0f1a8e24e016252cd65d5a
            • Opcode Fuzzy Hash: 195993aeaf2825ba2dcef276c069e8f132939de0a7b53d2101c5d74dd18d34b0
            • Instruction Fuzzy Hash: 3E217171F0011A9BDB44DBA9D841AFEB7B9FB8C204F14452AF619D7241EBB0A9148BA1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0908 Relevance: .1, Instructions: 94COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d6805d66f91f156db2f0477354675c879da8bcc15f384d2c722eb59d6d8df084
            • Instruction ID: 8239d6e9082b2652e599a997366b935dcd78359dd2616115fae733624dd4257b
            • Opcode Fuzzy Hash: d6805d66f91f156db2f0477354675c879da8bcc15f384d2c722eb59d6d8df084
            • Instruction Fuzzy Hash: 85410831909B50CBE329CB3AC5587A6BBE2BF85309F14986EC0DB8AA50DB75B445CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA50E0 Relevance: .1, Instructions: 92COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d39204e86affc394a499c64b00654b65795ba24d57177fc27a621e99545fa175
            • Instruction ID: c2d47925acc7fa7692faf128eb7e7db1c757b366cd4a4a80afd4880b57f74b79
            • Opcode Fuzzy Hash: d39204e86affc394a499c64b00654b65795ba24d57177fc27a621e99545fa175
            • Instruction Fuzzy Hash: 45219E31E01309AFDB04EFB5C4146AEFBF6BF89304F114529D40AAB351EB74A956CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA6CB9 Relevance: .1, Instructions: 91COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3a8719aecfd68531176a0af78dbdf686263ff1bf13fc762a760c1c8fc9f439d8
            • Instruction ID: 08416c054a426c4f1c8be9a4b213d6a8d4f6b782d652989c9f9f4514111f2aaa
            • Opcode Fuzzy Hash: 3a8719aecfd68531176a0af78dbdf686263ff1bf13fc762a760c1c8fc9f439d8
            • Instruction Fuzzy Hash: 7C314F31F042098FCB04DBB9C454AEEB7F2BF88344B14856DC846AB355EB35AD16CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAE418 Relevance: .1, Instructions: 91COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bdd1347fc9fec1d076c1e6be36250dd235230fb1575e3cfccac0135cc8aef3ac
            • Instruction ID: 66d032c4a29ade66d64e5a87ccd2d0e202019c52da18d92291c0fd743756ee51
            • Opcode Fuzzy Hash: bdd1347fc9fec1d076c1e6be36250dd235230fb1575e3cfccac0135cc8aef3ac
            • Instruction Fuzzy Hash: 58315A30B016448FCB54DF79C590AAEBBF6AF88204B50443DE506AB781EB76EC51CB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAFAE0 Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b82f69f20163fd86e190bf567e0ed7fa84978341b958f40cadf0feae81a1d19a
            • Instruction ID: 9fcc59f9eff0970c163f1f21371c79a81e3457d0bfa49a248db8209bf2f01849
            • Opcode Fuzzy Hash: b82f69f20163fd86e190bf567e0ed7fa84978341b958f40cadf0feae81a1d19a
            • Instruction Fuzzy Hash: E831A130B04615DFCB29DF28C990AAAFBF1FF94304F148A1AE59683650D731F869DB90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AADCC1 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b910e547b4824f048701a92c6298b0ed4e22d501ad6b00a7fd8cb17004a47da6
            • Instruction ID: 55741ba17f84d50c6ce15cf743f7eafca053a8df82505baa0c33f110528479dc
            • Opcode Fuzzy Hash: b910e547b4824f048701a92c6298b0ed4e22d501ad6b00a7fd8cb17004a47da6
            • Instruction Fuzzy Hash: 0F3160303056118BC759AB74C49276E7BE3BFC52487248D2CD1469F794EF7AE8078B82
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA82E0 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e69127a40f3da4769db9464583ae97250231035fffded1b445544acacf342a5a
            • Instruction ID: 33ef742fd3e73aa1e59a964ff376728d1d2a647e29933afdb0374bc0f989b321
            • Opcode Fuzzy Hash: e69127a40f3da4769db9464583ae97250231035fffded1b445544acacf342a5a
            • Instruction Fuzzy Hash: 89317A30B08210DFC718AB38E5589BD7BB2FB85255310856EE046DB295EF3EAC11DB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA43D0 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 57f5da8b7a2a1e30207728ae43e529d2ca0a2c4735466718622c84ebc1c3b3c9
            • Instruction ID: 0cd45b091005f57d981fdb4dd49aaef1486694fb75425f5b08190641b13c3e53
            • Opcode Fuzzy Hash: 57f5da8b7a2a1e30207728ae43e529d2ca0a2c4735466718622c84ebc1c3b3c9
            • Instruction Fuzzy Hash: E131823560411ACFCB05EF68D84889D77F2FF48308714816BE4065F27ADB36A925EB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA0007 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6f7d7398de8a49f38d0a47f2ca61aa044ec638b441b59c376b96277020796315
            • Instruction ID: 08bb556318821f6bf2625173aae6a148501038282f49cb351a3c10a5e42d7e7b
            • Opcode Fuzzy Hash: 6f7d7398de8a49f38d0a47f2ca61aa044ec638b441b59c376b96277020796315
            • Instruction Fuzzy Hash: 0931607050E3C68FC706EBB498694597FB1FE52204B0945AFD182CB2A7FB389855DB13
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA21B8 Relevance: .1, Instructions: 85COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 644f31d52b75cee308f4ebb8116916da70fd1ad5770694836cb0d18e180ff115
            • Instruction ID: 41254366b10525631540e2a320e12b0e36e20c556afb00d867dec28d4e76dbc8
            • Opcode Fuzzy Hash: 644f31d52b75cee308f4ebb8116916da70fd1ad5770694836cb0d18e180ff115
            • Instruction Fuzzy Hash: 74317E71A09209DFCB54DFA4C4457BDBBB1FB44308F1048AAC402AB790EB31AA78DB42
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA6571 Relevance: .1, Instructions: 85COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b2363c9cb9c588839f3eee3253eeed45ccae7d18004f7fb75a087d61f681c089
            • Instruction ID: e411b418f12b6bb4b29de08121f9d5e621ac6593b78179b09e5ff8e202f20ce1
            • Opcode Fuzzy Hash: b2363c9cb9c588839f3eee3253eeed45ccae7d18004f7fb75a087d61f681c089
            • Instruction Fuzzy Hash: D6210175A001089FDF04EFB9D8447EDBBB1FB48258F1540AAD045AB295EB31AD22CF91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAECB0 Relevance: .1, Instructions: 84COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bbdc29125bf8ccdc7cff48e12810f4014c867fa66428e64ef33a4e4e62a178ec
            • Instruction ID: 0cec21a1572cafe2b62293678dcdf507d1718044f144a7d47a617e622c526922
            • Opcode Fuzzy Hash: bbdc29125bf8ccdc7cff48e12810f4014c867fa66428e64ef33a4e4e62a178ec
            • Instruction Fuzzy Hash: 24312F75E04208EFDB05DFB8C851ADEBBF6EF4D300F10806AD515AB252DB36A911DB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA6677 Relevance: .1, Instructions: 83COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 859a428ee71eae6746f75b7841e7dd6a33ddf4be2474963c6a4a13c649015b85
            • Instruction ID: d32e11bf53c8fdf7393264453c0336e0f42c15a1d550693fe2a697d7d8cfdad8
            • Opcode Fuzzy Hash: 859a428ee71eae6746f75b7841e7dd6a33ddf4be2474963c6a4a13c649015b85
            • Instruction Fuzzy Hash: 55318D712002168BC719AB78D11555D37A2FF8534832486AEE10AEB385EF3A9C0ACB92
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAFD41 Relevance: .1, Instructions: 81COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fc3eba62145b4762955df96221cdc1f27f187c453d9776776669ff5a87e5e0a3
            • Instruction ID: 05434b722686369dcd4775bc7b91daeccdcfbe25b51e66d585ba7959dc7ad395
            • Opcode Fuzzy Hash: fc3eba62145b4762955df96221cdc1f27f187c453d9776776669ff5a87e5e0a3
            • Instruction Fuzzy Hash: A6216B36900104EFCF1A8F90D848DE9BFB2FF48315B058499F2165B032D732E929EB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA50D0 Relevance: .1, Instructions: 77COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e924d7f46060972d38429ff49f1b0de259be9c1f28af302cd8db322170ed059f
            • Instruction ID: c176a333039974c1effe9c6e3cb4ad72bf03618e7b59738e2ec8bf35f878d7ac
            • Opcode Fuzzy Hash: e924d7f46060972d38429ff49f1b0de259be9c1f28af302cd8db322170ed059f
            • Instruction Fuzzy Hash: 71216D71E05749EEEF01DFA4D8186EEBBB2EB85304F50452AC509AB211E770655ACB81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA21E8 Relevance: .1, Instructions: 77COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: df9b3ddc183f7dd992863a7edc529f01dd6b803de39106c9bb8ac85be4ff7b59
            • Instruction ID: 771600b06223c4416ec116eba7d9ee0ae93acd63d246902139283fa4420dbdca
            • Opcode Fuzzy Hash: df9b3ddc183f7dd992863a7edc529f01dd6b803de39106c9bb8ac85be4ff7b59
            • Instruction Fuzzy Hash: 9A314D31E08209DFCB54DBB4C4557BDBBB1FB45308F1045AAC402EB7A1E735AA28DB52
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAE9F1 Relevance: .1, Instructions: 76COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5bb5fb8b14999683a7edd6767fc3ed399abcb6a2b13a0f87da14263a9410c488
            • Instruction ID: 517c835552a49c62db0dd6e4339310490b09e7fc9d908a8cf337d4acc5bc583d
            • Opcode Fuzzy Hash: 5bb5fb8b14999683a7edd6767fc3ed399abcb6a2b13a0f87da14263a9410c488
            • Instruction Fuzzy Hash: DC21AE30B45211CFC755CB28C4006ABBBF1BB88315F6881A9D009EB201EB32A962DB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02640822 Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.657039824.0000000002640000.00000040.00000020.00020000.00000000.sdmp, Offset: 02640000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2640000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 56cf6977cdb5ead965542321807ce4fd447ae498438595931aeae42f2b917b3b
            • Instruction ID: 716263034ef3fe0f5651be456d21d4a6875b7c0d49cef9ce3396d75408dbd525
            • Opcode Fuzzy Hash: 56cf6977cdb5ead965542321807ce4fd447ae498438595931aeae42f2b917b3b
            • Instruction Fuzzy Hash: 0E315E7550E3C08FD7078B2089A4755BFB1AF57304F2A85DFD5C58B6A3D62A8806CB52
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA48B8 Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 71741dc493d74ab1c0f3e89fee28e3cd747ae0e64c146308068d84db82599a8f
            • Instruction ID: a97ae48a91d628ba9a9c1291452109f705e40e14ae9062f581f014320e33f681
            • Opcode Fuzzy Hash: 71741dc493d74ab1c0f3e89fee28e3cd747ae0e64c146308068d84db82599a8f
            • Instruction Fuzzy Hash: 3211E932B041549BCB05DBB4D8519FF77B6AFCA218B04403EE502B7251EF656E2687A2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA8886 Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ef059753341996fa8b8bd0a06ecd5d31a7e7ac93ea27a526d241d387fe69b743
            • Instruction ID: 1f36ad01233a95055c3214e430348d6bfbf68a1e90e128ddea6ec881d1a7fbfd
            • Opcode Fuzzy Hash: ef059753341996fa8b8bd0a06ecd5d31a7e7ac93ea27a526d241d387fe69b743
            • Instruction Fuzzy Hash: 11316770A04209CBDB24EF65C159659BBF2FF88318F14952EC408AB254DB7DA899CF92
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA25DE Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 49ba2b9e223b3ce4bbc417a445f9591df1ae6857198672046ea6b865d5cfade7
            • Instruction ID: f25aca707b95e2af40f417635e35b78a82b5cbd0c5bed26e3771ecdebcc548e7
            • Opcode Fuzzy Hash: 49ba2b9e223b3ce4bbc417a445f9591df1ae6857198672046ea6b865d5cfade7
            • Instruction Fuzzy Hash: B7318E31E01249CBDB20DF65C944759BBF2FF44309F24C26EC0059B269DB78A559CF42
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0045 Relevance: .1, Instructions: 74COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 674b09489c27257503809b4f399098e9812a31c486660586701709d2a726a2c5
            • Instruction ID: fb9dda523d46ea64b8f10c1d89aa280a424802ca0388660470c9381a2c503567
            • Opcode Fuzzy Hash: 674b09489c27257503809b4f399098e9812a31c486660586701709d2a726a2c5
            • Instruction Fuzzy Hash: CB110872A04244AFDB50DFBCD8406DBBBF6FB88200F00447AD145DB262FB35A811C752
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA6F08 Relevance: .1, Instructions: 74COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0e568e7d5ea5190f948cc85275a2d8322a0b22f42ca9ca2238c42f577e41fd97
            • Instruction ID: 6a5fb15d52484cba55735c5afc1b6f03054a916b4c949d71c5a629a2bd0dff31
            • Opcode Fuzzy Hash: 0e568e7d5ea5190f948cc85275a2d8322a0b22f42ca9ca2238c42f577e41fd97
            • Instruction Fuzzy Hash: EC21F630B041046FDB08A7B98850ABFB6F6AFC5248B14457E9403DB792EF35AC1487A2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA8490 Relevance: .1, Instructions: 73COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 416a904a0ba8b52ee2ab56a7d328a923a5d21dbc92d563d43cb33aecaa3edf23
            • Instruction ID: 5b5fc2213e8c9f6559f95188d5f262298fc4b2b63d493a1c405b9ef08ac9702b
            • Opcode Fuzzy Hash: 416a904a0ba8b52ee2ab56a7d328a923a5d21dbc92d563d43cb33aecaa3edf23
            • Instruction Fuzzy Hash: 9C212F70E04206DFDB55EFB4C1556BDBBF1EF49304F10809ED806AB251EB39A960DB52
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA4F10 Relevance: .1, Instructions: 73COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c0be1fc118a6df84866e49df6604f28fa62ef9d56b40678d8628fb644dfdb4ff
            • Instruction ID: b7cf10ae717bf8d4a84112396dfb8d5bf3008597d25d2100a62869a4f2d0cfda
            • Opcode Fuzzy Hash: c0be1fc118a6df84866e49df6604f28fa62ef9d56b40678d8628fb644dfdb4ff
            • Instruction Fuzzy Hash: 0121A43130D20A8BC704E734E59197D33B2FBC8A45750997BF0124B59AEFB47826E392
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAAD00 Relevance: .1, Instructions: 71COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 06e3f1ff3532e1ec051aeed30795e450eb55e08e9317711dfd8321a4044d2f20
            • Instruction ID: 13587aba32b51c8f61b861f46fb38ca90182c62cb8d5ff70a6b74df972f450dd
            • Opcode Fuzzy Hash: 06e3f1ff3532e1ec051aeed30795e450eb55e08e9317711dfd8321a4044d2f20
            • Instruction Fuzzy Hash: 3F21A1B1E006658BCB14CB99D8945AEFBF2FB8C315B10812AE855E3350D774AD11CBA4
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAD040 Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: eded86d2cb7e920de5c6780fbf2c1006ceed518b15f0fc11bda169b5fc79f391
            • Instruction ID: 46431b13d4892cc8067f3b86f48ceca5861c02177135e5c1d96ace45e902f7ba
            • Opcode Fuzzy Hash: eded86d2cb7e920de5c6780fbf2c1006ceed518b15f0fc11bda169b5fc79f391
            • Instruction Fuzzy Hash: D9212A702052158BCB49BF38E6151197BA2FB8530C32489AEA10ADF396DF37DC07CB80
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAF9B6 Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ce99b23ddb77444d04698f1f5471ae64f085714872feece9ac5987f9ae0a4ae7
            • Instruction ID: 29dade40f869bb69d46e6b18143eb6caae1b3b050e5ef17e467bd3e5219990fd
            • Opcode Fuzzy Hash: ce99b23ddb77444d04698f1f5471ae64f085714872feece9ac5987f9ae0a4ae7
            • Instruction Fuzzy Hash: ED319639600205DFEB04DF68C580EADBBF2BF88324F164198EA11AB366D735EC95DB50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA4510 Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 85a1f90828ba66dcc0afdc6c87c4cb5e1ffbd19e08226c9548ac9d80f865380c
            • Instruction ID: 0443bbcc311293877a98863cfd2116041b8a38e7ab0c58f0ed3ac944a377fee2
            • Opcode Fuzzy Hash: 85a1f90828ba66dcc0afdc6c87c4cb5e1ffbd19e08226c9548ac9d80f865380c
            • Instruction Fuzzy Hash: 07110832F081018BCB01DA68D4102EEB7B69FCA211F04417BA906DB291EBA1AD25C7D1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAA5A8 Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c7f3542be7b88ad4c05e98c9c08e404231e63143e8b32e698870084d05359fc2
            • Instruction ID: 387910a28499eb23a0380e5d481b59608716c1dd2914daf435dc7410ad399b7d
            • Opcode Fuzzy Hash: c7f3542be7b88ad4c05e98c9c08e404231e63143e8b32e698870084d05359fc2
            • Instruction Fuzzy Hash: 71110630B14355EBCB24DB78D841AAE77F2FB88744F14456EE402EB281EB75AC20CB95
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAE2C0 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d6b07591f2dd039ce4f2bfcb0334e4cfbb9211e17e6a5d8cb471840faecff6d9
            • Instruction ID: 2b1e60c1f4a219d84757e4fc678d7d70a34ac5e1ba19c14b1d1cdd923a6fa0d2
            • Opcode Fuzzy Hash: d6b07591f2dd039ce4f2bfcb0334e4cfbb9211e17e6a5d8cb471840faecff6d9
            • Instruction Fuzzy Hash: 44213B31A40214DFCB54DFA98551AFFB7F5EB88214B50806AE40AA7640E731BD22CBA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA5000 Relevance: .1, Instructions: 67COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d30825dbc815c3aa1be0ad2cb2b4d966b141aae7f4496db26e63f047cc888a2c
            • Instruction ID: cd6504b578c30e69e982e45884d29e7ee31b400a9c91a3716756433b1b87f042
            • Opcode Fuzzy Hash: d30825dbc815c3aa1be0ad2cb2b4d966b141aae7f4496db26e63f047cc888a2c
            • Instruction Fuzzy Hash: 4111CD31F041159F9B44EFB894507AE77E1FB84244750817AC406EB381EF31AC2297E6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAF738 Relevance: .1, Instructions: 66COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b23fc919273c1ca732e3255037b71e24c1ff77bfcaacb9e89e3af78a269282fc
            • Instruction ID: 91221029b821c5b7f57ba725d44efdae63fb77a9b25e17111def2cd29c2268a9
            • Opcode Fuzzy Hash: b23fc919273c1ca732e3255037b71e24c1ff77bfcaacb9e89e3af78a269282fc
            • Instruction Fuzzy Hash: 6021D2B5F08244CFCB299F60D0497EEBFB1AB48318F14442EE046A7681DFB56866DB81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAC548 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e3322d87186a0eba60c1456ffc8dff35cce1383d0807c72180b17979d02d5472
            • Instruction ID: a73fda07722681aca886864882e9c2c8d5991f7fe8bc0d2b31b6af7658651df4
            • Opcode Fuzzy Hash: e3322d87186a0eba60c1456ffc8dff35cce1383d0807c72180b17979d02d5472
            • Instruction Fuzzy Hash: A8118C317041159F9708EB69C450A6EB7F7EFC9364714816AE80ADB391DF36EC228792
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAE2B1 Relevance: .1, Instructions: 60COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3da3393bf6bd9ca007741c1d5b389e33e15ce5da28721c7353357f174e0b466d
            • Instruction ID: 288c55a7e66f851b6c68128309f69dd8d0a19a4da243be06abd5f6d4aefd853a
            • Opcode Fuzzy Hash: 3da3393bf6bd9ca007741c1d5b389e33e15ce5da28721c7353357f174e0b466d
            • Instruction Fuzzy Hash: 97113A71A45214DFCB64DF59D5509EFBBF5FB48310B10806AE40AA7201E331BE66DFA1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0264087C Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.657039824.0000000002640000.00000040.00000020.00020000.00000000.sdmp, Offset: 02640000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2640000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4a07b52b5055e841c9f85d68b34bbfa9a7d6b4c5452cb7a294a29327895b266d
            • Instruction ID: 45264c121adfab971567cdcfde4d55badbd389c8f306ef44de62201022bd77ac
            • Opcode Fuzzy Hash: 4a07b52b5055e841c9f85d68b34bbfa9a7d6b4c5452cb7a294a29327895b266d
            • Instruction Fuzzy Hash: EA110631204240DFD719CB20C544F26BBA5EB5971CF24C9ACEA894B752CB7BD813CA91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA0C68 Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 836fb9413ef3be5a52264172ba82a03fb9ecfd24e0c11852b9b072fddb53ac4c
            • Instruction ID: b3fa693a80611b5a1f89aff8b20285ad69659530fa7d17f9204f57dd2e4872ff
            • Opcode Fuzzy Hash: 836fb9413ef3be5a52264172ba82a03fb9ecfd24e0c11852b9b072fddb53ac4c
            • Instruction Fuzzy Hash: 6B1157313091008FC704AB38C465BAE3BEAEF89254B14807AE507CF7A1DF769C469792
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAC678 Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 74a9cbee803265cbf5e4d7d9bc609a983e341521f54b889971ba11dca95dd090
            • Instruction ID: b6773662ba35a99419dd31f63ca64964996f52a1f8c66cd1439f5d8d920dd6fd
            • Opcode Fuzzy Hash: 74a9cbee803265cbf5e4d7d9bc609a983e341521f54b889971ba11dca95dd090
            • Instruction Fuzzy Hash: F111B2713046008BE214A738810153D77E2FB82258724955ED14BAB781EF76FC129B57
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0070 Relevance: .1, Instructions: 58COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e3037ab1da9b0fea4c9126d5c454dce0ad4fb94065f050f5ae5f6596e645b155
            • Instruction ID: 96344d6da57eaff1c213f47d09513cbbe405797b7c19b6c82181b2327f2693e2
            • Opcode Fuzzy Hash: e3037ab1da9b0fea4c9126d5c454dce0ad4fb94065f050f5ae5f6596e645b155
            • Instruction Fuzzy Hash: E4113375A04204AFDB54DBBDC844ADBF7F6EB8C250B00447AD109DB251EB35A9118752
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAFD50 Relevance: .1, Instructions: 58COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bc232eed26b19f2def53cd50ba804e2d9057050039b3cef91c239adab760a201
            • Instruction ID: 6e483a0dfbfdc871f8ca27027e974d738cf26e04a8c11f1bffd7047ae9be97f8
            • Opcode Fuzzy Hash: bc232eed26b19f2def53cd50ba804e2d9057050039b3cef91c239adab760a201
            • Instruction Fuzzy Hash: 8811F536900118EFCF0A8F80D908DE9BFB2FF48315B0A8495F2156B032D736E929EB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA7EB8 Relevance: .1, Instructions: 58COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8d2956959980d8e19ecd41ac54302829e87335b6afd7a0733862b6251b70a1c5
            • Instruction ID: 6cbf82e67821e288e21d33c177f24dca46b94f4d8922454b89d3bfe28cf6ef1b
            • Opcode Fuzzy Hash: 8d2956959980d8e19ecd41ac54302829e87335b6afd7a0733862b6251b70a1c5
            • Instruction Fuzzy Hash: 5A110835909144DFCB01CB74C804AEEBBF1EF45300F1440ABC5429B1A2E731AE19CBA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAC260 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bb143b0b2f646892705e7c6228bc5af8762e3bd6c037a2785c700fd103cc6626
            • Instruction ID: 75f039322f7e639f840ffa58d470749fa7bfaae86268483a9428b55015836d61
            • Opcode Fuzzy Hash: bb143b0b2f646892705e7c6228bc5af8762e3bd6c037a2785c700fd103cc6626
            • Instruction Fuzzy Hash: 7311A0317082249FE305AB7C9414B293BA7FB89225B0505AAE54ADB388CB759C45CB94
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA4FF0 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 09736d014f2a95d2073791dea28995513c19dc13639437e706ca97e1d2cd6d2a
            • Instruction ID: dea090987ec877dd9dbd8dd4f53cd6bd10c5d87ef79247454a68273feed0fb70
            • Opcode Fuzzy Hash: 09736d014f2a95d2073791dea28995513c19dc13639437e706ca97e1d2cd6d2a
            • Instruction Fuzzy Hash: CC01C431E05605AFDB40EBB898526EEBBF0EB45140B54417BC806DBA42EB21592297D6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAD9C8 Relevance: .1, Instructions: 54COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 10bc6f82c09edaf2928e5a7713b13b69295bab43c6dd47e94fad487846ea8040
            • Instruction ID: 1e34054480b75021cd89698826cbf72c40d4a48c1d7d874e78bcde34d903783a
            • Opcode Fuzzy Hash: 10bc6f82c09edaf2928e5a7713b13b69295bab43c6dd47e94fad487846ea8040
            • Instruction Fuzzy Hash: E5012632709210AFCB1427785C1562B7BAAFB8A214710447FE406C7392EF358C0183A2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA4788 Relevance: .1, Instructions: 53COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 211fec779997d9e9e5bd7c841363a5693dee13703997e73c4dd6ff460fc75848
            • Instruction ID: 40931761436a72ec0478ecd7a4539d1de0a8e16217f2718d35283a34fe4b546f
            • Opcode Fuzzy Hash: 211fec779997d9e9e5bd7c841363a5693dee13703997e73c4dd6ff460fc75848
            • Instruction Fuzzy Hash: B6016171F051584FCB55EF7888526AE7BF1DB89244F20457EC44AEB282EB39490397D2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008DACF0 Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.655576333.00000000008D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 008D2000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8d2000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e2887bd7f5c9e0b959bac42c87b0ac8b52d3452ab7393690fea9090cfda5caf6
            • Instruction ID: 6f6c2ef6f63f54cc83e0bec6303fc7a05e1a3617ed3945a412d18c746d887d42
            • Opcode Fuzzy Hash: e2887bd7f5c9e0b959bac42c87b0ac8b52d3452ab7393690fea9090cfda5caf6
            • Instruction Fuzzy Hash: 6F11E8B5508301AFD350CF19DC81A5BFBE8EB88660F14886EFD5897311D235E9188BA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAA098 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: de09f78d1cbd4d802e547549a5d88b0a7c253871742e66fe8fae456978991364
            • Instruction ID: dd0a47f43fca1241b30b88a26092075b24c5bdb4e46b44697c3037a3021797a4
            • Opcode Fuzzy Hash: de09f78d1cbd4d802e547549a5d88b0a7c253871742e66fe8fae456978991364
            • Instruction Fuzzy Hash: B701B132B041089BEB24DB64D855ABFBBF19B84314F24846EC006A7240EF72BD25EBD1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAD9D8 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bd026abc4554595fefd6ea1922863669db11996a0d0866c8bb5bcd90acebf4bc
            • Instruction ID: 48e10ff46cf774985649012a0fa2ddc7d712ea314ace9dd057e04bd74fd0689f
            • Opcode Fuzzy Hash: bd026abc4554595fefd6ea1922863669db11996a0d0866c8bb5bcd90acebf4bc
            • Instruction Fuzzy Hash: DB01F232704224AFCB142BB9980962F77EBFBC9668710443EE406C7742EF36DC0183A2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA11DF Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b7d1242592706eb03ed0975f9278b2e78e03df1b188b7e5b95939e8e7bf99c97
            • Instruction ID: 93673ec8ed2d14179df2e13e26d3b3e1838b0c5e4cad2a69c9e8adf09e43f43c
            • Opcode Fuzzy Hash: b7d1242592706eb03ed0975f9278b2e78e03df1b188b7e5b95939e8e7bf99c97
            • Instruction Fuzzy Hash: 1B118E3130D290DFC7059728C4588697FF2AF96208B1940FBD046CF2B6DF65AC1C9752
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAA088 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0cd5319802eae3efcfa44283792a9b1d90d3c79c4f8da3ac99bcdd41c8cf6b62
            • Instruction ID: 5d03f96f26459b4e5f4504e4f0497a69dec1376b7cf89119beadc08e88330ad6
            • Opcode Fuzzy Hash: 0cd5319802eae3efcfa44283792a9b1d90d3c79c4f8da3ac99bcdd41c8cf6b62
            • Instruction Fuzzy Hash: BB01D831B051049BE724CB60D855BBFBBF19B84304F14445EC006A7281EF65BD15EBD1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAFA20 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 62c48e3349daabe20258b18dd92b0d4f4ce1d9379ba2057370e49201854706a2
            • Instruction ID: f7637d4843bb07b42b98903e7e581b85c75a640c39a16b076d065346f738d97e
            • Opcode Fuzzy Hash: 62c48e3349daabe20258b18dd92b0d4f4ce1d9379ba2057370e49201854706a2
            • Instruction Fuzzy Hash: 0F01A731B001269BDB14EB68CC829EEF7B6EB84B40F504429B514AB244EF70AD2087D5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAC250 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f1edfac0b9ca4f0ff5db5ab6ffb50a0bfa23ece0b4cd4875cace6a7b1f5dd140
            • Instruction ID: abf6671cb55c250d76da82050d5010340c648ee50c703dce1623ce01d5f5117e
            • Opcode Fuzzy Hash: f1edfac0b9ca4f0ff5db5ab6ffb50a0bfa23ece0b4cd4875cace6a7b1f5dd140
            • Instruction Fuzzy Hash: 5601FC313083549FE302AB7CE55476A3BA7FB86229F0504A6E446DF389D735DC45CBA4
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA385F Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7f0ae0e3334977e9c22ad8f13a2b07598448e220dd7217c83c41a54baf08fe52
            • Instruction ID: 478d7f1d067ef3b4d0f69651e8662a80c7764d92f06be6b815723809995917ae
            • Opcode Fuzzy Hash: 7f0ae0e3334977e9c22ad8f13a2b07598448e220dd7217c83c41a54baf08fe52
            • Instruction Fuzzy Hash: CE01A231F04116CBDF109B6998859BAF7B7AFC9240B15417AAD06AB251EB30FC108363
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA1209 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 776eecce9e9cb67c16ce2c648489486ba23b1c3294ab8d700103e5c41f05928d
            • Instruction ID: e84306e5e3f9dc3205ac792e316a7758261c74a2fd7fd780fea42c6922f17d21
            • Opcode Fuzzy Hash: 776eecce9e9cb67c16ce2c648489486ba23b1c3294ab8d700103e5c41f05928d
            • Instruction Fuzzy Hash: E4011A30309150DFCB049728D05896ABBF6BF96609B2940BBE406CF6B6DF759C1D9B42
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAA720 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 271f50a4fcb6eb7b1bf2f777e444ee97dc45ba15cfc432559fbf4f7f2f9f7d32
            • Instruction ID: 95650f5cb52fc903408c580c7f8df6d7d508aa3b4f9e06c8c79d1f4599ad128e
            • Opcode Fuzzy Hash: 271f50a4fcb6eb7b1bf2f777e444ee97dc45ba15cfc432559fbf4f7f2f9f7d32
            • Instruction Fuzzy Hash: 07018F71A042099FDB50EBB9A9057AEBBF4EB84224F10413AD548D7240EB369910CBE1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAA890 Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f0cb9e0a6109543cab1a7e58172b8687e9d11e2cf4943a93184041298a0e0041
            • Instruction ID: b9096d25b9119ab8d71117aa6ddfe39231f3223f328ff8a03e8ff13e4a1a17c5
            • Opcode Fuzzy Hash: f0cb9e0a6109543cab1a7e58172b8687e9d11e2cf4943a93184041298a0e0041
            • Instruction Fuzzy Hash: 66012631309304DBC611F7B8E1159A977E6EB892A1714407ED406DB244EF3AAD12DBA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA6580 Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1aad26b85d51f478b1a46e3812826501ccbbb985a848ecac9f1b31610f42a33d
            • Instruction ID: de62da0f2014bea033c34317d06a97c00d45340fa1b4f6b34d6c92f8d1d1c0f7
            • Opcode Fuzzy Hash: 1aad26b85d51f478b1a46e3812826501ccbbb985a848ecac9f1b31610f42a33d
            • Instruction Fuzzy Hash: A6018F71A0410D9FDB50EB79E8417AEBBF4FB44254F14417AC508D7281EB3069618BD1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAA710 Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7d8b314eae6456e3c3ed8c619cfa183b8841db18b6a515a7ce5ee6b19ce41dca
            • Instruction ID: 19ce4b9867b6cf8933f5f04cfc895379df43859b897d5cc4c146f7965e04ad8a
            • Opcode Fuzzy Hash: 7d8b314eae6456e3c3ed8c619cfa183b8841db18b6a515a7ce5ee6b19ce41dca
            • Instruction Fuzzy Hash: 2901D6B0A042099FEB50EFB898057AFBFF5EB44614F20412AD544D7240EB36A910CFE1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 026405CF Relevance: .0, Instructions: 44COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.657039824.0000000002640000.00000040.00000020.00020000.00000000.sdmp, Offset: 02640000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2640000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9933919bf384a42d0e4f8457ac631950ab6a3f1509ce060b70c79760cf50428c
            • Instruction ID: c4044b374a62da634359442c938636261a74a86ff982295c1ad9699d68170ee2
            • Opcode Fuzzy Hash: 9933919bf384a42d0e4f8457ac631950ab6a3f1509ce060b70c79760cf50428c
            • Instruction Fuzzy Hash: 780186B65097806FD7118F16DC41862FFA8EE86620719C49FEC49CB612D22AA919CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA49BC Relevance: .0, Instructions: 44COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5aa522347dc7522ae32996e38bb0662e7f12e798b2bfe76a2aa22150e9cdf8f9
            • Instruction ID: f55b0bb1cf8f9b58344d0a96ce9b4d946f6b173652ab006da4a5baff7b43b400
            • Opcode Fuzzy Hash: 5aa522347dc7522ae32996e38bb0662e7f12e798b2bfe76a2aa22150e9cdf8f9
            • Instruction Fuzzy Hash: 4D012C742081405FD304EB78C661B6E72DAEFC9B08FA4885C604987B96CF397C21A737
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA9238 Relevance: .0, Instructions: 44COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 54cce6d532dfaf6e0351ea40b8e92e7f638d1114fd01578d049e3dec89ab314b
            • Instruction ID: 0f0802169cd81a85cc1574f31ec19aaadf6467a149bdf70abc07d6da77882b8e
            • Opcode Fuzzy Hash: 54cce6d532dfaf6e0351ea40b8e92e7f638d1114fd01578d049e3dec89ab314b
            • Instruction Fuzzy Hash: 27F0FC31F051459BEB045BB5D40559FBBF9DF83108F41C975DD11DB211DB30A816C792
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA8201 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 91ed85ed93f534d48d0247703c9a4d6b84a5e07960d05487edfefca5da7c58db
            • Instruction ID: b8c93b6c3c29f318a49b3ea0842d80dc6c530ace1ba005a7202c3e062fa0211b
            • Opcode Fuzzy Hash: 91ed85ed93f534d48d0247703c9a4d6b84a5e07960d05487edfefca5da7c58db
            • Instruction Fuzzy Hash: 57010CB4D09209EFDF14DFA9C481A9EBBF1AF89304F1080EAC854A7355E734AA45DB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA1218 Relevance: .0, Instructions: 42COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f81de2c95f0a65c43a6136bbb7b5e8244865a10fc56f12aaf54de703f997bd30
            • Instruction ID: f811180aac76c62f7387151f5a81da241928392ec675075ffbcf6e72d33c0b3f
            • Opcode Fuzzy Hash: f81de2c95f0a65c43a6136bbb7b5e8244865a10fc56f12aaf54de703f997bd30
            • Instruction Fuzzy Hash: 1C016D30304110DBC604A728D058969B7FAFFD5608B2440BAE006CF275DF75EC189782
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA08B1 Relevance: .0, Instructions: 40COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d0c6601e810595a5a4b6f65c2e844aa54e8822e016d4bca52523ed9d52985768
            • Instruction ID: d78fd29c53be64a5d404aea13382f311071f6f8541cd0638a70b3851b701ad70
            • Opcode Fuzzy Hash: d0c6601e810595a5a4b6f65c2e844aa54e8822e016d4bca52523ed9d52985768
            • Instruction Fuzzy Hash: 9FF0223260A2148FC3109F79FC88A9EBB94FF94325B00433BE90A87121DB70482297D5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAA649 Relevance: .0, Instructions: 40COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 20ddfcb2a8e2aa0af7daf69ce6b529c14ce882346c1b5d1976766178c2ffd463
            • Instruction ID: 017e160e3633c29cdba49ff24c58638abc8f48c08988ec5cecaeda5d798bea0c
            • Opcode Fuzzy Hash: 20ddfcb2a8e2aa0af7daf69ce6b529c14ce882346c1b5d1976766178c2ffd463
            • Instruction Fuzzy Hash: 7EF03134B003159BCF05EB78D882E9D7372FB88658F20855AE505AF285DF79DD1187D1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA5FB0 Relevance: .0, Instructions: 40COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 19074cbb584193ed43f2c54380fba0307a95dafbc8e58ff20dada8543f51bacd
            • Instruction ID: 85ce45624b262adf941e3ec1d22a0ea94e788039b0f9e768f596f2bbcfa5c9fb
            • Opcode Fuzzy Hash: 19074cbb584193ed43f2c54380fba0307a95dafbc8e58ff20dada8543f51bacd
            • Instruction Fuzzy Hash: 3AF04631B0C2459BD710937488106AEBBF4D786144B0484ABC887C7282FB327525D7D2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA5B88 Relevance: .0, Instructions: 40COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a54b0b438aa7c62ec1dc1d51438c39c85973d7bb3bbde843f806704f6dea60ed
            • Instruction ID: 143e35cfd34dbbf46e328d2abdd05d3d69efc11114d8e1af8dd0e4a575e8fd9c
            • Opcode Fuzzy Hash: a54b0b438aa7c62ec1dc1d51438c39c85973d7bb3bbde843f806704f6dea60ed
            • Instruction Fuzzy Hash: A9F0F631B1D148AFDB10977588216AEBBB4D795551F0400ABDD069B282FB21692982D2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAA8A0 Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dc6303a2eff7ec6db94fb6a99bc9ec01d4283c301e2e5294e375740902ae2fde
            • Instruction ID: 7d33665a57d01a72676536d72370799e6084d737e4407bf82cf8be3e0e7fa408
            • Opcode Fuzzy Hash: dc6303a2eff7ec6db94fb6a99bc9ec01d4283c301e2e5294e375740902ae2fde
            • Instruction Fuzzy Hash: 51F0C231304304DBC610F7B8D11596977E6EB882A5314847ED00AEF354EF3AAC12DB92
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA9E61 Relevance: .0, Instructions: 38COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 81cd9d6743063f3675649d9c247c37e533c82d141ec1804225687440da575eda
            • Instruction ID: 0be9b36d0273c34a2115a35bacdbdad9393dc216f930c4db8c217f09e4bccd48
            • Opcode Fuzzy Hash: 81cd9d6743063f3675649d9c247c37e533c82d141ec1804225687440da575eda
            • Instruction Fuzzy Hash: 31F0FC72704354CFC325937898156697FB6EBC622831984AFE00EEB292DF65EC06C752
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA5FC0 Relevance: .0, Instructions: 38COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fbfdc4a6025cedf8870c9f47e086707c7b9bb2f7461b19bcd258a728ca4aaf64
            • Instruction ID: 9238a9714fa1dc60d4e67e79553c2a09c1a03805595892973be281026bc756c9
            • Opcode Fuzzy Hash: fbfdc4a6025cedf8870c9f47e086707c7b9bb2f7461b19bcd258a728ca4aaf64
            • Instruction Fuzzy Hash: DDF05230B081159BAB04923458006BFB3F5C785598F048036C90BD3382FF36B961AAE3
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA7D09 Relevance: .0, Instructions: 37COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a16ef9e987e596a1e70ba5dbf8549adcf66dfc1c2b32e6edf6ce3125f945ad91
            • Instruction ID: 86c0f0acdedf734cfad11280ca369b5c693ade70de1db42fd0e67b848fbce2cd
            • Opcode Fuzzy Hash: a16ef9e987e596a1e70ba5dbf8549adcf66dfc1c2b32e6edf6ce3125f945ad91
            • Instruction Fuzzy Hash: 03F06D38B0D249DFC710CB69D8818BBBFB4EB8621070484B7D506DB152F720E8259FA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAF6CF Relevance: .0, Instructions: 37COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 60ae603caca8757fa221c44312ca36104c190e3bb7afb977bdc74e2a70a67067
            • Instruction ID: 7661a4b2055ca7f7cdd67f3f3f9ecef590be21827f17510f34b8727fbb32f51b
            • Opcode Fuzzy Hash: 60ae603caca8757fa221c44312ca36104c190e3bb7afb977bdc74e2a70a67067
            • Instruction Fuzzy Hash: F6F0AF76904258AFCB42DFA8A940AEDBFF5EF09210B1080A7E55897162E3358624EB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAE6C7 Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c3f04c8f81f1b0ac75c3e0348fee111543556b196a9a76c8f3f35dc3e83d54a9
            • Instruction ID: 1e357ad4d5d68e1c8b86af89ade7d8c8b4598e63191f519a18975c698e121ee5
            • Opcode Fuzzy Hash: c3f04c8f81f1b0ac75c3e0348fee111543556b196a9a76c8f3f35dc3e83d54a9
            • Instruction Fuzzy Hash: A4F054727CC36016F731536C68447A77A689795314F0C4577F95B87183F7452C149371
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA4F68 Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a4d276766225ddefe6a6cdc40c7797591f82b6613e71a045cdeed1c5f1c7ce90
            • Instruction ID: 746b0a8281aca188ea024dad8cf8ec1600f03483f342e3c0f2e9995c642267b8
            • Opcode Fuzzy Hash: a4d276766225ddefe6a6cdc40c7797591f82b6613e71a045cdeed1c5f1c7ce90
            • Instruction Fuzzy Hash: 63F0F47521C20A8BC700F778E492D6D3371FB98688360552BD0024F59FEFB57925E792
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA45B8 Relevance: .0, Instructions: 35COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4a1e9d8fa7e6414366f435bf9202c461d6aec03157051195544e00b070da0c6f
            • Instruction ID: e4494b72e029f066cab2abae9f9ec20da05c88936aedb702e3d9a4038d6b05d6
            • Opcode Fuzzy Hash: 4a1e9d8fa7e6414366f435bf9202c461d6aec03157051195544e00b070da0c6f
            • Instruction Fuzzy Hash: 1CF08270A053596FDB50DBA99C02BAABFFCEB8A210F15017BE518D7152E2705904C7A2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA46A7 Relevance: .0, Instructions: 35COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 408cc799e36b997fe11e3739bb154ac30bde2d7b9164742997c7c2325c733efd
            • Instruction ID: 70ddfebdb4f1d41a8025a231237586c68e4c223e692bc3981513aea543df9215
            • Opcode Fuzzy Hash: 408cc799e36b997fe11e3739bb154ac30bde2d7b9164742997c7c2325c733efd
            • Instruction Fuzzy Hash: D9F0A73130E5905FC72157B46865AAD3BB59F4624070C01EBF407CB553DA5A98029783
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA81A8 Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: da6ba9ddec7ded00ce4cbf96e2b2192e074f5d8a21bdce664e468a312bcce4fb
            • Instruction ID: 37cfe7c8d1e09e62cbee3ac5a278376ae2d5f25e556a678121d922454627181e
            • Opcode Fuzzy Hash: da6ba9ddec7ded00ce4cbf96e2b2192e074f5d8a21bdce664e468a312bcce4fb
            • Instruction Fuzzy Hash: 19F08274D0A208EFDB15EF68D58559CBBF4EB4A304F1081E7C80597342D7346E1ADB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAC53B Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e9a659f12a9ab25f157e2887912c036a0168d4dcf2aa50f54eea308c8c7af795
            • Instruction ID: 3737157fd04efcf2e6bdfeca64e551d92611aec6b70e8037a214500bcb7a9bf1
            • Opcode Fuzzy Hash: e9a659f12a9ab25f157e2887912c036a0168d4dcf2aa50f54eea308c8c7af795
            • Instruction Fuzzy Hash: 20F055337041211B821862BD6411B3F36AA8BC9660748026AF805D3781CF22BD2183F6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA0908 Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fde5f3acf992a52f788e560938f2d94bedc1547725593bafd6272805d3e60c1a
            • Instruction ID: 0fea849143902ae335f6fd2af56978d1d02715a21d8c5b5ca8daa15e01e8a5d9
            • Opcode Fuzzy Hash: fde5f3acf992a52f788e560938f2d94bedc1547725593bafd6272805d3e60c1a
            • Instruction Fuzzy Hash: 1EF02730A1E3948FD711DFB08C1151F7FF94B87340B4544AB9D439B252EB6868159393
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA0918 Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6133f1992a07ee34d82ced8736c57ffb5d23bf7fda89cf60ac7fa6fbbd04fb91
            • Instruction ID: 6020b89a20b2d86f665b2116cbf6cfe1469132d8ecef258a7ee7a540f520076b
            • Opcode Fuzzy Hash: 6133f1992a07ee34d82ced8736c57ffb5d23bf7fda89cf60ac7fa6fbbd04fb91
            • Instruction Fuzzy Hash: 4FE0E532F1D2289B9B109EF598015AFB7B99785750F00453B9A0B93200FB75682152D2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA8408 Relevance: .0, Instructions: 32COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e2f5f4fb220d20d29a11417c1188f66682bbd5dcccb5a83dcbd575da4ab2fd26
            • Instruction ID: bfbafd2707b2d3affe71112364eedc4f55aecf1c2cc9a2197df60ccefc990c95
            • Opcode Fuzzy Hash: e2f5f4fb220d20d29a11417c1188f66682bbd5dcccb5a83dcbd575da4ab2fd26
            • Instruction Fuzzy Hash: F5F0A031A1E7D18FCB126BB9A8286147BF5EB4A1A530544ABD842CB352CA695C00CBE2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA3BC4 Relevance: .0, Instructions: 32COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 687c35f069480c73b8ee016ce962043e36ee126be45b9dcd6968b47ffb5b47c3
            • Instruction ID: 8ccc7fcb98e0f2afd2f32baceec15a03963900cb3ab02b27c97e616f078cb10e
            • Opcode Fuzzy Hash: 687c35f069480c73b8ee016ce962043e36ee126be45b9dcd6968b47ffb5b47c3
            • Instruction Fuzzy Hash: 69F08271B08119CFCF00EFA9E4866ACB7B2FB94254B20015BD905EF185DF38AD659786
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA4701 Relevance: .0, Instructions: 32COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a9cde9c0d7346dab5ff05a41701f538243134b0328319ef8b7cd86c798070047
            • Instruction ID: 4dabf79ea9f00c1b1cfcea4f6d5be502d943c258e0698ac122a13990442523c8
            • Opcode Fuzzy Hash: a9cde9c0d7346dab5ff05a41701f538243134b0328319ef8b7cd86c798070047
            • Instruction Fuzzy Hash: 14E0223230E3C08FC313927498207663BF88B8B560F4900FBE402DFA93E655B81693A2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02640938 Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.657039824.0000000002640000.00000040.00000020.00020000.00000000.sdmp, Offset: 02640000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2640000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 466c6cac452401de3c7eeeb5ef842df9d3aad8a55396c1e265c8a78b516f349e
            • Instruction ID: b3fb07e610f5b1355f959aa99874a67c878875595fade99d1926710c8b9095a1
            • Opcode Fuzzy Hash: 466c6cac452401de3c7eeeb5ef842df9d3aad8a55396c1e265c8a78b516f349e
            • Instruction Fuzzy Hash: F8F0CD35148645DFC716CF40D540B16FBA2EB89718F24C6ADE98917762C737D813DA81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAFEAD Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4689a2b96f32f505732160ecfeb005446fd857fc9a4b7382d0b4176d5fd601d2
            • Instruction ID: 11c887a61f04e0f7959c05c058b94eabef06f57b7bf32cc99ed1da955211c0dc
            • Opcode Fuzzy Hash: 4689a2b96f32f505732160ecfeb005446fd857fc9a4b7382d0b4176d5fd601d2
            • Instruction Fuzzy Hash: 72F0E276B082408FC73D9BB490556F9BBB1FB25200B00085BE0978B697FB35E8A2D341
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA8280 Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fb740bc0eae1e1e8def10ae000b215824667f7b5af2a34b21054e44b2600c04a
            • Instruction ID: 1a04b0c46eb0a382315e34ace15110a44152384b69d24f58354733efa0d30899
            • Opcode Fuzzy Hash: fb740bc0eae1e1e8def10ae000b215824667f7b5af2a34b21054e44b2600c04a
            • Instruction Fuzzy Hash: C0F0903120C74ACFD301EB28D8888A83BB1FA6126C310859F90218F05DEF397928A792
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAF6E0 Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 642d2ae53b9f40cd592e51caa61670f1a0e8a87c4424b03a973a130b1ea264b7
            • Instruction ID: e08c40f6302085acc13ae1031c59bc12aee7a1efc56b4448ea48828b7e4ac6df
            • Opcode Fuzzy Hash: 642d2ae53b9f40cd592e51caa61670f1a0e8a87c4424b03a973a130b1ea264b7
            • Instruction Fuzzy Hash: 80F09A35900218EFCF42EFA8C9009EEBFF5EF08210B0080A6F558D7161E3318A20EF90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAC86E Relevance: .0, Instructions: 30COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b99a18807439ff2f2117d376366175687b2b9435c088f57c0d45c45fd8778e5f
            • Instruction ID: 6a4d6b71a0c83f6285b1a9df3ee3927db406b059fdb5707b0cb9e3daa3281bfe
            • Opcode Fuzzy Hash: b99a18807439ff2f2117d376366175687b2b9435c088f57c0d45c45fd8778e5f
            • Instruction Fuzzy Hash: F9E02B327082505B7601522C44104BE3B79A9CA53530A009BD206CB653EF519C1193D3
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAF9C8 Relevance: .0, Instructions: 30COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 186687ad1f37e4241e5c82941e16c87edbd6742d42f2a63c4a6400bba32766b7
            • Instruction ID: 20f2516dc1f7f10f1696e7fcab12aba23e7979198b5154ba2791c98fe9c1e8a7
            • Opcode Fuzzy Hash: 186687ad1f37e4241e5c82941e16c87edbd6742d42f2a63c4a6400bba32766b7
            • Instruction Fuzzy Hash: A6F0E53134E380EED36CDA15A9104B27775AB01148B90424FE88343D11EB75F871A352
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AADE18 Relevance: .0, Instructions: 30COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1588f1c218b5ab839144fca1bfee3ada1ccc1f78baa7f239cb475c7e12220eea
            • Instruction ID: 2aec7bbd904a3ac6246cd9516cd14df59a8df738727bfeeca72cb8be2e512c51
            • Opcode Fuzzy Hash: 1588f1c218b5ab839144fca1bfee3ada1ccc1f78baa7f239cb475c7e12220eea
            • Instruction Fuzzy Hash: 61F0AB3230014007C320E3B8D411AAA7B6BFBC9220B04856EC19ACF701EF26FC028380
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA9E78 Relevance: .0, Instructions: 30COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a3ca897925558b9ad7734cbf671a5ba6d35fd67bf9a5eae13e6876140dfc3ed9
            • Instruction ID: 57cd6ab0a823aeee57ce9acc77b1b6e105bb0e4e4f485f9aad8d4d55dc919053
            • Opcode Fuzzy Hash: a3ca897925558b9ad7734cbf671a5ba6d35fd67bf9a5eae13e6876140dfc3ed9
            • Instruction Fuzzy Hash: CFF0A731300204CB8714A66DA41496E77E6FBC5328315887EE10EEB741DF36EC028B91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAE649 Relevance: .0, Instructions: 30COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e222c214d0af63dc5bf3895afa8b7331d1dbbf3b4f9ef861841c129915a911ab
            • Instruction ID: 0743370cfe253232ba31650039ce317ca1a071d0f83259eb83a28bff2b768234
            • Opcode Fuzzy Hash: e222c214d0af63dc5bf3895afa8b7331d1dbbf3b4f9ef861841c129915a911ab
            • Instruction Fuzzy Hash: C6F02B323542104BD710EBA8C851A5E77AAFFC5254B188A6ED44ECB301EF7AEC158391
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA6E9F Relevance: .0, Instructions: 29COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 29c045e76b7418d963a037072e3052d24fa34e188d6f42a45b938e371f8580f4
            • Instruction ID: 2a91f5529978d4b0c6c8c6fa074595229849d66bf0776276a717323c4f7fbec9
            • Opcode Fuzzy Hash: 29c045e76b7418d963a037072e3052d24fa34e188d6f42a45b938e371f8580f4
            • Instruction Fuzzy Hash: 4BF065357050504FDB08F7B9A9243AD7392AFC551DF844179C516DB7C0EF255D218793
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA6634 Relevance: .0, Instructions: 29COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 763a3a06baf4ce92c60242596d46ddf4a56f7cd281a47c15633438719d8a8996
            • Instruction ID: e2b6a5b905d189817c54e6387480e817504577125c1921fa79ace10bd34a3885
            • Opcode Fuzzy Hash: 763a3a06baf4ce92c60242596d46ddf4a56f7cd281a47c15633438719d8a8996
            • Instruction Fuzzy Hash: 3BE0223570C248AAD301D768F804AE8BB34F780369F0C027FD18547092EB606569DF52
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA80A0 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9386a6f355d89dbf60a9be2ec4506b87418d970d7cab1b8c0e3d27909713144a
            • Instruction ID: 6287662e61bd50e0732a8f5a6260663a06b49c9d23e34f2b0332bcdb7fff5da2
            • Opcode Fuzzy Hash: 9386a6f355d89dbf60a9be2ec4506b87418d970d7cab1b8c0e3d27909713144a
            • Instruction Fuzzy Hash: 4CF0227080930CCBCB25FF74D94AAADBBB0EB03208F1051EED40127251CB34AA08C76A
            Uniqueness

            Uniqueness Score: -1.00%

            Function 026405F6 Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.657039824.0000000002640000.00000040.00000020.00020000.00000000.sdmp, Offset: 02640000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2640000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7044e0fd9ab9ee7caf7144e07725c949d445d23c682afbcece01bc46eb9b4528
            • Instruction ID: 3bdba4fd7eacd9c88d23b0286ad51d849a10120a93052a6dc2d5ab3ae4933ca3
            • Opcode Fuzzy Hash: 7044e0fd9ab9ee7caf7144e07725c949d445d23c682afbcece01bc46eb9b4528
            • Instruction Fuzzy Hash: 87E092B66046048B9650CF0AEC41456FBD8EB88630718C47FDC0D8B711E63AB514CEA5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA5F60 Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8dc877afa2cb39d52d31125be3cab3e428822a598c747284243051ea1f43b4f3
            • Instruction ID: 4b6227288a16910353836279f289c81050786429796f99090226866fd7ae9d15
            • Opcode Fuzzy Hash: 8dc877afa2cb39d52d31125be3cab3e428822a598c747284243051ea1f43b4f3
            • Instruction Fuzzy Hash: FDE09231E5E9A5DFC31223B4681196C3BA59B42201F0802ABD807CB2E3EBA5585083DB
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008DAD3F Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.655576333.00000000008D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 008D2000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8d2000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ff6f18d9ec6c38cad27d2c573e8fff8456144c3002e20202676ad2750f6ea9fe
            • Instruction ID: 592e5e83f479c88d651348b6487554f2dc15bb570510646a6b3c0e3d92a0a73c
            • Opcode Fuzzy Hash: ff6f18d9ec6c38cad27d2c573e8fff8456144c3002e20202676ad2750f6ea9fe
            • Instruction Fuzzy Hash: F5E0D8B25012046BD2508F069C82B52FB98EB44930F14C85BFE085B702D576B514CAF5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA05FD Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f4475d364fc4065d3e7bbfaaa188d4037f1c1b71470434cb9386332441148c33
            • Instruction ID: d1e6f5e5cf8c3d9d18611e706210743b806146aa757277d5436d173d5aace256
            • Opcode Fuzzy Hash: f4475d364fc4065d3e7bbfaaa188d4037f1c1b71470434cb9386332441148c33
            • Instruction Fuzzy Hash: 6EF0EC32E090449FEB209765E81CBA87322FBC031DF048086E1868A4A2C7B02984CF92
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA8418 Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dda0912c56d513e88c51e24339dccffcc4668a3aa03eb0a3e0040d066c788c98
            • Instruction ID: add2eb127cff97859971ad4af45cc763dc879f29f399799401a3045cfa4ca635
            • Opcode Fuzzy Hash: dda0912c56d513e88c51e24339dccffcc4668a3aa03eb0a3e0040d066c788c98
            • Instruction Fuzzy Hash: 79E0D831F011618BC7242BB9B428A2473F6E78C6E1321443FD906CB344DFB95C108BD1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AABAB8 Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 80a03b41bd297a13732de4ee85c3db7d84f3a52535ebf1b3cd9145495db6636b
            • Instruction ID: 7f51bfd2c19d03f3b1f307c6f86f3e2f72786e01832b484a3e26fc633d4d4efc
            • Opcode Fuzzy Hash: 80a03b41bd297a13732de4ee85c3db7d84f3a52535ebf1b3cd9145495db6636b
            • Instruction Fuzzy Hash: 56F09236200B109FC330DF9AD544C13F7FAEF89620755CA6EE69A83A14D770F8148BA5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AADE28 Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 69cdd54e902f2277351481ffa79e9c89769c8965007fe6ed7f91e565d1b9d076
            • Instruction ID: 6d9107d09a6a4f8d0966e9492b3ee59cdd45bde82ee571adf2f83f410180994b
            • Opcode Fuzzy Hash: 69cdd54e902f2277351481ffa79e9c89769c8965007fe6ed7f91e565d1b9d076
            • Instruction Fuzzy Hash: 19E026313105004B8730E6ADC4218AEB7ABEBC9620310883FD59BCB700EF72EC1687D0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAE658 Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 90cd1c4bc71c0562ce3af195b6c99a4114a062762720200ead78b850fc221362
            • Instruction ID: 08ae03c9465a50d9c24f7505b1c1459b270a55dc34c2bf7cf9bd2f4604dc04e8
            • Opcode Fuzzy Hash: 90cd1c4bc71c0562ce3af195b6c99a4114a062762720200ead78b850fc221362
            • Instruction Fuzzy Hash: 61E0DF313406104B4724E6ACC42182EB7AAEBC5660318882ED51ACB300EF72EC168790
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAF9D8 Relevance: .0, Instructions: 25COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dcad72bc5199f69395c4955d5855620b1683feb6a4eba28b96eb929892513bd7
            • Instruction ID: 8c9080622add68958cf1dfac56ba8ac0619bd274bffe8cc1b6926eeb70f91a42
            • Opcode Fuzzy Hash: dcad72bc5199f69395c4955d5855620b1683feb6a4eba28b96eb929892513bd7
            • Instruction Fuzzy Hash: D7E04F31349781EF97ACDA15D9108B673B9AB4164D3A0465BF88387A10FB71F8B1A782
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAC880 Relevance: .0, Instructions: 24COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1fe95d7ccb95806f88aa97b0de2e721e19ab4343016411aa93dc24898afd6eb2
            • Instruction ID: 538a9b3e19228dcf1684712db755da0cd984c77d515e7134f78bfcd98c0d16ad
            • Opcode Fuzzy Hash: 1fe95d7ccb95806f88aa97b0de2e721e19ab4343016411aa93dc24898afd6eb2
            • Instruction Fuzzy Hash: 4EE0C231704010973914622D40108BE72BEBACDA72305402FD207CB351EF62AC21A3D3
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAAE53 Relevance: .0, Instructions: 24COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d19e999d84102439e2feafed97a01d24002cdafbd0b82133d7f44ad1d5726c9e
            • Instruction ID: ac431aeb725afd62fbe280dd926fc7924305f5bf84197cc0896ddc12f362375a
            • Opcode Fuzzy Hash: d19e999d84102439e2feafed97a01d24002cdafbd0b82133d7f44ad1d5726c9e
            • Instruction Fuzzy Hash: B9E0DF32900B104BC334DF2AE402553F7EAFBD4720B188A3FE0A983600DFB0A9058BE1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0E80 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 67540162a78784b472df010492c9fc7bab7a4fe9e7be81e7049d404370ed4adf
            • Instruction ID: a49a4739cb5e6bdf2ff1175120daa87024cd861ed8379e4fd5a4fce65e4af011
            • Opcode Fuzzy Hash: 67540162a78784b472df010492c9fc7bab7a4fe9e7be81e7049d404370ed4adf
            • Instruction Fuzzy Hash: 8CE0CD2175D26417F704E3FC5812A75779DFB91154705859FE545C7343CF558C0683D2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA81B8 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ca6f161774fec8006863731f60be0e78c91017bab49c8c38bed4a64681fa6a26
            • Instruction ID: dda6b5c3f466d8ff04860885dfe0cd742f8ceccd1c65354f7518970fd596cec6
            • Opcode Fuzzy Hash: ca6f161774fec8006863731f60be0e78c91017bab49c8c38bed4a64681fa6a26
            • Instruction Fuzzy Hash: BAE0ED74D05208EBCB18EFA9D64969DBBF4EB49304F1085AAC80493344EB356E55DB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA8290 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 05fcf816fb0e6d4699aa9f80c60d1c8fc1e7cd6dc53cfbf3eb1f77ff215b52cb
            • Instruction ID: 51563fc4ab63a6a74d5d9cd09dfffc09071093599518f87ae4279703fb154259
            • Opcode Fuzzy Hash: 05fcf816fb0e6d4699aa9f80c60d1c8fc1e7cd6dc53cfbf3eb1f77ff215b52cb
            • Instruction Fuzzy Hash: 94E06D7120860ECB8700FB68E4898B833B0F75425C320841FA0218F11CEF79BD28A781
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAFE01 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a6beeabfff4535dbb24404f8421c9df5bf7fea4db3b21cb9fa86e948f046448e
            • Instruction ID: 1cdc24881b9ede9b84d6c55fccf3f6e6f4431a00ebdc949fd27a896383487fe3
            • Opcode Fuzzy Hash: a6beeabfff4535dbb24404f8421c9df5bf7fea4db3b21cb9fa86e948f046448e
            • Instruction Fuzzy Hash: 93F085B0208048CFDB388F68E5184A83B34EB01302F00845AF02B8B253CB3AAE61CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AADE68 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7cab9cba3990f514da7f5c637605f801ccefcbaca7a24a563c0d6fe76dde7781
            • Instruction ID: 63520e6d1e682b4eccf9c2ae9ef7cbddcc0c2d92f70c57bbc02b7903d1fe756b
            • Opcode Fuzzy Hash: 7cab9cba3990f514da7f5c637605f801ccefcbaca7a24a563c0d6fe76dde7781
            • Instruction Fuzzy Hash: BAE0263230E220DBC330232054003F2F77AF729001F00465BE5CA97902E326B8109391
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA5700 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9bbbdcf58a3b9c58f1c478150644fcc8cab7b759d3491cf1bedf9bb048703507
            • Instruction ID: 91e112a06358d41263b0f1355de0d256f13817bbfb4f250f8f030019724321c6
            • Opcode Fuzzy Hash: 9bbbdcf58a3b9c58f1c478150644fcc8cab7b759d3491cf1bedf9bb048703507
            • Instruction Fuzzy Hash: B5D05EB6A4E3D0AFC712067678551DC2FB4D8831A130C46E7D44BCB873E626155AC72A
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA0B10 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 292731b9cda43a036de9df38fd4d41e8c875f684d25afc847b50d442a9380ebe
            • Instruction ID: 1990ba6627c7d789af188aec0b90ea6094a88f67ec85ea4f9ac3fa6188d9700b
            • Opcode Fuzzy Hash: 292731b9cda43a036de9df38fd4d41e8c875f684d25afc847b50d442a9380ebe
            • Instruction Fuzzy Hash: DCE0C231B8D212EACB205D341F427F633208721758F1001AAED439B9C0E7626538E1D3
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA80B0 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5079e0e135e17f518a0be19a54d554d7890c5d6610268076647a03caf7217b9c
            • Instruction ID: a5d879c6e1b8a12ad5898e00526dc92629f84ea55995fe0e137f3ba84ca5d0e0
            • Opcode Fuzzy Hash: 5079e0e135e17f518a0be19a54d554d7890c5d6610268076647a03caf7217b9c
            • Instruction Fuzzy Hash: AEE08670C05108DBCB14FFB4D54AA6DB770FB42305F105199D40473250CB746A54C669
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA5788 Relevance: .0, Instructions: 21COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 39735df5991f8f1b0e72ec3ead6fa556006195877b3be2d7226f6c1b18a8530f
            • Instruction ID: 99930a5b20ee7c30a692f6ace0150b00d5e89214ee0a60ddbe501dda96f11054
            • Opcode Fuzzy Hash: 39735df5991f8f1b0e72ec3ead6fa556006195877b3be2d7226f6c1b18a8530f
            • Instruction Fuzzy Hash: 5AE0C22071F2916FCB1752B928605BD2B610A835243890AEBD047CFB97EA054C2693DA
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA5F70 Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: eb6e007e2c91732f0354cdbfa9d32202cb86a698eb572b8ed080276f91f5c6b3
            • Instruction ID: a27244d4a674c1a14ff30fec8189dee9fc18be08cadae17861fbef33accafcb9
            • Opcode Fuzzy Hash: eb6e007e2c91732f0354cdbfa9d32202cb86a698eb572b8ed080276f91f5c6b3
            • Instruction Fuzzy Hash: 74D01232B1D816DBD20426A9680566D3799AB41251F440167E907C72D1EBA6AC5052EE
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0E90 Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 956e31d4c9dbc1a6aa3d690776f5b44527ce8d58ec48d90689ce48f614760504
            • Instruction ID: f8c5bfdd5ae8aa9eaf87ef0af714ceec0ef6f28f6227dadf8ae5bbcc70d21958
            • Opcode Fuzzy Hash: 956e31d4c9dbc1a6aa3d690776f5b44527ce8d58ec48d90689ce48f614760504
            • Instruction Fuzzy Hash: F3D05E2038422417A608E5AC8811939738EEB85624304846FE64ADB341CD629C0683D1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA7120 Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 47ef0da7f82ec629d17a32eda04d0380ad018bd0d6dfe369e10358c33d80ecb4
            • Instruction ID: 6cac9d4cfa63f63c97d72df976eefaf60a0d9a85969a5aab900c53c9a93affb6
            • Opcode Fuzzy Hash: 47ef0da7f82ec629d17a32eda04d0380ad018bd0d6dfe369e10358c33d80ecb4
            • Instruction Fuzzy Hash: ADD0C27920A3708BC3354634D80C7A3B7F95B05308F04046FC08207920D761F4A4E3D2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA02A1 Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 22c324f85391cdb2c4d0d12f3015fc586cb9f59e4d10244e65c10ea790adf691
            • Instruction ID: 542f7a735198fc9a74bffbb57c29c4eab58de1fb58284f92c2f3a8db47909b77
            • Opcode Fuzzy Hash: 22c324f85391cdb2c4d0d12f3015fc586cb9f59e4d10244e65c10ea790adf691
            • Instruction Fuzzy Hash: FCE0123020E744CFC3628B64E4654917BF5FF4A604306899BE486DF955EB247C1A8751
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAF698 Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 844604fdfec3ad1236e6b6f9d08f2d43db81a523aa54f60f9be7460b9f4c1dbe
            • Instruction ID: c3ff12f6d4ccb0b411f892aa105f10667721ffd4675d5c3a73ab2a85e673e1d1
            • Opcode Fuzzy Hash: 844604fdfec3ad1236e6b6f9d08f2d43db81a523aa54f60f9be7460b9f4c1dbe
            • Instruction Fuzzy Hash: DED097A226D12017D304936D3C81BC2BFABFB88210F14838BF104C32C3DBADA8508372
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAE698 Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9fee637632558bd27520a5637ee1455ea50d207a0ed1b20e1ebec3297a981d1c
            • Instruction ID: 3a300e5e983199b5602afc3a69592de70078f37bb06f51486be8c28388f5b318
            • Opcode Fuzzy Hash: 9fee637632558bd27520a5637ee1455ea50d207a0ed1b20e1ebec3297a981d1c
            • Instruction Fuzzy Hash: B5E0C23028D340CBC3265B5498604A33B399A4622A3088CABC04B47662F722B820DFA1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AADE78 Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7462a16a4306079d50153f18c8611a280b8a904a9fc2c431d1598b895f5bb1a8
            • Instruction ID: 25ee5644a45a55065cc172561fda2d2038607fe9d62a6738f4b929036513daed
            • Opcode Fuzzy Hash: 7462a16a4306079d50153f18c8611a280b8a904a9fc2c431d1598b895f5bb1a8
            • Instruction Fuzzy Hash: 41D05E3130A620DBC734265490005F6F3BBF768512710442BE5CB97D00F722B821A3A1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0DD8 Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f6234829a560ca0dc16096625cf4dff711af7f1b4a5f9d005ddcff8783a6a50d
            • Instruction ID: 7475700d820675d9b8572696f1e0b1e281bf69aa8c247991f1750fddbc5aa011
            • Opcode Fuzzy Hash: f6234829a560ca0dc16096625cf4dff711af7f1b4a5f9d005ddcff8783a6a50d
            • Instruction Fuzzy Hash: 41D05EAF08C1C4C7DA28DA34901D3FAB297AB1022DF05F45BC4C70C817772531429A43
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA016F Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 09d3664476849b94605a8ec94e60ca343b12868a2d7e388efbeb6b28dc788176
            • Instruction ID: 1b8c5c4fd0a2affb3ac6f040e66c5d45ad4b3a96992a628f719eec91a17b342a
            • Opcode Fuzzy Hash: 09d3664476849b94605a8ec94e60ca343b12868a2d7e388efbeb6b28dc788176
            • Instruction Fuzzy Hash: 44E01232205308CFC7056B75E86555837B9BF9622570007BBD426CB7E0EB75D895C601
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA0650 Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9a5fb5e82c1ac49e3beadae56b89a92ecaed185958f9c6032e50de740ae290a1
            • Instruction ID: 38a9d4abd8cc26a45ea763874e10cf8657d970bf4a6d06eccdb9db4e49077376
            • Opcode Fuzzy Hash: 9a5fb5e82c1ac49e3beadae56b89a92ecaed185958f9c6032e50de740ae290a1
            • Instruction Fuzzy Hash: 7CD05E7114F3C48FC7069BB06C155A5BB799E82208B0884B7D881CA462E6796555A723
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA8FC0 Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 78a7e81ad6afbc29491baf88792e81a1d8d35299a0f4b7c70d71e91d3d472f8d
            • Instruction ID: e4aa9376ad2624f34cf7638c63c32e1789fb64ff75aab4c81f08d53a2fea4148
            • Opcode Fuzzy Hash: 78a7e81ad6afbc29491baf88792e81a1d8d35299a0f4b7c70d71e91d3d472f8d
            • Instruction Fuzzy Hash: 25D05E3024E782EFC61322601C19B6C3F318B0B205F09408BAA468F8E363092425D357
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AACFC0 Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1ae2496d1024125ff60215e17eb5d28df6999fa6f549fb5e81803a6ff441b6b3
            • Instruction ID: 7b2a26eb5ce5fb55a4f3ebcb38ed49e3498b4cbe441fca9444887b7b2d7b4df2
            • Opcode Fuzzy Hash: 1ae2496d1024125ff60215e17eb5d28df6999fa6f549fb5e81803a6ff441b6b3
            • Instruction Fuzzy Hash: 7CD0923135C304CEFA464608A408F3EB3B49740639B108057911B8B5D1B770B870EA52
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA9FC0 Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e9c4c1be24c7d03e3e681bdf46946d87c83ee4f3e90fbad6f70238ba5c882ef5
            • Instruction ID: 78144e9fffa61d108814eac67568d83847de5a8f0560bd25556e0e68f09f83de
            • Opcode Fuzzy Hash: e9c4c1be24c7d03e3e681bdf46946d87c83ee4f3e90fbad6f70238ba5c882ef5
            • Instruction Fuzzy Hash: 7DD05EB124D384DBCB224368A814A2A3F38974222DB18489B900A875D3E32BA822D712
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0E50 Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6208ef36772392b67278e14950687d650deb8c699c17249969d340b55cdd200a
            • Instruction ID: 43efbe6bbebce41c1a7879167f3e1d5ee61cffc1469a2f29a8af080be1902386
            • Opcode Fuzzy Hash: 6208ef36772392b67278e14950687d650deb8c699c17249969d340b55cdd200a
            • Instruction Fuzzy Hash: 30D0A73300C244D5DD12B278B24C3B17AD9A740604F08B053D4C64E003FB8E7C54BA77
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008C23F4 Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.655523779.00000000008C2000.00000040.00000800.00020000.00000000.sdmp, Offset: 008C2000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8c2000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a06566708c567f4544258df543690655e9e97bbc8027ec1b48f581dd5a6efc9b
            • Instruction ID: 3a8b20617c150f1549bfe5305a4206918498f3d4f59265d68ce4416c19b02a96
            • Opcode Fuzzy Hash: a06566708c567f4544258df543690655e9e97bbc8027ec1b48f581dd5a6efc9b
            • Instruction Fuzzy Hash: 62D05E79205A814FD32ACA1CC1B9F953BA4BB51B04F4644FDE800CB6A3C378D981D200
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAE6A8 Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 811cd6a9eae871f2e4776269615c21dd2da3036f633b4fbcc2b281e9599a5c9a
            • Instruction ID: 7ea69aab556d8c35f4d080d45553d673511a11e0348e112898c3431087b320f5
            • Opcode Fuzzy Hash: 811cd6a9eae871f2e4776269615c21dd2da3036f633b4fbcc2b281e9599a5c9a
            • Instruction Fuzzy Hash: F8D022303C8200CB83246A04D9008A37379EB842263088C6EC00B03A10FB72BC20DFD0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA6AE8 Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
            • Instruction ID: 05b6f02ad24365b33672fc04cc9c6312dbc8d4a8fa028daf081416c79eb21aac
            • Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
            • Instruction Fuzzy Hash: 5DD0423AA000048FC704CB88D5859D9F7F1EB98325F29C1A6D915A7251C732ED56CE50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 008C23BC Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.655523779.00000000008C2000.00000040.00000800.00020000.00000000.sdmp, Offset: 008C2000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_8c2000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 76bc057c940d281c08b65f4a548738dee03509dd8bac5943e5eed44b3988e1d1
            • Instruction ID: 1e7dc5d815682a836e0dbd49faef004430149e6425671ada9e61560805a67041
            • Opcode Fuzzy Hash: 76bc057c940d281c08b65f4a548738dee03509dd8bac5943e5eed44b3988e1d1
            • Instruction Fuzzy Hash: 93D017342042814BC715DA2CC194F5937A4BB41B04F1644ACAC008B3A2C3B8D881D640
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0EC8 Relevance: .0, Instructions: 13COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 57d625f4cafc5e97438af69a66b595c15613eb012249db60c457118616b6637d
            • Instruction ID: 778407609a576798b6a2d48fa5ec4478c73bb9a66ec009420c24bb0807583024
            • Opcode Fuzzy Hash: 57d625f4cafc5e97438af69a66b595c15613eb012249db60c457118616b6637d
            • Instruction Fuzzy Hash: 74C01222469A8C56DB4067B0A8053597B186B51118F840257588982553FB58A4108691
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA7616 Relevance: .0, Instructions: 13COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 439bc90259862f51cba27d43cf0edb67b286b22b8f0ab42bec2650f89d68ac7f
            • Instruction ID: ccd039d7a333c23804bba19615fe0c5a394d62b94c5bf0daf75b21fa7ba03089
            • Opcode Fuzzy Hash: 439bc90259862f51cba27d43cf0edb67b286b22b8f0ab42bec2650f89d68ac7f
            • Instruction Fuzzy Hash: 36D09278A1520EDF8B52DF79D9544AE77F0FB09621724072AD8029B3A5FB34AD118F50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA0180 Relevance: .0, Instructions: 12COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0eec3e64c53f0a4b5f8f59440f84c31c58709c2b3834919b252637a8a037f48f
            • Instruction ID: 8815ef3dcf690855e222faa5662d7b1aaa9d272d52094004a96fea8b8996cc06
            • Opcode Fuzzy Hash: 0eec3e64c53f0a4b5f8f59440f84c31c58709c2b3834919b252637a8a037f48f
            • Instruction Fuzzy Hash: C2D01234201308CFCB086B74F42941833AABF442093000A7EE80687750EF76D8A0CA00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0A20 Relevance: .0, Instructions: 11COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9100a2e595556fbd561f6a715d0f761d207f4e66485b7970364fe33484a436ed
            • Instruction ID: 242222c0ca5b4f47bf748f9738878ade6719e96dc25ce3bae1f9ab8c7f61594f
            • Opcode Fuzzy Hash: 9100a2e595556fbd561f6a715d0f761d207f4e66485b7970364fe33484a436ed
            • Instruction Fuzzy Hash: 7EC0126B6096419AE704D230D90875723537749304F545161C1860E1DAE73565049580
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA9160 Relevance: .0, Instructions: 11COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ea513ec2a0ae538352a63c1ca4b9f3e0d7f9bf7342f1898793c609e7dd24cef0
            • Instruction ID: 8512cc412182bfeba2ebefd77b6312dd73566747becece49a67612e213bfd7d4
            • Opcode Fuzzy Hash: ea513ec2a0ae538352a63c1ca4b9f3e0d7f9bf7342f1898793c609e7dd24cef0
            • Instruction Fuzzy Hash: 82B092313542090AEBA09BB57888B2633CCC740669F450462B41DC2910F64BE8A02550
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA9FD0 Relevance: .0, Instructions: 11COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c5db34cee43e3155303bba5cc51824d7b7587ae2e4a6a59a4d76bfbe4911a98d
            • Instruction ID: a74ac066879e5097756eacc76215ae4dce5720b27fe459bcf3913410c33ac757
            • Opcode Fuzzy Hash: c5db34cee43e3155303bba5cc51824d7b7587ae2e4a6a59a4d76bfbe4911a98d
            • Instruction Fuzzy Hash: BDC04CB420C208CB8A2456599818D3F773CA64522D3104C5B900F075D1B737F832EB55
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA5710 Relevance: .0, Instructions: 11COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2f600568d9a82f8cc06215c7b567955575c5a7a3377b35ce50b660ecccdeac55
            • Instruction ID: 20b122fd75b956cb3c505b496d04363e3588018d587bf20622b60b92f6447251
            • Opcode Fuzzy Hash: 2f600568d9a82f8cc06215c7b567955575c5a7a3377b35ce50b660ecccdeac55
            • Instruction Fuzzy Hash: B8C08C30E04204DB4F082BF2290812D376C7B00288340091AE40A8A220FF34A0109169
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA0660 Relevance: .0, Instructions: 10COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cb745416264b5f84f1102a2901627b0270dc484a6d2541cd52d7a3c1b5fa87d1
            • Instruction ID: 1f520454c881d7de0158387b609db63d2a7f82ebff6a208a8f70bc8a81490c82
            • Opcode Fuzzy Hash: cb745416264b5f84f1102a2901627b0270dc484a6d2541cd52d7a3c1b5fa87d1
            • Instruction Fuzzy Hash: A8C02B3024F204CF82085F701C04435B32966C030CB18C437840111020ABB2B471A811
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAC649 Relevance: .0, Instructions: 9COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 43f83cf3310a378ff4b93bde5d838f7d97133015c8e2987ef3a05f44f9ce90b8
            • Instruction ID: 1c8481da4f0a0ef44e6c3561a05b407d4a75e173025012b8a3af6facb7acad02
            • Opcode Fuzzy Hash: 43f83cf3310a378ff4b93bde5d838f7d97133015c8e2987ef3a05f44f9ce90b8
            • Instruction Fuzzy Hash: 9EC08C3210A2B18ACB22CB34A6202143F21F3A3219F00A29AC0020608BC32E080AC702
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0ED8 Relevance: .0, Instructions: 8COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cc0dde6ebeecb1c4688d7c2ed9c915259fcb1596479f188c22264d078ae98d52
            • Instruction ID: 805ca038279d033dcee8b151945b4012c71ae9a4f4e1734338f4e6ebb3bb59a5
            • Opcode Fuzzy Hash: cc0dde6ebeecb1c4688d7c2ed9c915259fcb1596479f188c22264d078ae98d52
            • Instruction Fuzzy Hash: 91B0123155160C878E8033F0A80901C775D1E4011CB800013584D83E11BF68B85044E2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAD050 Relevance: .0, Instructions: 8COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 984be7a1f4aa74e78bdf5153c434cdc7974ac88f799196552376ed45df612408
            • Instruction ID: 142938a912d2c9313d5e8155b590b1b15b203f99331cb435e0483b13f8106e78
            • Opcode Fuzzy Hash: 984be7a1f4aa74e78bdf5153c434cdc7974ac88f799196552376ed45df612408
            • Instruction Fuzzy Hash: D8B0923010E70DD78204A725EC8E85A7B7EF9021843D0451AFA424769ABF683922A6A6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA6B0C Relevance: .0, Instructions: 8COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
            • Instruction ID: 4f3c5bdfa90b63b76130447b950e11bbfe77096acaaf88f5975ff016eb8fe481
            • Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
            • Instruction Fuzzy Hash: A0B092B7A44008C9DB008A84B4423EDFB30E7A0325F108023C31052000D3321178DA91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA5F41 Relevance: .0, Instructions: 7COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5ead7af02240f1d623d36f0acb1e815e93e5709caee9c3447f017ac00fa96a53
            • Instruction ID: 0cf7de0fa8e2df8be779cc7b056db5f45714ae0e777343e5089c96e42c9d88b5
            • Opcode Fuzzy Hash: 5ead7af02240f1d623d36f0acb1e815e93e5709caee9c3447f017ac00fa96a53
            • Instruction Fuzzy Hash: 97C0481440FBC40FC70342A40D28818AF3098131017C940DB8882CA2A3A8084809AB27
            Uniqueness

            Uniqueness Score: -1.00%

            Non-executed Functions

            Function 04AA306F Relevance: .2, Instructions: 179COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d436baee0d6437fa182c202e6e7cd32bb7271bd7a358d08910290834145ab76b
            • Instruction ID: b4c1a7ad8c064b9f042f433fdeaa5609c2e0a901f66c816d15b64261218187e9
            • Opcode Fuzzy Hash: d436baee0d6437fa182c202e6e7cd32bb7271bd7a358d08910290834145ab76b
            • Instruction Fuzzy Hash: 2E514D72F015159BDB14DB69C995B5EB7E3AFC8314F2A80A8E409EB365DF34EC018B90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AAEDB8 Relevance: 10.5, Strings: 8, Instructions: 467COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: ,:Mk$,:Mk$0Lk$0Lk$:@&k$:@&k$X1Mk$X1Mk
            • API String ID: 0-667050027
            • Opcode ID: a1a9e84b1011fc67cbc3006eb108a7274795ea7ac5646873997618bfe5a864d0
            • Instruction ID: 70904c39c4fd89f34a6bfce6d42e4933dc4391dd70234bb19cd9c3cca5e24f07
            • Opcode Fuzzy Hash: a1a9e84b1011fc67cbc3006eb108a7274795ea7ac5646873997618bfe5a864d0
            • Instruction Fuzzy Hash: EF125834B04215DFC728DF68C098E2977F2FF49355B2580AAE8468F3A5EB39AC51CB41
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA0D97 Relevance: 5.2, Strings: 4, Instructions: 247COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: ,:Mk$0Lk$:@&k$X1Mk
            • API String ID: 0-2588638173
            • Opcode ID: 836159e5ce63551529d2b1683055e7ad299151aac801955972b5c6f919cd563e
            • Instruction ID: 61e6563ceb884cac6fe39f2d9d1e7acb9604ad029e6a7ba5f799ff0170d664ea
            • Opcode Fuzzy Hash: 836159e5ce63551529d2b1683055e7ad299151aac801955972b5c6f919cd563e
            • Instruction Fuzzy Hash: 27B1EE74A48348CFD364DF78C162B6AB7E2FB85248F50492DE5498F389EF799841CB12
            Uniqueness

            Uniqueness Score: -1.00%

            Function 04AA4369 Relevance: 5.0, Strings: 4, Instructions: 26COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.667065315.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4aa0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: V$X1Mk$X1Mk$X1Mk
            • API String ID: 0-1729931258
            • Opcode ID: e9c07e14ec1b427c42ca0f94f64e5eb30ea1059b6e0fcba8f4440b720f2d51ab
            • Instruction ID: b291cae9815eecd0aab4685270c27d004e16bb984bddcd5d5472ebbd518ed35b
            • Opcode Fuzzy Hash: e9c07e14ec1b427c42ca0f94f64e5eb30ea1059b6e0fcba8f4440b720f2d51ab
            • Instruction Fuzzy Hash: 7BE0ED21706AD18FC326E7794429A2E7BF24F8618034980BF804ACF7A2EB246C118363
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05EA0EF0 Relevance: 5.0, Strings: 4, Instructions: 24COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.668470409.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ea0000_mfpmp.jbxd
            Similarity
            • API ID:
            • String ID: V$X1Mk$X1Mk$X1Mk
            • API String ID: 0-1729931258
            • Opcode ID: cabb683ec08884b89c67267b350f5e83338722bea8067f94e64ef6010422f408
            • Instruction ID: c4c727b4f567fe5fd90f9c89868ee77a07be7f2d0a25ed344353672a1557805c
            • Opcode Fuzzy Hash: cabb683ec08884b89c67267b350f5e83338722bea8067f94e64ef6010422f408
            • Instruction Fuzzy Hash: 87E0D83231157287D37063B8612873F76E29BC659CF84416E948ADB781CB356C11D787
            Uniqueness

            Uniqueness Score: -1.00%